back to previous page arrow

Privacy Policy
of Barandun AG

Barandun AG, Mühlebachstrasse 25, P.O. Box, CH-8024 Zurich (hereinafter also «we», «us») is responsible for your personal data (hereinafter also «data») and the data processing described in this data protection declaration.

In this privacy policy we describe how we obtain and process data when you visit our website, use our services, otherwise deal with us under a contract, communicate with us or otherwise deal with us.

If you transmit or disclose data about other persons to us, we assume that you are authorised to do so and that this data is correct. By submitting data via third parties, you confirm this. Please also ensure that these third parties have been informed about this privacy policy.


1 We collect and record data when you interact with us, for example in communications by correspondence, email, telephone, social media and/or when attending meetings. We also collect or create data in the course of providing services and when we obtain data from other sources (for example, by consulting publicly available sources) to update or supplement your information.

2 We process data that we receive from the data subjects themselves or third parties involved (e.g. counterparty, courts, authorities) in the course of our business relationship with you as a client and for the handling of other business and contractual relationships. The data we collect and process about you includes:

  • Your contact details (for example, name, address, telephone number, email address, information about the company you work for, your role there and/or your titles);
  • Your identification and background information, which you provide to us or which we collect from you in the course of accepting a mandate or application (e.g. curriculum vitae, income and asset situation, family circumstances);
  • Information concerning mandates which is disclosed to us by you o third parties in the course of preparing and processing the mandate (e.g. facts with data of you, counterparties and third parties);
  • Information that is disclosed to us in the course of our service provision, as well as information that we obtain and/or create from third partie in the course of our service provision;
  • Your financial information that you provide to us (for example, banking relationship, billing details, payment information).


3 We process data if it appears necessary for us to communicate, process a contract, provide services or to assert, implement, or defend legal claims, comply with legal and regulatory obligations and protect legitimate interests. In particular, we process your data in order to provide, document and invoice our services professionally and in accordance with our contractual and legal obligations.

4 The purpose of processing your data includes:

  • Communication with you and third parties in the context of enquiries, applications, the processing of mandates and the provision of our services;
  • Processing of mandate enquiries and carrying out money laundering investigations as well as conflict and reputation checks;
  • To offer and improve our services to you and other clients;
  • Recording and invoicing of our services as part of our service provision;
  • Managing the business relationship with you and our clients;
  • Advertising our services, including sending publications, alerts, updates, invitations to events and the like;
  • Processing of applications;
  • Provision, maintenance, evaluation and improvement of our website (see also below, point 8);
  • Compliance with laws, directives and recommendations from authorities, risk management and enforcement and defence of legal claims.

5 We take reasonable security measures to maintain the confidentiality, integrity and availability of your data and to protect such data against unauthorised or unlawful processing, loss, accidental alteration, disclosure or access.


6 As part of and to the extent of the provision of our services, complying with our legal obligations or otherwise to safeguard our legitimate interests, we also transfer data to third parties, some of whom can decide for themselves how they process your data. These are in particular, but not exclusively:

  • Parties involved in the provision of the mandate, for example counterparty, courts, authorities, data room services;
  • Providers to whom we have delegated certain support services, for example financial accounting, translators;
  • IT providers, for example for telephony, hosting and cloud services;
  • Our auditors;
  • Our bank.

7 These categories of recipients may in turn involve third parties, so that your data could also become accessible to them. Within the scope of the purpose of data processing, we may disclose data to courts, law enforcement agencies, regulatory and governmental authorities as well as law enforcement and enforcement agencies, if deemed necessary. Furthermore, we may be required to share your data to comply with legal requirements and regulatory obligations.


8 In principle, we process your data in Switzerland. However, it cannot be ruled out that, through the use of web-based services, your data may also be transferred to other countries for processing, including those without an equivalent level of data protection.

9 If a recipient – for example a third party in the context of the processing of a mandate – is located in a country without adequate statutory data protection, we contractually oblige the recipient of the data to comply with the applicable data protection as far as possible, unless the recipient is already subject to a legally recognised set of rules to ensure data protection and we cannot rely on an exemption clause.


10 If we ask for your consent for certain processing, we will inform you separately about the corresponding purposes of the processing. You can revoke your consent at any time in writing (by post) with effect for the future.

11 If we do not specifically ask for your written or verbal consent to process your data, we will protect that data in accordance with this statement for the purposes described in section 2.


12 We process your data for as long as our processing purposes, in particular for the handling of the client relationship, the statutory retention periods and our legitimate interests in processing for documentation and evidence purposes require it or storage is technically necessary.


13 You are entitled to request detailed information about what data we hold about you and how we process it, as well as a copy of your data. You can also have your data corrected or deleted, restrict our processing activities concerning this information and object to the processing of your data.

14 You may also decide to withdraw your consent to data processing. Please note that even if you choose to withdraw your consent to data processing, we may continue to process your data to the extent required or permitted by law.

15 If you wish to exercise the aforementioned rights against us, please contact us in writing (Barandun AG, Mühlebachstrasse 25, P.O. Box, CH-8024 Zurich). So that we can rule out any misuse, we ask you to identify yourself (for example by means of a notarised statement, unless this is otherwise possible).

16 Please note that legal requirements and exceptions apply to your exercise of rights. To the extent permitted by law, we may refuse your request to exercise these rights.

17 You have the right to lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC).


18 You can use our website without telling us who you are. When you access and use our website, we automatically collect and store relevant log data and device-specific information for a limited period of time. This information includes, but is not limited to, specific information about how you use our website, IP address, access data, information regarding your hardware and software, and device-specific and other similar information. We process this data based on and to the extent necessary for us to operate, maintain and improve our website.

19 On our website, we use technologies with which we and third parties engaged by us can recognise you during your use and possibly also track you over several visits. We do this so that we can ensure the functionality of the website and carry out evaluations and personalisations. We do not want to infer your identity, even if we or third parties engaged by us could identify you through combination with registration data. Even without registration data, however, the technologies used are designed in such a way that you are recognised as an individual visitor each time you access the site, for example by our server (or the servers of the third parties) assigning you or your browser a specific identification number (so-called «cookie»).

20 However, depending on the purpose of these techniques, we may ask for your consent before using them. You can also refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that this may affect your ability to use our website.

21 Our website uses Google Analytics, a service provided by Google LLC, USA, which monitors and records the way our website is used. Google Analytics does this by setting cookies on your computer or other devices. Cookies record information about the number of visitors to this website, visits to individual pages and the length of time for which this website is visited. This information is in aggregate form and is not identifiable with respect to the individual. This integration of Google Analytics is always carried out using anonymised IP addresses.

22 Our website contains a social media plug-in for LinkedIn Corp, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. When you visit our website, no data is passed on to the provider of a plug-in. If you click on the corresponding LinkedIn icons, you will automatically be redirected to our profile. In order to use the functions of LinkedIn there, you must log in to your user account in some cases. When you open the link to LinkedIn, a direct connection is established between your browser and the LinkedIn server. This provides the network with the information that you have visited our website with your IP address and accessed the link. If you access a link to a network while logged into your account on the network in question, the content of our site may be linked to your profile on the network, which means that the network can link your visit to our website directly to your user account. If you want to prevent this, you should log out before clicking on the relevant links. In any case, an association takes place when you log into the corresponding network after clicking on the link.

23 For more information about the purpose and scope of data collection and processing by LinkedIn and your respective rights and privacy options, please see LinkedIn’s privacy policy.


24 This Privacy Policy does not form part of any contract with you We may unilaterally amend this Privacy Policy at any time.

Last update: 1 September 2023

download icon

Download PDF