SWITZERLAND SWITZERLAND. 1. What documents need to be retained and for how long?

an international Guide to data retention 01 1. What documents need to be retained and for how long? 1.1 Companies (including company formation, registers, meetings, directors, records) The following documents must be retained: articles of incorporation, incorporation documents (life of the company recommended) 1 bylaws, deed of foundation (life of the company recommended) 2 share register (life of the company recommended) 3 minutes and resolutions of shareholders' meetings (10 years from the expiration of the calendar year in which the last entries were made) 4 minutes and resolutions of board of directors' meetings (10 years from the expiration of the calendar year in which the last entries were made) 5 minutes of board of company auditors' meetings and other supervisory bodies (10 years from the expiration of the calendar year in which the last entries were made) 6 The three main risks arising from non-compliance with document retention requirements are: criminal liability: an intentional or negligent violation of the obligation to retain books, accounting records and business correspondence is punishable by a fine. 7 The punishment may be more severe in the case of bankruptcy (imprisonment up to three years). 8 As explained in section 1.4 below, criminal sanctions in the case of non-compliance are more severe for regulated businesses. An individual or legal entity may also be prosecuted for non-compliance with an official order 9 and obstruction of justice 10 damages claims: it is possible that a company may be subject to damages claims should another person incur damage due to the fact that a business has not complied with its obligations to retain documents legal detriments: regardless of any criminal sanctions or damages claims, a company may be prevented from bringing or defending claims due to a lack of sufficient evidence 1.2 Trading records of companies and businesses (including books, accounting records, reports) As a general principle, every Swiss company and business is obliged to retain its books, accounting records, 11 business report and audit report for 10 years from the end of the financial year in which the last entries were made or the accounting records were established, whichever is later. 12 However, sole proprietorships and partnerships with less than CHF 500,000 sales revenue in the last financial year, associations and foundations which are not required to be entered into the Commercial Register (Handelsregister) and foundations which are exempt from the requirement to appoint an auditor are only required to keep accounts on receipts and expenditures and on their asset position. 13 Business correspondence only needs to be retained if it serves the function of an accounting record and if there is no corresponding accounting record documenting the business transaction in question. The retention obligation applies to paper records and also to electronic data such as emails. While a 10 year retention period may be sufficient for many purposes, longer periods are required or recommended for documents that concern real estate (at least 20 years), property, insurances and other long term contracts, relationships or businesses. A longer retention period is also recommended where the statutory or contractual periods of limitation for legal claims are longer than the minimum statutory retention period. Otherwise, it may not be possible to successfully bring or defend legal claims arising in connection with such documents (see section 2 below). According to the Swiss Code of Obligations (CO), accounting forms the basis for financial reporting, recording the transactions and circumstances that are required to present the asset, financing and earnings position of the business (economic state). 14 In particular, the following recognised accounting principles apply: (1) complete, truthful and systematic recording of transactions and circumstances; (2) documentary proof for individual accounting procedures; (3) clarity; (4) fitness for purpose given the form and size of the business; and (5) verifiability. 15 In practice, it is sometimes difficult to decide which documents may be destroyed and which ones need to be kept. The following examples cover the most common documents. The following business books must be retained: general ledger (accounts and journal) 16 business report (financial statements in the annual accounts, comprising profit and loss statement and balance sheet, notes to the accounts) 17 inventory 18 additional accounts (payroll accounting, accounts receivable and accounts payable, stock in trade accounts, accounts of non-invoiced services) 19 annual reports and audit reports 20

02 The following accounting records must be retained: 21 invoices and copies of invoices that have been sent out delivery notes receipts bank statements internal documents provided they are accounting records The following business correspondence must be retained if it represents the only existing accounting record for the business transaction in question: 22 letters, facsimile, electronic correspondence such as emails, text messages internal reports of phone conversations and other internal documents relating to the internal management of the company or legal relations with third parties (if disputed) contracts of any kind including contract negotiations organisation plans and regulations case records, judgments, settlements The following documents must also be retained: 23 records of everyone with access to archived documents/ information depending on the type and scope of the business, companies must retain work instructions and operating procedures (Arbeitsanweisungen) which are necessary to understand the books and accounting records 24 The following documents do not need to be retained: brochures, advertisements and other informational material received quotes and price lists internal notes and documents intended for internal communication between the various departments (eg, instructions by the management) drafts business correspondence (provided it is not the only existing accounting record for the business transaction in question) See section 1.1 above. 