Privacy notice for clients

I. General Information about Data Processing

Processing of Personal Data

The processing of personal data of clients is limited to the data that you have provided to us by submitting your documents.

Your Rights (Rights of the People Concerned)

You have the right to demand information from us about the personal data we process relating to you. In particular, you may demand information about the purposes of the processing, the category of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, limited processing or objection, the existence of a right to complain, the origin of your data, insofar as this were not gathered by us, as well as the existence of an automated decision-making procedure including profiling.

If you have consented to the processing of your data, you can revoke this at any time.

If you believe that the processing of your data infringes existing data protection laws or violates your data protection rights in any way, you have the right to complain to the supervisory authority.

II. Definition and Extent of the Data Processing

Data Processing Purposes

We process personal data primarily for the purpose of fulfilling contracts, i. e. for services in
accordance with the Lawyers' Act and the Fiduciary Act, as well as the Persons and
Companies Act. Hence for the establishment, administration and execution of contractual
obligations. In particular, personal data is processed for representation before all domestic
and foreign, national or supranational courts, arbitration tribunals and authorities.

We process personal data from our clients for the following purposes:

  • Activities pursuant to the Lawyers Act, the Trustees Act and the Persons and Companies Act
  • Mandate administration (incl. administration of legal entities)
  • Fulfilment of statutory accounting requirements
  • Correspondence

Data Categories

In our data directories, the following data categories are directly processed in accordance
with Art. 9 GDPR to perform our activities within the scope of purposes listed under No. II:

Data categoryData descriptionData recipient
Client and address dataName, company, date of birth,
home and/or business
address, nationality,
occupation, telephone
number, email address
e.g. external service
providers (e.g. banks, asset
managers, auditors) and
public authorities (e.g.
supervisory or tax
authorities)
Identification DataIdentification documents, e.g.
passport or identity card
copies, utility bills, tax
numbers, death certificates;
authentication data, e.g.
signature samples
Banks, asset managers,
intermediaries, trust
companies, tax advisors
Due diligence documentse.g. contractual partners,
identification of the beneficial
owners, profile of the
business relationship with
information on professional
and personal background
(e.g. occupation and hobbies),
World Check data, checks
pursuant to the Due Diligence
Act
Liechtenstein banks and
asset managers (mandaterelated
persons subject to
due diligence requirements)
Mandate informatione.g. corporate documents,
bank documents,
correspondence, due
diligence documents, tax
data, resolutions by bodies
Liechtenstein authorities
due to statutory
requirements
Accounting DataTransaction and accounting
information
Liechtenstein authorities
due to statutory requirements
CorrespondenceClient orders, generalBanks and members of
bodies, Liechtenstein
authorities due to statutory
requirements
Data of legal entitiesArticles of incorporation, bylaws,
certificates, mandate
agreements, signatory powers
Commercial register and
Liechtenstein authorities
due to statutory
requirements
Tax DataFATCA-, AIA-, LDF reportsTax authorities due to
statutory requirements

Legal Basis

The data processing under No. II is

  • based on the statutory provisions of Art. 6 (1) (a) (consent) and (b) (required for
  • contract fulfilment) GDPR
  • serving the fulfilment of a legal obligation (Art. 6 (1) (c) GDPR),
  • performed to fulfil a task in the public interest or in the exercise of official authority (Art. 6 (1) (e) GDPR),
  • necessary for the purposes of the legitimate interests pursued by the controller or by a third party(Art. 6 (1) (f) GDPR).

Recipients of Personal Data

Personal data of clients are processed by us exclusively for the fulfilment of our contractual,
statutory and supervisory duties for the purposes specified under No. II.

For this purpose, the following parties may receive personal data:

  • Group companies for internal purposes.
  • External service providers and parties (such as banks, asset managers, insurance companies, lawyers, auditors; suppliers, dealers, transport companies, subcontractors or other cooperation partners; associations, public-interest institutions); the forwarding of data to us by third party service providers only takes place with the express consent of the client.

If we have to fulfil legal or supervisory requirements, the following parties in particular may receive personal data:

  • Official bodies and public authorities (e.g. supervisory authorities, courts)
  • Tax authorities (e.g. within the framework of the Automatic Exchange of Information) [AIA, FATCA])
  • authorities of third countries or international organisations

Transmission to third countries or international organisations

If we transfer personal data from clients to another country, it will be protected and transferred in accordance with the legal provisions. Any transfer of data outside the European Economic Area is subject to the following guarantees

  • The country to which we send personal data provides an adequate level of protection for personal data, according to the European Commission;
  • the recipient has signed a contract based on "model contract clauses" endorsed by the European Commission obliging him to protect personal data.

We are pleased to provide further information on the protection of personal data during
transmission outside the European Economic Area on request.

Data Origin

The data is collected directly (e.g. in meetings or correspondence with clients; internal
background and due diligence checks) and in part by third-party service providers (such as
banks, asset managers, auditors).

Data Retention Period

Personal data will be processed and stored during the effective business relationship,
unless there are special shorter deletion periods. After termination of the business
relationship these data will be stored for at least 10 years due to statutory provisions
(Persons and Companies Act, Due Diligence Act). Longer storage of data occurs
exclusively on the basis of statutory or contractual storage requirements or for evidence
purposes with regard to time-barring laws.

Automated Decision-Making (Art. 22 GDPR)

There is no automated evaluation of your data. Should such procedures be used in
individual cases, we inform our clients to the extent required by law.

Necessity of data (Art. 13 (2) (e) GDPR)

In order to be able to offer our services to our clients to the extent desired by them and in
compliance with legal obligations, we compellingly require the data listed under II. Nonprovision
of such information will result in the non-establishment or termination of the
business relationship, in addition to any statutory reporting obligations to the competent
supervisory authorities.

III. Contact Information of the Person responsible for data processing and the Data protection officer (if appointed in accordance to Art. 37 GDPR)

The Person responsible for data processing in the company is Dr. Helmut Schwärzler,
Feldkircher Strasse 15, FL-9494 Schaan, +4232398560.

Data protection officer is Mag. Hannah Blecha, Feldkircher Strasse 15, FL-9494 Schaan,
+4232398560, datenschutz@concordanz.com.