We handle personal data under the same rules we apply to our legal files: on a need-to-know basis, with Swiss professional secrecy in mind, and with full respect for your rights. If anything in this policy is unclear, please write to us — privacy is a conversation, not a disclaimer.
§ 01 Who is responsible for your data
The data controller for the purposes of the Swiss Federal Act on Data Protection (FADP) and, where applicable, the EU General Data Protection Regulation (GDPR) is:
- Controller
- IvoAdvisory GmbH (operating under the brand Valken)
- Registered office
- Hardstrasse 127, 4052 Basel, Switzerland
- Swiss UID
- CHE-299.308.181
- Data contact
- privacy@valken.ch
§ 02 What data we collect
We collect only what we need to answer you and, if you choose to instruct us, to handle your matter properly. Depending on how you interact with us, this may include:
- Identity data — name, date of birth, nationality, identity document details.
- Contact data — email address, telephone number, messenger handle (Signal / Telegram / WhatsApp), postal address.
- Case data — the facts you share with us, correspondence, documents, case references, third-party information you voluntarily disclose.
- Compliance data — where we are legally required to run anti-money-laundering or sanctions checks on a client.
- Technical data — IP address, device type, browser, language, approximate location, logs. Collected in an aggregated and minimised form.
- Payment data — billing details, bank transfer references, crypto wallet addresses (for fixed-fee services). We do not store card details — these are handled by our payment provider.
Where you choose not to provide certain information, we may be unable to proceed with your request. We will always tell you when this is the case.
§ 03 Why we process your data
| Purpose | What we do with the data |
|---|
| Responding to your inquiry | Reading your message, preparing a reply, and — where appropriate — scheduling a consultation. |
| Providing legal / advisory services | Handling your matter, drafting opinions, liaising with authorities, databases (Interpol CCF, SIS II, SECO, OFAC, EU, UN), banks or counterparties. |
| Billing & accounting | Issuing invoices, processing payments, complying with Swiss tax and accounting obligations. |
| Compliance obligations | KYC / AML checks, sanctions screening, professional record-keeping as required by Swiss law. |
| Operating the website | Delivering the site securely, preventing abuse, basic aggregated analytics. |
| Protecting our rights | Establishing, exercising or defending legal claims against us. |
§ 04 Legal basis for processing
Depending on the situation, we rely on one or more of the following legal bases under the Swiss FADP and, where the GDPR applies, its Art. 6:
- Contract or pre-contractual steps — to reply to your request and perform our services.
- Legal obligation — to comply with Swiss law, including accounting, AML and professional rules.
- Legitimate interest — to operate our website securely, prevent fraud and defend our rights.
- Consent — where you have actively given it, for example when using non-essential analytics (you can withdraw it at any time).
§ 05 Who receives your data
Your data is read and handled primarily by the senior lawyer in charge of your matter. In addition, it may be shared with:
- Members of the Valken consortium (vetted partner lawyers in the 14 network cities) — only where physical presence or local qualification is needed for your case, and only after we have informed you.
- Authorities, courts, regulators, Interpol, banks, counterparties — only to the extent required for your matter and on your instruction.
- Service providers bound by strict confidentiality (Swiss-hosted IT infrastructure, encrypted email, encrypted video, accounting, archiving).
- Payment providers for the amount and reference of your payment only.
We never sell your data. We never share it for marketing.
§ 06 International transfers
Our primary infrastructure is located in Switzerland. Where data is transferred outside Switzerland — for instance to consortium lawyers in the EU or UK — we rely on adequacy decisions (Switzerland is recognised by the EU as providing adequate protection, and vice versa) or, where needed, on Standard Contractual Clauses and additional safeguards.
§ 07 How long we keep it
- Inquiry messages without engagement — deleted or anonymised within 12 months.
- Client files — retained for the period required by Swiss professional and accounting law (generally 10 years from the closure of the mandate).
- Billing & accounting records — 10 years (Swiss Code of Obligations).
- Website logs — rotated within a short technical retention window, typically 90 days.
§ 08 Your rights
Under Swiss law and, where applicable, under the GDPR, you have the right to:
- Access your personal data;
- Rectify inaccurate data;
- Delete data, where no legal obligation requires us to keep it;
- Restrict or object to certain processing;
- Receive your data in a portable format;
- Withdraw consent at any time, with effect for the future;
- Complain to the Swiss Federal Data Protection and Information Commissioner (FDPIC) or — for EU residents — to your local supervisory authority.
To exercise any of these rights, write to privacy@valken.ch. We will ask you to verify your identity before acting on a request.
§ 09 Cookies & analytics
We keep our website deliberately minimal. We use:
- Strictly necessary technical cookies to serve the page and protect against abuse.
- Aggregated, privacy-respecting analytics (no third-party ad networks, no tracking pixels, no cross-site tracking). These are used only to understand how the site is used in aggregate.
We do not use advertising cookies. We do not sell behavioural data. We do not profile visitors.
§ 10 Security
We apply technical and organisational measures appropriate to the sensitivity of our work:
- Encrypted messaging channels (Signal, ProtonMail, encrypted video) as a default option.
- Swiss-hosted document storage, with access control on a need-to-know basis.
- Full-disk and at-rest encryption across firm devices.
- Swiss professional secrecy — breach of which is a criminal offence under Art. 321 SCC.
§ 11 Changes to this policy
We may update this policy when the law or our practice changes. The "Effective" date at the top will always reflect the current version. Material changes will be highlighted on the site.
§ 12 Contact
For any question about this Privacy Policy or about how we handle your data:
- Email
- privacy@valken.ch
- Postal
- IvoAdvisory GmbH, Hardstrasse 127, 4052 Basel, Switzerland
- Swiss authority
- Federal Data Protection and Information Commissioner (FDPIC), Bern