1.3 Auditors Auditors of public companies, companies that are obliged to establish consolidated financial statements and certain other companies must document all audit services and preserve the audit reports as well as all other material documents for at least 10 years after expiration of the calendar year to which they relate. 25 Auditors may be liable for damages to the company, its shareholders or its creditors in case of non-compliance with the mentioned duties. 26 State controlled auditors may additionally be criminally sanctioned with imprisonment or a fine up to CHF 1 million for intentional breach, or a fine up to CHF 100,000 for negligent breach. 27 1.4 Financial services regulation HERBERT SMITH FREEHILLS In general, the basic provisions for document retention as set out in articles 957 et seq. CO and the Ordinance of Business Records (OBR) apply to financial institutions such as banks, fund managers and insurance companies. However, the range of records which must be retained may be wider. 28 The Swiss Financial Market Authority (FINMA) has set out detailed rules, for example, on the content of the securities journal of a securities dealer. Banks have to retain, amongst other things, the following documents: company report (consisting of the financial statements, annual accounts and consolidated accounts) 29 interim financial statements 30 Fund managers must retain, amongst other things, an annual report containing specific documents. 31 All these documents must be retained for 10 years in order to grant access to interested persons. 32 In general, the sanctions mentioned in section 1.1 are also applicable to financial service providers. However, some specific additional rules exist. These are, notably: criminal sanctions (these are often more severe for regulated businesses): under the Federal Act on Banks and Savings Banks (Bank Act) violation of the obligation to keep proper books of account and to retain account books and records in conformity with the regulations is punishable with imprisonment up to three years or a fine (for intentional offences) or a fine up to CHF 250,000 (for negligent offences) 33 under the Federal Act on Collective Investment Schemes (CISA), a violation of the obligation to keep the necessary documents is punishable with imprisonment up to three years or a fine (for intentional offences) 34 or a fine up to CHF 250,000 (for negligent offences) 35 In addition to the general liability to pay damages, CISA contains specific provisions for fund managers. 36 1.5 Key tax provisions requiring a business or company to retain documents Most tax laws in Switzerland contain certain record keeping and archiving obligations. In many cases, those laws, to the extent that they do not contain specific provisions, implicitly or explicitly refer back to the basic provisions for document retention as set out in article 957 et seq. CO and the OBR. 37 Taxpayers, even those not obliged to retain books under the CO, are required to document their assets and liabilities and revenues, and self-employed taxpayers must also document their expenditures, personal drawings and private investments. 38 Documents generally must be stored for a period of 10 years according to the CO. However, in some circumstances relating to value added taxes, the retention period may be longer. 39 If the tax assessment has not become final after 10 years, the storage period may be extended up to a maximum duration of 15 years. 40 All documents relating to real estate taxes must be stored for 20 years. 41

an international Guide to data retention 03 Tax laws provide for fines and other penalties in cases of non-compliance (eg, refusal of certain value added tax (VAT) deductions). 42 1.6 Health and safety legislation/regulations Healthcare legislation significantly widens the general rules on document retention. The Federal Act on Therapeutic Products (ATP), for example, includes a duty to retain all relevant data in relation to blood withdrawal and the handling of blood or blood products for 20 years. 43 A similar retention requirement can be found in the Federal Act on the Transplantation of Organs, Tissue and Cells. 44 The retention period for all data related to clinical drug tests is 10 to 15 years, but may be longer in certain circumstances. 45 See section 1.8 for health and safety at work. monitor the email and internet use of an individual employee. The LC and the FAAI both provide for criminal sanctions (fines) in case of non-compliance with its provisions. 53 1.9 Money laundering The Federal Anti-Money Laundering Act (AMLA) obliges financial intermediaries (such as banks, some fund managers and insurance companies) 54 to document concluded transactions and the results of their enquiries such that other specially qualified persons are able to make a reliable assessment of the transactions and business relationships and of compliance with the provisions of AMLA. 55 Financial intermediaries must retain documents for a minimum of 10 years after terminating the business relationship or after concluding the transaction in question. 56 In addition to the general liability for damages, the above mentioned laws provide for criminal liability. 