Trusted data handling

About this Privacy Policy

This Privacy Policy explains how FirmaNowLex collects, uses and protects personal data in the context of our business law support services for independent owners in Switzerland. We focus on keeping processing transparent, limiting data to what is necessary and enabling you to exercise your data rights. Our approach is practical: we aim to make legal compliance easier for clients by using clear notices, documented purposes and secure handling of information.

15-02-2026
FirmaNowLex, Biberenzelgli 30, 3210 Kerzers, Switzerland. Business ID CHE-176.470.495.
Biberenzelgli 30, 3210 Kerzers, Switzerland
[email protected]
01

Key definitions

To make this policy clear, we define some recurring terms used throughout the document. Definitions are aligned with common data protection terminology to help you understand what we mean by personal data, processing and Services.

Personal data means any information relating to an identified or identifiable natural person, such as name, contact details, identification numbers, billing information and communications history that you provide when using FirmaNowLex services. Processing refers to any operation performed on personal data, including collection, storage, use, disclosure, modification and deletion carried out to deliver our legal support services and manage client relationships. User means an individual who uses our website or services, including clients, prospective clients and their authorized representatives, whose data we may process to provide legal assistance and related administrative functions. Service refers to the legal assistance, document templates, compliance checklists, consultations and online information provided by FirmaNowLex to independent business owners and small firms. Cookies are small text files placed on your device when you visit our website to support the functioning of the site, remember preferences and collect anonymous usage information that helps improve our services.
02

What data we collect

We collect the minimum amount of personal data necessary to provide services, communicate with clients, manage accounts and meet legal obligations. Data sources include information you provide, technical data collected automatically and, where applicable, data from trusted third parties.

Data you provide directly

When you contact us or sign up for services, you may provide the following types of information. We rely on this data to tailor legal documents, respond to inquiries and manage engagements efficiently.

  • Contact details: name, email address, postal address and telephone number.
  • Business details: company name, business ID (for example CHE-176.470.495), VAT number and business address.
  • Engagement information: scope of legal support requested, relevant contracts, case notes and documents you upload.
  • Billing and payment information: invoicing address and payment reference details needed to process transactions.
  • Communications: messages, meeting notes and consent preferences related to services and marketing.
  • Feedback and survey responses to help us improve our service quality and client experience.

Automatically collected data

When you visit our website or use online features, we collect technical and usage data to ensure reliable operation, security and to optimise our content for a better user experience.

  • Device and browser information such as device type, browser version and screen resolution.
  • IP address, approximate location derived from IP and language preferences to serve content appropriately.
  • Usage metrics including pages visited, time on site, clicked features and navigation patterns.
  • Error reports and performance data to detect and resolve issues promptly.
  • Cookie identifiers and similar tracking vouchers if you consent to their use.
  • Server logs required for secure and stable operation of our website and services.

Data from third parties

In some cases we receive data from trusted third-party providers to help verify business details, process payments or deliver services. We restrict these sources to reputable partners and contractually limit use of the data.

  • Payment processors for invoicing and payment reconciliation.
  • Professional service providers such as accounting or technical vendors assisting with service delivery.
  • Publicly available business registries used to confirm company identifiers and registration information.
03

Why we process your data

We process personal data for clear, documented purposes that support the relationship with our clients, the delivery of services and compliance with legal obligations. Each processing activity is limited to what is necessary.

  • To provide legal support services, including drafting and reviewing contracts tailored for independent owners.
  • To manage client onboarding, billing, invoicing and payment reconciliation.
  • To communicate case status, respond to enquiries and coordinate service delivery.
  • To improve and personalise our website and service offerings based on aggregated usage data.
  • To comply with legal and regulatory obligations applicable in Switzerland and relevant cross-border rules.
  • To protect the security of our services and detect fraudulent or malicious activity.
  • To maintain records required for our business operations and professional responsibilities.
  • To seek feedback and provide non-intrusive service updates or information about relevant legal developments.

Legal bases for processing

We rely on appropriate legal bases to process personal data. Below are typical bases applicable to different processing activities for clients in Switzerland and cross-border contexts.

  • Performance of a contract: processing necessary to provide legal services you requested.
  • Legal obligation: processing required to comply with statutory duties, record-keeping and tax obligations.
  • Legitimate interests: processing for operational security, fraud prevention and service improvement where such interests are balanced against individuals' rights.
  • Consent: where we ask for consent (for example for certain cookies or direct marketing), we rely on freely given consent which you can withdraw.

Your rights under data protection law

Although FirmaNowLex is based in Switzerland, we take privacy protections seriously and align many practices with European standards to meet client expectations and applicable cross-border requirements.

  • Right to access: you may request confirmation whether we process your personal data and obtain a copy of that data.
  • Right to rectification: you may request correction of inaccurate or incomplete personal data we hold.
  • Right to erasure: subject to legal and contractual limits, you may request deletion of personal data that is no longer necessary.
  • Right to restrict processing: where accuracy is contested or processing is unlawful, you may ask for restriction of use.
  • Right to portability: where applicable, you may request a structured, commonly used and machine-readable copy of your data.
  • Right to object: you may object to processing based on legitimate interests or direct marketing, and we will assess and respond accordingly.
04

Cookies and similar technologies

We use cookies to operate the website, provide core functionality and gather anonymised usage data. You can manage cookie preferences and limit tracking while still using key site features.

