Data protection declarations of Ganten Treuhand AG

Data protection means above all protecting the trust you place in our company. For this reason we only process data relating to you when this is necessary. At the same time, we exercise the necessary diligence, not least in order to protect you from possible abuse.

 

With these three privacy statements (website, clients, job applicants) we wish to provide you with an overview of the processing of your data and your rights in accordance with the provisions of the General Data Protection Regulation (hereinafter called “GDPR”) and the Liechtenstein Data Protection Act (Datenschutzgesetz, hereinafter called “DSG”):

 

Privacy Statement of Ganten Trustees Ltd. for use of the website

 

  1. Name and address of the data controller

The data controller within the meaning of the GDPR is Ganten Trustees Ltd., Marktgass 11, 9490 Vaduz, Liechtenstein, info@gantengroup.com, Tel.: +423 388 28 88.

Our Data Protection Officer can be contacted under datenschutz@gantengroup.com using the subject line “Data Protection” or under our postal address with the supplement "The Data Protection Officer”. datenschutz@gantengroup.com mit dem Betreff "Datenschutz" oder unter unserer Postadresse mit dem Zusatz «der Datenschutzbeauftragte».

  1. General information about data processing

Scope of the processing of personal data

Our processing of the personal data of our users is limited to the data that is required to provide a properly functioning website as well as our content and services. We process personal data of our users only for the purposes agreed with you or if another legal basis (within the meaning of the GDPR) exists. We collect only the personal data that is actually required to perform and carry out our tasks and services or that you have made available to us voluntarily.

Your rights (rights of the data subject)

As a data subject, you have the right to information about your personal data, in particular its origin and recipient and the purpose of the data processing. You also have the right to rectification, data portability, to object, to restrict the processing or to erase incorrect or improperly processed data.

You have the right to revoke any issued consent to use your personal data at any time. The assertion of your right to access, erasure, rectification, objection and/or data portability may be submitted to the address listed under Fig. 1 of this Statement.

If you believe that the processing of your personal data by us is in breach of applicable data protection law or your data protection rights have been infringed in any other way, you have the right to lodge a complaint with a supervisory authority, in particular in the EEA state of your place of residence, place of work or the place of the alleged infringement. The Data Protection Authority in Liechtenstein is responsible for this.

III. Description and scope of the data processing

Provision of the website

Each time our website is accessed, our system automatically records data and information about the computer system of the accessing computer.

The following data is gathered in this conjunction:

  • information about the browser type and the version used
  • operating system of the user
  • internet service provider of the user
  • IP address of the user
  • date and time of the accessing
  • originating website

This information is used only for the presentation of the website and is not stored. Processing is performed for reasons of data security, in order to ensure the stability and operating reliability of our system. The legal basis is Art. 6 Para. 1 lit. f GDPR.

We do not conduct our own web analyses on our website and do not use any web analysis tool. This means no evaluation of the aforementioned visitor and usage data is performed.

Cookies

We do not use any cookies on our website.

Contact form / e-mail

If you complete a contact form or send us an e-mail or other electronic message, your details will be stored only to process the enquiry and associated correspondence, and will be used only within the context of the enquiry.

The legal basis for the processing of your enquiry is Art. 6 Para. 1 lit. b GDPR.

File downloads

We do not demand any personal data from you in order to enable you to download files from our website.

Google Fonts

We use Google Fonts to ensure the uniform display of fonts. When a website is accessed, the user’s browser loads the required web fonts in its own browser cache, in order to present text and typefaces correctly. For this purpose, the browser of the user needs to establish a link to Google servers. This process informs Google that our website has been accessed via the IP address of the user.

The requirements of our website design make it necessary to integrate Google Fonts. This is also our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f GDPR.

Google LLC is responsible for further data processing. For more information on how Google handles your data, please visit: https://policies.google.com/privacy?hl=de and https://developers.google.com/fonts/faq.

OpenStreetMap

To protect our website visitors, we do not use map services from American companies for our route map and therefore use OpenStreetMap. OpenStreetMap is a free project for creating a map of the world. It was created by volunteers and can be used under an open licence. The OpenStreetMap Foundation is based in Cambridge, UK.

 

Valid version of April 2021

 

 

Privacy Statement of Ganten Trustees Ltd. for clients

 

Data protection means above all protecting the trust you place in our company. For this reason we only process data relating to you when this is necessary. At the same time, we exercise the necessary diligence, not least in order to protect you from possible abuse.

With this Privacy Statement we wish to provide you with an overview of the processing of your data and your rights in accordance with the provisions of the General Data Protection Regulation (hereinafter called “GDPR”) and the Liechtenstein Data Protection Act (Datenschutzgesetz, hereinafter called “DSG”):

  1. Name and address of the data controller

The data controller within the meaning of the GDPR is Ganten Trustees Ltd., Marktgass 11, 9490 Vaduz, Liechtenstein, info@gantengroup.com, Tel.: +423 388 28 88. info@gantengroup.com, Tel.: +423 388 28 88.

