Website Visit

AITvocat is considered the operator of the website www.aitvocat.com and its subpages (collectively, the "website").

​

Purpose: Through this website you can get a digital overview of AITvocat's legal advisory services and interesting insights.

​

Data categories: You can generally access and browse this website without entering personal data. However, to keep the website operational and secure, certain usage data (so-called server log data) are automatically transmitted to and stored by the hosting service provider with each visit, including the following information:

​

• Browser type/version

• Operating system used

• Referrer URL (the previously visited website)

• Hostname of the accessing computer (IP address)

• Date and time of the server request

• Name of the requested file

• Amount of data transferred

• Notification of successful retrieval

​​

These data are not merged with other data sources and remain separate from your personal data that you may provide, for example, via a contact or appointment form.

​

Retention period: This bundle of server log data is not stored longer than necessary for the hosting service provider's security processes and is deleted once the purpose ceases to apply.

​

Legal basis: Since a trouble-free and secure website operation is the absolute foundation for a reputable web presence and your browsing experience, AITvocat relies on Art. 6 para. 2, Art. 31 para. 2 FADP, Art. 6 para. 1 sentence 1 lit. f GDPR.

​

Data recipients: This website is operated by the hosting service provider Wix.com Ltd., Yunitsman St. 5, Tel Aviv, Israel, on behalf of AITvocat (see the EU Commission’s adequacy decision here). Wix.com participates in the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework and has certified its compliance (see here). Server log data is hosted via multi-cloud hosting in secure data centers operated by AWS, Google, Equinix, and others that are ISO 27001-certified, primarily located in the following regions: North America and Europe. Naturally, privacy-by-design principles are also applied – during transmission, Wix.com uses HTTPS over TLS 1.2 or higher, as well as an SSL certificate. Data at rest is encrypted with AES-256, the industry standard for encryption methods. Within Wix.com’s PCI environment, a FIPS 140-2 certified Hardware Security Module (HSM) is used, which represents the highest standard for encryption and secure data storage.

​

​​​

The Digital Cookies 🍪

When guests come, you need cookies in the house. The same goes here: This website serves some digital cookies - also known as cookies. These include cookies in the strict sense, but also scripts, pixels, and similar web browser technologies. These small text or code files are stored locally on your device when you visit the website. They make this website user-friendly and work properly. Personal data may be collected and processed in the process - no crumbs, but with clear rules.

​

​

What Kinds of Cookies Are Used Here?

Necessary cookies: These are the basics - like butter on your bread. Without them, the website simply doesn't run smoothly. They ensure for example, that content and layout are displayed correctly and that the site technically functions at all.

​

Functional cookies: These are the little chocolate nuggets - your comfort features. They remember, for example, your language and view settings or save unsent form entries so you don't have to type them again. With each revisit, your browser sends the stored functional cookie back to the web server. The cookies used here are therefore essential for the functionality of certain convenience features, such as maintaining an active session. AITvocat has agreed with the web designer to restrict the services to useful, non-consent-requiring helpers - because AITvocat assumes you like comfort and a fast, uncomplicated browsing experience.

​

Advertising or marketing cookies: AITvocat does not intend to track you across multiple websites. AITvocat prefers direct exchange and hope for your positive recommendation. If you like the Strategic and Innovation Advisory, feel free to recommend AITvocat - and of course your suggestions are always welcome. Just call, book an online appointment, or write a positive review - that helps AITvocat gain new clients without marketing and tracking measures.

​

Third-party cookies: In some cases, a little external support can enhance the quality of your browsing experience – for example, to show you interactive maps or videos directly on this website. However, these are services provided by third parties, and they may collect your personal data (including your IP address) for their own purposes and may store it – possibly in data centers outside Switzerland or the EU – as soon as you interact with their embedded elements. These providers have their own privacy and cookie policies, over which AITvocat has no control. However, this kind of functionality is not currently in use here, so AITvocat can, for the time being, forgo a consent banner.

​

​

How to Delete or Disable Cookies

If you want to clear the slate, you can simply delete your browser history. That will remove all cookies from all websites you have visited. But beware: doing so will also remove stored information such as form entries or language settings.

 

Without the full "tabula rasa" you can also configure your browser to refuse cookies altogether or to ask you each time a cookie is about to be stored. How to set this depends on your browser and device - check the help function for specifics.

​​​​​

​

External Links or Icons

Sometimes you will find QR codes, hyperlinks or icons on the website that lead you to external sites or applications (e.g., LinkedIn). AITvocat selects such links with care - but I cannot monitor every change in their content. If you notice that an external link violates applicable law or points to a dead page, please let me know.

