Privacy Policy

Peter & Kim is committed to protecting your privacy. This Privacy Policy explains how we collect and use your personal data and which rights and options you have in this respect. If you would like to learn more about our client confidentiality obligations, please refer to our terms of engagement.

1. INTRODUCTION

References in this Data Protection Policy (“Policy”) to the “firm”, “we”, “our”, “us” or “PETER & KIM” are references to:

  • Peter & Kim Ltd, a corporation (Société anonyme; Aktiengesellschaft) incorporated under Swiss law (UID: CHE-342.692.712), with a branch office in Zurich (UID:CHE-189.319.685) providing client services through its offices in Geneva and Zurich;
  • Bob-Mu-Bob-In Peter & Kim, an incorporated legal practice under South Korean law (Business registration number: 691-87-01446), providing client services through its office in Seoul, South Korea;
  • Peter & Kim, a licensed foreign law practice registered with the Legal Services Regulatory Authority (LSRA) of Singapore (UEN No. T20FC0025G), providing client services through its office in Singapore. Peter & Kim in Singapore is a branch of Bob-Mu-Bob-In Peter & Kim in Seoul, South Korea; and
  • Peter & Kim Pty Ltd, an incorporated legal practice under Australian law (ACN 673 133 527), providing client services through its office in Sydney, Australia. Liability limited by a scheme approved under Professional Standards Legislation.

This Policy describes the manner in which we control and process personal data that we collect in the course of our professional activities. It also sets out the rights of those whose personal data we collect and process.

For the purpose of this Policy, references to “you” are to all those persons whose data we may collect, control and process in the course of our professional activities and “your data” is a reference to such personal data belonging or relating to any information that can directly or indirectly identify a natural person, including names, identification numbers, location data, online identifiers, or factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity, including the following categories of personal data about website visitors, clients, prospective clients, suppliers, and other third parties:

  • Identification Data: Names, phone numbers, mailing addresses, email addresses, job titles, organization, gender, identifiers (e.g., passport numbers, driver’s license, social security numbers, tax IDs), and additional contact details.
  • Client Service Data: Contact information and personal data received from clients in respect of their business and/or services, which may include personal data of their staff and/or third parties.
  • Marketing Data: Prospective client contacts, newsletter requests, event/seminar registrations, marketing preferences.
  • Financial Data: Bank account information, billing address, invoicing details.
  • Job Applicant Data: Information provided by job applicants or recruiting agencies concerning employment opportunities.
  • Cookie and Device Data: Information about your website visit, IP address, device identifier, browser type and version, operating system, network, location, and time zone setting.
  • System Data: Usernames, passwords, user system activity, device names, device identifiers.
  • Special Categories of Data: Religious or other beliefs, racial or ethnic origin, sexual orientation, health data, and details of trade union membership.
  • Other Sensitive Data: Information related to children (under 16) or regarding criminal convictions/investigations or offenses.

2. HOW AND WHY DO WE COLLECT YOUR DATA?

We may collect and process your personal data in the course of our professional activities for a number of different reasons and purposes that are outlined in this Section 2.

PETER & KIM is the data controller of any personal information collected in the course of our professional activities.

If you provide us with data relating to other persons (e.g., members of your family, your representatives, opposing parties or other related persons), you confirm and agree that you are authorised to do so, that this data is correct and that, to the fullest extent possible, you have ensured that these persons are informed of this Policy.

We may retain your personal data for as long as the purpose for which it was collected is continuing and for the purposes of complying with any legal, regulatory, accounting or reporting requirements.

2.1 Client Acceptance

We may collect and retain personal data about prospective and existing clients, their beneficial owners, personnel and/or directors for clarifying any possible conflicts of interest and for our business acceptance process. The type of personal data we may collect includes, but is not necessarily limited to, name, contact details, nationality, government issued identification documents, employment history and business interests. We obtain this data from you or your employer directly and from publicly available open sources either directly or through a third party. This data is also collected to prepare and conclude engagements with you or the organisation you work for.

We may collect this data as is necessary to comply with our legal or regulatory obligations. When this basis does not apply, collecting such data is in our legitimate interests (to detect and prevent, among other things, potential conflicts of interest, the commission of fraud, money laundering and terrorism offenses). We consider this use to be necessary for our legitimate interests. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.2 Performing of Legal Services

We collect and process personal data in order to fulfil our contractual obligations towards our clients and other contractual partners (e.g., suppliers, service providers and experts) and, in particular, to provide and demand contractual services. This also includes data processing for the management of engagements (e.g., legal advice and representation of our clients before courts and authorities).

