GAWEL

Privacy Policy

Last updated: May 2026

How personal data is collected, used, and protected on this website.

1

Data Controller

  • Kanzlei Dr. Gawel GmbH

    Rechtsanwalt Dr. iur. Claus Gawel, LLM (Uppsala), MCIArb
    Managing Director

    Clarastrasse 2
    4058 Basel, Switzerland

  • Company Details

    Full company registration details are available in the Legal Notice.

  • Contact

    contact@gawel.ch

    PGP encryption encouraged. Public key via keys.openpgp.org (opens in new tab)

2

Data Subject Rights

Swiss data protection law provides the following rights:

Access

Request information about personal data processed (Art. 25 DSG).

Correction

Request correction of inaccurate personal data (Art. 32 para. 1 DSG).

Deletion

Personal data is destroyed or anonymised as soon as it is no longer required for the processing purpose (Art. 6 para. 4 DSG).

Portability

Request issue or transfer of personal data in a commonly used electronic format (Art. 28 DSG).

Withdrawal of Consent

Where processing relies on consent, it may be withdrawn at any time (Art. 31 para. 1 DSG).

Civil Redress

Bring civil action for cessation, prohibition, or compensation in respect of unlawful processing (Art. 32 para. 2 DSG).

To exercise these rights, send a request to contact@gawel.ch. Response within 30 days.

3

Data Collection

Categories Collected

  • Correspondence: the contact details and message content the firm receives when you email it. Visiting the website itself collects no contact information.
  • Technical connection data (IP address, browser data, access times): processed by Cloudflare as hosting provider to deliver the site and enforce the Insights geo-restriction; read at the edge and not stored by the firm.
  • Aggregated usage statistics (pages visited, session duration): measured by Cloudflare Web Analytics in cookieless, aggregated form, without individual tracking.

Collection Methods

The firm receives personal data only when you contact it directly by email. During a visit, technical connection and aggregated usage data are processed by Cloudflare as hosting and analytics provider (see Hosting & Analytics below); the firm runs no server-side collection or storage of its own. Browser preferences (dark mode, animation, saved bookmarks) are stored locally on your device and are never transmitted.

Contact Form

The contact form collects a company name (optional), full name, email address, matter category, and matter description, plus an optional phone number and preferred contact method, date, and time. This input is constructed client-side into a mailto: URL. Nothing is transmitted to or stored by this website's servers; the information reaches the firm only when the visitor sends the resulting email from their own mail client.

Usage Purposes

  • Website operation and security
  • Responding to inquiries about legal services
  • Meeting statutory obligations
  • Remembering local preferences (dark mode, bookmarks, animation settings)
4

Hosting & Analytics

Website Hosting

This website is hosted on Cloudflare (USA). Connection data is processed by Cloudflare as hosting provider; this website operates no logging of its own.

Analytics

This website uses Cloudflare Analytics, which gathers aggregated, privacy-focused usage data without individual user tracking or cookies.

Geolocation (Insights Articles Only)

Access to articles in the Insights section (/insights/*) is restricted to Swiss IP addresses; HTTP 451 is returned for requests originating outside Switzerland. To enforce this, the visitor's IP address is read at the Cloudflare edge at request time to determine country of origin. No country or IP data is stored by this website. This applies only to the Insights articles; all other pages are accessible without geolocation.

International Transfers

Cloudflare is certified under the Swiss-U.S. Data Privacy Framework (effective 15 September 2024), ensuring adequate protection standards for data transfers. Verify current certification status at dataprivacyframework.gov (opens in new tab)

Should Cloudflare's DPF certification lapse or become invalidated, standard contractual clauses or other appropriate safeguards per Art. 16 DSG apply.

Self-Hosted Assets

All fonts, JavaScript libraries, and visual assets used to render the site's design are self-hosted; no third-party content delivery network or font service is contacted for them. Two third-party requests are nonetheless made during a page visit: the Cloudflare Web Analytics beacon (static.cloudflareinsights.com, Cloudflare USA, cookieless, no individual tracking; see Analytics and International Transfers above), loaded on every page; and, on the Insights articles and the Regulatory Tracker page only, the ProLitteris access-measurement pixel (see Cookies & Storage below).

5

Cookies & Storage

Session Cookies Only (No Tracking)

This website does not use tracking cookies. LocalStorage and SessionStorage are used for user preferences only: dark mode setting, saved article bookmarks, and animation preferences. All preference data remains in the browser with no server transmission. The only cookies set are anonymous session cookies by ProLitteris for copyright access measurement (see below); the Cloudflare Analytics beacon sets no cookies.

LocalStorage data can be deleted via browser settings (typically under "Clear browsing data" or "Site settings").

Session Cookies for Access Measurement (ProLitteris)

This website uses session cookies from ProLitteris, Zurich, to measure access to textual content in the Insights articles and on the Regulatory Tracker page and determine copying probability. Session cookies are small units of information stored temporarily in the visitor's computer memory. A session cookie contains a randomly generated unique identification number (session ID), information about its origin, and storage duration. Session cookies cannot store other data and are deleted when the browser is closed.

These measurements are conducted by Kantar GmbH (www.kantar.com (opens in new tab)) using the Scalable Central Measurement Method (SZM). The purpose is to determine the copying probability of individual texts to enable remuneration of authors and publishers under Swiss copyright law (Art. 19 para. 1 and Art. 20 URG). No personal data is collected via these cookies.

The website can be used without cookies. Most browsers are configured to accept cookies automatically. Cookie storage can be disabled, or browsers can be configured to provide notification when cookies are sent.

Scalable Central Measurement Method (SZM)

The Insights articles and the Regulatory Tracker page of this website use the "Scalable Central Measurement Method" (SZM) operated by Kantar GmbH (www.kantar.com (opens in new tab)) to collect statistical values for determining text copying probability.

Anonymous measurement values are collected. Access measurement uses either a session cookie or a signature created from various automatically transmitted browser information for system recognition. IP addresses are anonymized at collection before any storage or processing; no full IP address is retained.

The method was developed in compliance with data protection principles. Its sole purpose is to determine the copying probability of individual texts. At no time are individual users identified. User identity remains protected. No advertising is delivered through this system.

6

Data Retention

  • Connection Data

    Processed by Cloudflare as hosting provider; this website operates no logging of its own.

  • LocalStorage

    Until manual deletion or browser cache clear.

7

LinkedIn

This website contains links to LinkedIn (LinkedIn Corporation, Sunnyvale, CA). Clicking these links initiates data transfer directly between the browser and LinkedIn; this website has no access to such data. LinkedIn may receive technical information including IP addresses.

International Transfers

LinkedIn Corporation is certified under the Swiss-U.S. Data Privacy Framework, ensuring adequate protection standards for data transfers from Switzerland. LinkedIn additionally relies on Standard Contractual Clauses as a supplementary transfer mechanism. See LinkedIn Privacy Policy (opens in new tab) and verify certification status at dataprivacyframework.gov (opens in new tab)

8

Security

Technical and organizational measures protect personal data against unauthorized access, loss, and misuse. Measures include TLS encryption for all data transmission, per-request Content Security Policy (CSP) nonces, security headers (X-Content-Type-Options, Strict-Transport-Security), and automatic HTTPS upgrades. Access to personal data is limited to what is necessary for specified purposes.

Per Art. 8 DSG, data security measures are reviewed periodically and adapted to evolving technical standards.

9

Changes to This Policy

This Privacy Policy may be updated to reflect changes in data processing practices or legal requirements. Material changes are indicated by the "Last updated" date at the top of this page.