Please note that this is a translation of our German Data Protection Declaration. In case of deviations, the German version shall prevail.
General
Your data and the necessary protection of it is important to us. We only process necessary data about you. Hereby we can guarantee to do this with the necessary care, not least to protect you from any possible misuse.
With this Data Protection Declaration, we would like to provide you with an overview of the manner in which we process your data and your rights in this connection according to the provisions of the European General Data Protection Regulation (hereinafter called “GDPR”) and the Liechtenstein Data Protection Act (Datenschutzgesetz, hereinafter called “DSG”):
I. Name and address of the Data Controller and the Data Protection Officer
Data Controller within the meaning of the GDPR is Ochsner Consulting Establishment, Alvierweg 17, 9490 Vaduz, , T +423 370 18 22.
You can reach our Data Protection Officer under or our postal address with the supplement "Data Protection Officer”.
II. General information concerning data processing
1. Extent of the processing of personal data
Processing personal data is limited to the data necessary in order to provide our services. Your personal data will only be processed for the agreed purposes or on a legal basis within the meaning of the GDPR. We only collect the personal data absolutely necessary to implement and process our duties and to provide the agreed services or data you have voluntarily disclosed.
2. Your data protection rights
You have the right to demand information on your personal data processed by us. In particular, you are entitled to demand disclosure regarding the purpose for which your data is collected, the categories of personal data collected, the categories of third party recipients, who have received or will receive your personal data as well as the storage period. Additionally, you have the right to rectification, deletion, restriction of the processing, objection, data portability, as well as to receive information on its origin, if not collected by us, and to be informed on automatic decision-making, including profiling.
If your personal data is processed for direct marketing purposes, you have the right to object to the processing of your personal data for such advertising at any time; this also applies to profiling, insofar as it is connected to such direct marketing. If you object, your data will no longer be used for direct marketing purposes (objection according to Art. 21 para 2 GDPR).
You have the right to withdraw any given consent to use your personal data at any time.
If you are of the opinion that our processing of your personal data is in breach of applicable data protection law or that your statutory data protection rights have been infringed otherwise, you may file a complaint with the competent supervisory authority. In Liechtenstein, the Data Protection Office (www.datenschutzstelle.li) is the competent authority.
III. Description and extent of data processing
1. Purposes of data processing
We process personal data of our clients for the following purposes:
- to enable us to identify you as our client;
- to provide you with the agreed services (trainings);
- to conduct correspondence with you;
- to perform our contract with you;
- for invoicing purposes;
Data processing is generally carried out at your request and is in accordance with Art. 6 para 1 lit. b and c GDPR required for the purposes mentioned in order to be able to process your request in an appropriate manner and to fulfill the obligations mentioned. Without this data, we are as a rule unable to enter into or maintain a client relationship.
It is possible that we process data that is not collected directly from you, but for example from third parties, from publicly accessible sources or from other data subjects (e.g. your telephone number, if not provided with your registration).
We reserve the right to continue processing personal data collected for one of the purposes mentioned above for other purposes as well, if this is compatible with the original purpose or is permitted or prescribed by law.
2. Data Categories
In our data folder the following data categories according to Art. 4 para 1) GDPR are being processed in order to be able to fulfill our activities as mentioned in clause 1:
|
Data category
|
Description
|
Recipient
|
Origin |
Sensitive data |
|
Personal and address data of natural persons |
First name, last name, private and/or business address, telephone number, e-mail- address, etc. |
Employees, external agents (e.g. banks or IT service providers) and public authorities (e.g. supervisory authorities, if legally required) |
Direct survey |
no |
|
Bookkeeping/ accounting data
|
Transaction information, bookkeeping information, recipients of payments, currencies, amounts etc. |
Employees, external agents (e.g. banks or IT service providers) and public authorities (e.g. supervisory authorities, if legally required) |
Direct survey |
no |
|
Correspondence |
general correspondence in connection with the trainings etc. |
Employees, external agents (e.g. banks or IT service providers) and public authorities (e.g. supervisory authorities, if legally required) |
Direct survey |
no |
3. 3. Legal Basis
The data mentioned in 2 is processed
- based on contractual measures with our clients (Art. 6 Para 1 lit. b GDPR)
- in order to fulfill legal duties (Art. 6 Para 1 lit. c GDPR)
- due to public interest (Art. 6 Para 1 lit. e GDPR)
- to protect legitimate interest by us or third parties (Art. 6 Para 1 lit. f GDPR)
Processing activities to protect our legitimate interest can be:
- processing for internal administrative purposes
- evaluations
- marketing purposes
- direct advertising
We reserve the right to continue processing personal data collected for one of the purposes mentioned above for other purposes as well, if this is compatible with the original purpose or is permitted or prescribed by law.