​

Important to know: Providers of external websites or applications may collect your personal data on their own pages for their own purposes. In such cases, they are the data controllers and must ensure that they comply with applicable data protection laws.​

​

 

Business Development, Communication

Purpose: When you write to AITvocat via the contact form, you voluntarily provide personal data - thank you for your trust! The advisor in chare will use it to coordinate your inquiry, contact you, perhaps clarify preliminary questions by email, or prepare our meeting.

 

Data categories: Your first and last name, phone number, email address; it is also very helpful to receive initial notes from you about the topics you wish to discuss.

​

Retention period: AITvocat or the system deletes or anonymizes your personal data as soon as AITvocat no longer strictly needs them. However, AITvocat cannot delete them immediately: AITvocat must keep your personal data for as long as claims could be asserted against AITvocat or laws (e.g., the Swiss Code of Obligations) require retention. For pure appointment requests without a subsequent engagement, AITvocat deletes these data in due time, e.g., after a cancellation or after the appointment if no engagement arises. If an engagement ensues, the appointment (including notes) becomes part of my engagement documentation and must be retained for ten (10) years from the end of the fiscal year in which we last had contact.

​

Legal basis: Since our communication may take place at different times and in different contexts during our collaboration, let us briefly use legal terminology and say - it depends:

​

• If it concerns handling the initial enquiry without a subsequent engagement, this is covered by the purpose limitation and the legitimate interest in processing your request → Art. 6 para. 2, Art. 31 para. 2 lit. a) FADP and Art. 6 para. 1 lit. f GDPR.

​

• If the communication takes place within an existing business relationship or serves to initiate such a relationship, the interest in performance of the contract is decisive → Art. 6 para. 2, Art. 31 para. 2 lit. a FADP and Art. 6 para. 1 lit. b GDPR.

​

• For a few special cases, such as a newsletter subscription, AITvocat asks for your consent, which then serves as the legal basis for processing → Art. 6 para. 6 FADP and Art. 6 para. 1 lit. a GDPR. Of course: you may withdraw any consent given at any time going forward.

​

Data recipients: For emails, appointment scheduling, chat, and online meetings, AITvocat uses Microsoft Office 365 Enterprise Premium services. The service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Microsoft participates in the EU–U.S. and Swiss–U.S. Data Privacy Frameworks and is certified for compliance (see here).​

​

As part of the subscribed cloud services, Microsoft provides the assurance of the so-called MS EU Data Boundary for the processing of personal data, with AITvocat hosting your personal data exclusively in Swiss data centers (including those with ISO 27001 certification).

Additional data protection and information security configurations (more than 800 predefined settings) were set up, maintained, and continuously monitored and improved by the IT service provider SoloPro, Hübnerstr. 2, 80637 Munich, Germany.

​​​​​​​​

​​​​​

Business Relationship

Purpose: Your personal data are processed and stored for handling your engagement, as well as related settlement matters.

​

Data categories: All personal information you provide, e.g., name, first name, phone number, email, role within your organization, but also data passed on by others, e.g., authorities, business partners, or data AITvocat obtains from publicly accessible sources like commercial registers and websites.

​

Retention period: AITvocat or the system deletes or anonymizes your personal data as soon as they are no longer strictly necessary. AITvocat cannot, however, delete them immediately: AITvocat must retain your personal data as long as claims against AITvocat could arise or laws (e.g., the Swiss Code of Obligations) require retention. Engagement documentation must be retained for ten (10) years from the end of the fiscal year in which we last had contact.

​

Legal basis: Since this concerns the existing business relationship, the interest in performance of the contract is the relevant basis → Art. 6 para. 2, Art. 31 para. 2 lit. a FADP and Art. 6 para. 1 lit. b GDPR.

​

Data recipients: For secure and efficient order management (including accounting and invoicing), AITvocat uses the modern software solution CARL. The service provider is 390 Grad AG (trade name: CARL), Churerstrasse 54, 8808 Pfäffikon, Switzerland. Your personal data is hosted exclusively in Swiss data centers (including those with ISO 27001 certification).

​

​​

​

Video & Audio Conferences, Webinars

Purpose: When we cannot meet in person due to distance or a full schedule, AITvocat conducts online meetings using a digital collaboration platform. This also applies to webinars that AITvocat offers from time to time. The data needed for this is used to provide the virtual meeting space, conduct our meeting efficiently, and keep the platform secure and reliable.

​

Data categories: The scope of processing depends on the data required for the specific online meeting. Typically, this includes your first and last name and data that enables user authentication, such as your email address or phone number and other access credentials, the IP address of your internet connection, details about your device, operating system, browser, and other technical and language settings that enable effective remote communication. It also includes our communications and other information you share, such as your profile picture, professional title/role, chat input, text files, spoken words, video recordings, and in the case of active transcriptions, the timestamps with the speaker’s name.

