Data Protection Declaration for clients and business partners

Please note that this is a translation of our German Data Protection Declaration. In case of deviations, the German version shall prevail.


General
Your data and the necessary protection of it is important to us. We only process necessary data about you. Hereby we can guarantee to do this with the necessary care, not least to protect you from any possible misuse.

With this Data Protection Declaration, we would like to provide you with an overview of the manner in which we process your data and your rights in this connection according to the provisions of the European General Data Protection Regulation (hereinafter called “GDPR”) and the Liechtenstein Data Protection Act (Datenschutzgesetz, hereinafter called “DSG”): 
 

I.    Name and address of the Data Controller and the Data Protection Officer

Data Controller within the meaning of the GDPR is Ochsner Consulting Establishment, Alvierweg 17, 9490 Vaduz, info(at)ochsner-consulting.com, T +423 370 18 22.

You can reach our Data Protection Officer under info(at)ochsner-consulting.com or our postal address with the supplement "Data Protection Officer”.

 

II.   General information concerning data processing

1.      Extent of the processing of personal data

Processing personal data is limited to the data necessary in order to provide a well-functioning web page as well as to provide our services. Processing personal data of our users only take place for the agreed purposes or on a legal basis within the meaning of the GDPR. We only collect the personal data absolutely necessary to implement and process our duties and to provide the agreed services or data you have voluntarily disclosed.

2.    Your data protection rights

You have the right to demand information on your personal data processed by us. In particular, you are entitled to demand disclosure regarding the purpose for which your data is collected, the categories of personal data collected, the categories of third party recipients, who have received or will receive your personal data as well as the storage period. Additionally, you have the right to rectification, deletion, restriction of the processing, objection, data portability, as well as to receive information on its origin, if not collected by us, and to be informed on automatic decision-making, including profiling.

If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such advertising at any time; this also applies to profiling, insofar as it is connected to such direct marketing. If you object, your data will no longer be used for direct marketing purposes (objection according to Art. 21 para 2 GDPR).
You have the right to withdraw any given consent to use your personal data at any time.

If there are changes to your personal data, we request you to notify us accordingly.

If you are of the opinion that our processing of your personal data is in breach of applicable data protection law or that your statutory data protection rights have been infringed otherwise, you may file a complaint with the competent supervisory authority. In Liechtenstein, the Data Protection Office (www.datenschutzstelle.li) is the competent authority.
 

III. Description and extent of data processing

1.    Purposes of data processing

We process personal data of our clients for the following purposes:

  • to enable us to identify you as our client; 
  • to provide you with proper advice and to defend them if necessary; 
  • to conduct correspondence with you; 
  • to perform our contract with you;
  • to provide you with the agreed services; 
  • for invoicing purposes; 

Data processing is generally carried out at your request and is in accordance with Art. 6 para 1 lit. b and c GDPR required for the purposes mentioned in order to be able to process your request in an appropriate manner and to fulfill the obligations mentioned. Without this data, we are as a rule unable to enter into or maintain a client relationship.

It is possible that we process data that is not collected directly from you, but for example from third parties, from publicly accessible sources or from other data subjects.

We reserve the right to continue processing personal data collected for one of the purposes mentioned above for other purposes as well, if this is compatible with the original purpose or is permitted or prescribed by law (e.g. reporting obligations).

2.    Data Categories

In our data folder the following data categories according to Art. 4 para 1) GDPR are being processed in order to be able to fulfill our activities as mentioned in clause 1:

Data category

 

Description

 

Recipient

 

Origin

Sensitive data

Personal and address data of natural persons

First name, last name, date of birth, private and/or business address, nationality, place of birth, telephone number, e-mail- address, tax identification number etc.

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

Direct survey or via intermediaries

no

Identification data

Identification documents, e.g. passport copies, ID-copies, utility bills, tax identification numbers, death certificates, authentication documents such as signature specimens etc.  

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required)  

Direct survey or via intermediaries

no

Due Diligence data (DDA/DDO)
(only if executive body)

Identification of the contracting partner, the beneficial owner, the recipient of distributions; business profiles including information on the personal and occupation background etc. 

 

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

 

Direct survey or via intermediaries, internet

no

Mandate Information
(only if executive body)

Mandate documents, bank documents, correspondence, due diligence documentation, tax data, resolutions etc. 

