Data protection, confidentiality and professional legal standards

Privacy Policy and Data Protection Notice

This Privacy Policy explains how CodeYLegal (operating from CodeYLegal.digital) collects, uses, stores and shares personal data in the course of providing legal consulting services to the IT sector. Our registered business details: CodeYLegal, Voa Principala, 7078 Obervaz, Switzerland. Business ID: CHE-364.405.986. Contact: +41767180828. This version is effective as of 25-02-2026. We process personal data to deliver legal advice, manage client relationships, meet contractual and legal obligations and maintain secure business operations. We apply technical and organizational safeguards appropriate to the sensitivity of the data and to applicable Swiss and European law where relevant. Where processing is based on consent or legitimate interest, we explain the legal basis and provide mechanisms to exercise data subject rights. We limit collection to data necessary for the stated purposes and retain information only for as long as required to fulfil legal and operational obligations.

25-02-2026
CodeYLegal (Business ID CHE-364.405.986), Voa Principala, 7078 Obervaz, Switzerland
Voa Principala, 7078 Obervaz, Switzerland
contact@codeylegal.digital

Scope and responsible party

Definitions

For clarity, the following definitions are used throughout this policy to describe categories of data, roles and processing activities relevant to our legal services for IT businesses.

Personal data means any information relating to an identified or identifiable natural person, such as name, contact details, professional role, identification numbers and other information that can be linked to an individual.
Processing refers to any operation performed on personal data, including collection, recording, organization, structuring, storage, retrieval, consultation, use, disclosure, erasure and destruction.
User refers to any client, prospective client, business contact, contractor or website visitor whose personal data is processed in the context of services provided by CodeYLegal.
Service refers to legal consulting and related professional services offered by CodeYLegal to companies and individuals in the IT sector, including contract drafting, compliance advice and dispute support.
Cookies are small text files placed on a device by a website to recognize returning visitors, enable functions and collect analytics about site usage. We use cookies for essential site operation and performance monitoring.

What data we collect

We collect personal data necessary to provide effective legal services, to administer client relationships and to comply with regulatory obligations. Collection is limited to what is relevant and proportionate.

Categories of collected data

Data you provide directly

When you engage our services or communicate with us, you may provide the following categories of personal data necessary for service delivery and administration:

  • Contact details: full name, professional email address and telephone number.
  • Company and professional information: employer, role, corporate registration identifiers and relevant corporate documents.
  • Contractual and transactional data: contract terms, billing and invoicing details, payment confirmations and correspondence related to matters we handle.
  • Case and matter details: facts, technical documentation and project materials submitted to obtain legal advice.
  • Communications: records of meetings, email platform and call logs necessary to provide and document advice.
  • Optional information: marketing preferences and consents where you choose to provide them.

Automatically collected data

When you use our website or interact with online services, we collect technical and usage information to operate the site securely and to improve service delivery.

  • Connection data such as IP address, browser type and device characteristics.
  • Usage data including pages visited, time spent on pages and navigation paths.
  • Performance and diagnostic information related to errors and service availability.
  • Cookies and similar identifiers for session management and analytics.
  • Telemetry required to troubleshoot service delivery where you use online consultation tools.
  • Aggregated or anonymized data derived from the above for statistical analysis.

Data from third parties

In certain situations we receive personal data from third parties that support our services or that are party to a transaction, always subject to confidentiality and legal restrictions.

  • Service providers: payment processors, hosting and cloud providers, and analytics vendors.
  • Professional advisors: external legal counsel, auditors or compliance consultants engaged to support a matter.
  • Public and regulatory sources: corporate registers, sanction lists and public filings used for verification and compliance.

Purposes of processing

Why we process personal data

We process personal data for specific and legitimate purposes relevant to delivering legal services to our IT clients, and we document the legal basis for each processing activity.

  • To provide legal advice, draft and negotiate contracts, and manage client matters.
  • To perform contractual obligations such as billing, invoicing and record keeping.
  • To assess and advise on data protection, compliance and regulatory obligations applicable to IT products and services.
  • To protect the security and integrity of our systems and to prevent and contribute unauthorized activity or fraud.
  • To communicate case updates, administrative information and service-related notifications.
  • To conduct internal reporting, quality reviews and aggregate analytics to improve services.
  • To respond to lawful requests from courts, regulators or law enforcement where required by applicable law.
  • To send marketing communications where you have opted in; you may opt out at any time.

Legal basis for processing

We rely on appropriate legal bases for processing personal data depending on the purpose, including contractual necessity, legal obligations, consent and legitimate interests.

Cookies and tracking

We use cookies and similar technologies on CodeYLegal.digital for essential site functions, analytics and, where consented, marketing. Cookies help us provide a secure and usable site experience.

Common types include session cookies (expire after your visit), persistent cookies (stay on your device) and third‑party cookies used by analytics or service providers.

We categorize cookies as strictly necessary, performance/analytics, functionality and marketing/advertising. Only non‑essential cookies are activated after consent where required.

You can control cookie preferences via your browser settings and by using available consent tools on our site. Blocking certain cookies may reduce site functionality.

Full cookie policy

Sharing personal data

We share personal data only as necessary to provide services, to comply with legal obligations or with parties you have authorized. All sharing is governed by confidentiality and contractual protections.

  • Service providers who perform functions on our behalf, such as hosting, billing and analytics.
  • Professional advisers and expert witnesses engaged for specific matters.
  • Regulatory authorities, courts or law enforcement as required by law or to respond to legal process.
  • Potential purchasers or business partners in the context of a business sale or reorganization, subject to confidentiality safeguards.
  • Payment and business institutions to process billing and payments.
  • Other parties where you have provided explicit consent to share your information.

