Data Collection in the Implementation and Processing of our Services and Tasks
a. Data Processing Purposes
We process personal data from our clients for the following purposes:
- activities pursuant to the Business Act, the Trustees Act and the Persons and Companies Act, in particular:
- Auditing, Tax Advice, Management Consulting Services, Accounting, Salary Administration
- compliance with legal requirements in connection with the Auditor Act, Trustees Act, the Persons and Companies Act, the Due Diligence Act, the Civil Code and the GDPR).
b. Data Categories
In our data directories, the following data categories are directly processed to perform our activities within the scope of purposes listed under lit. a.:
|Data Category||Data Description||Data Recipient|
|Client and address data||Name, company, date of birth, home and/or business address, nationality, occupation, telephone number, email address||e.g. external service providers (e.g. banks, auditors) and public authorities (e.g. supervisory or tax authorities)|
|Identification Data||Identification documents, e.g. passport or identity card copies, utility bills, tax numbers, death certificates; authentication data, e.g. signature samples||Banks, trust companies, tax advisors|
|Accounting and Salary Administration documents||Surname, name, address, tax numbers, marital status, profession, employment data, data on previous tax years, pension scheme data, social insurance data||European Tax Authorities, AHV-IV-FAK and other state authorities (Social Welfare Office, Office of Economic Affairs etc.)|
|Mandate information||e.g. corporate documents, bank documents, correspondence, due diligence documents, tax data, resolutions by bodies||Liechtenstein authorities due to statutory requirements|
|Accounting Data||Transaction and accounting information||Liechtenstein authorities due to statutory requirements|
|Correspondence||Client orders, general||Banks and members of bodies, Liechtenstein authorities due to statutory requirements|
|Data of legal entities||Articles of incorporation, by-laws, certificates, mandate agreements, signatory powers||Commercial register and Liechtenstein authorities due to statutory requirements|
|Tax Data||FATCA-, AIA-, LDF reports||Tax authorities due to statutory requirements|
c. Access to and Forwarding of Data
Personal data of clients are processed by us exclusively for the fulfilment of our contractual, statutory and supervisory duties for the purposes specified under a.
For this purpose, the following parties may receive personal data:
- group companies;
- external service providers and parties (such as banks, asset managers, insurance companies, lawyers, auditors; suppliers, dealers, transport companies, subcontractors or other cooperation partners; associations, public-interest institutions); the forwarding of data to us by third party service providers only takes place with the express consent of the client.
If we have to fulfil legal or supervisory requirements, the following parties in particular may receive personal data:
- official bodies and public authorities (e.g. supervisory authorities, courts);
- tax authorities (e.g. within the framework of the Automatic Exchange of Information) [AIA, FATCA]).
d. Data Origin
The data is collected directly (e.g. in meetings or correspondence with clients; internal background and due diligence checks) and in part by third-party service providers (such as banks, asset managers, auditors).
e. Data Retention Period
Personal data will be processed and stored during the effective business relationship, unless there are special shorter deletion periods. After termination of the business relationship these data will be stored for at least 10 years due to statutory provisions (Persons and Companies Act, Due Diligence Act). Longer storage of data occurs exclusively on the basis of statutory or contractual storage requirements or for evidence purposes with regard to time-barring laws.
f. Automated Decision-Making (Art. 22 GDPR)
There is no automated evaluation of your data. Should such procedures be used in individual cases, we inform our clients to the extent required by law.
g. Your Rights
Right to Information
You have the right to request information about your personal data that is stored by the Companies. A request for information, together with proof of identity, must be sent in writing to the Data Protection Officer (see h.).
Upon receipt of your request for information, you will be informed within the statutory period of 30 days. The information may be refused, restricted or postponed to the extent required by law or due to the prevailing interest of a third party or the company the request is addressed to.
The request for information may be combined with a request for rectification or erasure of data.
Right to Rectification or Erasure
You have the right to request, in writing and free of charge, the rectification or erasure of your personal data, insofar as these are incorrect or stored or processed without good reason. A reasoned request for rectification or erasure must be sent to the Data Protection Officer (see h.), accompanied by a proof of identity.
Your request for rectification or erasure will be processed upon receipt within a reasonable time. Thereafter, the completion of your request for rectification or erasure will be confirmed to you.
Erasure may be prevented by legal regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.
Right of Objection or Cancellation
You have the right to object in writing, in whole or in part, to the processing of your personal data or to cancel your consent to the processing of such data. The objection or cancellation must be addressed in writing to the Data Protection Officer (see h.).
The receipt of your objection or cancellation will be confirmed to you and thereafter the concerned data will be deleted.
To comply with an objection or cancellation may be contrary to statutory regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.
Right to Restriction
You have the right to restrict the processing of your personal data with regard to the transmission of such data to third parties. An application for restriction must be sent in writing to the Data Protection Officer (see h.) accompanied by proof of identity.
The receipt of your application for restriction will be confirmed and your application will be completed within a reasonable time.
Such restriction may conflict with legal regulations. In such a case, the Companies will only transmit your personal data to third parties to the extent necessary to comply with the statutory requirements.
Right of Complaint
You have the right to file a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority of an EU or EEA Member State, for example at your place of residence or work or at the place of the alleged infringement.
The contact details of the Data Protection Authority in Liechtenstein are as follows:
Liechtenstein Data Protection Authority
P.O. Box 684
+423 236 60 90
For questions about data protection and data processing, please contact the Data Protection Officer of the controller in writing. You can contact our Data Protection Officer as follows:
CONFIDA Wirtschaftsprüfung AG
Data Protection Officer
+423 235 89 90