top of page

DATA PROTECTION DECLARATION – 03/2020

 

 

1.    General

 

This data protection declaration provides information on how the member companies of Schreiber & Zindel Treuhand-Anstalt ("S&Z") process personal data. The following companies belong to S&Z:

 

  • Schreiber & Zindel Treuhand-Anstalt

  • Rechta Treuhand-Anstalt

  • Trustco Trust reg.

 

S&Z is responsible for the processing of personal data. The contact details of S&Z are as follows:

 

Schreiber & Zindel Treuhand-Anstalt

Kirchstrasse 39, 9490 Vaduz, Principality of Liechtenstein

Tel. +423 236 06 06

Email: szta@szta.li

 

«Personal data» means any information relating to an identified or identifiable natural person. «Processing» means any handling of personal data, irrespective of the means and procedures used, in particular the procurement, storage, use, modification, disclosure, archiving, deletion or destruction of personal data.

 

For certain data processing, e.g. in the context of concluding contracts with S&Z or in connection with the websites of S&Z, there are further regulations (e.g. terms of use). These are available in the relevant contracts or on the relevant websites.

 

2.    Data security

 

S&Z undertakes to protect personal data and privacy in accordance with the applicable laws, in particular through professional secrecy and data protection law. For this purpose, S&Z takes various technical and organisational security measures (e.g. access restrictions, firewalls, personalised passwords as well as encryption and authentication technologies, staff training etc.).

 

3.    Categories of personal data

 

S&Z processes the following categories of personal data. We always process as little personal data as possible.

 

Data of the partners of S&Z, such as:

 

  • master and inventory data (e.g. name, address, nationality, date of birth, career)

  • technical data (e.g. business numbers, IP addresses, internal and external identifiers, access records)

  • marketing data (e.g. preferences, needs)

 

Customer data, such as:

 

  • master and inventory data (e.g. name, address, nationality, date of birth, information regarding account, securities account, concluded transactions and contracts, information about third parties who are also affected by data processing, such as spouses, authorised representatives and consultants)

  • transaction, order and risk management data (e.g. information on the beneficiaries of transfers, beneficiary bank, amount of transfers, risk and investment profile, information on investment products)

  • technical data (e.g. business numbers, IP addresses, internal and external identifiers, access records)

  • marketing data (e.g. preferences, needs)

 

Visitor and interested party data (e.g. visitors of S&Z or of websites of S&Z), such as:

 

  • master and inventory data (e.g. name, address, date of birth)

  • technical data (e.g. IP addresses, internal and external identifiers, access records)

  • marketing data (e.g. preferences, needs)

 

Supplier data, such as:

 

  • master and inventory data (e.g. name, address, date of birth, information on concluded transactions and contracts)

  • technical data (e.g. IP addresses, internal and external identifiers, access records)

 

4.    Origin of personal data

 

S&Z may collect personal data from the following sources in order to fulfil the purposes set out in Section 5:

 

  • personal data provided to S&Z, e.g. in connection with the opening of business relationships, the execution of contracts, the use of products and services or on websites

  • personal data arising in connection with the use of products or services and transmitted to S&Z through the technical infrastructure or through processes based On the division of labour, e.g. on websites or in connection with cooperation with other financial or lT service providers, marketplaces and stock exchanges

  • personal data from third parties, e.g. from authorities or sanction lists of the UN and the EU

 

5.    Purposes of processing

 

Subject to the rules and regulations of the European General Data Protection Regulation as well as the Liechtenstein Data Protection Act S&Z can process personal data for the following purposes and based on the following legal basis:

 

  • For the performance of a contract or for taking steps prior to entering into a contract (e.g. trustee services, setting-up and administration of entities and trust settlements, accounting, tax returns, commercial register entries and changes, invoices, account openings, payments, financing, financial planning, investments, retirement provision, insurance, consolidation)