46 1.7 Environmental legislation/regulations Swiss federal environmental law provides for different document retention requirements concerning pollution, noise, waste and other environmental aspects. 47 There are additional document obligations concerning the handling of organisms. 48 In addition to the general liability for damages, the mentioned laws provide for criminal liability. 49 1.8 Employment legislation/regulations The Swiss Labour Code (LC) obliges employers to keep all documents containing information demonstrating proper execution of the Code and its ordinances for at least five years. 50 The Ordinance 1 of the Labour Code states in more detail which information must be kept and includes documents containing the following information: employees' personal details such as name, address, date of birth etc type of employment, date of entry and departure from the company working hours (daily or weekly) documents showing granted supplementary pay or additional time off because of night work etc as well as operational regulations in this regard medical consultations relating to the ability to work night shifts or when pregnant/nursing The basic provisions regarding document retention also apply to social insurances. Under the Federal Act on Accident Insurance (FAAI) and the Federal Ordinance on Accident Insurance (FOAI), for example, employers are required to keep records of various data regarding their employees. 51 All documentation must be retained for at least five years. 52 Swiss labour laws prohibit any systems that are exclusively or primarily aimed at controlling the employees' behaviour in the workplace. Therefore, and for data protection reasons, it is not permissible for an employer to systematically and constantly Compliance with the above duties is subject to periodical inspection. 57 Breach may lead to the revocation of the financial intermediary's licence. 58 2. Overarching provisions influencing how long documents should be retained Statutory limitation periods The most important limitation periods, namely those for claims for breach of contract, for most tortious actions and for unjust enrichment claims, are governed by the CO. As a default rule, a claim becomes barred after 10 years. 59 Some contractual claims, such as claims based on employment agreements or claims for periodic payments, like payment of interest or rent, are subject to a five year limitation period. 60 Tort claims become barred one year after the date on which the harmed person knows the damage accrued and has knowledge of the person responsible. The maximum limitation period is 10 years after the harmful event. If the tortious act constitutes a crime, then the limitation period for that crime will apply if it is longer. When determining the retention period, it must be borne in mind that limitation periods may be interrupted and, as a consequence, a new limitation period begins. Other procedural statutes or rules In general, the right to collect taxes is limited to five years from the date when the tax assessment has become final, but may be extended up to 10 years. 61 Patents can principally be protected for a period of 20 years from the filing date of the application. The Federal Institute of Intellectual Property may issue a supplementary protection certificate for medicinal products that will extend protection for a maximum of an additional five years. 62 The period of protection for copyright is 70 years from the date of the author's death (50 years for software). 63 Designs are protected for a maximum period of 25 years, whereas trademarks are protected for as long as registration is renewed and the fees are paid. 64 It is recommended to retain all documents related to intellectual property rights for at least the period of protection.

04 There is no duty to retain documents for the statutory limitation period and failure to keep documents does not lead to sanctions. It may result, however, in a lack of evidence to bring or defend a claim successfully. This is particularly so in relation to electronically stored documents. It is therefore highly recommended to keep documents for the relevant limitation period. 3. In what circumstances must documents be destroyed? Data protection rules restricting the length of time certain documents should be retained Swiss data protection law is similar to EU data protection law and requires data processing to be proportionate. This means that data may not be kept any longer than necessary for the purpose for which the data was collected or processed. 65 Other procedural statutes or rules According to the Swiss Civil Code anyone whose personality is violated may file a protective court action in protection thereof and can request destruction of respective documents. 66 An individual person or legal entity may request destruction of processed data if the processing violates one's privacy or personal rights. As an alternative, correction of the inappropriate personal data or the prohibition of disclosure of the data to third parties may be requested. The action for destruction may be combined with actions for damages and reparation for moral damages. 67 4. Who may documents have to be handed over to? Disclosure in litigation The Swiss Code of Civil Procedure (CCP) came into effect on 1 January 2011 and governs proceedings before cantonal courts relating to civil cases, court orders on non-contentious civil matters, court proceedings in connection with debt enforcement and bankruptcy matters and arbitration. 68 In the course of civil proceedings, it is possible to request that either another party to the proceedings (ie, a litigant) or a third party discloses documents required to substantiate an allegation insofar as these documents are considered relevant for the court to make an informed decision. 