International transfers

Some processing may involve transfers of personal data to countries outside Switzerland or the European Economic Area. When data is transferred internationally, we apply appropriate safeguards such as standard contractual clauses, reliance on adequacy decisions where applicable, or other lawful transfer mechanisms to protect personal data.

Transfers are subject to contractual protections, encryption, access restrictions and review of recipient compliance. Where required, we document transfer mechanisms and make them available upon request.

Storage and retention

Retention policy

We retain personal data only for as long as necessary to fulfil the purposes described, to comply with legal obligations and to resolve disputes. Retention periods vary by category of data and legal requirements.

Account and client records: retained for the duration of the engagement and subsequently for a period necessary to comply with accounting, tax and professional rules; typically this may include retention for up to seven years for accounting documentation where required by Swiss law.

Communications and matter files: retained while relevant to the matter and beyond for legal preservation where necessary, subject to periodic review and secure archival or anonymization.

Operational logs and security records: retained for a limited period for incident contribute and system integrity, commonly 6 to 24 months depending on the log type and legal needs.

At the end of retention periods we securely delete, redact or anonymize personal data. Deletion processes are documented and applied consistently, with exceptions only where retention is required by law.

Security of personal data

We maintain organizational, technical and physical measures designed to protect personal data against unauthorized access, disclosure, alteration and destruction. Measures are reviewed and updated in line with changes to technology and legal requirements.

  • Encryption of data in transit (TLS) and at rest where appropriate.
  • Role‑based access controls, multi‑factor authentication and least‑privilege principles for staff and systems.
  • Regular audits, vulnerability assessments and incident response procedures to detect and address security events promptly.

Data subject rights

Your rights under data protection law

Depending on applicable law, you may have rights to access, correct, restrict or object to processing, to request deletion, and to portability of your personal data. We provide mechanisms to exercise these rights and assess each request in accordance with legal requirements.

  • Right of access: you may request confirmation of whether we process your personal data and obtain a copy of the personal data we hold concerning you.
  • Right to rectification: You may request correction of inaccurate or incomplete personal data processed by CodeYLegal.digital.
  • Right to erasure ('right to be forgotten'): Where applicable under law, you may request deletion of personal data that is no longer necessary for the purposes collected.
  • Right to restriction of processing: You can ask to limit processing while a dispute over accuracy or lawfulness of processing is resolved.
  • Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request a transferable copy of your personal data.
  • Right to object: You may object to processing based on legitimate interests or direct marketing; we will consider your objection and, where required by law, stop processing for those purposes.
  • Right to withdraw consent: For processing based on consent, you may withdraw that consent at any time; withdrawal does not affect processing prior to withdrawal.
  • Right to lodge a complaint with a supervisory authority: If you consider that CodeYLegal.digital has not addressed your concern appropriately, you may refer the matter to the competent Swiss supervisory authority.

How to exercise your rights

To exercise any of the rights listed above, please submit a written request including your name, contact details, and a clear description of the requested action. We may ask for additional information to verify your identity before processing the request. Requests can be sent to our data protection contact at info@codeylegal.digital or by postal mail to the address below.

contact@codeylegal.digital

We strive to respond to valid requests promptly and in any event within 30 calendar days. If a request is complex or numerous, we will inform you within that period if an extension is necessary and explain the reasons.

Data protection and applicable framework

CodeYLegal.digital operates in Switzerland and applies principles of transparency, purpose limitation and data minimisation when processing personal data from clients and website users. We align our practices with Swiss data protection standards and with relevant principles commonly applied across European data protection frameworks.

  • Legal basis for processing: contract performance, legitimate interest, or consent where required.
  • Categories of data: contact details, professional affiliation, communications, billing and case-related documents necessary for legal consulting.
  • Purpose of processing: to deliver legal consultancy, manage engagements, communicate case-relevant information and comply with legal obligations.
  • Data retention: personal data is retained only as long as necessary for the purpose of processing and in compliance with statutory retention obligations.
  • Recipients: where necessary, we may share data with appointed service providers, external counsel or competent authorities under legal requirements.
  • International transfers: transfers outside Switzerland are assessed and conducted with appropriate safeguards such as contractual protections or approved transfer mechanisms.

If you wish to raise a concern with a supervisory authority, you may contact the Swiss Federal Data Protection and Information Commissioner (FDPIC). Contact details for the FDPIC are publicly available on their official website.

Other data categories and processing

Marketing communications

With your consent or where otherwise permitted by law, we may send newsletters or information about services relevant to the IT sector. Marketing messages will contain clear information about the content and an easy way to opt out.

You can unsubscribe from marketing communications at any time via the unsubscribe link in the message or by contacting info@codeylegal.digital. Unsubscribe requests will be processed without undue delay.

Children and data

CodeYLegal.digital does not provide services to minors or intentionally collect personal data of children. If we become aware that personal data of a minor has been collected without appropriate consent, we will take steps to remove such data where required by law.

Third-party links

Our website may contain links to third-party websites. CodeYLegal is not responsible for the privacy practices or content of those sites. We encourage review of third-party privacy statements before providing any personal information.

Changes to this policy

We review this privacy information periodically. Material changes will be published on CodeYLegal.digital with an updated effective date. Continued use of our services after publication of changes constitutes acceptance of the revised policy.

Hello. You reached CodeYLegal. How can we assist your IT project today?