I. Name and address of the person responsible
The person responsible according to the General Data Protection Regulation (GDPR) is:
Seeger, Cott & Partner AG, Kirchstrasse 6, 9494 Schaan, Liechtenstein
Tel.: +423 265 22 00
II. Data processing in general
1. Scope of the processing of personal data
The processing of personal data is limited to data that is required to operate a functional website and for the provision of content and services. The processing of personal data of our users is based on the purposes agreed or on a legal basis (GDPR). We only collect personal data that is necessary to implement and process our tasks and services or if you provide data voluntarily.
2. Your rights
You have the right to request information about any of your personal data we process. In particular, you have the right to request information about the purpose of the processing, the categories of personal data, the categories of recipients who will have access or were disclosed with your data, the duration periods for saving the personal data, whether there is a right to adjust/correct, erase, restrict or object, transmission of data (as long as it does not cause a disproportionate effort to transmit these data), the source of your data if not collected through us and if we use automatic decision-making technologies including profiling.
Additionally, you have the right to revoke a previously granted consent to use your personal data at any time.
If you believe that the processing of your personal data is inconsistent or contradicts the applicable data protection laws you have the possibility to lodge a complaint with the data protection office.
III. Description and scope of data processing
1. Provision of the website
Our system records data and information about the computer used by the user automatically and with every visit on our website.
The following data are collected:
- Information regarding the type and version of internet browser used to access the website
- Operating system
- Internet service provider
- IP address
- Date and time of each access
- Web page from which the user was redirected to our page
The data mentioned above are saved for a maximum time period of six months. This storing is done due to security reasons to ensure the stability and integrity of our systems.
The collected data may be transmitted to countries outside the EU/EEA, especially to the USA. However, Google has committed to follow the Privacy Shield Framework agreement. Further information about your rights of said agreement is found on the website of European Commission Data Protection.
Additionally, we ensure that your IP address is anonymised before it is transmitted to Google. Your IP address is shortened directly on your computer. Therefore Google Analytics can not make any connection between your IP address and other information stored by Google Analytics.
Legal basis for the usage of Google Analytics is Article 6 (1) lett. f GDPR.
Legal basis for the processing of data through cookies is Article 6 (1) lett. f GDPR.
3. Contact form
If you fill out a contact form, send us an email or another form of electronic message, your data will only be used to process your inquiry and possible further questions you might have.
Legal basis for the processing of your inquiry is Article 6 (1) lett. b GDPR.
We will delete your email address after completing your inquiry.
IV. Data security
We use the common encryption technology RSA in connection with the highest encryption levels that are supported by your browser. If a page on our website was/is being transmitted encrypted it is shown by the lock symbol in the address bar of your browser.
Additionally, we use appropriate technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, or to prevent unauthorized access by third parties. Our security measures are continuously upgraded according to the latest technological developments.
B. Additional privacy statement for clients
Description and scope of data processing
1. Purpose of data processing
We process our clients’ personal data for the following purposes:
- Activities pursuant to Article 2 of the Liechtenstein Professional Trustees Act (TrHG) in conjunction with the Liechtenstein Persons and Companies Act (PGR), in particular:
- Client mandate management (including administration of legal entities)
- Compliance with statutory accounting requirements
- Compliance with legal obligations, in particular:
- PGR, TrHG, due diligence laws, tax legislation and treaties
2. Categories of data
The following categories of data are processed in our data directories pursuant to Article 4 (1) of the GDPR for the purposes of our activities outlined under Section 1 above:
|Data category||Data description||Data recipient|
|Client and address data||Name, company name, date of birth, home and/or business address, nationality, occupation, telephone number, e-mail address||external service providers (such as banks, asset managers, auditors) authorities|
|Identification means||passports and official ID papers, utility bills, tax numbers, self-disclosure, death certificates||banks, asset managers|
|Due diligence documentation||contracting partners, identification of beneficial owners, business relationship profiles with background information about occupation and private situation, World-Check data, checks pursuant to the Liechtenstein Due Diligence Act (SPG)||banks|
|Mandate data||company documents, bank documentation, correspondence, documents pursuant to the DDA, tax data, resolutions of governing bodies||no data transmission|
|Accounting data||Transactions and accounting information||no data transmission|
|Correspondence||Client orders, general||no data transmission|
|Company information||Articles of Association, by-laws, certificates, mandate contracts, signing authorities||no data transmission|
|Tax reporting data||Reports based on FATCA, AEOI, LDF||tax authorities|
3. Legal basis
The data listed under Section 2 above will be processed
- on the basis of our contractual relationship with our clients (Article 6(1)(b) of the GDPR);
- in order to fulfil a legal obligation (Article 6(1)(c) of the GDPR);
- to carry out a task in the public interest or in the exercise of official authority (Article 6(1)(e) of the GDPR); or
- for the purposes of the legitimate interests pursued by the data controller or a third party (Article 6(1)(f) of the GDPR).
Processing for the purposes of our legitimate interests may include:
- Processing for the purpose of internal administration
- Direct marketing
- Video surveillance
- Defending against unjustified claims
4. Recipients of personal data
Clients’ personal data will only be processed by us to carry out our contractual, statutory and regulatory obligations for the purposes listed under Section 1 above.
For these purposes, data may be shared with the following:
- Companies within our group of companies for the purpose of internal administration
- External services providers and offices:
- Asset managers
- Insurance companies
- Other cooperation partners
If we have statutory or regulatory obligations to fulfil, personal data may be sent in particular to the following:
- Public offices and authorities (e.g. supervisory authorities, courts)
- Tax authorities (including in the scope of AEOI and FATCA)
- Authorities of third countries or international organisations
5. Sharing data with third countries or international organisations
If we transfer clients’ personal data to other countries, it is protected and transferred in accordance with the statutory provisions. Transmission of data outside of the European Economic Area is done with the following guarantees:
- The country to which we are transmitting the personal data has assured the European Commission of an appropriate level of protection of personal data.
- The recipient has signed a contract based on the Standard Contractual Clauses confirmed by the European Commission, undertaking to protect personal data.
- If the recipient is located in the USA, the recipient is a certified member of the EU-US Privacy Shield Framework.
Additional information about the protection of personal data when it is transmitted outside the European Economic Area can be provided on request.
For the fulfillment of contractual obligations, personal data are only transferred to third service providers in third countries with the expressed consent of the client.
6. Data sources
We collect data either directly (e.g. in meetings or through correspondence with clients; internal background and due diligence checks) or partially from third-party service providers.
Third-party service providers may include:
- Asset managers
7. Storage periods
Personal data will be processed and stored for the duration of the business relationship within the framework of the statutory provisions. Once the business relationship has been terminated, these data are retained for 10 years on the basis of statutory provisions (PGR, DDA, Liechtenstein Civil Code [ABGB]). Longer retention periods will be enforced only on the basis of statutory or contractual requirements to retain data or for the purpose of maintaining evidence within any applicable statutory limitation periods.
8. Automated decision-making (Article 22 of the GDPR)
No automated decision-making processes are applied to clients’ personal data. Where such processes are used in individual cases, we inform the clients to the extent required by the law.
9. Necessity of the data (Article 13(2)(e) of the GDPR)
Provision of the data listed under Section 2 above is mandatory in order to allow us to offer our clients the services they require and fulfil our statutory obligations. In addition to possible statutory reporting obligations to the responsible supervisory authorities, failure to provide data will result in the non-establishment or termination of the business relationship.