Privacy notice for clients
I. General Information about Data Processing
Processing of Personal Data
The processing of personal data of clients is limited to the data that you have provided to us by submitting your documents.
Your Rights (Rights of the People Concerned)
You have the right to demand information from us about the personal data we process relating to you. In particular, you may demand information about the purposes of the processing, the category of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, limited processing or objection, the existence of a right to complain, the origin of your data, insofar as this were not gathered by us, as well as the existence of an automated decision-making procedure including profiling.
If you have consented to the processing of your data, you can revoke this at any time.
If you believe that the processing of your data infringes existing data protection laws or violates your data protection rights in any way, you have the right to complain to the supervisory authority.
II. Definition and Extent of the Data Processing
Data Processing Purposes
We process personal data primarily for the purpose of fulfilling contracts, i. e. for services in
accordance with the Lawyers' Act and the Fiduciary Act, as well as the Persons and
Companies Act. Hence for the establishment, administration and execution of contractual
obligations. In particular, personal data is processed for representation before all domestic
and foreign, national or supranational courts, arbitration tribunals and authorities.
We process personal data from our clients for the following purposes:
- Activities pursuant to the Lawyers Act, the Trustees Act and the Persons and Companies Act
- Mandate administration (incl. administration of legal entities)
- Fulfilment of statutory accounting requirements
- Correspondence
Data Categories
In our data directories, the following data categories are directly processed in accordance
with Art. 9 GDPR to perform our activities within the scope of purposes listed under No. II:
Data category | Data description | Data recipient |
---|---|---|
Client and address data | Name, company, date of birth, home and/or business address, nationality, occupation, telephone number, email address | e.g. external service providers (e.g. banks, asset managers, auditors) and public authorities (e.g. supervisory or tax authorities) |
Identification Data | Identification documents, e.g. passport or identity card copies, utility bills, tax numbers, death certificates; authentication data, e.g. signature samples | Banks, asset managers, intermediaries, trust companies, tax advisors |
Due diligence documents | e.g. contractual partners, identification of the beneficial owners, profile of the business relationship with information on professional and personal background (e.g. occupation and hobbies), World Check data, checks pursuant to the Due Diligence Act | Liechtenstein banks and asset managers (mandaterelated persons subject to due diligence requirements) |
Mandate information | e.g. corporate documents, bank documents, correspondence, due diligence documents, tax data, resolutions by bodies | Liechtenstein authorities due to statutory requirements |
Accounting Data | Transaction and accounting information | Liechtenstein authorities due to statutory requirements |
Correspondence | Client orders, general | Banks and members of bodies, Liechtenstein authorities due to statutory requirements |
Data of legal entities | Articles of incorporation, bylaws, certificates, mandate agreements, signatory powers | Commercial register and Liechtenstein authorities due to statutory requirements |
Tax Data | FATCA-, AIA-, LDF reports | Tax authorities due to statutory requirements |
Legal Basis
The data processing under No. II is
- based on the statutory provisions of Art. 6 (1) (a) (consent) and (b) (required for
- contract fulfilment) GDPR
- serving the fulfilment of a legal obligation (Art. 6 (1) (c) GDPR),
- performed to fulfil a task in the public interest or in the exercise of official authority (Art. 6 (1) (e) GDPR),
- necessary for the purposes of the legitimate interests pursued by the controller or by a third party(Art. 6 (1) (f) GDPR).
Recipients of Personal Data
Personal data of clients are processed by us exclusively for the fulfilment of our contractual,
statutory and supervisory duties for the purposes specified under No. II.
For this purpose, the following parties may receive personal data:
- Group companies for internal purposes.
- External service providers and parties (such as banks, asset managers, insurance companies, lawyers, auditors; suppliers, dealers, transport companies, subcontractors or other cooperation partners; associations, public-interest institutions); the forwarding of data to us by third party service providers only takes place with the express consent of the client.
If we have to fulfil legal or supervisory requirements, the following parties in particular may receive personal data:
- Official bodies and public authorities (e.g. supervisory authorities, courts)
- Tax authorities (e.g. within the framework of the Automatic Exchange of Information) [AIA, FATCA])
- authorities of third countries or international organisations
Transmission to third countries or international organisations
If we transfer personal data from clients to another country, it will be protected and transferred in accordance with the legal provisions. Any transfer of data outside the European Economic Area is subject to the following guarantees
- The country to which we send personal data provides an adequate level of protection for personal data, according to the European Commission;
- the recipient has signed a contract based on "model contract clauses" endorsed by the European Commission obliging him to protect personal data.
We are pleased to provide further information on the protection of personal data during
transmission outside the European Economic Area on request.
Data Origin
The data is collected directly (e.g. in meetings or correspondence with clients; internal
background and due diligence checks) and in part by third-party service providers (such as
banks, asset managers, auditors).
Data Retention Period
Personal data will be processed and stored during the effective business relationship,
unless there are special shorter deletion periods. After termination of the business
relationship these data will be stored for at least 10 years due to statutory provisions
(Persons and Companies Act, Due Diligence Act). Longer storage of data occurs
exclusively on the basis of statutory or contractual storage requirements or for evidence
purposes with regard to time-barring laws.
Automated Decision-Making (Art. 22 GDPR)
There is no automated evaluation of your data. Should such procedures be used in
individual cases, we inform our clients to the extent required by law.
Necessity of data (Art. 13 (2) (e) GDPR)
In order to be able to offer our services to our clients to the extent desired by them and in
compliance with legal obligations, we compellingly require the data listed under II. Nonprovision
of such information will result in the non-establishment or termination of the
business relationship, in addition to any statutory reporting obligations to the competent
supervisory authorities.
III. Contact Information of the Person responsible for data processing and the Data protection officer (if appointed in accordance to Art. 37 GDPR)
The Person responsible for data processing in the company is Dr. Helmut Schwärzler,
Feldkircher Strasse 15, FL-9494 Schaan, +4232398560.
Data protection officer is Mag. Hannah Blecha, Feldkircher Strasse 15, FL-9494 Schaan,
+4232398560, datenschutz@concordanz.com.