Our Data Protection Officer can be contacted under datenschutz@gantengroup.com using the subject line “Data Protection” or under our postal address with the supplement "The Data Protection Officer”. datenschutz@gantengroup.com mit dem Betreff "Datenschutz" oder unter unserer Postadresse mit dem Zusatz «der Datenschutzbeauftragte».

  1. Collection and saving of personal data as well as the nature and purpose of its use, legal principles

We process only the necessary data, which may differ depending on the group of persons concerned.

If you contact or commission us, we collect in particular the following information:

  • Client name and address data (name, date of birth, private and business address, nationality, occupation, telephone number, e-mail address);
  • Legitimation data (identification documents, including copies of passports or ID cards, utility bills, tax numbers, authentication data, including specimen signatures);
  • Relevant due diligence data (contracting partners, identification of the beneficial owners, profile of the business relationship with information about the professional and personal background such as occupation and hobbies, World-Check data, investigations pursuant to SPG);
  • Client information (company documents, bank documents, correspondence, SPG documents, tax data, governing body resolutions);
  • Accountancy data (transaction and accounting information);
  • Correspondence;
  • Legal entity data (articles, bylaws, certificates, mandate agreements, signatory authorisations);
  • Tax reporting data (FATCA, AEOI, LDF reports).

The purpose of the collection of this data is:

  • to enable us to identify you as our client;
  • to conduct correspondence with you;
  • to enable us to advise you appropriately, to provide our services or to fulfil our mandate with you or third parties (mandate management, auditing function, fulfilment of statutory and voluntary accounting obligations);
  • to fulfil legal obligations (in particular those arising out of the Liechtenstein Persons and Companies Act, the Law Governing the Professional Trustees and Fiduciaries, the Due Diligence Act, tax laws and treaties);
  • for invoicing purposes.

The data processing is performed on the grounds of your enquiry, and pursuant to Art 6 Para. 1 lit b GDPR is required for the aforementioned purposes (fulfilment of a legal agreement or to conduct pre-contractual measures) for the reasonable handling of our commission and for the reciprocal fulfilment of obligations arising out of the client relationship.

Your data is also processed in order to fulfil legal obligations (Art. 6 Para. 1 lit. c GDPR) or in the public interest (Art. 6 Para. 1 lit. e GDPR), in particular in order to adhere to statutory and supervisory requirements (e.g. DSG, the Law Governing the Professional Trustees and Fiduciaries, due diligence, money laundering and market abuse provisions, tax laws and tax treaties).

In addition, your data is processed to safeguard legitimate interests of us or of third parties (Art. 6 Para. 1 lit. f GDPR) for specific defined purposes, in particular processing for internal administrative purposes, to fulfil a contract with a third party, to ensure IT security and operation and, if necessary, building and plant security and to defend against unjustified claims.

We also reserve the right to continue processing personal data that was collected for one of the aforementioned purposes for the other purposes, if this is compatible with the original purpose or is permitted or required by statutory provisions (e.g. any possible reporting obligations).

  1. Recipients or categories of recipients of the personal data

Within our company, employees may process your data only insofar as they require this to fulfil our contractual, statutory and supervisory obligations as well as to protect legitimate interests. For these purposes, third parties may also receive personal data, including banks, asset managers, insurance companies, lawyers, auditors, traders, transport companies or other cooperation partners or also processors, for example in the field of IT services.

Your personal data will be transferred to third parties solely insofar as this is necessary to render our services.

Sind von uns gesetzliche oder aufsichtsrechtliche Pflichten zu erfüllen, können insbesondere folgende Stellen personenbezogene Daten erhalten:

  • Official agencies and public bodies (e.g. supervisory authorities, courts);
  • Tax authorities;
  • Third country authorities or international organisations.
  1. Transfer of personal data to third party states

When we transfer the personal data of clients to another country, this is protected and transferred in accordance with the statutory provisions. A transfer of data outside the European Economic Area shall be performed with the following guarantees:

  • The country to which we send personal data provides an adequate level of protection for personal data, according to the European Commission;
  • The transfer is necessary to carry out pre-contractual measures or to fulfil a contract, or you have given us your express consent (e.g. within the context of special services), or the transfer is necessary for important reasons of public interest or is required by law;
  • The recipient has signed a contract based on “model contractual clauses” endorsed by the European Commission, which obliges it to protect personal data;
  • If the recipient is located in the US, it is a certified member of the EU-US Privacy Shield.
  1. Origin of the data

The data is collected directly (for example during meetings or in the course of correspondence with clients; internal background and due diligence checks) and in some cases by third party service providers (e.g. banks), from publicly available sources or from other data subjects.

  1. Storage period for personal data

The personal data collected by us for the commission shall essentially be processed until the expiry of the statutory retention obligation (usually 10 years) and then deleted, unless we are required to store the data for a longer period pursuant to Art. 6 Para. 1 lit. c GDPR, we deem it necessary to store the data for a longer period of time due to tax, company or supervisory retention and documentation obligations (in particular those arising out of PGR, SPG or SteG/MwStG), or you have consented to storage beyond this period pursuant to Art. 6 Para. 1 lit. a GDPR. Further processing and retention may also be extended for evidential reasons, such as for example throughout the duration of applicable statutory limitation regulations.

