Privacy Policy

With this Privacy Policy, Fries Partner AG informs you about how personal data are processed in the course of its legal and business activities and about your rights as a data subject. The protection of your privacy is a matter of particular importance to us.

Personal data are processed in accordance with the applicable Swiss data protection law and, where applicable, the EU General Data Protection Regulation (GDPR). This Privacy Policy applies in addition to other legal notices, engagement letters and general terms and conditions of Fries Partner AG.

A. Data Controller

For any questions relating to data protection, you may contact:

Fries Partner AG
Chollerstrasse 32
CH-6300 Zug
Switzerland
E-mail: legal@friespartner.ch

B. Processing of Personal Data in the Context of Client and Contractual Relationships

1. Categories of Personal Data Processed

We primarily process personal data that we receive directly from our clients or their employees in the context of client relationships. In addition, and to the extent permitted by law and required for the performance of our mandates, we may process personal data obtained from other sources, in particular from authorities, courts, counterparties and their legal representatives, business partners, as well as from publicly available sources.

Such processing is carried out exclusively in the course of our legal activities and for the fulfilment of the associated contractual and statutory obligations.

In addition to personal data obtained directly from you, we may also process personal data obtained from third parties. These include, in particular:

  • master and contact data, such as names, addresses, functions, organisational affiliations, e-mail addresses and telephone numbers;

  • content, usage, as well as meta and communication data, in particular in connection with correspondence, electronic communications and the use of information services;

  • information from public registers, in particular commercial, debt enforcement or land registers;

  • information obtained in connection with administrative or judicial proceedings;

  • data required for compliance with statutory obligations, in particular in the area of anti-money laundering and other regulatory requirements;

  • information required for the assertion, exercise or defence of legal claims in the context of a mandate;

  • information provided by third parties from your professional or personal environment, insofar as this is required for the initiation, performance or administration of mandates or contractual relationships;

  • creditworthiness and business information, as well as information from banks, insurance companies and other business partners, insofar as required in connection with a mandate or contractual relationship;

  • information from publicly accessible sources, including media and the internet, insofar as appropriate in the specific case.

2. Purposes of Processing

Personal data are primarily processed for the initiation, performance and administration of client and contractual relationships, including communication and invoicing. Personal data are also processed, where required, to comply with statutory obligations.

In addition, personal data may be processed, to the extent permitted by law and required, for further purposes based on our legitimate interests, in particular:

  • for the assertion, exercise or defence of legal claims and in connection with judicial or administrative proceedings;

  • for the prevention, detection and investigation of criminal offences or other misconduct, including internal investigations;

  • to ensure IT, building and data security and to protect our employees and assets entrusted to us;

  • in connection with corporate or business transactions and for internal organisation and management purposes;

  • for the further development of our services and offerings;

  • for information, communication and marketing purposes, provided that you have not objected to such processing.

Where processing is based on your consent (e.g. in the context of specific reviews or background checks), personal data are processed within the scope of and on the basis of such consent. Any consent given may be withdrawn at any time with effect for the future.

3. Disclosure of Personal Data and Transfers Abroad

We disclose personal data in the course of our legal activities only to the extent required for the performance of our mandates, the execution of contractual relationships or the fulfilment of statutory obligations. Recipients may include, in particular, courts and authorities, counterparties and their legal representatives, business and contractual partners, as well as engaged auxiliaries and service providers acting as processors.

Recipients of personal data may be located in Switzerland, the European Union or in other countries. Where personal data are transferred to countries that do not provide an adequate level of data protection, we ensure an appropriate level of protection, where required by law, through suitable safeguards or on the basis of applicable statutory exemptions.

4. Retention Period

We retain personal data only for as long as required for the initiation, performance and termination of client or contractual relationships, for the purposes pursued by the processing, or for compliance with statutory retention and documentation obligations. Personal data may be retained for longer periods where an overriding private or public interest exists.

Once personal data are no longer required for these purposes, they are deleted or anonymised.

C. Use of Our Website

1. Provision of the Website and Log Files

When accessing our website, technical access data are automatically collected and stored in log files by the hosting provider. This includes, in particular, information on the browser type and operating system used, the IP address, date and time of access, the previously visited page, and the content accessed on our website. The hosting provider may be located in the European Union, which means that technical access data may also be processed within the EU.

Such data are processed exclusively for the technical provision of the website, to ensure its security and stability, and for error analysis. These data are not combined with other personal data and are not used for marketing, tracking or profiling purposes.

1.1 Purpose of Processing and Legal Basis

The processing of technical data collected in connection with the use of our website serves to ensure the availability and functionality of the website, as well as IT security and error analysis. This processing is based on our legitimate interests. No use is made for marketing or profiling purposes.

1.2 Retention Period

Technical access data are retained only for as long as necessary to achieve the stated purposes. Log file data are deleted or anonymised after an appropriate period, so that no attribution to individual persons is possible.

2. Engagement of IT Service Providers (Processors)

For the provision and operation of our IT infrastructure, we work with external IT service providers. In the course of support and maintenance activities, such providers may have access to personal data to the extent required for the provision of their services.

Such service providers process personal data exclusively on our behalf, are contractually bound by confidentiality obligations, and are subject to the applicable data protection requirements. Processing for their own purposes does not take place.

D. Rights of Data Subjects

Under the applicable data protection law, you have in particular the right to request access to, rectification or deletion of your personal data, the restriction of processing, the right to object to processing, and, where provided by law, the right to data portability.

Where personal data are processed on the basis of your consent, you may withdraw such consent at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal. Irrespective of this, we may continue to process personal data to the extent required or permitted by law, in particular to comply with legal obligations or to assert or defend legal claims.

You also have the right to assert your claims in court or to lodge a complaint with the competent data protection authority. The competent supervisory authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC).

E. Amendments to this Privacy Policy

This Privacy Policy may be amended at any time. The current version will be published on our website and applies from the date of publication.

Last updated: January 2026