Privacy Policy

Your Rights at a Glance

Under Swiss data protection law, you have the following rights:

• Right to access: Request information about your personal data
• Right to correction: Correct inaccurate or incomplete data
• Right to deletion: Request deletion of your personal data (right to be forgotten)
• Right to restriction: Request restriction of data processing
• Right to data portability: Receive your data in a machine-readable format
• Right to object: Object to processing of your personal data
• Right to lodge a complaint: File a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC)

To exercise any of these rights, contact the firm at contact@gawel.ch.

1. Data Protection at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. The firm treats your personal data confidentially and in accordance with the Swiss Federal Act on Data Protection (FADP), other applicable data protection regulations, and this privacy policy.

Data Collection on This Website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the controller identified in Section 3 below.

Categories of personal data collected:

• Contact data (email address when you contact the firm)
• Technical data (IP address, browser type, operating system, access times)
• Usage data (pages visited, time spent on pages)
• Preference data (dark mode setting stored locally in your browser)

How is your data collected?

Your data is collected when you provide it to the firm, such as through the contact form or via email. Other data is collected automatically by the firm's IT systems when you visit the website, primarily technical data such as internet browser, operating system, or time of page access.

What is your data used for?

The firm processes your personal data for the following purposes:

• Website operation and security
• Responding to inquiries and providing legal services
• Legal compliance and fulfilling statutory obligations
• Improving website functionality and user experience

2. Hosting, Content Delivery, and Analytics

Cloudflare Pages

This website is hosted on Cloudflare Pages. The provider is Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.

Cloudflare automatically collects and stores information in server log files that your browser transmits, including browser type and version, operating system, referrer URL, hostname of the accessing computer, time of server request, and IP address. This data is not combined with other data sources. Server log files are automatically deleted after 30 days.

Cloudflare Analytics

This website uses Cloudflare Analytics to understand how visitors interact with the site. Cloudflare Analytics collects aggregated data about page views, visitor counts, and general usage patterns. This analytics service is privacy-focused and does not use cookies or track individual users across websites.

Legal basis: The collection and processing of this data is justified by the firm's legitimate interest in ensuring website security, stability, and optimisation. The data collected is primarily technical in nature and necessary for website operation, and its processing does not infringe on visitors' personality rights (FADP Art. 31 para. 1).

International Data Transfers

This website is hosted by Cloudflare, Inc., based in the USA. Cloudflare is certified under the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), which was recognised by the Swiss Federal Council as providing an adequate level of data protection as of 15 September 2024. Personal data transferred to Cloudflare is therefore protected at a level equivalent to Swiss data protection standards.

For details about Cloudflare's certification status, please visit: https://www.dataprivacyframework.gov/

In the event Cloudflare ceases to maintain DPF certification, the firm will rely on standard contractual clauses or other appropriate safeguards as required by FADP Art. 16.

3. Controller and Mandatory Disclosures

Information About the Controller

The controller for data processing on this website is:

Kanzlei Dr. Gawel GmbH
Rechtsanwalt Dr. iur. Claus Gawel, LLM (Uppsala), MCIArb
Clarastrasse 2
4058 Basel
Switzerland
Email: contact@gawel.ch

The controller is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Retention Periods

Unless a more specific storage period is specified within this privacy policy, your personal data will remain with the firm until the purpose for data processing no longer applies. If you assert a legitimate request for deletion or revoke consent for data processing, your data will be deleted unless the firm has other legally permissible reasons for storing it.

Specific retention periods:

• Server log files: 30 days
• Email correspondence: Duration of business relationship plus applicable retention periods under Swiss law (typically 10 years for business correspondence)
• LocalStorage preferences: Until manually deleted by the user or browser cache is cleared

Your Rights in Detail

Revocation of consent: Many data processing operations are only possible with your express consent. You can revoke consent at any time. The lawfulness of data processing carried out prior to revocation remains unaffected.

Data portability: You have the right to have data that the firm processes automatically based on your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format.

Access, deletion, and correction: Within the scope of applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to correction or deletion of this data.

Restriction of processing: You have the right to request the restriction of the processing of your personal data.

For all requests relating to your rights, contact the firm using the details above.

Right to Lodge a Complaint

You have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data violates data protection law.

The competent supervisory authority in Switzerland is:

Swiss Federal Data Protection and Information Commissioner (FDPIC)
Feldeggweg 1
3003 Bern
Switzerland
Email: info@edoeb.admin.ch
Website: https://www.edoeb.admin.ch

4. Data Collection on This Website

Contact via Email or Contact Form

If you contact the firm via email or through the contact form on this website, your inquiry, including all resulting personal data (name, email address, inquiry content), will be stored and processed for the purpose of handling your request. The firm will not share this data without your consent.

Legal basis: The processing of contact data is justified under FADP Art. 31 para. 1 on the following grounds:

• Consent: Your voluntary decision to contact the firm
• Contract or pre-contractual measures: The necessity to fulfil a contract or implement pre-contractual measures if your inquiry relates to legal services
• Legitimate interest: The firm's legitimate interest in effectively responding to inquiries

The data you send to the firm will remain until you request deletion, revoke your consent, or the purpose for storage no longer applies. Mandatory statutory retention periods under Swiss law—particularly for business correspondence (typically 10 years)—remain unaffected.

5. Cookies and Local Storage

This website only uses technically necessary local storage. Specifically, the website uses LocalStorage (a browser-based storage mechanism) to save your preference settings, such as the dark mode setting.

About LocalStorage:

• This data is stored exclusively locally in your browser
• No data is transmitted to the firm's servers
• No cookies or tracking technologies are used
• This storage is necessary for basic website functionality and does not require consent
• You can delete this data at any time by clearing your browser cache or browser data

6. Automated Decision-Making and Profiling

The firm does not use automated decision-making, including profiling, as defined under data protection law. All data processing on this website is performed without automated individual decision-making.

7. External Links

LinkedIn

This website contains links to LinkedIn. When you click on a LinkedIn link, you will be redirected to LinkedIn's website. LinkedIn is a service of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

When you click on a LinkedIn link, your browser directly contacts LinkedIn's servers. LinkedIn then receives technical information such as your IP address, device information, and the referring URL. This data transfer occurs directly between your browser and LinkedIn; the firm does not transmit or have access to this data. LinkedIn is solely responsible as controller for its own data collection.

Your choice: You can choose not to click on the LinkedIn badge if you do not wish your data to be transferred to LinkedIn.

Legal basis: The inclusion of these links is justified by the firm's legitimate interest in professional networking and business communication (FADP Art. 31 para. 1).

For more information, please see LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy

Last updated: November 2025