Data protection is a matter of trust and your trust is important to us. When processing your personal data, we strictly observe the statutory provisions. With the following data protection information, we would like to give you an overview of the processing of personal data held at Estably Asset Management (hereinafter referred to as EST) and the resulting rights in accordance with the provisions of the new Basic Data Protection Regulation of the EU (GDPR) and the Data Protection Act (DSG). Which data is processed in detail and how it is used depends to a large extent on the services and products to be provided or agreed in each case. Due to banking secrecy, EST is obliged to protect your privacy and secrecy and for this reason takes a variety of technical and organisational data protection precautions for all data processing of personal data.
Within the framework of our business relationship, we are dependent on the processing of personal data which is necessary for the establishment and execution of the business relationship and the fulfilment of the associated legal or contractual obligations as well as for the provision of services or the execution of orders. Without this data, we will generally not be able to enter or maintain a business relationship, process an order or offer services and products.
Should you have any questions regarding individual data processing operations or wish to exercise your rights as described in point 5 below, please contact:
Estably Asset Management Ltd
Phone: +423 377 99 77
Contact details of the data protection officer:
Estably Asset Management Ltd
Data protection officer
Phone: +423 377 99 77
We collect and process personal data that we receive within the scope of our business relationship with our clients. Personal data may be processed at any stage of the business relationship and may vary from person to person.
In principle, we process personal data that you provide to us by means of submitted contracts, forms, your correspondence or other documents. If necessary for the provision of the service, we also process personal data which arises or is transmitted as a result of the use of products or services or which we have received from third parties (e.g. your custodian bank, the identification service provider Identity TM), from public authorities (e.g. UN and EU sanctions lists). Finally, personal data may be processed from publicly accessible sources (e.g. trade and association registers, press, Internet).
In addition to customer data, we may also process personal data of other third parties involved in the business relationship, such as data of agents, representatives or beneficial owners of a business relationship. We would ask you to also inform any third parties about this data protection information. By personal data we mean the following categories of data:
- personal details (e.g. name, date of birth, nationality)
- Address and contact data (e.g. physical address, telephone number, e-mail address)
- legitimation data (e.g. passport or identity card data) and
- Authentication data (e.g. signature sample, log-in information)
- data from publicly available sources (e.g. tax numbers)
Further basic data
- Information on services and products used (e.g. investment experience and profile, advice protocols, data on transactions executed)
- Information on household structure and relationships (e.g. information on spouses or life partners and other family details, authorised signatories, legal representatives)
- Information on financial characteristics and financial situation (e.g. portfolio and account number, creditworthiness data, origin of assets)
- Information about professional and personal background (e.g. professional activity, hobbies, wishes, preferences)
- Technical data and information on electronic traffic with EST (e.g. records of accesses or changes)
- image and sound files (e.g. video or telephone recordings)
We process personal data in accordance with the provisions of the GDPR and the DSG for the following purposes or on the basis of the following legal bases:
To fulfil a contract or to carry out pre-contractual measures within the framework of the provision and brokerage of asset management, investment advice and other financial services which may be provided by EST. The purposes of data processing depend primarily on the specific service or product (e.g. securities) and may include, but are not limited to, demand analyses, advice, asset management and the execution of transactions.
To fulfil legal obligations or in the public interest, in particular compliance with legal and supervisory requirements (e.g. compliance with the GDPR, the DSG, the Asset Management Act and Regulations), due diligence and anti-money laundering regulations, market abuse regulations, tax laws and agreements, control and reporting obligations, risk management). If you do not provide us with the necessary data, we will have to fulfil the relevant supervisory obligations and may be forced to terminate the business relationship.
In order to protect the legitimate interests of us or third parties for concretely defined purposes, in particular to determine creditworthiness, pursue claims, product development, marketing and advertising, business audits and risk management, reporting, statistics and planning, prevention and clarification of criminal offences, video surveillance to protect the right of domicile and avert danger, telephone recordings.
Based on your consent, which you have given us for the provision of asset management services or on the basis of orders such as the disclosure of data to service providers or contract partners of EST. You have the right to revoke your consent at any time. This also applies to the revocation of declarations of consent issued to EST before the GDPR came into force, i.e. before 25 May 2018.
The revocation of your consent is only effective for the future and does not affect the legality of the data processed until the revocation.
We reserve the right to process personal data collected for one of the above purposes for other purposes as well, if this is compatible with the original purpose or permitted or prescribed by law (e.g. reporting obligations).
