Privacy Policy

Version dated 22 August 2023

With this Privacy Policy, we, Iten McNally LLC (hereinafter Iten McNally, we, or us), describe how we collect and process personal data. This Privacy Policy is not necessarily a comprehensive description of our data processing. It is possible that other privacy statements or contractual terms or similar documents may apply to certain circumstances.

In this Privacy Policy, the term personal data means any information that identifies or could reasonably be used to identify, an identified or identifiable natural person (data subject).

Iten McNally collects personal data from a number of individuals in the course of its business activities, including suppliers, customers, and other business contacts, as well as their respective agents, contractors and consultants, users of our website, individuals who contact us, employees, job applicants, etc.

If you provide us with the personal data of other persons (e.g., family members, work colleagues), please ensure that the persons concerned are aware of this Privacy Policy and that you only provide us with their data if you are authorized to do so and if this personal data is correct.

This Privacy Policy complies with the EU General Data Protection Regulation (GDPR) and the Swiss Data Protection Act (DPA). However, the application of these laws depends on the individual case.


1. Data controller

The data controller of the data processing as described in this Privacy Policy (i.e., the responsible person) is Iten McNally LLC, Gartenstrasse 25, P.O. Box, 8027 Zurich, Switzerland, Tel: +41 (0)44 500 82 32, Email: .

If you have any questions regarding how your personal data is processed or any other data protection concerns, you can contact us using the above-mentioned contact details.

2. Purpose of data processing and legal basis

We primarily process personal data that we obtain from our clients and other business partners as well as other individuals in the context of our business relationships with them or that we collect from users when operating our websites, apps, and other applications.

In addition, in accordance with applicable law and where appropriate, we may process personal data for the following purposes, which are in our (or, where applicable, a third party’s) legitimate interests, such as:

• to ensure our operations, including our IT, websites, apps, and other applications;
• to provide you with information that you have requested from us or that we believe may be of interest to you, where you have consented to be contacted for such purposes;
• to fulfill our obligations under any contracts entered into between you and us;
• to communicate with you and third parties;
• to comply with our legal and regulatory obligations, which may include disclosing certain information and/or recordings of telephone conversations and video conferences to regulators;
• for other business-related purposes, including negotiating contracts, entering into and performing contracts, administering payments, managing accounts and records, supporting corporate social responsibility activities, legal, regulatory, and internal investigations, and debt management;
• to manage our internal recruitment processes; and
• all activities related to employees.

If you have given us your consent to process your personal data for specific purposes, we will process your personal data under and based on that consent, unless we have another legal basis, in which case we will require one. Consent given can be revoked at any time, but this will not affect the data processed before the revocation.

3. Collection and processing of personal data
We primarily use collected data to conclude and process contracts with our clients and business partners, in particular in connection with providing legal services to our clients and the procurement of products and services from our suppliers and subcontractors (e.g., foreign and domestic lawyers and law firms or experts), as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a client or business partner.

To the extent permitted, we obtain certain personal data from publicly available sources (e.g., debtors’ register, land register, commercial register, press, Internet) or we obtain such information from affiliated companies, public authorities, or other third parties. Apart from the data you have provided to us directly, the categories of data we receive about you from third parties include but are not limited to, information from public registers, data we receive in connection with adminis-trative or judicial proceedings, information related to your professional role and activity (e.g., for the conclusion and execution of contracts with your employer), information about you in corre-spondence and conversations with third parties, information about you provided to us by persons associated with you (family members, advisors, legal representatives, etc.) for the conclu-sion or execution of contracts with you or with your cooperation (e.g., powers of attorney), infor-mation about legal requirements, etc. (e.g., powers of attorney), information relating to legal requirements such as anti-money laundering, bank details, and information about you that can be found in the media or on the Internet (where specified in individual cases, e.g. in connection with job applications, media reports, marketing/sales, etc.), your address and any interests, data relat-ing to your use of our websites (e.g., IP address, MAC address of your smartphone or computer, information about your device and settings, cookies, date and time of your visit, pages, and content accessed, applications used, referring website, localization data).

4. Cookies/tracking and other relevant information regarding the use of our website

Technical data
When you visit our website, your user-specific data (e.g., IP address, web browser, operating system) and technical data (e.g., URLs of accessed pages, execution of a search query) are collected and analyzed anonymously.

This data is collected and processed for the purposes of system security and stability, error and performance analysis, as well as for internal statistical purposes, and enables us to optimize our website.

If you have given us your consent to process your personal data for certain purposes (e.g., when you submit an inquiry), we process your personal data within the scope of and based on this consent, unless we have another legal basis, in which case we require such a basis. Consent given can be revoked at any time; however, this does not affect the data processed until revocation.

Communication data
When you contact us by email, telephone, letter, or other means of communication, we collect the data exchanged between you and us, including your contact details and the boundary data of the communication. If we record or listen to telephone conversations or video conferences, we will notify you. Such recordings may only be made and used in accordance with the law.

Cookies and their use
In some cases, we use cookies to tailor our services as closely as possible to your needs. Cookies are small files that cannot perform any actions on their own and are stored on your computer or mobile device when you visit or use one of our websites. Cookies store specific settings about your browser and data related to exchanges with the website through your browser. When a cookie is activated, it can be assigned an identification number that identifies your browser and enables the use of the information contained in the cookie. There are basically two different types of cookies: temporary cookies and permanent cookies. We use temporary cookies that are automatically deleted from your mobile device or computer after the browser session ends. We also use persistent cookies to store user preferences (e.g., language). These remain stored on your computer or mobile device for a long time after the browser session. They are automatically deactivated after a certain time.

