Legal advice & risk management
for entrepreneurs, SMEs and startups

Privacy Policy


1.1 Purpose and content of this privacy policy

This data protection declaration explains how and for what purpose we, Thommen Law & Risk Management GmbH, collect and process personal data. Personal data is any information that relates to an identified or identifiable person. You will also be informed about your rights.

This data protection declaration is based on the EU General Data Protection Regulation (GDPR). Although the GDPR is an EU regulation, it is relevant in this case because the Swiss Data Protection Act (DPA) is closely based on it. In addition, certain companies outside the EU are subject to the GDPR under certain circumstances. This privacy statement is therefore based on their standards.

1.2 Use of this website

We treat personal data confidentially and in accordance with the statutory data protection regulations.

In cooperation with the hosting provider of our website, Cyon GmbH, based in Basel, we strive to protect your data as well as possible from unauthorised access, loss, misuse or falsification. As a data processor, Cyon GmbH also processes this data. Their privacy policy can be found at However, the electronic transmission of data (namely in the case of e-mail communication or by means of forms on our website) can have security gaps. Complete protection of data against access by third parties cannot therefore be guaranteed.

By using our website and its links, you consent to the collection, processing and use of data in accordance with the provisions below. If you do not agree with the following provisions, please leave or refrain from accessing our website.

If you are redirected to other sites via links on our website, please inform yourself there about the respective handling of your data. We have no influence on these websites and accordingly assume no responsibility for their accuracy, completeness or legality.


If you have a data protection concern arising out of or in connection with the use of this website and/or this privacy statement, you can contact us at the following address:

Thommen Law & Risk Management GmbH
Patrick Thommen
D4 Business Village Lucerne, Square 10
CH-6039 Root D4



The DSG and Art. 6 para. 1 lit. a – f DSGVO form the legal basis for data processing and this privacy policy.


As a matter of principle, we only collect and process personal data that we receive from customers and other business partners as well as other persons involved in our business relationships with them in accordance with this section 4 and section 5 or that we collect from their users when operating our website and other applications.

4.1 SSL/TLS encryption
For security reasons and to protect the transmission of confidential content, our website uses SSL/TLS encryption. This prevents third parties from reading the data you transmit to us, namely enquiries via the contact form.

4.2 Data collection when visiting our website
Our website can be visited without registration. In particular, the following information may be registered in a file (log file) on our provider’s server:

  • IP address
  • Date and time of access
  • Name of the called file
  • Access status (OK, partial content, document not found, etc.)
  • Page from which the access was made
  • Web browser used
  • Operating system used

The collection of this data is technically necessary to ensure the stability, security and comfortable use of our website. The data collected is not personalised, but is evaluated exclusively for internal statistical purposes in order to make our website even more user-friendly.

4.3 Cookies
Our website uses cookies. These are small text files that make it possible to store specific information related to the user on the user’s terminal device while the user is using a website. Cookies make it possible, in particular, to determine the frequency of use and number of users of the pages, to analyse behaviour patterns of page use, but also to make our offer more customer-friendly. Cookies remain stored beyond the end of a browser session and can be retrieved when the user visits the site again.

By accepting cookies and using our website, you agree to the use of cookies. If you do not wish to do so, set your internet browser to refuse or restrict their acceptance or to delete stored cookies.

4.4 Google Maps
Our website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about the visitor’s use of the map functions. You can find more information about data processing by Google in the Google privacy policy.

4.5 Google reCAPTCHA
Our website uses the Google service reCAPTCHA for the purpose of distinguishing whether a form request is made by a human or automatically and mechanically. The IP address of the sender and any other data required for this service are transmitted to Google. You can find more information on this in the Google privacy policy.

4.6 Contact form and e-mail
If you contact us via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.

If you contact us by email, please note that unencrypted communication via email is neither secure nor confidential. E-mails may be intercepted, modified or deleted, lost, arrive late or incomplete and contain viruses. We expressly exclude liability for this.

4.7 Contract initiation and execution
Your personal data, such as title, name, address, e-mail address and telephone number, will be collected and processed to the extent necessary for the establishment, content or amendment of the contractual relationship with you as a customer, supplier, subcontractor or other third party involved and for the performance of the contract.

We do not pass on your personal data to third parties outside the processing of the contract without your express consent or on a legal basis. Section 5 provides more details on this.


To the extent permitted by law, we also disclose your data to third parties in the course of our business activities and for the purposes listed in section 4, either because they process it for us or because they need it to provide their services to us. The following recipients are considered third parties in this sense:

  • Service providers and subcontractors of ours, i.e. external partners such as lawyers, notaries, trustees, including order processors such as IT hosters or IT consultants.
  • dealers, suppliers and other business partners. This does not apply to customers as data subjects.
  • domestic and foreign authorities, offices or courts in the case of legal obligation, necessity for the execution of the contract or to protect our own interests
  • in the event of legal obligation or necessity for the performance of the contract to other parties in possible or actual non-contentious or contentious matters.
  • Parties interested in acquiring or acquiring Thommen Law & Risk Management GmbH

The third parties listed above are located in Switzerland and partly abroad. Should data be transferred to a country without adequate data protection, we will only transfer your data after an appropriate risk analysis and on the basis of so-called standard contractual clauses of the European Commission, model contracts of the Swiss Federal Data Protection and Information Commissioner, Binding Corporate Rules for an adequate level of protection or on the basis of the statutory exceptional circumstances of consent, contract performance, the establishment, exercise or enforcement of legal claims, overriding public interests, published personal data or because it is necessary to protect the integrity of the data subjects.


Subject to longer-term retention obligations due to legal or other obligations, personal data is generally only stored for as long as the respective purpose requires.
In relation to the data we process and which concerns you, you have the right to:
  • information about the collected data
  • correction of inaccurate data
  • deletion of the data stored with us
  • restriction of processing
  • objection to the processing

All requests in connection with this clause must be addressed in writing to the person responsible in accordance with clause 2 of this data protection declaration.


We hereby object to the use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested. In the event of the unsolicited sending of advertising information, for example by spam e-mails, we expressly reserve the right to take legal action.


This privacy policy may be amended at any time without prior notice. The current version published on our website shall apply.

Root D4, 6 July 2023


© Thommen Law & Risk Management GmbH | Impressum | Privacy policy