Access to your data can be both inside and outside EST. Within EST, only entities or employees may process your data if they need it to fulfil our contractual, legal and regulatory obligations and to safeguard legitimate interests. Other companies, service providers or vicarious agents may also receive personal data for these purposes in compliance with the relevant statutory provisions. Contract processors may be companies in the categories of asset management services, distribution agreements, IT services, logistics, printing services, consulting, sales and marketing. Furthermore, recipients of your data in this context may be other financial services institutions or comparable institutions to which we transfer personal data for the purpose of conducting the business relationship (e.g. custodian banks, brokers, stock exchanges, information centres).
If there is a legal or supervisory obligation, public bodies and institutions (e.g. supervisory authorities, financial authorities, etc.) may also receive your personal data. Data may only be transferred to countries outside the EU or the EEA (so-called third countries) if
- this is necessary for the execution of pre-contractual measures or for the performance of a contract, for the provision of services or for the execution of orders (e.g. securities transactions)
- you have given us your consent
- this is necessary for important reasons of public interest (e.g. prevention of money laundering) or
- this is required by law (e.g. transaction reporting obligations).
We process and store the personal data for the entire duration of the business relationship, unless there are shorter mandatory deletion obligations for certain data.
In addition, the duration of the storage depends on the necessity and purpose of the respective data processing. If the data are no longer necessary for the fulfilment of contractual or legal obligations or for the protection of our legitimate interests (achievement of purpose) or if a consent given is revoked, they are deleted regularly, unless further processing is necessary due to the contractual or legal retention periods and documentation obligations or for reasons of preservation of evidence during the duration of the applicable statute of limitations.
Some of our decisions are based on automated processing of personal data. There are business areas in which personal data is partly processed automatically. This is done with the aim of assessing certain personal aspects where we are required by law or regulation (e.g. prevention of money laundering), to analyse requirements for services and products, and as part of risk management.
A suitable investment strategy is determined on the basis of your investment objectives (including your willingness to take risks, your risk-bearing capacity and your knowledge and experience of securities). This determination is based exclusively on automated decision-making.
We partially process your data automatically with the aim of evaluating certain personal aspects (profiling). For example, we use profiling to provide you with targeted information and advice on products. The evaluation tools used for this purpose enable us to communicate and advertise according to your needs.
With regard to the personal data concerning you, you have the following data protection rights in accordance with the GDPR (Art. 7, Art. 15 to 21)
- Right of access: You may request information from EST as to whether and to what extent personal data relating to you will be processed (e.g. categories of personal data processed, purpose of processing, etc.).
- Right to rectification, erasure and limitation of processing: You have the right to request rectification of any inaccurate or incomplete personal data concerning you. In addition, your personal data must be deleted if they are no longer necessary for the purposes for which they were collected or processed, if you have withdrawn your consent or if they are processed unlawfully. In addition, you have the right to request that the processing be restricted.
- Right of withdrawal: You have the right to revoke your consent to the processing of your personal data for one or more specific purposes at any time if the processing is based on your express consent. This also applies to the revocation of declarations of consent issued before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Processing that took place before the revocation is not affected by this. The revocation also has no influence on data processing on another legal basis.
- Right to data transfer: You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format and to have this data transferred to another responsible person.
- Right of objection: You have the right to object informally to data processing in individual cases for reasons arising from your particular situation, provided that such processing is in the public interest or is carried out to safeguard the legitimate interests of EST or a third party. In addition, you have the right to object informally to the use of personal data for advertising purposes. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for this purpose.
- Right of complaint: You have the right to file a complaint with the competent Liechtenstein supervisory authority. You can also apply to another supervisory authority of an EU or EEA member state, for example, at your place of residence or work or at the place of the suspected infringement.
The contact details of the data protection office responsible in Liechtenstein are as follows:
Data Protection Office Liechtenstein
Pricipality of Liechtenstein
Phone: + 423 236 60 90
Requests for information or objections should preferably be made in writing to the data protection officer. He is also available to you as your contact for all other data protection matters.
Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer.
The following data will be collected:
- Information about the browser type and the version used
- The user’s operating system
- The Internet service provider of the user
- The IP address of the user
- Date and time of access
- Websites from which the user’s system accesses our website
- Websites accessed by the user’s system through our website
The data is also stored in the log files of our system. These data are not stored together with other personal data of the user.
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session.
The data is stored in log files to ensure the functionality of the website. The data is also used to optimise the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
Our legitimate interest in data processing pursuant to Art. 6 Para. 1 lit. f GDPR also lies in these purposes
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data to provide the website, this is the case when the session in question has ended.
