Privacy Policy

Definitions

The terms below are used in this policy to describe categories of data and processing activities. Where relevant, we distinguish between personal data provided directly by users and data collected automatically.

Personal data means any information relating to an identified or identifiable natural person, including name, contact details, job title and identifiers associated with devices or accounts used to access our services.
Processing refers to any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, or erasure.
User refers to any natural person who visits our website, contacts AppLabJura, or is a client or prospective client of our legal services for digital product teams.
Service refers to legal advisory, contract drafting and review, compliance assessments, and related consulting services provided by AppLabJura to digital product teams.
Cookies are small text files placed on a device to store information about preferences or tracking identifiers. Similar technologies include local storage and pixel tags.

Data collection

We collect personal data necessary to provide legal services, to communicate with clients and prospects, and to operate and improve our website. Collection is limited to data relevant to these purposes.

Data you provide

When you contact AppLabJura or engage our services we may collect the following categories of information provided directly by you or your representatives:

Contact details: name, job title, company name, email address and telephone number.
Engagement information: matter description, contract terms, scope of work and billing details necessary to provide legal services.
Identity and verification data: where required for compliance, copies of identity documents or corporate registration details.
Communications: correspondence, meeting notes, documents and files you share with us in connection with legal advice.
Payment information: payment method details supplied to third-party processors for billing purposes; AppLabJura does not store full payment card data internally.
Preferences and marketing opt-ins: subscription choices and consent records where you sign up for newsletters or updates.

Data collected automatically

When you visit our website or use online resources we collect technical information automatically to operate the site and analyse usage patterns.

Device and browser information, including user agent and screen resolution.
IP address and approximate geolocation derived from IP for security and routing purposes.
Usage data: pages visited, time on page, referral sources and interaction events.
Error logs and diagnostic data related to website performance.
Analytics identifiers and aggregated metrics collected by web analytics tools.
Cookie identifiers and similar technical vouchers used to remember preferences.

Data from third parties

In some cases we receive personal data from third parties that assist in delivering our services or that are part of a client's environment.

Service providers and subcontractors acting on our behalf, such as cloud hosting and email platforms.
Payment processors and accounting providers necessary to handle billing and invoicing.
Client-supplied third parties, including technical contacts, partners and external advisors appointed by a client.

Purposes of processing

We process personal data for limited, explicit purposes necessary to deliver our services and run our operations. These purposes include:

Delivering legal advice, contract drafting and compliance assessments for digital product teams.
Managing client relationships, communications and billing related to matters handled by AppLabJura.
Operating and maintaining the website, including security, uptime and technical support.
Conducting internal accounting, recordkeeping and invoicing.
Improving services and training staff using anonymized or pseudonymized data where feasible.
Complying with legal obligations such as anti-funds laundering checks and statutory record retention.
Protecting the rights and property of AppLabJura and its clients, including fraud detection and cybersecurity.
Communications about events, publications or offerings where you have opted in to receive such information.

Legal basis for processing

We rely on lawful grounds to process personal data. The applicable basis depends on the context of the processing activity.

Performance of a contract: processing necessary to provide legal services and to perform contractual obligations.
Legal obligation: processing required to comply with Swiss legal or regulatory duties, including business and anti-funds laundering obligations.
Legitimate interests: processing for the legitimate operational interests of AppLabJura, balanced against individuals' rights and freedoms.
Consent: where required for marketing or optional services, we process personal data on the basis of an explicit consent that you may withdraw.

Applicable law and data subject rights

AppLabJura is established in Switzerland. This policy addresses the Swiss Federal Act on Data Protection (FADP) and, where applicable to European individuals, references to the EU General Data Protection Regulation (GDPR) are provided. If you are located in the EU/EEA, certain additional rights may apply.

Right of access: you can request confirmation of whether we process your personal data and obtain a copy of the data processed.
Right to rectification: you may request correction of inaccurate or incomplete personal data.
Right to erasure: in certain circumstances you may request deletion of personal data that is no longer necessary or unlawfully processed.
Right to restriction and objection: you may ask us to restrict processing or object to processing based on legitimate interests, subject to our legal obligations.
Right to data portability: where processing is based on consent or contract and carried out by automated means, you may request a machine-readable copy of personal data.
Right to lodge a complaint with a supervisory authority: if you consider your rights under applicable law are infringed you may contact the appropriate regulator, for Switzerland this is the Federal Data Protection and Information Commissioner.

Cookies and similar technologies

We use cookies and similar technologies to make the website function, to remember preferences and to analyse usage. Cookies are classified by purpose and lifespan.

Types include session cookies (temporary for a single visit), persistent cookies (stored until expiry), and functional cookies (to remember settings). We may also use analytics cookies to measure site performance.

