03-05-2026

General information

This privacy policy explains how LegalLabTeam (Bahnhofstrasse 25, 4125 Riehen, Switzerland; Business ID CHE-085.575.492) processes personal data when providing legal consulting services. The policy includes practical scenarios to illustrate data flows and user rights. It applies to visitors, clients and partners interacting with our website and services.

LegalLabTeam, Bahnhofstrasse 25, 4125 Riehen, Switzerland. Business ID CHE-085.575.492. Contact: +41762856985. Bahnhofstrasse 25, 4125 Riehen, Switzerland [email protected]

Definitions

For clarity we define key terms used in this policy and illustrate them with practical examples drawn from typical client engagements.

1 Personal data means any information relating to an identified or identifiable natural person. Example: client contact details provided when scheduling a corporate governance review.
2 Processing covers any operation on personal data such as collection, storage, analysis or disclosure. Example: redacting a contract for public filing is processing.
3 User refers to any visitor, prospective client or existing client who interacts with our website or services. Example: a CEO requesting due diligence support through our intake form.
4 Service denotes the business legal consulting activities we provide, including templates, advisory sessions, compliance assessments, and document drafting.
5 Cookies are small data files stored on a device to support website functionality, analytics and preferences. We explain categories below with case-based examples.

Data we collect

We collect data directly from users, automatically via technical systems, and from third parties where necessary for service delivery. The following sections describe each source and typical data items with example scenarios.

Data you provide directly

When you contact us, register for a service, or submit documents, we collect the data needed to handle that request and to perform agreed tasks.

  • Identification: name, title, company name (e.g., head of legal submitting a due diligence request).
  • Contact details: email, phone number, postal address.
  • Corporate documents: incorporation papers, partner lists and contracts necessary for advisory work.
  • Engagement records: case notes, instructions, and signed engagement letters.
  • Payment information and invoicing details when billing for paid services.
  • Optional feedback and testimonials provided after a completed engagement.

Automatically collected data

Technical and usage data is collected to operate our website, improve services, and support analytics. Below are common items collected automatically.

  • Device and browser information such as operating system and browser type.
  • IP address and approximate location used for security and fraud prevention.
  • Usage data: pages visited, time spent, and navigation paths to improve the site experience.
  • Cookies and similar identifiers used for session management and preferences.
  • Performance metrics to monitor uptime and resolve technical issues.
  • Error logs and crash reports used to diagnose technical problems.

Data from third parties

We may receive data from trusted third parties when relevant to service delivery, always limited to what is necessary for the task at hand.

  • Professional advisors engaged by clients who provide documentation to support a transaction.
  • Payment processors and banks for invoicing and payment reconciliation.
  • Public registries and commercial databases for entity verification during due diligence.

Purposes of processing

We use personal data to deliver services, manage the client relationship, maintain security, and meet legal obligations. Each purpose is illustrated with an example use case.

  • Provision of legal consulting services — e.g., drafting a partner' agreement using client-supplied documents.
  • Client onboarding and identity verification during a corporate formation engagement.
  • Billing and payment processing for invoiced services.
  • Service improvement and analytics to refine templates and workshop formats.
  • Security and fraud prevention when suspicious access patterns are detected.
  • Regulatory compliance where we must retain or disclose information under Swiss law.
  • Communication about service steps, deadlines, and deliverables in active engagements.
  • Archival and record-keeping for contract and compliance history after project close-out.

Legal basis for processing

We rely on lawful bases appropriate to each processing activity, choosing the minimum necessary basis for the relevant scenario.

  • Contract performance: processing required to perform an engagement or provide requested services.
  • Legal obligation: processing needed to comply with statutory duties such as anti-funds laundering checks.
  • Legitimate interests: for security, fraud prevention and internal governance, balanced against user rights.
  • Consent: where required for non-essential marketing communications or certain cookie categories.