Notwithstanding this, you can set your browser to reject cookies, save them for one session only, or delete them prematurely. Most browsers are preset to accept cookies. If you block cookies, it is possible that certain functions (such as language settings) will no longer be available to you.

Iten McNally allows partner companies that provide services to Iten McNally or that are integrated into our website (e.g., Vimeo, LearnDash) to store cookies if this is necessary from a technical point of view and the use of cookies is proportionate. Iten McNally has no control over how cookies are used outside of our website.

By continuing to use our website and/or agreeing to this Privacy Policy, you agree that we store cookies and thus collect, store, and use personal usage data even after the browser session ends (permanent cookies). You can object to this at any time by changing the default setting of your browser so that it rejects cookies (third-party).

Google Analytics and similar services
Statistic cookies help website owners understand how visitors interact with websites by collecting and reporting information anonymously. The tools, programs, and instruments we use to analyze web behavior include Google Analytics.

These are services provided by third parties, which may be located in any country worldwide (in the case of Google Analytics Google LLC is in the U.S., www.google.com) and which allow us to measure and evaluate the use of our website (on an anonymized basis). For this purpose, permanent cookies are used, which are set by the service provider. The service provider does not receive (and does not retain) any personal data from us, but the service provider may track your use of the website, combine this information with data from other websites you have visited, and which are also tracked by the respective service provider, and may use this information for its own purposes (e.g., controlling advertisements). If you have registered with the service provider, the service provider will also know your identity. In this case, the processing of your personal data by the service provider will be conducted in accordance with its data protection regulations. The service provider only provides us with data on the use of the respective website (but not with any personal information about you).

5. Transfer of data to third parties and transfer of data abroad
In the course of our business activities and in accordance with the aforementioned purposes of data processing, we may transfer data to third parties to the extent that such transfer is permitted, and we consider it appropriate for them to process the data for us or, as the case may be, for their own purposes. In particular, the following categories of recipients may be affected:

• Our service providers (e.g., risk management & compliance, IT provider, CRM system),
• domestic and foreign authorities, official bodies, and courts,
• other parties in potential or actual legal proceedings.

Some recipients are in Switzerland, others may be located in any country worldwide.

If a recipient is in a country without sufficient legal data protection, we require the recipient to comply with data protection (we do this using the European Commission’s revised standard contractual clauses, which you can access here: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj?), unless the recipient is subject to a legally recognized set of rules to ensure data protection and we cannot rely on an exception. An exception may apply, for example, in the case of legal proceedings abroad, but also in cases where there is an over-riding public interest or the performance of a contract requires the transfer, if you have consented or if the data has been made available by you in general and you have not objected to the processing.

6. Retention period for personal data
We process and retain your personal data as long as required for the performance of our contractual obligations and compliance with legal obligations or other purposes pursued with the processing, i.e., for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against our company (i.e., particularly during legal prescription periods) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data is no longer required for the above-mentioned purposes, it will be deleted or anonymized, as far as possible. In general, shorter retention periods, of no more than twelve months, apply for operational data (e.g., system logs).

7. Data security
We have taken appropriate technical and organizational security measures to protect your personal data from unauthorized access and misuse.

We cannot guarantee the security of data transmission over the Internet. When transmitting data by email, there is a certain risk of access by third parties.

8. Obligation to provide personal data
In the context of our business relationship, you must provide us with any personal data necessary for the conclusion and performance of a business relationship and our contractual obligations. As a rule, there is no statutory requirement to provide us with data. Without this information, we will usually not be able to enter into or carry out a contract with you (or the entity or person you represent). In addition, the website cannot be used unless certain information is disclosed to enable data traffic (e.g., IP address).

9. Your rights
In accordance with applicable law, you have the right to access, correct, and delete your personal data, the right to restrict processing or to object to our data processing, in particular for direct marketing purposes, profiling for direct marketing purposes, and other legitimate interests in processing, as well as the right to obtain certain personal data for transfer to another controller (data portability). Please note, however, that we reserve the right to enforce legal restrictions on our part, e.g., if we are obliged to retain or process certain data, have an overriding interest (insofar as we can rely on such interests), or need the data to assert claims.
We have already informed you of the possibility of objecting/of revoking your consent at any time. Please also note that the exercise of these rights may conflict with your contractual obligations, and this may result in consequences such as premature termination of the contract and may be associated with costs. Should this be the case, we will inform you in advance, unless this has already been contractually agreed.

In general, the exercise of these rights requires that you can prove your identity (e.g., by providing a copy of identification documents if your identity is not otherwise apparent or can be verified by other means). To exercise these rights, please contact us using the details provided above.

In addition, any data subject has the right to assert his or her rights in court or to file a complaint with the competent data protection authority. The competent data protection authority in Switzerland is the Federal Data Protection and Information Commissioner (FDPIC; https://www.edoeb.admin.ch/edoeb/en/home.html).

10. Changes to this Privacy Policy
We may change this Privacy Policy at any time without prior notice. The current version published on our website will apply. If this Privacy Policy is part of an agreement with you, we will notify you by email or other appropriate means in the event of a change.