Categories: strictly necessary cookies for core site functions; performance and analytics cookies to understand usage; functional cookies for user preferences; and marketing cookies where explicit consent is obtained.

You can manage cookie preferences through your browser settings and, where available, our cookie banner. Blocking certain cookies may affect site functionality and user experience.

Detailed cookie settings and policy

Data sharing and recipients

We share personal data only where necessary to provide services, process payments, comply with law, or where you have given consent. Recipients are selected and contractually bound to protect data.

Service providers and processors such as cloud hosting, email services and document management platforms.
Payment and billing processors used to handle invoicing and collections.
Professional advisors and subcontractors engaged to provide specialised services on a confidential basis.
Public authorities or courts where disclosure is required by law, regulation or legal process.
Clients' third-party vendors when acting on instructions from a client and necessary for the engagement.
Analytics and marketing providers where you have opted in to tracking or communications.

International transfers

Personal data may be transferred to third countries for hosting, processor operations or client instructions. Transfers are limited to jurisdictions necessary for service delivery or as required by law.

Where transfers occur outside Switzerland or the EEA, AppLabJura uses appropriate safeguards such as contractual clauses, adequacy decisions where applicable, or other measures consistent with legal requirements to protect data.

Data retention

We retain personal data only as long as required for the purpose for which it was collected, to meet legal or contractual obligations, or to protect legitimate business interests.

Account and client records are retained for the duration of the engagement and for a period thereafter required by Swiss law or for the protection of legal rights, typically governed by statutory limitation periods.

Communications and case-related documents are retained in line with file retention policies necessary for legal services and compliance, then archived or securely deleted.

System logs, backups and security records are retained for operational needs and incident contribute for defined periods, balancing operational requirements with privacy.

When retention periods expire or data is no longer required, AppLabJura deletes or anonymizes personal data in a manner appropriate to its sensitivity and legal obligations.

Security measures

AppLabJura applies organisational and technical measures to protect personal data against unauthorized access, loss, misuse or alteration. Security practices are reviewed periodically and updated as needed.

Administrative controls including access management, role-based permissions and staff training on data protection.
Technical safeguards such as encryption for data in transit and at rest, secure backups and network protections.
Operational measures including incident response procedures, regular audits and vendor due diligence.

Your rights

You may exercise the rights described below by contacting AppLabJura at the contact details provided. We will respond within applicable legal timeframes and may require verification of identity.

Right of access: request a copy of personal data we hold about you and information on processing activities.
Right to rectification: request correction of inaccurate or incomplete data.
Right to erasure: request deletion of personal data in circumstances provided by law, subject to retention requirements.
Right to restriction and objection: request restriction of processing or object to processing based on legitimate interests; requests will be assessed in context.
Right to data portability and withdrawal of consent: where applicable, request transfer of your data in a structured format and withdraw consent for processing that relied on consent.
Right to data portability: You may request an export of personal data we process about you in a commonly used, machine-readable format where processing is based on consent or contract and carried out by automated means.
Right to restrict processing: You may ask us to limit how we process your personal data where accuracy is contested, processing is unlawful but you oppose erasure, or where data is needed for establishment, exercise or defence of legal claims.
Right to withdraw consent: Where processing is based on consent, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.

How to exercise your rights

To exercise any privacy rights listed above, contact AppLabJura using the contact details below or via the web forms on AppLabJura.pro. We will verify identity before responding when necessary and provide a clear description of the action we will take and any information required from you to process the request.

[email protected]

We aim to respond to verified requests within one month of receipt. For complex or numerous requests this period may be extended by up to two additional months; we will inform you of any extension and the reasons for it within one month.

Marketing communications

AppLabJura may send information about services, events, or updates relevant to digital product teams if you have opted in or where there is an existing business relationship. Marketing messages will include clear options to opt out and will be limited to content that aligns with the services we provide.

You may unsubscribe from marketing communications at any time using the unsubscribe link in emails, by adjusting preferences in your account where applicable, or by contacting us directly. Unsubscribe requests are processed promptly and will not affect transactional messages.

Children's data

Our services are intended for use by adults and professional teams. We do not knowingly collect personal data from individuals under legal age for contracting in Switzerland. If we learn that we have collected data from a minor without appropriate consent, we will take steps to delete it where permitted by law.

Third-party links

Our website and communications may include links to third-party sites and services. AppLabJura is not responsible for the privacy practices or content of external sites. Review the privacy policies of any third-party sites you visit to understand how they use your data.

Changes to this privacy notice

We review this privacy notice periodically. Material changes will be posted on AppLabJura.pro with an updated effective date. Minor clarifications or non-substantive edits may be applied without prior notice where required for accuracy or regulatory compliance.