Privacy Policy

The data controller for personal data collected through this website is: Alessandro Brenci, Attorney at Law Place de la Gare 12, P.O. Box 38 1000 Lausanne 12, Switzerland Email: [email protected] Phone: +41 21 321 63 63

The processing of your personal data is based on: • The Swiss Federal Act on Data Protection (nFADP, SR 235.1), in force since September 1, 2023 • The General Data Protection Regulation (GDPR, EU 2016/679), applicable to persons located in the EU/EEA • Your explicit consent when submitting a contact form or resource request • The legitimate interest of the data controller (site improvement, anonymized statistics)

We collect the following data: • Contact form: name, email address, phone number (optional), company (optional), message • Lead magnet form: name, email address, company (optional) • Technical data: IP address (anonymized), browser type, pages visited, visit duration • Cookies: only technical cookies necessary for site operation and anonymized analytics cookies (Umami Analytics, GDPR-compliant, no third-party cookies)

Your data is processed exclusively for: • Responding to your contact and consultation requests • Sending you requested legal resources (memo, diagnostic) • Improving the quality and relevance of our services • Producing anonymized site traffic statistics No data is used for unsolicited commercial prospecting.

Your personal data is never sold or shared with third parties for commercial purposes. The only recipients are: • Alessandro Brenci (data controller) • Formspree Inc. (sub-processor for form transmission, US servers, certified compliant with EU standard contractual clauses) • Umami Analytics (anonymized statistics, self-hosted, no third-party cookies) Attorney-client privilege (Art. 13 BGFA) applies to all communications received.

• Contact data: retained for the duration necessary to process your request, then deleted within 12 months after the last exchange • Analytics data: anonymized, retained for a maximum of 26 months • Data related to a legal mandate: retained in accordance with legal obligations (minimum 10 years under Swiss law)

Under the nFADP and GDPR, you have the following rights: • Right of access: obtain a copy of your personal data • Right to rectification: correct inaccurate data • Right to erasure: request deletion of your data • Right to data portability: receive your data in a structured format • Right to object: object to the processing of your data • Right to withdraw consent: at any time, without retroactive effect To exercise these rights, contact us at: [email protected] You may also file a complaint with the Federal Data Protection and Information Commissioner (FDPIC) or, for EU residents, with the competent supervisory authority.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction: • TLS/SSL encryption for all communications • Restricted data access (need-to-know principle) • Hosting on secure servers • Regular system updates

Some data may be transferred to third countries (United States) through our technical sub-processors. These transfers are governed by: • Standard contractual clauses approved by the European Commission • Equivalent guarantees within the meaning of Art. 16 nFADP No transfer is made to countries that do not provide an adequate level of protection without appropriate safeguards.

This privacy policy may be modified at any time. The current version is the one published on this site. We encourage you to review it regularly. Date of last update: May 1, 2026.