Applicable privacy frameworks

Where applicable, we observe EU data protection principles in line with the GDPR and Swiss data protection requirements. The following items summarize relevant user rights and how we support them in practice.

  • Right of access: you can request a copy of personal data we hold about you, with examples of how we deliver that information securely.
  • Right to rectification: we correct inaccurate or incomplete data promptly when notified.
  • Right to erasure: subject to legal retention obligations we remove personal data that is no longer required for the purpose collected.
  • Right to restrict processing: option to limit certain uses during dispute resolution or contract negotiation.
  • Right to data portability: where feasible, we provide personal data in a structured, commonly used format on request.
  • Right to object: individuals may object to processing based on legitimate interests; we will assess and respond with a reasoned outcome.

Cookies and tracking

Cookies support essential site functions, analytics and preference storage. We use cookie categories to match common use cases and provide controls for non-essential cookies.

Types include session cookies for login and navigation, persistent cookies for preferences, and analytics cookies for usage patterns that inform service improvements.

Categories: essential (site functioning), performance and analytics (usage improvements), and marketing (third-party integrations). Example: analytics cookies help us measure which tutorial case studies are most useful.

You can manage cookie preferences via your browser settings or the cookie banner where offered. Blocking certain cookies may affect site features such as saved templates or workshop registrations.

Cookie policy and settings

Data sharing and recipients

We share personal data only as necessary for service delivery and legal compliance. Below are typical recipient categories and practical reasons for sharing.

  • Service providers working under contract to support operations, e.g., cloud storage for secure document platform.
  • Professional counterparties such as external counsel or auditors engaged by the client or by us to complete a matter.
  • Regulators, courts or law enforcement when disclosure is required by law.
  • Payment processors and banks for invoicing and settlement purposes.
  • Potential acquirers or advisors in the event of a business reorganization; disclosures are limited and subject to confidentiality safeguards.
  • Recipients will be contractually required to protect data and use it only for permitted purposes.

International transfers

Some processing may involve transfers outside Switzerland or the EEA, for example using cloud services hosted in other jurisdictions. Transfers are evaluated case-by-case and limited to what is necessary for service delivery.

When transfers occur we put appropriate safeguards in place, such as standard contractual clauses or equivalent measures, and document the risk assessment for each transfer scenario.

Data retention

We retain personal data only for as long as necessary for the purpose collected and to satisfy legal or professional obligations. Retention periods vary by data type and engagement scenario.

Account and client relationship records are retained for the duration of the engagement and thereafter for a standard archival period used by legal service providers to meet regulatory and professional requirements.

Messages and communications related to an active matter are retained for the term of the matter and for a reasonable period afterwards to support potential follow-up queries or audit needs.

Technical logs, system backups and audit trails are retained to monitor security and service integrity; retention periods are defined to balance operational needs with data minimization principles.

LegalLabTeam retains personal data only for as long as necessary to fulfill the purposes described in this policy, to meet legal obligations in Switzerland, and to resolve disputes. Typical retention periods are: client engagement records and billing details — up to 10 years in line with Swiss accounting and tax requirements; consultation notes and correspondence — up to 7 years after the end of the professional relationship unless a shorter retention period is requested; marketing consents — until withdrawn. Where deletion is requested and no legal obligation prevents it, we erase or anonymize personal data within a reasonable timeframe and document the action with a case note outlining the scenario and outcome so that deletion decisions are auditable.

Data security and practical safeguards

LegalLabTeam applies a layered approach to data protection informed by practical cases and scenarios. In typical client engagements we segregate client files, apply role-based access, and maintain encrypted backups. For example, in a cross-border corporate restructuring case we implemented compartmentalized file access and multi-factor authentication to prevent accidental disclosure during high-sensitivity negotiation phases. Security measures are reviewed after incidents and in scheduled risk assessments to align with evolving threats and Swiss regulatory expectations.

