Zurich · Cross-border mandates · Private & institutional clients EN DE

Privacy policy

How we handle data

This policy explains what personal data we collect through this website, why, on what legal basis, and what rights you have. It is drafted to satisfy the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR) where applicable.

Last updated: 14 May 2026

1. Controller

The controller for personal data processed in connection with this website is:

Dornfeld & Partner Rechtsanwälte
Zurich, Switzerland
Email: [email protected]
Phone (DE): +49 69 757 884 210

Full registry and supervisory-authority details are set out in the Impressum.

2. Categories of personal data processed

This website is intentionally minimal. The following categories of data may be processed:

We do not use Google Analytics, marketing or retargeting pixels, social-network widgets, A/B testing services, heat-map / session-recording tools, or any third-party data-processors for analytics or advertising.

3. Purposes and legal bases

4. Recipients

We do not sell, rent, or share your personal data with third parties for marketing purposes.

Personal data may be disclosed to:

5. International transfers

This website is hosted in the European Economic Area or in Switzerland (a country with an adequacy decision under EU law and adequate protection under Swiss law). Cross-border mandates may require transfers to local counsel outside the EEA / Switzerland; in those cases we rely on contractual safeguards or your explicit consent under Art. 49 GDPR.

6. Retention

Server logs are retained for short technical periods (typically 14 days, never more than 90 days). The functional language cookie expires after twelve months. Email enquiries and mandate files are retained for the periods required by Swiss professional rules, currently ten years from the end of the mandate, subject to longer periods where applicable law mandates them.

7. Your rights

Subject to the FADP / GDPR, you have the right to:

8. Cookies

The only cookie this site sets is df_lang — a strictly functional cookie used to remember your language preference (EN or DE). It contains no identifier, is not shared with third parties, expires after twelve months, and is set only when you actively switch language. Under FADP / GDPR, strictly functional cookies do not require prior consent; nonetheless we surface a low-friction notice for transparency.

You can delete this cookie at any time through your browser's settings. No site features will break, your language preference will simply not persist between visits.

9. Security

The website is served over HTTPS with modern TLS ciphers and HTTP Strict Transport Security enabled. Production traffic passes through a CDN configured in strict-encryption mode, with origin-only certificate validation. We apply reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction.

10. Contact for data requests

To exercise any of the rights set out above, or for any privacy question, please write to [email protected] with the subject line "Data request". We respond to verifiable requests within statutory deadlines (typically one calendar month).

11. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or in applicable law. The "Last updated" date at the top of this page indicates when the policy was last revised. Material changes will be flagged on the homepage for a reasonable period.