Types of cookies include strictly necessary cookies for website operation, performance cookies for analytics, and functional cookies to remember settings. We do not use profiling cookies without consent.

Necessary cookies: required for navigation and security. Performance cookies: collect anonymised statistics. Functional cookies: enable preferences and enhanced features.

You can manage or withdraw consent for non-essential cookies via the cookie settings banner on our website or through your browser settings. Disabling some cookies may affect website functionality.

Read our detailed cookie policy on FirmaNowLex for more information.

Sharing and disclosure of data

We limit data sharing to what is required to deliver services, comply with legal obligations or support essential operations. Where third parties process data on our behalf, we require contractual safeguards to protect confidentiality and security.

  • Service providers such as payment processors, cloud hosting and secure document storage vendors.
  • Professional advisers and compliance partners when necessary to fulfil engagement terms.
  • Authorities and regulators when disclosure is required by law or for official contribute.
  • Prospective buyers or advisors in the event of a business reorganisation, subject to confidentiality protections.
  • Aggregated, anonymised data that cannot be used to identify individuals may be shared for analytics and business improvement.
  • Other parties only with your explicit consent or as required to perform contracted services.

International transfers

Where personal data is transferred outside Switzerland, we ensure appropriate safeguards such as standard contractual clauses, binding corporate rules or transfers to countries with adequate protections. Transfers are limited to necessary recipients and documented accordingly.

Safeguards include contractual commitments with subprocessors, encryption in transit and data access restrictions to ensure legal and technical protection of transferred data.

Data retention

We retain personal data only as long as necessary to provide services, meet legal obligations and resolve disputes. Retention periods are reviewed periodically to ensure they remain proportionate.

Account and client records are typically retained for the duration of the client relationship plus a defined statutory period required for tax and professional records in Switzerland.

Communications related to service delivery are kept for a period necessary to manage the engagement, usually aligned with the retention of engagement files and legal requirements.

System logs and security-related records are retained for a limited period required to contribute incidents and maintain system integrity.

When data is no longer needed and no legal obligation requires retention, we securely delete or anonymise personal data in accordance with our data retention procedures.

Security of your data

We apply administrative, technical and organisational measures to protect personal data against unauthorised access, loss or misuse. Security controls are regularly reviewed to match evolving threats while preserving the confidentiality and integrity of client information.

  • Encryption of data in transit and at rest for client documents and sensitive records.
  • Access controls and role-based permissions to limit data access to authorised personnel only.
  • Regular security assessments, patch management and incident response procedures to address vulnerabilities.
05

How to exercise your rights

You may exercise your data protection rights by contacting us. We aim to respond promptly and transparently, providing clear instructions and reasonable forms to submit requests.

  • Submit a request to access, correct or delete your personal data as described in this policy.
  • Withdraw consent for processing where consent was the lawful basis, noting that withdrawal does not affect processing already carried out.
  • Complain to a supervisory authority if you consider our processing does not comply with applicable data protection laws.
  • Request correction: You can ask FirmaNowLex to correct inaccurate or incomplete personal information we hold about you. We will review and implement corrections promptly when appropriate.
  • Request deletion: If you no longer want FirmaNowLex to process your personal data, you may request deletion subject to legal obligations and legitimate business needs that require retention for compliance or record-keeping.
  • Restrict processing: You can request that we limit how we use your personal data while a dispute about accuracy or lawfulness is being resolved. We will apply restrictions where required by law.
  • Object to processing: If our use of your personal data is based on our legitimate interests, you can object to that processing for reasons related to your particular situation. We will evaluate and respond to valid objections.
  • Data portability: Where applicable, you have the right to receive a copy of personal data you provided to FirmaNowLex in a structured, commonly used, machine-readable format and to request transmission to another controller.

How to exercise your privacy rights

To exercise any privacy right, contact our Data Protection Team at [email protected] or write to FirmaNowLex, Biberenzelgli 30, 3210 Kerzers, Switzerland. Include a clear description of the data and the action you request. We will verify your identity and respond in accordance with applicable law.

[email protected]

We aim to respond to valid privacy requests within one month. If a request is complex or numerous, we may extend this period by an additional two months and will notify you of any extension and the reasons for delay.

Marketing and communications

FirmaNowLex may send you service updates, product news, and offers tailored to independent business owners who use our legal tools. Communications are based on your subscription preferences or a business relationship. Messages are designed to be relevant and useful to your operational needs.

You can opt out of marketing communications at any time using the unsubscribe link in our emails or by contacting [email protected]. Transactional messages about your account or purchases will still be sent when necessary.

Children and data

Our services are intended for business owners and adult users. FirmaNowLex does not knowingly collect personal data from children under 18. If we learn that we have collected data from a minor, we will take steps to delete it promptly.

Links to third-party sites

FirmaNowLex.pro may link to third-party websites or services for convenience. These external sites have their own privacy practices. We are not responsible for content, privacy practices, or policies of those third parties; review their terms before providing personal information.

Changes to this privacy policy

We may update this privacy policy to reflect legal, technical, or business developments. When changes are significant, we will provide more prominent notice, such as an email or site banner. Continued use of FirmaNowLex after updates means you accept the revised policy.