Data protection declaration (Privacy policy)

Version dated 25 May 2018
Updated 24 January 2022

Data protection is important to Allgemeines Treuunternehmen and accordingly, in this privacy policy we explain how we collect and process what personal data (i.e. data that refers to a specific or determinable person such as name, address, nationality, E-mail address, interests and hobbies, user behaviour on websites). This privacy policy is based on the General Data Protection Regulation of the European Union (GDPR).

1 Controller, data protection officer and representative

(1) Allgemeines Treuunternehmen, Aeulestrasse 5, 9490 Vaduz, is the controller.

(2) The contact information of the data protection officer is as follows: datenschutzbeauftragter@atu.li, +423 237 34 34.

2 Collection of personal data and purposes of the processing

(1) We restrict the processing of personal data primarily to personal data that we receive in connection with our services and products from our clients, our collaboration partners or other persons involved, or which we collect on our website or applications from the users.

(2) In particular, we collect the following personal data from you on a case-specific basis and depending on the purpose (see below):

  • Salutation/title
  • Given name, family name
  • Address
  • E-mail address
  • Telephone number(s)
  • Date of birth
  • Nationality
  • Hobbies/personal interests
  • Tax identification number
  • Bank data
  • Family circumstances

(3) In addition, if permitted and appropriate, we obtain and process other data from publicly accessible sources (e.g. land register, commercial register, the media, the Internet, World-Check database) on a case-specific basis, or receive such data from other Group companies (e.g. banks, asset managers or auditors), from authorities and institutions, from your personal environment such as family, legal advisors or other third parties.

(4) We require this data, in particular, to serve the following purposes:

  • to identify you as a client or collaboration partner or user of our website
  • to correspond with you
  • to carry out our due diligence obligations
  • to comply with other legal provisions
  • to conclude and process service agreements, e.g. instructions regarding formation, mandate agreement, asset management agreement
  • to conclude and process purchase and sale agreements, e.g. for the purchase of products from suppliers or sale to interested parties
  • to render invoices
  • to provide other services from our company or, if applicable, in collaboration with third parties
  • to provide you with the best possible and customised services, and to further develop our service and product offers
  • to communicate with third parties
  • to evaluate and respond to applications
  • to promote and market our services and products (provided you have not indicated that you object to the use of your data for this purpose)
  • to enforce our legal claims or generally defend our position
  • to ensure our operation generally (e.g. IT, website, apps)
  • to conduct video monitoring as a security component for access management (including visitor lists or other access controls)
  • to ensure additional security aspects

(5) We only process your personal data if we have a legal (e.g. due diligence obligation) or contractual (e.g. instructions regarding formation) basis to do so, or the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us. We only process data apart from this if you have given your consent and have not withdrawn such consent or if a legitimate interest on our part takes precedence (e.g. continuing to send newsletters to existing clients provided that here too, consent has not been withdrawn). Consent may be withdrawn at any time.

(6) Your data is not subject to an automated evaluation process pursuant to Art. 22 GDPR. If such a process should be used in an individual case, we shall inform the person affected to the degree provided by law.

3 Recipients of personal data and data transmission abroad

(1) We only transfer your personal data to recipients or third parties in line with the above-described purposes, insofar as permitted and appropriate. Third parties may, in particular, include:

  • Group companies
  • Service providers such as banks, asset management companies, insurance companies, IT- and infrastructure providers, printing companies
  • Suppliers, distributors, transport companies, subcontractors or other collaboration partners
  • Authorities, government institutions, courts
  • Associations, public interest institutions

(2) Any such data transfer is based on either a legal obligation (e.g. data transmission in the course of the automatic exchange of information), performance of a contract (e.g. asset manager abroad), your consent, a public interest or on the basis of a legitimate interest on our part, unless your interests or fundamental rights and freedoms in relation to the protection of personal data take precedence.

(3) Recipients may be at home or abroad. In particular, we would like to point out to you that we may exchange personal data within our Group companies or transmit personal data to countries in which service providers are located from which we obtain services (e.g. Microsoft).
In case of recipients outside our company in the EU/EEA or in countries which are recognised as having adequate data protection (e.g. Switzerland), we ensure data protection by concluding, if necessary and appropriate, contract data processing agreements. If we transmit personal data to third countries without adequate legal data protection, we ensure, in accordance with legal requirements, an adequate level of protection based on, for example, EU standard contractual clauses or other instruments (e.g. binding corporate rules).

