We take the protection of your personal data (i.e. all information relating to an identified or identifiable individual, such as name, address, nationality, email address, telephone number) seriously. With this Data Protection Declaration we would like to provide you with an overview of the processing of your data and your rights according to the provisions of the European General Data Protection Regulation (“GDPR”).

I. Name and address of the responsible person

The responsible person according to the General Data Protection Regulation (GDPR) is:

II. Data processing in general

1. Collection of personal data and purpose of the use of data

We restrict the collection of personal data primarily to data we received in the context of our services from our clients, our cooperation partners or other persons involved in a lawful manner (e.g. for the performance of a contract or with consent of the person concerned).

In particular, we collect the following data on a case specific basis and depending on the purpose:

• personal details (e.g. title, first name, family name)
• addresses and contact details (e.g. postal address, email address, telephone number)
• date of birth
• nationality
• tax identification number
• banking information
• profession
• family circumstances
• information that is necessary for the provision of our services or the performance of a contract

In addition, if permitted and required for the provision of our services, we obtain and process other data from publicly accessible sources (e.g. land register, commercial register, the media, the internet, World-Check database) or receive such data from our cooperation partners, authorities and institutions or other third parties.

We process these data in particular for the following purposes:

• activities purusant to Art. 2 of the Liechtenstein Professional Trustees Act (Treuhändeergesetz – TrHG) in conjuntion with the Liechtenstein Persons and Companies Act (Personen- und Gesellschaftsrecht – PGR):
– client mandate management (including administration of legal entities)
– compliance with statutory accounting requirements
– correspondence
• compliance with legal obligations, in particular with the PGR, TrHG and due diligence laws as well as with tax legislation and treaties
• to enforce our legal claims or generally defend our position
• to ensure our operation generally (e.g. IT, website)
• to ensure further security aspects

Your data will only be processed in order to fulfil a legal obligation (Art. 6 Para. 1 lit. c GDPR), on the basis of our contractual relationship (Art. 6 Para. 1 lit. b GDPR) or if it is necessary to carry out a task in the public interest or in the exercise of official authority (Art. 6 Para. 1 lit. e GDPR). Moreover, your data will only be processed if you did not revoke a previously granted consent or for the purposes of the legitimate interests pursued by us or a third party (Art. 6 Para. 1 lit. f GDPR).

2. Recipient of personal data

Your personal Data will only be transferred to third parties for the purposes listed above and as far as permitted and required for the provision of our services, in particular: Hierzu zählen insbesondere:

• companies within our group of companies for the purpose of internal administration
• external services providers and offices such as banks, asset managers, insurance companies, lawyers, auditors, IT-provider, suppliers
• merchants, transport companies, subcontractors or other cooperation partners
• public interest organisations
• public offices and authorities (e.g. supervisory authorities, courts)
• tax authorities (including in the scope of AEOI and FATCA)

Any such data transfer is based on either a legal obligation (e.g. data transmission according to tax law), performance of a contract (e.g. asset manager abroad), your consent, a public interest or on the basis of a legitimate interest, unless your interests or fundamental rights and freedoms in relation to the protection of personal data take precedence.

3. Transfer of data to third countries

Data is only transferred to third countries (countries outside the European Economic Area) if this is necessary or stipulated by law to provide our services, for the implementation of pre-contractual measures or the performance of a contract, if you have given us your express consent or if the transfer is necessary for important reasons of public interests. Recipients in a third country are obliged to comply with the data protection level in Europe.

4. Your rights (rights of the persons affected)

You have the right to request information about any of your personal data we process. In particular, you have the right to request information about the source of your data and the recipients or the categories of recipients who will have access or were disclosed with your data and the purpose of the processing.
Additionally, you have the right to adjust/correct, erase, restrict or object and transmission of data.
Furthermore, you have the right to revoke a previously granted consent to use your personal data at any time.
The exercise of these rights may be addressed to the contact details listed under item I. of this Data Protection Declaration. Des Weiteren steht Ihnen das Recht zu direkt bei der Datenschutzstelle (https://www.datenschutzstelle.li/) Beschwerde zu erheben.

5. Storage period

Personal data will be processed and stored for the duration of the business relationship within the framework of the statutory provisions. Once the business relationship has been terminated, these data are retained for 10 years on the basis of statutory provisions (PGR, DDA, Liechtenstein Civil Code [Allgemeines Bürgerliches Gesetzbuch  ABGB]). Longer retention periods will be enforced only on the basis of statutory or contractual requirements to retain data or for the purpose of maintaining evidence within any applicable statutory limitations periods.

6. Data security

There has been implemented organisational and technical measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

III. Data collected from job applicants

On receipt of your application forms we process your personal data and images that are contained in the accompanying letter, CV, letter of motivation, certificates and other documents and records that you send to us, for the purpose of personnel selection.
We process your personal data in the scope of our recruitment process on the basis of Section 1173a Art. 28a of the Liechtenstein Civil Code (Allgemeines bürgerliches Gesetzbuch – ABGB) and of Art. 6 Para. 1 lit. b GDPR. 1 lit. b DSGVO.
Your data will not be transferred to third parties without your consent. No automated decision-making in accordance with Art. 22 GDPR is carried out. Es findet auch keine automatisierte Entscheidungsfindung nach Art. 22 DSGVO statt.
If no appointment is made, we will retain your data for up to six months for the purposes of documentation in any eventual legal proceedings before erasing it.

IV. Use of our website

1. Visitor and usage data

When our website is accessed, our system automatically records in particular the following data and information about the computer system of the accessing computer:

• IP address
• date and time of access
• HTTP -method (GET or POST) and HTTP-protocol version (1.0 or1.1)
• URL-path
• access status/HTTP-status code
• size of the answer in bytes
• referer URL (if transmitted)
• user agent string (if transmitted)

The storing is done due to security reasons to ensure the stability and integrity of our system. The legal basis for the processing of personal data is Art. 6 Para. 1 Sentence 1 lit. f GDPR.

2. Web Analysis

We use “Google Analytics” a web analysis client by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA to evaluate the usage of our website. Google Analytics uses cookies (see below) which will be stored on your computer. The containing information regarding website and internet usage can be evaluated and processed by Google.

The collected data may be transmitted to countries outside the EU/EEA, especially to the USA. However, Google has committed to follow the Privacy Shield Framework agreement. Further information about your rights of said agreement is found here: http://ec.europa.eu/justice/data-protection/document/citizens-guide_en.pdf/.

Legal basis for the usage of Google Analytics is Art. 6 Para. 1 lit. f GDPR.

3. Cookies

We use cookies on our website to ensure a user-friendly experience. Cookies are small files that are managed by the user’s web browser and are directly stored on the respective device whenever you visit our website. Cookies are stored as long as you do not delete them. The information saved in the cookies is not used to identify you, and shall not be merged with other personal data that is saved about you.

If you do not wish to use cookies you can change the settings in your browser accordingly. You will then be notified whenever your browser attempts to create a cookie and you can decide whether you want to allow the cookie.

Legal basis for the processing of data through cookies is Art. 6 Para. 1 lit. f GDPR.

4. Contact form

For electronic forms of contact there is a contact form available on our website. If you take this opportunity, the data you have entered will be send to us via email and will be saved. Your data will only be used to process your inquiry and possible further questions you might have.

Legal basis for the processing of your inquiry is Art. 6 Para. 1 lit. b GDPR.

V. Valid version

This Data Protection Declaration will be constantly adapted to new circumstances. The respective current version is published on our website.

February 2024