69 The requesting party must identify the relevant documents precisely so that the opposing party knows exactly which documents are to be produced. Article 160 CCP states explicitly that correspondence to and from counsel relating to the professional representation of a litigant or a third party does not have to be produced. 70 The right to refuse production of documents depends on the role of the person: a litigant may refuse production of documents where this would subject family members 71 to the risk of penal investigation or civil liability or would fulfil the criminal offence of divulging professional secrets. 72 Litigants' privy to other secrets that are protected by the law, such as bank secrecy, may refuse to co-operate if they show prima facie that the interest in maintaining the secret overrides the interest in discovering the truth. 73 The court takes into account an unjustified refusal by a litigant when weighing up the evidence. 74 It may lead to a reversal of the burden of proof or to an assumption that the HERBERT SMITH FREEHILLS opposing party's claims are established. However, the court may not go as far as to threaten fines under article 292 Swiss Penal Code (SPC) or to order enforcement by the authorities family members of a litigant as defined in article 165 CCP have an unrestricted right to refuse to produce documents unrelated third parties have a restricted right to refuse production. 75 For instance, if the third party could be exposed to the risk of a penal investigation or civil liability, production can be refused (if to do so would fulfil the criminal offence of divulging professional secrets). 76 If a third party refuses production without sufficient justification, he can be fined up to CHF 1,000 and be otherwise punished by the court. 77 Alternatively, he can be forced to comply and ordered to bear the costs caused by his refusal 78 In procedural disputes regarding the business of anyone who is obliged to keep accounting records 79 such persons may be ordered to produce accounting records and business correspondence if an interest worthy of protection has been proved and the court deems production necessary for evidentiary purposes. 80 Disclosure in arbitration In Switzerland, the parties to arbitration proceedings are free to agree on the rules of procedure, including those regarding evidence. If the parties fail to agree such rules, the arbitral tribunal will determine the rules of procedure either directly or indirectly by reference to a statutory law or existing rules of arbitration. 81 The sanctions for non-compliance will depend upon the chosen law. Electronic disclosure (e-disclosure) There are no specific obligations under Swiss law governing the preservation of e-disclosure documents. Disclosure on insolvency The debtor is obliged to provide comprehensive information on its financial circumstances to the competent authority during bankruptcy proceedings (bankruptcy office or the FINMA in the case of certain financial institutions). Third parties who keep a credit for the debtor or have custody of assets belonging to the debtor have the same duty as the debtor himself. 82 Failure to disclose such information or to deliver all assets may be criminally sanctioned. 83 Key rules governing disclosure to regulatory authorities When applying to operate as a regulatory business in the financial sector, the entity (eg, banks, insurance companies) must generally submit its articles of incorporation, bylaws and business rules to the competent regulatory agency (FINMA). 84 Once registered, they are required to submit financial statements to the FINMA and/or the Swiss National Bank at least annually. 85 In addition, they themselves, their audit companies and auditors as well as persons or companies that are qualified investors or that have a substantial participation in the supervised entities, have a duty to disclose information and documents needed by the FINMA to perform its supervisory duties. 86 Swissmedic is Switzerland's certification and supervisory authority for therapeutic products. Its core competences include licensing medicines, controlling the traffic of narcotics and laboratory testing of medicine quality. Businesses operating in the area of therapeutic products are subject to rigorous regulations and must submit various documents on their technical and operational

an international Guide to data retention 05 organisation, quality assurance systems as well as information on certain medicinal products in order to receive the necessary authorisations or licences. According to the Data Protection Act, private persons must declare their data files if they regularly process sensitive personal data or if they regularly disclose personal data to third parties. 87 The data files must be registered with the Federal Data Protection and Information Commissioner who maintains an accessible online register. Anyone may consult the register. 88 In addition, cross-border disclosure of personal data must be disclosed to the Federal Data Protection and Information Commissioner (FDPIC) in certain circumstances. 89 With respect to competition regulations, parties to agreements, undertakings with market power or concentrations and affected third parties must provide the competition authorities with all the information required for their investigations and produce the necessary documents. 