Privacy Policy
This Privacy Policy explains how CodeRLegal collects, processes and stores personal data in the provision of legal services to IT businesses. We describe what data we handle, the purposes for processing, the legal bases we rely on, retention practices, security measures and the rights available to individuals. Our approach is focused on minimising data processing, maintaining confidentiality in legal work, and ensuring compliance with applicable Swiss and European data protection rules where relevant. CodeRLegal operates from Inseliquai, 6005 Lucerne, Switzerland. For operational queries contact [email protected] or call +41763316700. Business ID: CHE-864.745.054. Effective date of this policy: 08-04-2026.
Definitions
The terms used in this policy have the following meanings. These definitions apply to the text below and are intended to clarify how we use terminology when describing processing activities and legal relationships between CodeRLegal and individuals.
- Personal data: any information relating to an identified or identifiable natural person, such as name, email address, telephone number, identification numbers and other identifiers that can be used to identify an individual directly or indirectly.
- Processing: any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, erasure and destruction.
- User: an individual who interacts with CodeRLegal services, including clients, prospective clients, website visitors and individuals whose data is provided to us in the context of legal engagements.
- Service: the legal advisory, contract drafting, compliance review, dispute support and other professional services that CodeRLegal provides to IT businesses and related stakeholders.
- Cookies: small text files placed on a device by a website or service to store information about preferences, session identifiers and tracking data that support functionality, analytics and optional personalization.
Data we collect
We collect personal data necessary to provide our legal services, to communicate with clients, to comply with legal obligations and to operate our website. Collection happens through data provided directly by users, automatic technical collection, and lawful third-party sources.
Data you provide directly
Data supplied by clients and contacts when engaging our services, registering for updates, or communicating with our team. Typical categories include:
- Contact information: name, professional email address, business telephone and company name
- Client matter data: contract drafts, project specifications, IP identifiers and other case-related documents necessary for legal work
- Billing and invoicing details: billing address and invoicing contact; payment information may be processed by third-party payment processors
- Onboarding information: organisational details, role and authority to instruct and other internal compliance inputs
- Communications: correspondence, meeting notes and records of instructions provided to CodeRLegal
- Consents and preferences: marketing preferences and consents provided for optional communications
Data collected automatically
When you visit our website or use online services we collect certain technical and usage data automatically to operate the service and improve user experience.
- Technical data: IP address, browser type, operating system and device identifiers
- Usage data: pages visited, time spent on pages, navigation paths and interaction events
- Log data: server logs, timestamps and error reports related to the website and service infrastructure
- Analytics data: aggregated metrics provided by analytics providers to assess performance
- Security data: records of access attempts and security event data necessary to protect systems
- Geolocation data: coarse location derived from IP address for security and analytics purposes
Data from third-party sources
We may receive personal data about individuals from authorised third parties to facilitate instruction and verification where appropriate.
- Service providers and subcontractors who assist with payment processing, hosting, analytics and secure document storage
- Public registers and legal databases relevant to client matters, such as corporate registries and IP databases
- Referrers and partners that provide contact details or contextual information for a prospective engagement
Purposes of processing
We process personal data for specific, explicit and legitimate purposes. Below are the main purposes together with typical processing activities and lawful bases.
- Provision of legal services: analyzing documents, drafting agreements, and delivering legal advice necessary to perform the contract with a client
- Client onboarding and identity verification: collecting information required to establish the client relationship and meet anti-funds laundering checks where applicable
- Billing and accounting: issuing invoices, processing payments and maintaining business records to meet tax and accounting obligations
- Security and fraud prevention: monitoring systems for unauthorized access and contribute incidents to protect client data
- Service improvement and analytics: analysing aggregated usage data to improve our website, workflows and service delivery
- Legal and regulatory compliance: responding to lawful requests from courts, regulators or authorities and fulfilling statutory obligations
- Communications: responding to client queries, sending contractual notices and managing client relationships
- Marketing where consented: informing subscribers about events or resources when explicit consent has been given
Legal bases for processing
We rely on appropriate legal grounds for processing personal data depending on the context. The principal bases we use are:
- Performance of a contract: processing necessary to provide legal services and meet our contractual obligations to clients
- Legitimate interests: processing for security, fraud prevention, service improvement and enforcement of our rights where those interests are balanced against individual rights
- Consent: where we rely on consent for marketing communications or optional features, consent can be withdrawn at any time
- Legal obligation: processing required to comply with statutory duties such as tax, audit and regulatory reporting
Data protection and GDPR
Where the General Data Protection Regulation (GDPR) applies, CodeRLegal adheres to its principles and individuals subject to GDPR retain the rights set out below. We also comply with Swiss data protection law and applicable international requirements.
- Right of access: you have the right to request confirmation of whether we process your personal data and to obtain a copy of that data
- Right to rectification: you may request correction of inaccurate or incomplete personal data
- Right to erasure: subject to legal limits, you may request deletion of personal data that is no longer necessary for the purposes collected
- Right to restriction: you may request restriction of processing in specific circumstances
- Right to data portability: where processing is based on consent or contract and carried out by automated means, you may request a machine-readable copy of your personal data
- Right to object: you may object to processing based on legitimate interests or direct marketing; we will assess such objections in accordance with law
Cookies and similar technologies
We use cookies and similar technologies on our website to enable essential functions, measure performance and, with consent, support analytics and optional personalization.
Cookies used include session cookies that expire after you close your browser, persistent cookies that remain for a defined period, first-party cookies set by our domain and third-party cookies set by service providers for analytics or functionality.