  • Encryption of data at rest and in transit using industry-standard protocols with documented key rotation scenarios.
  • Access controls and role-based permissions, reviewed after onboarding and at key project milestones to reflect scenario-specific needs.
  • Regular backups, documented incident response plans, and periodic tabletop exercises based on past case studies to validate procedures.

Your rights

Clients and website users have a set of rights regarding their personal data. LegalLabTeam describes below the rights, practical steps to exercise them, and example situations illustrating how each right may apply in real engagements.

  • Right to access: request a copy of the personal data processed about you; in a contract negotiation scenario this is typically limited to records directly related to that engagement.
  • Right to rectification: ask us to correct inaccurate or incomplete personal data, for example correcting contact details in retained client records.
  • Right to erasure: request deletion of personal data, subject to retention for legal or legitimate business purposes such as tax and accounting obligations.
  • Right to restriction: request limitations on processing while a dispute about accuracy or lawfulness is resolved; often used in due diligence scenarios.
  • Right to data portability: where feasible, obtain personal data in a structured, commonly used machine-readable format for data you provided to us, typically relevant when transferring an account between service providers.
  • Right to object: object to certain processing activities such as direct marketing; we will document the objection and cease the processing unless a compelling legitimate basis exists.
  • Right to withdraw consent: if processing is based on consent (e.g., newsletter), you may withdraw consent at any time without affecting prior processing.
  • Right to lodge a complaint: if you consider your rights under applicable data protection law are not respected, you may lodge a complaint with the Swiss Federal Data Protection and Information Commissioner or another supervisory authority.

How to exercise your privacy rights

To exercise any of your rights, submit a request to LegalLabTeam by email or postal mail with sufficient detail to identify you and the records you seek to access or modify. We accept requests accompanied by a copy of an identity document for verification. Practical case note: in corporate client scenarios we accept requests from authorized representatives accompanied by a signed power of attorney. Address: Bahnhofstrasse 25, 4125 Riehen, Switzerland. Email requests can be sent via the contact form on LegalLabTeam.pro.

[email protected]

We aim to respond to verified requests promptly and typically within 30 days. In complex cases or where supplementary verification is required, we will inform you of any necessary extension and the reasons, using examples of similar case timelines to set expectations.

Marketing communications

LegalLabTeam uses personal data for lawful marketing where permitted and relevant, such as sharing updates about services, event invitations, and insights from practical case studies. Marketing materials are tailored to professional interests and aligned with opt-in preferences. We avoid unsolicited outreach where consent is not provided or where a professional relationship does not justify it under applicable law.

To stop receiving marketing communications, use the unsubscribe link in any email or submit a request via the contact form on LegalLabTeam.pro. We process unsubscribe requests promptly and document the action in the client preference record.

Children's privacy

LegalLabTeam services are directed to businesses and professionals. We do not intentionally collect personal data from children under 16. If we become aware that we have collected data from a person under that age, we will take reasonable steps to delete the information, subject to legal retention obligations and applicable safeguards.

Third-party links and services

Pages and documents on LegalLabTeam.pro may contain links to third-party services such as government registries, payment processors, and legal databases. These third-party sites have their own privacy practices. In practice, during due diligence engagements we link to official registries but do not control external data handling; clients are advised to review the privacy policies of any external provider before transmitting personal data.

Changes to this privacy policy

LegalLabTeam may update this privacy policy to reflect changes in our practices, legal requirements in Switzerland, or findings from case reviews. Material changes will be posted on LegalLabTeam.pro with a clear effective date and, where appropriate, communicated to active clients. Example scenario: following a regulatory update affecting cross-border data transfers, we revised contractual clauses and notified clients with ongoing international matters.

Contact and data controller

For privacy questions or to submit a rights request contact: LegalLabTeam, Bahnhofstrasse 25, 4125 Riehen, Switzerland; Email via the contact form at LegalLabTeam.pro. For urgent matters include reference to your engagement and the relevant scenario so we can prioritize verification and response.

+41762856985
Bahnhofstrasse 25, 4125 Riehen, Switzerland