4. Webinars
In order to be able to offer webinars, Ochsner Consulting Establishment uses the functions of «Zoom», which is a service of Zoom Video Communications, Inc., based in San Jose, California, USA. Various data are processed when using Zoom. The data processed also depends on the data you provide. To be able to participate in the webinar, you must at least provide your e-mail address and your name. In order to establish a connection, improve the user experience and also to carry out anonymous analysis to improve the services of Zoom, additional technical data such as IP-address, device type, operating system type etc. are processed. Further information can be found in Zoom’s data protection declaration at https://zoom.us/de-de/privacy.html
You may have the option of using the chat functions in our webniars. In this resepct, the text entries you make will be processed in order to display them during the webinar. In order to enable the display of video and audio, the data from the microphone of your end device and any video camera of the end device are processed accordingly during the duration of the meeting. You can switch off the camera or mute the microphone yourself at any time using the “Zoom” applications.
It is possible to record the webinar, but this function is usually not used by Ochsner Consulting Establishment. Should it be the case, you will transparently be informed before the webinar begins and –if necessary- you will be asked for your consent. The fact that the recording function is used is additionally shown while using Zoom.
There is no automated decision making according to Art. 22 GDPR.
The legal basis for using Zoom is Art. 6 Para. 1 lit. b GDPR.
5. Recipients of personal data
Ochsner Consulting Establishment and its employees only process personal data of our clients if required in order to comply with our contractual, statutory and supervisory obligations for the purposes mentioned in Clause 1 and in order to protect our legitimate interests.
Additionally, the following persons may receive data:
- Bookkeepers
- Banks
- Insurances
- Lawyers
- IT service providers
- Other cooperation partners
- Public interest establishments
If we have to fulfill legal or supervisory duties, the following bodies may receive personal data:
- Authorities and public bodies (e.g. supervisory authorities, courts)
6. Transfer of personal data to third party states
Generally, there is no necessity to transmit data from participants of our trainings to third countries.
However, if necessary, data is only transferred to countries outside the European Economic Area (so-called third countries) within the context of adequacy decisions of the European Commission or if this is necessary for the implementation of pre-contractual measures or the performance of a contract, if you have given us your explicit consent (e.g. within the context of specific services), if the transfer is necessary for significant reasons of public interests or is stipulated by law.
A transfer of data outside of the European Economic Area only take place if the following can be guaranteed:
- The country to which personal data is sent provides an adequate level of protection according to the European Commission;
- The recipient has a signed a contract based on the “model contract terms” of the European Commission, which commit the recipient to protect the personal data.
7. Data Origin
The data is mainly collected directly from you (e.g. in the context of correspondence with you when you register for the offered events) and partly through third parties (e.g. if you do not register yourself).
8. Storage period
Personal data are processed and stored during the active business relationship based on legal obligations. After the end of the business relationship, the data is retained until expiration of the statutory retention period of 10 years. Further processing and a longer storage period only may be conducted for reasons of legal or contractual retention periods or for reasons or preservation of evidence within the limitation periods.
9. Automated decision making
Within Ochsner Consulting Establishment, no automated decision making with personal data takes place.
IV. Data security
We use technical and organizational security measures, in order to protect your data against accidental or intentional manipulation, partly or total loss, destruction or access by unauthorized third parties. Our safety measures are constantly improved according to technological developments.
V. Valid Version
This is the currently valid Data Protection Declaration as of June 2020.
Due to the continued development of our website and associated services or organizational modifications within our company or on the grounds of amended legal or regulatory requirements, it may become necessary to amend this Data Protection Declaration. You can access and print out the respective current Data Protection Declaration on our website at any time.