Privacy Policy
Last updated: January 2026
1. Scope & Principles
We handle personal data strictly in line with the Swiss Federal Act on Data Protection (FADP/DSG) and, where applicable, the EU General Data Protection Regulation (GDPR). This Privacy Policy applies to the website at lega-fund.com and related inquiry forms. It does not apply to third-party websites we link to or separate products/portals with their own privacy notices.
2. Controller
Controller for this website and related processing: LegaFund AG, Basteiplatz 5, 8001 Zurich, Switzerland. Contact: privacy@lega-fund.com. You may also reach our Data Protection Officer via this address.
LegaFund AG
Basteiplatz 5
8001 Zürich
Switzerland
3. Data Categories, Sources, Purposes & Legal Bases
We collect data directly from you (e.g., via contact, demo, and briefing forms), from your interactions with our site, from service providers, and from publicly available sources to provide, secure, and improve our services. Information you submit may include confidential case details; please only share what is necessary.
Server & Security Logs
Technical metadata (e.g., IP address, timestamp, referrer, user agent, requested URLs, and security events) are processed to ensure availability, integrity, and forensic security, to prevent abuse, and to troubleshoot. We typically retain such logs for up to 90 days, unless a longer retention is required to investigate incidents. Legal bases: legitimate interest (Art. 6(1)(f) GDPR) and legal obligations.
Cookies, Consent & Analytics
We use cookies to operate this website securely and to remember your preferences. Strictly necessary cookies include language selection (NEXT_LOCALE) and your consent status (LF_COOKIE_CONSENT); retention: up to 180 days. We currently do not use analytics or marketing tools on this website. If we introduce such tools, analytics/marketing cookies will be set only with your explicit consent. You can change or withdraw your choice at any time via “Cookie settings” in the footer. Legal bases: strict necessity/legitimate interest for necessary cookies; consent for non-essential cookies.
4. Processors, Transfers, Retention
We use vetted processors for hosting, security, and communications. In particular, we may use Vercel (hosting/content delivery) and Resend (email delivery for inquiries). We configure services to process data in Switzerland and/or the EU/EEA where available. Where processing occurs outside these regions, cross-border transfers occur only with appropriate safeguards (e.g., adequacy decisions, Standard Contractual Clauses, and additional measures where required). Retention depends on category: cookie preferences up to 180 days; server/security logs typically up to 90 days; inquiry/briefing communications up to 10 years.
5. Sharing & Confidentiality
Data may be shared with vetted processors (hosting/CDN, email delivery, security), with internal teams on a need-to-know basis, and with professional advisors (lawyers, auditors) bound by confidentiality. If you submit a case briefing, we may share relevant information with external counsel or experts under confidentiality for evaluation, where necessary and appropriate. We do not sell personal data. We may disclose data to courts, regulators, or authorities where legally required.
6. Security Measures
We apply TLS in transit, strong access controls, least-privilege, segmentation, monitoring, encryption at rest where appropriate, and regular reviews. We maintain incident-response procedures and vendor due diligence.
7. Your Rights
You may exercise: access, rectification, deletion, restriction, objection (including to processing based on legitimate interests), data portability, and withdrawal of consent at any time. To exercise rights, contact us at privacy@lega-fund.com; we may need to verify your identity and may refuse or limit requests where permitted by law. You may lodge a complaint with the Swiss FDPIC (EDÖB) and, where applicable, an EU supervisory authority.
8. Automated Decision-Making
We do not deploy automated individual decision-making or profiling with legal or similarly significant effects in connection with this website.
9. Contact
For privacy requests, contact privacy@lega-fund.com. Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, 3003 Bern, Switzerland.