  1. Automated decision-making

No automated decision-making takes place with the personal data of clients. If such procedures are used in individual cases, we shall inform you to the extent provided for by law.

  1. Necessity of the data (Art. 13 Para. 2 Letter e GDPR)

We absolutely need the data listed under Fig. 2 in order to be able to offer you our services to the extent you have requested and in compliance with the statutory obligations. In addition to any statutory reporting obligations to the competent supervisory authorities, failure to provide such information shall result in the non-establishment or termination of the business relationship.

  1. Your data protection rights

In your capacity as a client or in general as a data subject, you are entitled at any time – while the fiduciary’s duty of confidentiality continues to be safeguarded – to be informed about your personal data, in particular its origin and recipients as well as the purpose of the data processing. You also have the right to rectification, data portability, to object, to restrict the processing or to erase incorrect or improperly processed data.

We kindly ask you to inform us in the event of changes to your personal data.

You have the right to revoke any issued consent to use your personal data at any time. The assertion of your right to access, erasure, rectification, objection and/or data portability may be submitted to the address listed under Fig. 1 of this Statement.

If you believe that the processing of your personal data by us is in breach of applicable data protection law or your data protection rights have been infringed in any other way, you have the right to lodge a complaint with a supervisory authority, in particular in the EEA state of your place of residence, place of work or the place of the alleged infringement. The Data Protection Authority in Liechtenstein is responsible for this.

  1. Valid version

This Privacy Statement is currently valid and its version is April 2021.

Due to the continued development of our website and associated services or organisational changes within the fiduciary company, or on the grounds of amended statutory or official provisions, it may be necessary to amend this Privacy Statement. You can access and print out the respective current Privacy Statement from the website at any time.

 

Valid version of April 2021

 

 

Privacy Statement of Ganten Trustees Ltd. for job applicants

 

  1. Name and address of the data controller

The data controller within the meaning of the GDPR is Ganten Trustees Ltd., Marktgass 11, 9490 Vaduz, Liechtenstein, info@gantengroup.com, Tel.: +423 388 28 88.

Our Data Protection Officer can be contacted under datenschutz@gantengroup.com using the subject line “Data Protection” or under our postal address with the supplement "The Data Protection Officer”. datenschutz@gantengroup.com mit dem Betreff "Datenschutz" oder unter unserer Postadresse mit dem Zusatz «der Datenschutzbeauftragte».

  1. General information about data processing

Scope of the processing of personal data

We process personal data exclusively for the purposes agreed with you or if another legal basis (within the meaning of the GDPR) exists. We collect only the personal data that is actually required to perform and carry out our tasks and services or that you have made available to us voluntarily.

Your rights (rights of the data subject)

Als betroffene Person haben Sie jederzeit das Recht auf Auskunft über Ihre personenbezogenen Daten, insb. deren Herkunft und Empfänger und den Zweck der Datenverarbeitung. Sie haben zudem Recht auf Berichtigung, Datenübertragung, Widerspruch, Einschränkung der Bearbeitung oder Löschung unrichtiger bzw. unzulässig verarbeiteter Daten.

You have the right to revoke any issued consent to use your personal data at any time. The assertion of your right to access, erasure, rectification, objection and/or data portability may be submitted to the address listed under Fig. 1 of this Statement.

Wenn Sie der Auffassung sind, dass die Verarbeitung Ihrer personenbezogenen Daten durch uns gegen das geltende Datenschutzrecht verstösst oder Ihre datenschutzrechtlichen Ansprüche in einer anderen Weise verletzt worden sind, besteht die Möglichkeit, bei einer Aufsichtsbehörde, insbesondere in dem EWR-Staat Ihres Aufenthaltsortes, Ihres Arbeitsplatzes oder des Orts des mutmasslichen Verstosses Beschwerde zu erheben. In Liechtenstein ist hierfür die Datenschutzstelle zuständig.

IIIDescription and scope of the data processing

Data collection from job applicants

We hereby inform you that when we receive your application documents, we process personal data such as name, title, address, telephone number, date of birth, education, work experience, salary expectations and those data and images that are contained in the covering letter, CV, letter of motivation, certificates or other documents and evidence sent to us for the purpose of our personnel selection.

Legal principles

The processing of your data within the context of the job application process is based upon § 1173a Art. 28a ABGB as well as on Art. 6 Para. 1 Letter b GDPR. If an applicant wishes to be included in an applicant pool for possible future cooperation, we require consent for this in accordance with Art. 6 Para. 1 Letter a GDPR.

Transfer of the data

Your data will not be forwarded to any third parties without your consent. There will also not be any automated decision-making pursuant to Art. 22 GDPR.

Duration

If you are not hired, we will delete your data within 3 months, in order to have documentation for any possible legal proceedings.

 

Valid version of April 2021