​

Retention period: AITvocat or the system deletes/anonymizes your personal data as soon as AITvocat no longer requires it. However, your data cannot be deleted immediately: AITvocat must retain your personal data as long as legal claims may be brought against AITvocat or as long as storage obligations apply (e.g., under Swiss contract law). The online meeting (including communications, recordings, and/or transcripts) is generally part of the engagement documentation, which must be retained for ten (10) years from the end of the fiscal year in which we last had contact.

​

Legal basis: Let’s look at the underlying legal principles:

• User authentication & login – If your data is processed for authentication and access to the conferencing platform, this is based on the legitimate interest in secure usage → Art. 6 para. 2, Art. 31 para. 2 lit. a) FADP and Art. 6 para.1 lit. f) GDPR.

​

• Live transcription & transcript – Unless otherwise agreed, AITvocat uses live transcription in Microsoft Teams Premium. This processing is based on the legitimate interest in ensuring efficient documentation of meetings → Art. 6 para. 2, Art. 31 para. 2 lit. a) FADP and Art. 6 para.1 lit. f) GDPR.

​

What actually happens then? While we talk, Microsoft Teams creates a real-time transcript of what is said. This is very helpful for accessibility purposes and meetings with foreign-language participants. The system does not create audio or video recordings – Microsoft only live-streams the spoken audio and converts it into text using automatic speech recognition (ASR). You can view the transcript during the meeting, but you cannot copy or forward it.

 

As the meeting host, only AITvocat has access to the transcript and can send it to you upon request. Nothing is stored that wouldn’t otherwise appear in an email. Bonus: After the meeting, you receive a concise summary capturing requirements, commitments, and action items.

​

More privacy & anonymity desired? – In Teams, transcripts and subtitles automatically include your name and a timestamp. If you prefer to remain anonymous, you can hide your name – this applies to the live meeting and the stored version. For instructions, please refer to the linked Microsoft help page before the meeting.

​

• Video recording – In this case, AITvocat records audio, video, and any content you share on your screen – but only with your explicit consent. Legal basis → Art. 6 para. 6 FADP and Art. 6 para. 1 lit. a) GDPR. You will always be informed beforehand – either in the meeting invitation or at the latest directly before the recording begins. If you are uncomfortable with the recording, please inform us in advance. We will then consider solutions such as anonymization, no recording, or alternative documentation. Only what is visible or audible is recorded: your spoken words, your video if your camera is on and you speak, and your screen if you share it. A live transcript also runs in parallel, converting speech to text (see the previous bullet point). If you join late, you will see a clear notice that recording is in progress.

​

More privacy & anonymity is always possible – turning off your camera means no video of you; muting your microphone means no audio from you; both off means you remain a silent participant. When you activate camera and/or microphone, this counts as consent to recording. Please also ensure that no third parties are visible or audible in your environment.

 

You may use background blur or virtual backgrounds if available. Also important: Access links and meeting credentials must not be shared with unauthorized persons.

​

Data recipients: For online meetings, AITvocat uses Microsoft Office 365 Enterprise Premium services. The service provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland. Microsoft participates in the EU-U.S. and Swiss-U.S. Data Privacy Frameworks and is certified for compliance (see here).

 

As part of the subscribed cloud services, Microsoft provides assurances under the MS EU Data Boundary, with AITvocat hosting your personal data exclusively in Swiss data centers (including ISO 27001-certified facilities).

 

Additional data protection and information security configurations (over 800 preset settings) are established, maintained, and continuously monitored and improved by the IT service provider SoloPro, Hübnerstr. 2, 80637 Munich, Germany.

​

​​​​​​​​​​

Job Application

Purpose: You may apply to AITvocat at any time either spontaneously or for an advertised position — thank you for your interest! AITvocat will use your documents for the recruitment process, i.e., for screening and review, possible contact, and arranging interviews.

​

Data categories: Your application documents, including name, contact details, CV, employment references, and any other evidence you provide by email.

​

Retention period: You may withdraw your application at any time. If you decline or AITvocat is unable to offer you a position, AITvocat will delete your documents after six months (to protect legal claims).

 

If you are hired, your application documents become part of your personnel file.

​

Legal basis: AITvocat processes and stores your application data as a pre-contractual measure and due to the legitimate interest in deciding on a potential employment relationship → Art. 328b Swiss CO in conjunction with Art. 6 para. 1 and 2 FADP, Art. 6 para. 1 lit. b GDPR.

​

Data recipients: The provisions set out in the above Section for business development and communication apply here as well.

​​​​​​

​

​

Disclosure to Third Parties

Sometimes AITvocat must disclose your personal data to third parties - don't worry, always securely and only when necessary.