90 In addition, planned concentrations of undertakings must be notified to the Competition Commission before their implementation if certain turnover thresholds are met. 91 The notification needs to be accompanied by: copies of the most recent annual accounts and annual reports of the undertakings concerned copies of the agreements that effect the concentration or that are otherwise connected with it in the case of a public offer, copies of the offer documentation copies of the reports and business plans made with regard to the concentration insofar as they contain information relevant to the assessment of the concentration Information sharing by regulatory authorities The FINMA is authorised to transmit non-publicly accessible information and documents of Swiss financial institutions to other Swiss financial market supervisory authorities as well as the Swiss National Bank if they require them for the fulfilment of their duties. 92 It does not, however, provide information on individual proceedings to the general public, unless there is a particular need to do so from a supervisory perspective. 93 Data collected in accordance with the Therapeutic Products Act (TPA) is considered confidential if there is an interest worthy of protection. However, Swissmedic may disclose any data necessary for the execution of the law to other federal or cantonal authorities responsible for such execution. 94 Federal and cantonal government offices are required to co-operate with the competition authorities in their enquiries and to make any necessary documents available to them. The competition authorities may publish their decisions. 95 Rules governing the disclosure of documents stored in Switzerland upon request by an international court, regulatory body or third party According to Swiss law, the request for production of documents by an international or foreign court or a foreign regulatory body without participation or consent of the respective Swiss authority violates sovereignty of Switzerland and the international law if the foreign authority backs the request with its coercive powers. Switzerland's territorial sovereignty is protected by article 271 SPC which prevents foreign states or parties from circumventing international conventions on legal assistance. Pursuant to this provision, it is an offence for anyone "to carry out on Swiss territory without lawful authority activities on behalf of a foreign state that are the responsibility of a public authority" as well as for anyone "to carry out such acts on behalf of a foreign party or organisation" or for anyone to "encourage such acts". This includes the service of judicial or extra-judicial documents as well as the gathering or taking of evidence in Switzerland for use in a foreign proceeding. It also includes situations when a party submits its own documents in compliance with an order of a foreign court or authority in a foreign proceeding, if such submission is not voluntary. 97 The disclosure of manufacturing and business secrets to foreign agencies, organisations or enterprises may also be criminally sanctioned. 98 It is therefore important that the foreign party complies with international conventions on legal assistance and applicable Swiss law. In civil matters, documents may be requested under the Convention Relating to Civil Procedure 1954 (1954 Hague Convention), the Convention on the Service Abroad of Judicial and Extrajudicial Documents in Civil or Commercial Matters 1965, the Convention on the Taking of Evidence Abroad in Civil or Commercial Matters 1970, or bilateral agreements. In the absence of an international agreement, Switzerland applies by analogy the 1954 Hague Convention to foreign requests. In criminal matters, Switzerland has entered into a number of conventions and bilateral treaties such as the European Convention on Mutual Assistance in Criminal Matters, the Convention on Money Laundering and the Search, Seizure and Confiscation of the Proceeds from Crime, the European Convention on the Suppression of Terrorism etc. However, unlike many other countries, Switzerland can provide legal assistance to each country on the basis of its internal law (ie, Act on International Mutual Assistance in Criminal Matters (IMAC)) 99 and further implementing legislation. If Switzerland has not entered into a treaty on mutual legal assistance in criminal matters with the requesting country, a foreign request is granted if, as a rule, the requesting country guarantees reciprocity. The IMAC permits exceptions, among others, when the execution of the request seems advisable by reason of the kind of offence or of the necessity of combating certain offences. Disclosure by public authorities Pursuant to the Transparency Act 96 everyone is entitled to approach the federal authorities in order to consult official documents and obtain information regarding their content. Any individual can access an official document unconditionally, without having to justify their interest. Access is not unlimited, however, and can be restricted, refused or deferred if a predominant public or private interest opposes it. The Transparency Act does not cover official documents relating to legal proceedings. Several Cantons, including Berne, Geneva and Zurich, have passed similar laws regulating transparency of the respective Canton's official documents. Furthermore, international administrative assistance may be granted according to the respective legislation. Administrative assistance provisions can be found, for example, in the laws regulating financial services, tax laws or the Therapeutic Products Act. 100 These rules generally state the type of information that may be disclosed and to which authorities. An individual or legal entity may disclose information voluntarily to an international court, regulatory body or third party provided that such disclosure is not prohibited by Swiss law because it constitutes personal data, trade secrets or is subject to confidentiality obligations (eg, bank secrecy or professional confidentiality obligations).