  • For compliance with a legal obligation or in the public interest (e.g. monitoring and managing risks, fighting of money laundering, fulfilment of legal or regulatory duties of disclosure, information or reporting to courts and authorities, fulfilment of official orders, automatic exchange of information with foreign tax authorities, fulfilment of orders of the public prosecutor's offices in connection with money laundering and terrorist financing, investment profiles, credit limits, margin restrictions, market and credit and operational risks)

  • For the protection of the legitimate interests pursued by S&Z or by a third party (e.g. development of new technologies or evaluation of current services products procedures and technologies, marketing in the print media or online, event for clients, prospects of others, evaluation of future needs of clients, analysis of client market and product opportunities, managing of S&Z and of potential risks, reporting, statistics and planning, prevention and detection of crime, video-surveillance for the protection of office rules and to ward off dangers, protecting interests and safeguarding rights of S&Z in the case of claims against S&Z respectively claims of S&Z against third parties)

  • In reliance on consent given to S&Z by the person concerned for the purpose of S&Z supplying and acting as an intermediary in relation to advisory and financial services and based on mandates given (e.g. for trustee services, setting-up and administration of entities and trust settlement, passing on data to service providers or contracting parties of S&Z). The person concerned has the right to withdraw the consent given at any time. Consent may only be withdrawn with effect for the future and does not affect the lawfulness of date processing undertaken before the consent was withdrawn.

 

S&Z reserves the right to use personal data which has been obtained for one of the above mentioned purposes also for another of these purposes if this is compatible with the original purpose or allowable or obligatory by legal provisions (e.g. obligatory reporting obligations).

 

6.    Disclosure to third parties, categories of recipients

 

S&Z discloses customer data to the following third parties in the following cases:

 

  • for outsourcing in accordance with item 7 and for the purpose of comprehensive customer service to other service providers for the execution of orders, i.e. for the use of products or services, e.g. to service providers, stock exchange or market places, notifications of stock exchange transactions to (international) trade repositories

  • to fulfil duties based on a mandate, i.e. when products and services are used, e.g. to service providers such as banks etc.

  • due to legal obligations, legal justification or official orders, e.g. to courts, supervisory authorities, tax authorities or other third parties

  • to the extent necessary to protect the legitimate interests of S&Z, e.g. in the event of legal action threatened or initiated by customers against S&Z, in the event of public statements, to secure S&Z's claims against customers or third parties, in the collection of claims of S&Z, etc.

  • with the consent of the persons concerned to other third parties

 

Data will only be transferred to countries outside the EU or EEA (so-called third countries) if:

 

  • the person concerned has given us consent to do so (art. 49 para. 1 prov. a),

  • this is required for the purpose of taking steps prior to entering into a contract, performing a contract, supplying services or executing orders (art. 4p para. 1 prov. b),

  • this is required for the purpose of entering into a contract or performing a contract which has been entered into in the interest of the person concerned (art. 49 para. 1 prov. c),

  • this is necessary for important reasons of public interest (art. 49 para. 1 prov. d),

  • this is necessary to claim and enforce legal rights or to defend against such rights (art. 49 para. 1 prov. e),

  • this is necessary to protect vital interests of the person concerned or of other persons, as long as the person concerned is not in a position to give consent (art. 49 para. 1 prov. f),

  • it is the result of a registry as per art. 49 para. 1 prov. g).

 

7.    Outsourcing of business areas or services

 

S&Z outsources certain business areas and services in whole or in part to third parties (e.g. account management including payment transactions, custody account management, preparation of consolidation reports, fund limit checks, definitions of fund limit rules, opening of securities, updating of restriction rules, lT systems etc.).

 

The service providers who process personal data for this purpose on behalf of S&Z (so-called other processors) are carefully selected. Wherever possible, S&Z uses contractors domiciled in Liechtenstein and Switzerland.

 

Other processors may be entitled to have certain services (e.g. electronic data processing, securities settlement, etc.) provided by third parties.

 

The other processors may only process personal data received in the same way as S&Z itself and are contractually obliged to guarantee the confidentiality and security of the data.

