CBSA Privacy Notice
Effective Date: 15.10.2025.
This Privacy Notice explains how we collect, use, and protect your personal data in relation to the processing of inheritance-related cases using an AI-assisted tool “Herald” and cooperation with legal professionals, including those in other jurisdictions than the one of your residences.
1. Who We Are
Cross-Border Successions Alliance, Avenue Louis-Casaï 18, c/o FidOlea SA, 1209 Geneva, Switzerland (hereinafter “CBSA”, “we”, “us”, “our”) is the Data Controller responsible for the processing of your personal data in connection with the inheritance case intake, analysis, and referral services.
Contact Details:
[Insert legal name, address, email for privacy inquiries]
2. Purposes and Legal Bases for Processing
We collect and process your personal data for the following purposes:
|
|
| Legal Basis (Art. 6 GDPR) |
|
| To receive and assess information about your inheritance case through a form submission |
Art. 6(1)(b) – performance of a contract or pre-contractual measures |
| To analyze your case using an AI tool |
Art. 6(1)(b) – performance of a contract; and Art. 6(1)(a) – consent (if sensitive data involved) |
| To generate a report for you summarizing legal aspects of your case |
Art. 6(1)(b) |
| To provide a report to an associated lawyer (including those located in another country) |
Art. 6(1)(f) – legitimate interests or Art. 6(1)(b) where this is part of the service |
| To refer to your case to a qualified lawyer |
Art. 6(1)(b) or (f) |
| To send you important notices such as correspondence on changes to our services portfolio or to this Notice
|
Art. 6(1)(b) |
| To keep internal records on software updates, technical services, and other transactions to the extent necessary for the provision of our Services |
Art. 6(1)(f) |
If your case includes
special categories of data (e.g. health or data), we will ask for your
explicit consent under Art. 9(2)(a) GDPR.
Please note that, once your legal case is referred to an assigned lawyer, they will process your personal data in accordance with their separate purposes and legal basis as data controllers, in line with their national legislations.
3.
What Data We Collect
“Personal Data” refers to any information that may be used, alone or in combination with other information, to identify you.
We collect personal data that you voluntarily provide through the case intake form, which may include:
- Full name and contact details
- Information about inheritance matters (e.g., family relationships, estate and property details)
- Legal documents or evidence.
Generally, we do not process sensitive data, referred to as
Special Categories of Data, i.e.personal data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning your health or data concerning your sex life or sexual orientation. In case processing of this data is necessary for addressing your legal requirement, this will be done with your explicit consent, where relevant.
4.
Automated Processing and AI Tool
Your case information is processed by an AI-powered tool to generate an initial analysis and legal report. This process supports our ability to provide you and a legal expert with relevant legal insights. However:
- No automated decision with legal or similarly significant effects is made as a result of personal data processing.
- A lawyer will review the AI-generated report before taking further action.
- Who We Share Your Data With
We share your personal data only where necessary:
- With associated lawyers in country/countries of jurisdiction relevant for your inheritance case, and where CBSA has its partners, for legal review and case handling.
- With the provider of the AI tool acting as our data processor, under a binding data processing agreement compliant with Article 28 GDPR.
- With relevant supervisory bodies or authorities if legally required.
- Cross-Border Data Transfers
If your legal counsel, or our other service provider is located outside the European Economic Area (“
EEA”), the UK, and Switzerland in countries with different laws for the protection of Personal Data than the laws in your country of residence, before transferring your Personal Data, we will take steps to ensure that such data will be afforded the same level of protection as under applicable data protection laws within the EEA, the UK and Switzerland. For data transfers outside of the EEA, the UK and Switzerland, the Company uses applicable safeguards, including:
- Standard Contractual Clauses (SCCs) adopted by the European Commission.
- Transfers to countries with an adequacy decision by the EU Commission.
You can request a copy of the applicable safeguards by contacting us at [insert email].
- How Long We Keep Your Data
We retain your data only for as long as necessary to fulfill the purposes stated in this notice, or as required by law (e.g., for legal, accounting, or reporting obligations). Typically, this means:
- Intake form and case records:
- Legal reports and correspondence:
- Use of Anonymized Data for AI Improvement
We may use anonymized data (data that has been stripped of all personally identifiable information and cannot be traced back to you) to improve and develop our AI tools and services.
This anonymized data helps us:
- Enhance the accuracy and quality of legal analysis.
- Train and test AI models in a secure, privacy-preserving manner.
- Identify general trends or patterns in legal case handling.
Anonymized data is no longer considered personal data under the GDPR, and it cannot be linked back to you. However, we are committed to full transparency and believe you have a right to understand how your information contributes to improving our services.
If you do not wish for your data (even anonymized) to be used in this way, please let us know at: office@cbsa.eu
9. Your Rights Under the GDPR
You have the following rights with respect to your Personal Data we process, subject to conditions set out in applicable law:
- to be informed on whether your Personal Data is processed by us and, if processed, to request a copy of your Personal Data and information relating to the processing of your Personal Data, includingthe purposes of processing your Personal Data and whether such data is used for intended purposes and the third-parties to whom your Personal Data is disclosed;
- to request the correction of any inaccurate or incomplete Personal Data.
- to request the erasure of your Personal Data or the restriction of the processing of your Personal Data.
- to object to any further processing of your Personal Data.
- to withdraw any consent, you have given without affecting the lawfulness of processing based on consent before its withdrawal.
- to demand data portability.
- to lodge a complaint with a supervisory authority; and
- to contest certain automated decisions that have legal or otherwise similarly significant consequences, in case we make such decision.
To exercise your rights, please contact us at [insert contact].
10. Data Processor and AI Tool Provider
The AI tool is provided by [insert company name], which acts as our data processor under Article 28 GDPR. The provider only processes data under our instructions and is contractually bound to maintain appropriate security and confidentiality measures.
11. Security Measures
We implement technical and organizational security measures, including encryption, access controls, and data minimization, to protect your data against unauthorized access, loss, or misuse.
12. Complaints
If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local Data Protection Authority. In the EU, you can find your authority here: https://edpb.europa.eu/about-edpb/board/members_en
We may update this Privacy Notice from time to time. Any changes will be posted on this page with a revised “Effective Date.”