06 Rules enabling a person to seek disclosure of documents located outside Switzerland for the purpose of a dispute commenced in Switzerland Pursuant to Swiss law, there are no rules or procedures enabling a private person directly to seek disclosure or production of documents outside Switzerland for the purpose of a dispute or regulatory investigation commenced within Switzerland. A private person who is party to litigation proceedings must make a request to the competent Swiss court who will then seek the assistance or co-operation of the competent foreign authority under international treaties, bilateral agreements or other mutual understandings (see above). In mediation and arbitration proceedings the parties are free to agree on the rules and procedures applicable to the disclosure or production of documents outside of Switzerland provided that the procedure is accepted in the relevant country and is consistent with the Swiss Penal Code. 101 5. How should I store my documents? Principal legislative or regulatory provisions prescribing the mode of storage of particular documents In general, digital storage and retention of documents is permissible under Swiss law. Books and accounting records may be stored in paper, electronically or in a comparable manner, provided that the stored documents correspond with the underlying business activities and can be accessed at any time. 102 This general provision has been further detailed in the Ordinance on Business Records (OBR). Books and accounting records stored electronically or in a similar way have the same conclusiveness as documents readable without auxiliary means. 103 It is, therefore, possible to retain most paper and electronic documents in a convenient, electronic only format, provided the legal, technical and organisational prerequisites as set out in detail in the OBR are fulfilled (see below). However, not all documents may be stored electronically. Most importantly, the business report and the audit report must be retained in a written form and signed. 104 Furthermore, pursuant to special regulations (eg, securities law, tax law, customs law and corporate law) the following documents should be stored in their original, hard copy form: company law documents such as articles of incorporation, incorporation documents, minutes and resolutions of the general shareholders' meeting and the board of directors' meeting, share register, audit reports etc profit and loss statement, balance sheet contracts, including orders and contract negotiations, if the original is in hard copy bills of exchange, cheque documents and securities export certifications, certain customs documents, tax rulings, approved regulations insurance policies The OBR is not the only piece of legislation which must be observed in connection with methods of data retention under Swiss law. The Federal Tax Administration, for instance, defined a set of rules that must be considered whenever invoices including VAT are transmitted and stored electronically. These rules can be found in the Ordinance of the Federal Department of Finance on HERBERT SMITH FREEHILLS Electronic Data and Information (OEIDI) 105 and are even stricter and more specific than those found in the OBR. If these rules are not observed, a VAT taxable company receiving an invoice may not be allowed to deduct the VAT it paid to its subcontractor on its own VAT return. If invoices are mailed originally on paper, the customs and VAT authorities will require them to be retained according to the principles of the OBR only, whether on paper or as a scanned image without a paper copy. The rules set out in the OEIDI do not apply. Legislative or regulatory provisions prescribing the way in which a document retention policy must be prepared The OBR provides certain general guidelines on the retention of documents with respect to the above obligations of the CO. Among other things, it sets out the rule that all documents must be retained in a way that ensures the authenticity and integrity of the information archived (ie, by use of an information medium which does not allow unnoticed modifications). 106 It is clear that the use of modifiable information media requires the use of a sophisticated document retention system. Currently the most "obvious" technologies for fulfilling those prerequisites are digital signatures and time stamps. For instance, leaving business emails on the mail server or retaining them on backup tapes without any additional measures is not sufficient to comply with the OBR. The OBR has a number of additional provisions concerning the retention of documents, especially: stored information must be accessible, readable and examinable within a reasonable time 107 the general principles of data processing must be observed. In this context the OBR refers to generally accepted rules and standards as well as recommendations of professionals, (eg, Control Objectives for Information and Related Technology) standards (CobiT) 108 the documents must be retained carefully and be organised and protected from detrimental factors 109 archived information must be logically or physically separated from current information (eg, a copy meant for the archives must be labelled as such and distinguishable from other copies). The responsibility for archived data should be regulated and documented 110 it is necessary to keep a systematic inventory of the information archived. 111 Archived information must be categorised in such a way that the information can be assigned to the respective business transaction. This means that scans must be stored with metadata that contains the necessary information to categorise the information correctly access to the information archived must be granted to authorised users only and any access must be recorded 112 the integrity and legibility of the information media has to be verified regularly 113 organisation, responsibility, infrastructure (machines and programs such as software), procedures and other processes that apply to the retention and storage of documents must be documented sufficiently in a way that the stored documents can be understood. These work instructions/operating procedures must be updated and retained for the same time and according to the same rules as the stored documents themselves 114