 

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

 

Direct survey or via intermediaries

no

Bookkeeping/ accountig data

 

Transaction information, bookkeeping information, recipients of payments, description of activities, VAT number, currencies, amounts etc. 

 

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

Direct survey or via intermediaries

no

Correspondence

Client instructions, correspondence with beneficiaries, settlors, shareholders, recipients of distributions, bodies, protectors, general correspondence etc.

 

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

 

Direct survey or via intermediaries

no

Legal entity data
(only if executive body)

Articles, by-laws, beneficiary regulations, letter of wishes, declarations of renunciations, certificates, contracts, documentation of signatories etc. 

 

Employees, external agents (e.g. banks) and public authorities (e.g. supervisory authorities or tax authorities, if legally required) 

 

Direct survey or via intermediaries

no

Tax declaration data (only if executive body)

FATCA- CRS-, LDF-, ASTA-Reporting
 

Employees, external service providers (e.g. banks) and public authorities (e.g. supervisory or tax authorities, if legally required)

Direct survey or via intermediaries

no

 

3.    Legal Basis

The data mentioned in 2 is processed 

  • based on contractual measures with our clients (Art. 6 Para 1 lit. b GDPR)
  • in order to fulfill legal duties (Art. 6 Para 1 lit. c GDPR)
  • due to public interest (Art. 6 Para 1 lit. e GDPR)
  • to protect legitimate interest by us or third parties (Art. 6 Para 1 lit. f GDPR)

Processing activities to protect our legitimate interest can be:

  • processing for internal administrative purposes
  • evaluations
  • marketing purposes
  • direct advertising
  • rejection of unjustified claims

We reserve the right to continue processing personal data collected for one of the purposes mentioned above for other purposes as well, if this is compatible with the original purpose or is permitted or prescribed by law (e.g. reporting obligations).

4.    Recipients of personal data

Ochsner Consulting Establishment and its employees only process personal data of our clients if required in order to comply with our contractual, statutory and supervisory obligations for the purposes mentioned in Clause 1 and in order to protect our legitimate interests.
Additionally, the following persons may receive data:

  • Bookkeepers
  • Banks
  • Insurances
  • Lawyers
  • IT service providers
  • Suppliers
  • Distributors
  • Transport companies
  • Other cooperation partners
  • Public interest establishments

If we have to fulfill legal or supervisory duties, the following bodies may receive personal data:

  • Authorities and public bodies (e.g. supervisory authorities, courts)
  • Authorities of third countries and international organizations

5.    Transfer of personal data to third party states 

Data is only transferred to countries outside the European Economic Area (so-called third countries) within the context of adequacy decisions of the European Commission or if this is necessary for the implementation of pre-contractual measures or the performance of a contract, if you have given us your explicit consent (e.g. within the context of specific services), if the transfer is necessary for significant reasons of public interests or is stipulated by law. 

A transfer of data outside of the European Economic Area only take place if the following can be guaranteed:

  • The country to which personal data is sent provides an adequate level of protection according to the European Commission;
  • The recipient has a signed a contract based on the “model contract terms” of the European Commission, which commit the recipient to protect personal data

6.    Data Origin

Data is either gathered directly (e.g. during meetings or by means of correspondence with you) and partly from third party providers.

Third party agents can be:

  • Intermediaries
  • Lawyers
  • Banks
  • Asset Managers
  • Other contact persons
     

7.    Storage period

Personal data are processed and stored during the active business relationship based on legal obligations. After the end of the business relationship, the data is retained until expiration of the statutory retention period of 10 years. Further processing and a longer storage period only may be conducted for reasons of legal or contractual retention periods or for reasons or preservation of evidence within the limitation periods.

 

8.    Automated decision making 

Within Ochsner Consulting Establishment, no automated decision making with personal data of our clients takes place. 

 

IV.  Data security

We use technical and organizational security measures, in order to protect your data against accidental or intentional manipulation, partly or total loss, destruction or access by unauthorized third parties. Our safety measures are constantly improved according to technological developments.

V. Valid version

This is the currently valid Data Protection Declaration as of January 2020.

Due to the continued development of our website and associated services or organizational modifications within our company or on the grounds of amended legal or regulatory requirements, it may become necessary to amend this Data Protection Declaration. You can access and print out the respective current Data Protection Declaration on our website at any time.