4 Use of our website

In addition to the above stated, we inform you as follows on the use of cookies, analytics/tracking or other technologies in connection with the use of our website:

(1) If the website is used for merely informational purposes (i.e. if you do not log in, register or otherwise transmit information), we do not collect any personal data with the exception of data that your browser transmits to enable you to use the website. This may include, in particular, the following data:

  • IP address
  • Date and time of the query
  • Time zone difference relative to Greenwich Mean Time (GMT)
  • Contents of the request (specific page)
  • Status of access/HTTP status code
  • Volume of data transferred each time
  • Website from which the request is made
  • Browser used
  • Operating system and its interface
  • Language and version of browser software

(2) Our website uses cookies. These are small text files that are stored on your terminal with the help of the browser. Cookies do not cause any damage.
We simply use them to make our offers more user-friendly. Some cookies remain stored on your terminal until you delete them. They enable us to recognise your browser when you next visit.
If you do not wish this, you may set your browser to notify you on the placement of any cookies and to enable you to accept them on a case-by-case basis only. However, we would like to point out that in this case, you may potentially not be able to use all of the functions of our website.

(3) We analyse the use of our website with the open source web analysis tool Matomo (formerly Piwik; privacy policy available under https://matomo.org/privacy-policy/). For this purpose, however, automatically collected IP addresses are anonymised before evaluation. All generated analyses are therefore based on anonymised data records and no personal evaluation takes place. The sole purpose of web analysis is to optimise the website in terms of user-friendliness and to provide useful information about our services. This data is not merged with other personal data sources or forwarded to third parties.

In addition to the aforementioned data, Matomo also uses so-called “cookies” (see above).

(4) If you complete a contact form or send us an email or another type of electronic message, your information will be used solely for the processing of your enquiry and any possible further associated questions and saved and processed only within the framework of the enquiry. Once your enquiry has been dealt with, we will delete your email address.

5 Data protection in the case of applications and in the application process

(1) We collect and process personal data from applicants for the purpose of carrying out the application process. Processing may be made on paper or also electronically by e-mail. If the process results in conclusion of an employment contract with an applicant, the personal data received to conclude the employment relationship will be processed in compliance with the legal requirements. Otherwise, the application documents will be erased three months following a rejection, unless there are legitimate interests on our part for not erasing the documents, such as in connection with a burden of proof in relation to equal treatment.

(2) By transmitting your application documents to us, you agree that your personal data, such as name, title, address, telephone number, date of birth, education, professional experience, salary expectations as well as any data and images that may be included in your covering letter, CV, your letter of application, your references or other documents and certificates sent to us, will be processed for the purposes of our personnel selection.

(3) Your data is not forwarded to third parties without your consent. No automated decision making is carried out pursuant to Art. 22 GDPR. The data processing is carried out on the basis of the statutory provisions of Art. 6 para. 1 (a) (consent) and (b) (required to fulfill the contract) GDPR.

6 Storage period

As a general rule, we store your personal data for only as long as it is necessary for the purposes for which it was collected in accordance with this privacy policy. However, there may be cases where we are required by law or for evidence purposes within the framework of the statute of limitation to store certain data for a longer period of time. In such cases, we ensure that your personal data is handled in accordance with this privacy policy throughout the entire period. Once the business relationship has come to an end, this data is stored on the basis of the statutory provisions (PGR, SPG) for at least 10 years.

7 Your rights

(1) You have the right to request information from us at any time and free of charge about your personal data stored with us, as well as its origin, recipients or categories of recipients to which this personal data is forwarded, and the purpose of its storage.

(2) You further have the right to request at any time that we rectify, erase – to the extent permissible by law –, or restrict the processing of your personal data. You also have the right to data portability.

(3) In addition, you have the right to object at any time to the processing of your personal data by us.

(4) If you have given us your consent to use your personal data, you may withdraw this consent at any time without having to provide reasons.

(5) You furthermore have the right to lodge a complaint directly with the Liechtenstein Data Protection Office: https://www.datenschutzstelle.li/

(6) If you would like to assert the above rights, please contact the address indicated in paragraph 1.

8 Data security

We provide for the latest technical measures to ensure data security, in particular to protect your personal data against risks in the case of data transmission and against the risk of third parties gaining knowledge of your personal data. These measures are continuously adapted to correspond to state-of-the-art technology.

9 Amendments

As part of the technical development of our range of services and the legal framework, we will amend our privacy policy on a regular basis. Amendments to the privacy policy will be published on our website. Therefore, please periodically read the most recent version of this privacy policy. Subject to the applicable legislation, all amendments to the privacy policy enter into effect as soon as the updated privacy policy is published. If we have already recorded data about you and/or are subject to a legal duty to provide information, we will notify you, in addition, about any major changes to our privacy policy and ask for your consent if this is required by law.