 

Typical cases for AITvocat include:

​

Cooperation partners and external experts: Sometimes, in the course of our collaboration, we need additional experts who become part of the assignment but do not work directly at AITvocat, such as auditors or technicians. I also have a great network of sharp legal colleagues and notaries who can provide specialized support for very specific tasks, and we may involve them by agreement if needed.

​

Authorities, courts and public bodies: Legal obligations often require disclosure of certain data, e.g., in court filings, inquiries from supervisory authorities, commercial register entries — i.e., whenever legal duties or contractual requirements must be fulfilled.

​

Accounting, bank and fiduciary: For billing, tax returns and financial administration AITvocat needs the help of a tax advisor, a bank and possibly debt collection agencies, address verifiers and credit bureaus to process invoices or comply with tax obligations.

​

Insurances: Involved insurers sometimes need certain basic or engagement-related information to assess their contractual obligations and insurance coverage.

​

AITvocat selects all these third parties carefully in compliance with data protection laws. Your data remain confidential and protected according to the state of the art.

​​​​​

​

​

International Data Transfers

As explained above in the individual sections, data processing by AITvocat itself takes place only in Switzerland or Europe. Depending on the case – for example, through digital information processors, subcontractors, or in proceedings involving foreign companies or before foreign courts or authorities – your personal data may potentially be transferred to other countries.

AITvocat does not simply send your personal data out into the world.

​

Transfers to such third countries by contracted service providers only occur if an adequate level of data protection exists there, such as an official determination of adequacy equivalent to the EU or Switzerland - or if the providers have contractually guaranteed that at least an equivalent level is observed, e.g., with the EU Standard Contractual Clauses, including appropriate additional safeguards. AITvocat reviews compliance with these assurances regularly.

 

AITvocat may also disclose your personal data to a country without adequate protection without concluding its own contract when AITvocat can rely on an exception. An exception may apply particularly in foreign legal proceedings, but also in cases of overriding public interest or when the performance of a contract in your interest requires such disclosure (e.g., when data are disclosed to authorized correspondent law firms), when you have consented, or when the data are publicly available and you have not objected to the processing.

​​​​

​

Data Security

Processing activities are technically and organizationally designed to comply with data protection regulations, and the protective measures implemented correspond to the state of the art, the type and extent of processing and the risk the processing entails for your personality or fundamental rights. This website uses, for security reasons among others, spam protection and security gateways and SSL/TLS encryption to protect the transmission of sensitive content.

 

You can recognize this in your browser's address bar: it begins with "https://" and shows a padlock icon. With SSL encryption enabled, third parties cannot read your data during transmission.

​​​​

​​

​

No Automated Decision-Making

AITvocat does not use fully or partial automated decision-making.​

​​​

​

Data Subject Rights

You may exercise various rights at any time as a data subject - always within the scope of the particular situation and applicable law. If you exercise one of these rights, AITvocat may have to reuse your personal data to comply with your request. If costs arise from your request, AITvocat will notify you in advance.

​

In individual cases, AITvocat may still retain or process certain personal data, e.g., if required by law, where a legitimate interest exists, or if AITvocat needs the data to enforce legal claims.

​

• Access: You want to know what AITvocat knows about you, what AITvocat uses it for, how long it is stored and who else may see it? No problem - you can request access at any time → Art. 25, 26 FADP, Art. 15 GDPR.

• Rectification: Your contact details contain a typo or are out of date? Please let AITvocat know and AITvocat will correct them immediately → Art. 6 para. 5 FADP, Art. 16 GDPR.

• Restriction of processing: You can request that AITvocat restricts processing, e.g., if the accuracy of the data is disputed or you have objected → Art. 6 FADP, Art. 18 GDPR.

• Data portability: You want your data packaged in a machine-readable format or transferred to someone else? - Say the word and AITvocat will provide the data export owed to you → Art. 28 para. 1, 29 FADP, Art. 20 para. 1 GDPR.

• Erasure: You can request deletion of your data as far as no legal or contractual duties or technical reasons prevent it → Art. 6 para. 5 FADP, Art. 17 GDPR.

• Withdrawal of consent: If you once gave AITvocat permission to process certain data, you may withdraw it at any time → Art. 6 para. 6 FADP, Art. 7 para. 3 GDPR.

• Objection: If the GDPR applies, you may object to processing where your personal data are processed on the basis of legitimate interests per Art. 6 para. 1 sentence 1 lit. f GDPR → Art. 21 GDPR, provided there are grounds arising from your particular situation or the objection relates to direct marketing. In the latter case, you have a general right to object without explaining a particular situation.

• Complaint: Please first complain to AITvocat personally if you like. You may, however, also file a complaint with a supervisory authority at any time if you believe your rights have been violated → Art. 77 GDPR. A list of EEA authorities can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en