an international Guide to data retention 07 In addition to these regulations, the Federal Act on Data Protection must be observed. The Act aims to protect the privacy and the fundamental rights of persons when their data is processed. 115 This means, for example, that the storage of all emails (including personal emails of employees) may raise data protection issues that have to be addressed in a company's data protection policy. The DPA also applies to the processing of data pertaining to legal entities. 116 In the financial sector the applicable banking secrecy laws must be observed. Main information you recommend a business operating in Switzerland includes in its written document retention policy As one can see from the above, it is essential that each enterprise sets out a comprehensive and tailor made archiving or data retention strategy, not only at a general level, but also at an individual record level. If documents are to be retained and archived electronically with maximum efficiency and usability, powerful, rational and flexible tools are required. In general, the document retention policy should include: a description of the types of documents to be retained the retention period for each type of document a list of the person or department responsible for retaining the relevant document rules setting out how confidential or sensitive personal data is to be handled rules regulating destruction of documents 6. Should I store my data in Switzerland? Main advantages and disadvantages an international business would likely face if it decided to store its hard copy documents/electronic documents/servers in Switzerland A wide range of documents must be retained according to various Swiss laws. However, electronic storage is possible in most circumstances, which is advantageous. In general, outsourcing of document storage is also permissible provided that a number of preconditions are fulfilled and this may assist in reducing costs. However, Swiss law has both bank secrecy, and data protection laws, which must be observed, as well as relatively far-reaching disclosure, inspection and information sharing provisions, particularly in relation to regulatory authorities. ContributorS: Dr. Gregor Bühler Partner T: +41 43 222 10 00 gregor.buehler@homburger.ch Dr. Christof Burri Associate T: +41 43 222 10 00 christof.burri@homburger.ch Homburger AG Prime Tower Hardstrasse 201 CH-8005 Zurich Switzerland T: +41 43 222 10 00 F: +41 43 222 15 00 www.homburger.ch

08 Endnotes 1. Article 958f, paragraph 1 CO 2. Article 958f, paragraph 1 CO 3. Article 958f, paragraph 1 CO 4. Article 958f, paragraph 1 CO 5. Article 958f, paragraph 1 CO 6. Article 958f, paragraph 1 CO 7. Article 325 Swiss Penal Code (SPC, SR 311.0) 8. Cf. Article 166 SPC 9. Article 292 SPC 10. Article 286 SPC HERBERT SMITH FREEHILLS 11. An accounting record is any written record on paper or in electronic or comparable form that is necessary to enable the verification of the underlying business transaction or the circumstances behind an accounting entry (Article 957a, paragraph 3 CO) 12. Article 958f, paragraph 1 CO in connection with Article 957, paragraph 1 CO 13. Article 957, paragraph 2 CO. A caveat has to be made with regard to legislation for specific fields of law 14. Article 957a, paragraph 1 CO 15. Article 957a, paragraph 2 CO 16. Article 1 paragraphs 1 and 2 Ordinance on Business Records (OBR, SR 221.431) 17. Article 958, paragraph 2 CO 18. Article 958c, paragraph 2 CO 19. Article 1, paragraph 3 OBR 20. Article 958f, paragraph 1 CO 21. Article 958f, paragraph 1 CO 22. Article 958f, paragraph 1 CO 23. Article 958f, paragraph 1 CO 24. Article 4 OBR 25. Article 730c CO (specific rule for corporations) 26. Article 755 CO 27. Article 40 Federal Act on the Admission and Supervision of Revisors (SR 221.302) 28. Cf. Article 6 Federal Act on Banks and Savings Banks (Bank Act, SR 952.0); Article 16 Federal Act on Stock Exchanges and Securities (SESTA, SR 954.1); Article 87 Federal Act on Collective Investment Schemes (CISA, SR 951.31); Article 28 Ordinance on Collective Investment Schemes (CISO, SR 951.311); Article 26 Federal Act on the Supervision of Insurance Companies (ISA, SR 961.01) 29. Article 6, paragraph 1 Bank Act 30. Article 6, paragraph 2 Bank Act 31. Article 89 CISO 32. Article 89, paragraph 5 CISO 33. Article 46 Bank Act 34. Article 148, paragraph 1 lit. e CISA 35. Article 148, paragraph 2 CISA 36. Article 145 CISA 37. Cf. Article 126 Federal Income Tax Act (ITA, SR 642.11) 38. Cf. Article 125 ITA 39. Article 70, paragraph 2 Value Added Tax Act (VATA, SR 641.20) 40. Cf. Article 120 ITA 41. Cf. Article 70 VATA 42. Article 98 lit. e VATA; cf. also Article 174 ITA 43. Article 40 Federal Act on Therapeutic Products (ATP, SR 812.21) 44. Article 35 Federal Act on the Transplantation of Organs, Tissue and Cells (TA, SR 810.21) 45. Articles 25 and 33 Federal Ordinance on Clinical Drug Tests (SR. 812.214.2) 46. Article 86 ATP and Article 69 TA 47. Cf. Article 46, paragraph 2 Federal Act on the Protection of the Environment (EPA, SR 814.01) 48. Article 9, paragraph 5 Ordinance on the Handling of Organisms in the Environment, SR 814.911 49. Cf. Article 61 EPA 50. Article 46 Federal Labour Code (LC, SR 822.11); Ordinance 1 on the Labour Code (SR 822.111) 51. Article 93, paragraph 1 Federal Act on Accident Insurance (FAAI, SR 832.20) 52. Article 116, paragraph 3 Federal Ordinance on Accident Insurance (FOAI, SR 832.202) 53. Article 59 et seq. LC; Article 112 et seq. FAAI 54. Article 2, paragraph 2 Federal Anti-Money Laundering Act (AMLA, SR 955.0) 55. Article 7 AMLA 56. Article 7, paragraph 3 AMLA 57. Article 19a AMLA 58. Article 37 Financial Market Supervision Act 59. Article 127 CO 60. Article 128 CO 61. Article 121 ITA; Article 91 VATA