 

8.    Automated decisions in individual cases including profiling

 

Subject to the consent of the person concerned S&Z reserves the right to process customer data automatically in the future, in particular to identify essential personal characteristics of the customer, to predict developments and to create customer profiles. This serves in particular the review and further development of offers and the optimization of service provision.

 

9.    Use of websites and cookie policy

 

When a person visits websites of S&Z, the web server automatically registers details of their visit (e.g. the website from which the visit takes place, the IP address of the visitor, the contents of the website that are accessed, including date and duration of the visit). Such tracking data serve to optimize the websites of S&Z and provide information on how visitors inform themselves about and use the products, services and offers of S&Z.

 

However, if the visitor provides personal data, e.g. by filing out a registration form or message field for newsletters etc., S&Z may use this data in addition to the purposes mentioned under item 5 in particular for the following purposes:

 

  • for customer and user administration

  • to inform the visitor about services and products

  • for marketing purposes (e.g. sending newsletters)

  • technical "hosting" and the further development of the websites of S&Z

 

When visiting the websites of S&Z, the visitor's data is transported via the Internet, i.e. an open network accessible to everyone. Data transmitted via electronic media (including e-mail) cannot be effectively protected against access by third parties. Among other things, this involves the risk that the data may be disclosed or the content changed, that the identity of the sender (e.g. e-mail) as well as the content of the message may be simulated or otherwise manipulated by unauthorized persons, that viruses may be released, that technical transmission errors, delays or interruptions may occur, that data may be sent abroad without control, where lower data protection requirements may apply than in Liechtenstein, etc.

 

Cookies are small files that are stored on the visitor’s computer in order to frack the corresponding website visit and navigation between different pages and/or to save settings (e.g. selected language). Cookies are used to collect statistical data about the frequency and time of visits to individual areas of the website and help to design tailor-made, useful and user-friendly websites. The visitor can decide at any time against the use of cookies by deleting the cookies set by the S&Z website. Deletion is possible via the settings in the visitor's Internet browser.

 

10.  Storage duration

 

The duration of the storage of personal data depends on the purpose of the respective data processing and/or legal storage obligations, which amount to five, ten or more years depending on the applicable legal basis.

 

11.  Rights of persons concerned

 

Pursuant to the GDPR persons whose personal data are being processed by S&Z have the following data protection rights:

 

  • Right of information: persons concerned may obtain information from S&Z about whether and to what extent person data of theirs are being processed (e.g. categories of personal data being processed, purpose of processing, etc.).

  • Right to rectification, erasure and restriction of processing: persons concerned have the right to obtain the rectification of inaccurate or incomplete personal data of theirs. In addition, personal data must be erased if the data are no longer necessary in relation to the purposes for which they were collected or processed, if the person concerned has withdrawn consent, or if the data have been unlawfully processed. Persons concerned also have the right to obtain restrictions of processing.

  • Right to withdraw consent: Persons concerned have the right to withdraw their consent to the processing of personal data of theirs for one or more specific purposes at any time, where the processing is based on the concerned person’s explicit consent. The withdrawal of consent has no effect in relation to data processing undertaken on other legal grounds.

  • Right to data portability: persons concerned have the right to receive the personal data related to them, which they have provided to S&Z, in a structured, commonly used and machine-readable format, and to have transmitted those data to a third party.

  • Right to object: persons concerned have the right to object, on grounds relating to their particular situation, without any formal requirements, to the processing of personal data of theirs, unless such processing is in the public interest or in pursuit of the legitimate interests of S&Z or of a third party. Persons concerned also have the right to object, without any formal requirements, to the use of personal data for direct marketing purposes.

  • Right to lodge a complaint: persons concerned have the right to lodge a complaint with the relevant Liechtenstein supervisory authority. They may also lodge a complaint with another supervisory authority in an EU or EEA member state, e.g. their place of habitual residence, place of work or the place in which the alleged breach took place.

 

 

March 2020

bottom of page