To this end, we process personal data that we receive or have collected in the course of pre-engagement procedures, the conclusion and performance of the matter, as well as data that we establish in the course of our services or that we collect from public sources or other third parties (e.g., courts, authorities, opposing parties, arbitral tribunals, companies providing information or the media).

This data may include, but is not necessarily limited to, reports of interviews and consultations, notes, internal and external correspondence, contractual documents, documents that we draw up and receive in the course of proceedings before courts, authorities and arbitral tribunals (e.g. documents relating to complaints, applications, appeals, judgments, decisions and awards), general information about you, opposing parties and other persons, as well as other information relating to the matter, proof of services, invoices and financial and payment information.

The legal basis for us to collect this data is to ensure our performance of the contract with you. In cases where this legal basis does not apply, we collect this data as it is necessary for our legitimate interests (to deliver our services, manage payments, enforce our terms and recover debts due to us). We consider this use to be necessary for our legitimate interests and to be proportionate.

2.3 Website

In order to be able to operate our Website in a secure and stable manner, we collect technical data, such as IP addresses, information on the operating system and parameters of your terminal, region, duration and type of use. In order to continuously improve our Website and our digital offerings, we collect data about your habits and preferences, e.g., by analysing how you browse our site. For further information, see our Cookies Policy. It is in our legitimate interests to respond to your queries and provide any information requested in order to generate and develop business. To ensure we offer a good and responsive service, we consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.4 Recruitment

If you apply for a job with the firm, we may collect and process the relevant data for the purposes of examining your application, conducting the selection procedure and, where applicable, preparing and concluding the relevant contract. To this end, we may process not only your contact data and information from the corresponding communication, but also and in particular the data contained in your application file, as well as additional data that we may obtain about you, e.g., from professional social networks, the Internet, the media and references. Certain aspects of this data are collected as a regulatory requirement and so is necessary for compliance with our legal obligations; where this legal basis does not apply, it is otherwise in our legitimate interests to collect relevant data about our prospective employees. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

2.5 Business Development and Marketing

Your personal data may be collected in the firm’s contact database when you register to receive legal updates, or we otherwise receive your contact details.

We may use a third-party service provider to manage the firm’s contact database and deliver emails to inform you about our services, legal developments and updates, news about our firm and invite you to PETER & KIM events (including those we may jointly host with other organisations).

It is in our legitimate interests to market our services in order to promote and grow our business. We consider this use to be proportionate and will not be prejudicial or detrimental to you.

If you no longer wish to receive marketing emails relating to our services by email or post, you can unsubscribe at any time by using the “Unsubscribe” option on the email footer or by contacting us at any of the following addresses:

Geneva office: contactGE@peterandkim.com

Zurich office: contactZH@peterandkim.com

Sydney office: contactSY@peterandkim.com

Seoul office: contactSE@peterandkim.com

Singapore office: contactSI@peterandkim.com

2.6 Compliance with laws, instructions and recommendations from authorities and internal regulations

We may need to collect or process personal data in order to comply with the laws in force (e.g. for anti-money laundering, tax obligations or our professional obligations), self-regulatory compliance, certifications, industry standards, our corporate governance as well as for internal and external investigations in which we are a party (to the proceedings), e.g., by a criminal prosecution or supervisory authority, or a mandated private body.

We collect this data as is necessary to comply with a legal or regulatory obligation.

3. WHO DO WE SHARE YOUR DATA WITH?

Internally: We may share your personal data within and across our offices, due to, for example, our shared IT systems and/or cross jurisdictional working on a matter.

Service providers: During the course of working with you or the organisation you work for we may use certain third-party technology services to assist with our work on the matter. These services are integral to our work for you, i.e., running the firm’s business. These services include, amongst other things, cloud-based document management, email, word-processing and other systems. The use of these services may require your personal information to be held in the cloud on infrastructure managed by the relevant service provider.

In view of the above, some of your personal data may be stored in the cloud managed by a third-party service provider located within Switzerland, South Korea, Singapore or Australia. In adopting this approach, the privacy and confidentiality of your personal information is of key importance to us; we conduct careful due diligence on the security of any third-party technology systems we use and enter into agreements with those third-party providers regarding the use and protection of personal data.