an international Guide to data retention 09 62. Articles 14,140a and 140e Federal Patent Act (SR 232.14) 63. Article 29 Federal Copyright Act (SR 231.1) 64. Article 5 Federal Design Act (SR 232.12); Article 10 Federal Trademark Act (SR. 232.11) 65. Article 4 Federal Data Protection Act (DPA, SR 235.1) 66. Articles 28 and 28a Swiss Code Civil (CC, SR 210) 67. Cf. Article 15 DPA; Article 28a CC 68. Article 1 Swiss Code of Civil Procedure (CCP) 69. Article 160, paragraph 1 lit. b CCP 70. Article 160, paragraph 1 lit. b CCP 71. As described in Article 165 CCP 72. Article 163, paragraph 1 CCP; auditors are exempt from this right to refuse 73. Article 163, paragraph 2 CCP 74. Article 164 CCP 75. Article 166 CPP 76. Article 321 SPC 77. Article 292 SPC 78. Article 167 CCP 79. Article 957 et seq. CO 80. Article 160, paragraph 1 lit. b CCP 81. Article 182 Federal Act on International Private Law (SR 291); Article 373 CCP 82. Article 222 Federal Debt Enforcement and Bankruptcy Act (SR 281.1); Article 15 et seq. FINMA Bank Bankruptcy Ordinance (BBO-FINMA, SR 952.812.32) 83. Cf. Articles 163, 323, 324 SPC 84. Cf. Article 3 Bank Act 85. Cf. Article 6 Bank Act; Article 25 ISA 86. Cf. Article 29 Federal Act on the FINMA (FINMAA, SR 956.1) 87. Article 11a, paragraph 3 DPA 88. Article 11a DPA 89. Article 6 DPA 90. Article 40 Federal Act on Cartels and other Restraints of Competition (Cartel Act, SR 251) 91. Article 9 Cartel Act; Article 11 Ordinance on the Control of Concentrations of Undertakings (MCO, SR 251.4) 92. Cf. Article 23bis Bank Act; Article 34 SESTA; Article 80 ISA 93. Article 22 FINMAA 94. Article 62 et seq. Therapeutic Products Act (TPA, SR 812.21 95. Articles 41 and 48 Cartel Act 96. SR 152.3 97. VPB 61, 1997, NR. 82 98. Article 273 SPC 99. SR 351.1 100. Article 42 FINMAA; Article 62 et seq. TPA 101. CF. Articles 215 and 373 CCP 102. Article 958, paragraph 3 CO 103. Article 177 CCP 104. Article 958f, paragraph. 2 105. SR 641.201.511 106. Article 3 OBR 107. Article 6, paragraph 1 OBR; cf. Article 7, paragraph 2 OBR 108. Article 2, paragraph 2 OBR 109. Article 5 OBR 110. Article 7, paragraph 1 OBR 111. Article 8 OBR 112. Article 8 OBR 113. Article 10, paragraph 1 OBR 114. Article 4 OBR 115. Article 1 DPA 116. Article 2 DPA

10 Checklist 1 Document Company documents Articles of incorporation, incorporation documents, bylaws, deed of formation, share register Minutes and resolutions of shareholders' meetings, board of directors' meetings Business reports and audit reports Trading records of companies/ businesses Financial statements (eg, balance sheets and profit and loss) Books, accounting records, business correspondence (if such business correspondence constitutes the only existing accounting record for the business transaction in question) Recommended 2 document retention period Life of the company 10 years from expiration of calendar year in which the last entries were made 10 years from expiration of financial year for which they were made 10-15 years (for documents relevant for tax purposes, the time limit may exceed 10 years due to the statute of limitation) 10 years (but potentially longer depending on their nature and the applicable limitation period) Paper Paper HERBERT SMITH FREEHILLS Storing the document Paper (in written form and signed) Paper (original signed hard copy) Paper/electronic Intellectual property rights documents At least for the period of protection Paper/electronic Documents related to real estate 20 years Paper/electronic Insurance policies At least for the duration of the insurance Paper Contracts of any kind including contract negotiations 10-15 years from termination, expiry or Paper (if original in hard copy) fulfilment Auditors Audit reports and all other material documents as well as records on the audit services provided 10-15 years (for document relevant for tax purposes, the time limit may exceed 10 years due to the statute of limitation) Paper/electronic (audit reports paper) Financial services regulation General rules apply, but specific legislation requires that a wider range of documents is kept. Eg,: Various, but generally 10 years Generally paper/ electronic (some only paper) Banks: Company report (financial statements and annual report) and interim financial statements Fund managers: Annual report (containing specific documents) Tax General tax papers 10-15 years Paper/electronic Documents related to real estate taxes 20 years Paper/electronic Health and safety Data in relation to blood or the transplantation of 20 years Paper/electronic organs, tissue and cells Data related to clinical drug tests 10-15 years Paper/electronic Environmental legislation/ regulations Documents concerning pollution, waste, noise or other Various but generally 10 years is advisable Paper/electronic environmental aspects Employment Documents containing information demonstrating Minimum 5 years Paper/electronic proper execution of the Swiss Labour Code, documents on issues related to social insurance Money laundering Money laundering records 10 years from termination of business relationship or conclusion of transaction Paper/electronic 1. This is a summary only. Please consult the text and/or seek legal advice for more information 2. The periods specified reflect legal requirements, statutory limitation periods, or best practice