With the following data protection notice we would like to give you an overview on how personal data may be processed by our Asset Management Company and your rights in relation to this information under the new EU General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act (DPA). The specific data that will be processed and how the data will be used will essentially depend on the the services and products that will provided and/or have been agreed upon in each specific case. The Asset Management Company is legally bound to protect your privacy and keep your information confidential and will therefore implement a range of technical and organizational measures to ensure data security for all processing of personal data.
In the course of our business relationship, we will need to process personal data required for the purpose of setting up and conducting the business relationship, meeting applicable statutory or contractual requirements, providing services and executing orders. Without having this data, we would generally be unable to enter into or maintain a business relationship, process orders, or offer services and specific products.
Should you have any questions concerning specific data processing activities or wish to exercise your rights, as further described under section 5 below, please contact the controller:
Swiss Capital Wealth Management (Liechtenstein) AG, Kirchstrasse 3, 9490 Vaduz, Liechtenstein,
Telefon: +423 237 59 20
Contact details of the Data Protection Officer:
Swiss Capital Wealth Management AG, T. Rosenberger, Klausstrasse 4, 8008 Zürich, Telefon: +41 (44) 226 52 24
1) Which categories of data will be processed and what are the sources of this information?
We collect and process personal data that we obtain in the course of our business relationship with our clients. Personal data may be processed at any stage of the business relationship and the type of data will vary depending on the group of persons involved. Generally, we will process personal data that you provide in the course of submitting agreements/ contracts, forms, correspondence or other documents to us. As far as necessary in order to provide services, we will also process any personal data, which are generated or transmitted as a result of using products or services, or that we have lawfully obtained from third parties (e.g. Trust Company) or public authorities (e.g. UNO and EU sanctions lists). Finally, we may process personal data from publicly available sources (e.g. land registers, commercial registers and registers of associations, the press, the Internet). Apart from client data, we may, where appropriate, also process personal data of other third parties involved in the business relationship, including data pertaining to (further) authorized agents, representatives, legal successors or beneficial owners under a business relationship. Please ensure that such third parties are also aware of this data protection notice.
Personal data concerns the following categories of data in particular:
Further basic data
2) For which purpose and on which legal basis will your data be processed?
We process personal data in accordance with the provisions of the GDPR and the DPA for the following purposes and on the following legal basis:
We reserve the right to engage in the further processing of personal data, which we have collected for any of the foregoing purposes, including any other purposes that are consistent with the original purpose or which are permitted or prescribed by law (e.g. reporting obligations).
3) Who will be held access to personal data and how long will the data be held?
Parties within and outside of the Asset Management Company may obtain access to your data. Departments and employees within the Asset Management Company may only process your data to the extent required for the purpose of fulfilling our contractual, statutory and regulatory duties as well as pursuing legitimate interests. Other companies, service providers or agents may also have access to personal data for such purposes, subject to statutory regulations. The categories of processors may include companies supplying asset management services, companies operating under distribution agreements and companies supplying IT, logistics, printing, advisory and consultancy, distribution and marketing services. In this context, recipients of your data may also include other financial services institutions or similar organizations to which we transfer personal data for the purposes of conducting the business relationship (e.g. custodian banks, brokers, stock exchanges, information centers).
Public bodies and organizations (e.g. supervisory authorities, fiscal authorities) may also receive your personal data where there is a statutory or regulatory obligation.
Data will only be transferred to countries outside the EU or EEA (so-called third countries) if
However, these are solely countries, of which the EU-Commission has determined having an adequate data protection standard or we take measures in order to ensure that all recipients have an adequate data protection standard. Where applicable, we conclude standard contractual clauses for this purpose, which in this case are available upon request.
We process and store your personal data throughout the duration of the business relationship, unless there is a stringent obligation to erase specific data at an earlier date. It is important to note that our business relationships may subsist for many years. In addition, the length of time that data will be stored will depend on whether processing continues to be necessary as well as the purpose of processing. Data will be erased at regular intervals, if the information is no longer required for the purpose of fulfilling contractual or statutory duties or pursuing our legitimate interests, i.e. the objectives have been achieved, or if consent is withdrawn, unless further processing is necessary by reason of contractual or statutory retention periods or documentation requirements, or in the interests of preserving evidence throughout any applicable statutory limitation periods.
4) Will there be automated decision-making including profiling?
We basically do not make decisions based solely on the automated processing of personal data. We will inform you separately in accordance with the statutory regulations of any intention to use this method in particular circumstances.
Certain business areas involve the automated processing of personal data at least to a certain extent, where the objective is to evaluate certain personal aspects in line with statutory and regulatory requirements (e.g. money laundering prevention), carry out needs analysis in relation to products and services or for the purpose of managing risks.
The Asset Management Company reserves the right, in future, to analyse and evaluate client data (including the data of any third parties involved) by automated means for the purpose of identifying key personal characteristics in relation to clients, predicting developments and creating client profiles. Such data will be used, in particular, to perform business checks, provide customised advice, offer products and services and provide any information that the Asset Management Company may wish to share with clients.
5) Which data protection rights do you have?
You have the following data protection rights pursuant to the GDPR in respect of personal data relating to you:
The contact details for the data protection authority in Liechtenstein are as follows:
Liechtenstein Data Protection Office, Städtle 38, P. O. Box 684, 9490 Vaduz, Principality of Liechtenstein
Telephone +423 236 60 90, E-mail: firstname.lastname@example.org
You should preferably submit any requests for access or raise any objections in writing with the Data Protection Officer. The Data Protection Officer is also the appropriate point of contact for any other data protection matters.
Status: May 2018