We classify cookies as necessary (required for basic site operation), performance and analytics (to improve the site), functional (to remember preferences) and marketing (used only with consent).
You can manage cookie preferences via the cookie banner on our website or through your browser settings. Disabling certain cookies may affect site functionality and service features.
Cookie Policy
Data sharing
We do not sell personal data. Sharing is limited to trusted processors and legal recipients where necessary to deliver services, comply with law or protect rights.
- Service providers and processors: secure hosting, document repositories, payment processors and professional tools engaged under data processing agreements
- Legal and regulatory recipients: courts, regulatory bodies or law enforcement when required by law or to protect legal rights
- Professional advisors: accountants or external counsel engaged to support a client matter under confidentiality obligations
- Affiliates and subcontractors: partners assisting with delivery of specific services under contractual safeguards
- Prospective buyers or supporter: in the event of a corporate transaction, personal data may be shared as part of due diligence under controlled conditions
- Aggregated and anonymised data: statistical information that does not identify individuals may be shared for research or service improvement
International transfers
Personal data may be transferred to jurisdictions outside Switzerland and the European Economic Area for hosting, processing or collaboration with service providers. Such transfers occur only where appropriate safeguards are in place or another lawful basis applies.
Safeguards include the use of European Commission standard contractual clauses where applicable, reliance on adequacy decisions, contractual protections, encryption and minimisation of transferred data. We assess third-party processors to ensure a comparable level of protection.
Data retention
We retain personal data only as long as necessary for the purposes described, to satisfy legal obligations, resolve disputes and enforce agreements. Retention periods are determined by the nature of the data and applicable legal requirements.
Account and client relationship records are retained for the duration of the engagement and for a period thereafter required by tax, audit and professional rules; typically this period is at least the minimum statutory term applicable to legal and business records.
Communications and case-related correspondence are retained for the duration necessary to provide ongoing legal services and to preserve records relevant to a matter, subject to applicable retention obligations.
System and security logs are retained for a limited period required for security monitoring and incident contribute, then archived or deleted in line with operational needs and legal requirements.
On valid deletion requests we will remove personal data from active systems unless retention is required by law. Backups and archives may retain data for a limited additional period in accordance with our retention schedules.
Security measures
We apply administrative, technical and physical measures proportionate to the risk to protect personal data from unauthorized access, disclosure, alteration or destruction. Security is reviewed regularly and adapted to evolving threats.
- Encryption in transit and at rest for sensitive client files and communications where appropriate
- Strict access controls and role-based permissions to limit data access to authorised personnel
- Incident response procedures, regular security assessments and supplier security evaluations
Your rights
Individuals may exercise their privacy rights by contacting CodeRLegal using the details below. Requests will be handled in accordance with applicable law and subject to verification requirements to protect confidentiality.
- To exercise rights or submit a request, contact [email protected]. We will verify identity and respond within applicable legal timeframes.
- If you are not satisfied with our response, you may lodge a complaint with the relevant data protection authority (for Switzerland: the Federal Data Protection and Information Commissioner) or the supervisory authority applicable in your jurisdiction.
- Correction — You can request correction of inaccurate or incomplete personal data we hold about you to ensure records are accurate and current for legal and contractual purposes.
- Erasure — Where applicable under law, you may request deletion of personal data that is no longer necessary for the purposes collected or processed, subject to retention requirements for legal compliance and dispute resolution.
- Restriction of processing — You may ask us to restrict the processing of your personal data while a correction or dispute is being resolved, or where processing is unlawful and you prefer restriction over deletion.
- Data portability — To the extent applicable, you can request a copy of personal data you provided in a commonly used, machine-readable format for transfer to another provider.
- Objection to processing — You have the right to object to processing based on our legitimate interests or direct marketing; we will review objections and either cease the processing or explain compelling legitimate grounds for continuation.
- Withdraw consent — Where processing is based on consent, you may withdraw that consent at any time; withdrawal will not affect lawfulness of processing prior to withdrawal.
How to exercise your rights
To exercise any of the rights described above, submit a written request to our data protection contact. Include sufficient detail to identify yourself and the specific request (for example, which data you wish to correct or access). We may require identity verification to protect your privacy and prevent unauthorized disclosures.
We aim to acknowledge requests promptly and to provide a substantive response within 30 days of receipt. If a request is complex or numerous, we will inform you and may extend the response period by up to an additional 60 days with explanation.
Marketing communications
We may send informational or promotional communications about CodeRLegal services where you have opted in or where permitted by applicable law. Communications will be limited to relevant legal and compliance updates, service announcements, and offers tailored to IT businesses.
You can opt out of marketing communications at any time by following the unsubscribe link in any communication or by contacting our privacy team at [email protected]. Opt-out requests are processed promptly and do not affect transactional messages.
Children and minors
Our services and communications are directed to business users and legal representatives. We do not knowingly collect personal data from children under the age of 16. If we become aware that we have inadvertently collected data of a child under that age, we will take steps to delete such data in accordance with applicable law.
Third-party links and services
Our website and services may contain links to third-party sites or use third-party services for analytics, payments, or hosting. CodeRLegal is not responsible for third-party privacy practices. Review the privacy policies of those providers before submitting personal data.
Changes to this privacy notice
We periodically review and, when necessary, update this privacy notice to reflect legal, operational, or technical changes. Material changes will be published on our website with an updated effective date. Continued use of our services after changes indicates acceptance of the updated terms.