Authorities and courts: We may also be required to share your personal data with regulators, government and enforcement agencies, courts and other third parties, in particular for the management of the matter, or if we are legally obliged or authorised to do so, or if it appears necessary to protect our interests. These recipients process the data under their own responsibility.

Opposing parties and other persons involved: Insofar as this is necessary for the performance of our contractual obligations and provision of our services, in particular for the management of a matter, we may also transmit your personal data to opposing parties and other persons involved (arbitrators, other law firms, or experts, etc.).

Events management and publications: We may share your personal data with third parties when we are hosting events or communicating with industry organisations, associations and publications.

4. STORAGE, SECURITY AND PERSONAL DATA SENT ABROAD

We retain personal data only as long as necessary to fulfill the purposes outlined in this Policy or to comply with legal obligations. We may retain your data longer in the event of a complaint or if we reasonably believe there is a prospect of litigation.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized processing and accidental loss. Our security measures include:

  • Policies and Procedures: Enforcing comprehensive policies for managing and securing our IT environment and data.
  • Access Controls: Restricting access to personal data on a need-to-know basis.
  • Encryption: Using accredited encryption solutions where appropriate.
  • Data Recovery Plans: Implementing procedures to restore data availability in the event of an incident.
  • Continuous Monitoring: Regularly testing and assessing the effectiveness of our security measures.

Further to our sharing of data as set out in Section 3, it is possible that your personal data may be transferred outside Switzerland, South Korea, Singapore and Australia.

If a recipient of the data we share is located in a country that does not have adequate data protection, where feasible, we contractually oblige the recipient to respect an adequate level of data protection (in accordance with applicable data privacy laws). However, we may also communicate personal data to a country that does not have adequate protection, without entering into a specific contract, if we can rely on an exception under applicable data privacy laws. Such an exception may apply in particular in the event of legal proceedings abroad (or the need for legal advice in a particular jurisdiction), but also if necessary for important reasons of public interest or when the performance of a contract requires such communication in your interest (e.g., when we communicate data to a third party).

5. YOUR RIGHTS AND COMPLAINTS

You have certain rights that you can exercise under certain circumstances in relation to the personal data that we hold. These rights are to:

  • request access to your personal data (known as a subject access request) and request certain data in relation to its processing;
  • receive a copy of the personal information you have provided to us in a structured, commonly used, machine-readable format that supports re-use, or to request the transfer of your personal data to another person, in certain circumstances;
  • request rectification of your personal data;
  • request the erasure of your personal data;
  • request that we restrict the processing of your personal data;
  • object to the processing of your personal data.

Where our processing is based on consent as a legal basis, you can withdraw your consent at any time (by contacting us using the details set out in the Contact section below), but without affecting the lawfulness of processing based on consent before its withdrawal.

We kindly note that such rights are not absolute and certain exceptions may apply under applicable law which may entitle us to refuse requests (wholly or partly).

If you wish to make a complaint about the way we have handled your personal information or request access or a correction to your personal information, you can contact us using the details set out in the Contact section below. Please include your name, email address and telephone number and clearly describe your complaint or request.

Separately, you may also lodge a complaint with your national data protection authority:

  • If you are in Switzerland, information on how to contact the Federal Data Protection and Information Commissioner is available at edoeb.admin.ch/edoeb/en/home/the-fdpic/contact.html;
  • If you are located in the European Union, further information about how to contact your local data protection authority is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm;
  • If you are in South Korea, information on how to contact Personal Information Protection Commission is available at https://www.pipc.go.kr/np/;
  • If you are in Singapore, further information on how to contact the Personal Data Protection Commission is available at https://www.pdpc.gov.sg/contact-us and https://www.pdpc.gov.sg/complaints-and-reviews; and
  • If you are in Australia, information on how to contact the Office of the Australian Information Commissioner (OAIC) is available at oaic.gov.au/contact-us.

We would, however, appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us in the first instance.

CONTACT

We have appointed a data privacy manager for our firm who is responsible for overseeing questions in relation to this Policy. To exercise these rights and if you have any questions about this Policy or our privacy practices, please contact our data privacy manager at the following email address: dataprivacy@peterandkim.com. Contact information for our various offices can be found here: https://peterandkim.com/contact/. We may require proof of identity to ensure your rights are respected and protected.

We keep this Policy under regular review and may change it from time to time. The version published on our Website is the current version.