If the data is stored in log files, this is the case after seven days at the latest. A storage going beyond this is possible. In this case the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of data in log files is mandatory for the operation of the website. Consequently, there is no possibility for the user to object.
The following data is stored and transmitted in the cookies
In this way, the following data can be transmitted:
- Entered search terms
- Frequency of page views
- Use of website functions
The user data collected in this way is pseudonymised by technical precautions. It is therefore no longer possible to assign the data to the calling user. The data are not stored together with other personal data of the user.
The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
The legal basis for the processing of personal data using cookies for analysis purposes is Art. 6 para. 1 lit. a GDPR if the user has given his/her consent.
We need cookies for the following applications:
- Acceptance of language settings
- Remember keywords
The user data collected by technically necessary cookies are not used to create user profiles.
The analysis cookies are used for the purpose of improving the quality of our website and its content. The analysis cookies tell us how the website is used and enable us to continually optimise our services.
Our legitimate interest in the processing of personal data pursuant to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
The transmission of Flash cookies cannot be prevented via the settings of the browser, but by changing the settings of the Flash Player.
You can subscribe to a free newsletter on our website. When registering for the newsletter, the data from the input mask will be transmitted to us.
In addition, the following data is collected during registration:
- IP address of the calling computer
- Date and time of registration
Your consent will be obtained for the processing of your data during the registration process and reference will be made to this data protection declaration.
If you purchase goods or services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, the newsletter will only send direct advertising for our own similar goods or services.
No data will be passed on to third parties in connection with data processing for the dispatch of newsletters. The data will be used exclusively for the dispatch of the newsletter.
For the newsletter dispatch the newsletter service MailChimp https://mailchimp.com/legal/privacy/ is used. With this tool, we only receive the e-mail address that you enter in the dialogue field, but we do not collect any other personal data. If you wish to unsubscribe from the newsletter, you can do so via the “Unsubscribe” link in the newsletter. The data will only be used for sending the newsletter.
The legal basis for the processing of data by the user after registration for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The collection of the user’s e-mail address serves to deliver the newsletter.
The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. The user’s e-mail address will therefore be stored as long as the newsletter subscription is active.
The other personal data collected during the registration process will generally be deleted after a period of seven days.
The subscription of the newsletter can be cancelled by the affected user at any time. For this purpose there is a corresponding link in every newsletter.
This also enables the revocation of the consent to the storage of personal data collected during the registration process.
On our website there is a contact form which can be used for electronic contact. If a user makes use of this possibility, the data entered in the input mask will be transmitted to us and stored. These data are:
- Your first name
- Your last name
- Your email address
- Your company
- Log-in information
At the time the message is sent, the following data will also be stored:
- Date and time of registration
Your consent will be obtained for the processing of the data as part of the sending process and reference will be made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case the personal data of the user transmitted with the e-mail will be stored.
The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.
The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the purpose of the e-mail contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.
The processing of the personal data from the input mask serves us exclusively for the processing of the establishment of contact. If you contact us by e-mail, this is also the necessary legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by e-mail, this is the case when the respective conversation with the user has ended. The conversation is terminated when it can be inferred from the circumstances that the relevant facts have been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
The user has the possibility to revoke his consent to the processing of personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
The following is a description of how the revocation of consent and the objection to storage is made possible.
All personal data stored in the course of contacting us will be deleted in this case.
Google will use this information on our behalf to evaluate the use of our website by users, to compile reports on activities within this website and to provide us with other services associated with the use of this website and the Internet. Pseudonymous user profiles can be created from the processed data.
We use Google Analytics only with activated IP anonymisation. This means that the IP address of the user is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. The IP address transmitted by the user’s browser is not merged with other Google data.
Further information on the use of data for advertising purposes by Google, setting and objection possibilities can be found on the websites of Google: https://www.google.com/intl/de/policies/privacy/partners/
(“Google’s use of data when you use the websites or apps of our partners”), http://www.google.com/policies/technologies/ads (“Use of data for advertising purposes”), http://www.google.de/settings/ads (“Manage information Google uses to display advertisements to you”) and http://www.google.com/ads/preferences/ (“Determine what advertising Google displays to you”)
The software places a cookie on the user’s computer (for cookies, see above). If individual pages of our website are accessed, the following data is stored:
- Two bytes of the IP address of the calling system of the user
- The website accessed
- The website from which the user accessed the called website (referrer)
- The subpages called from the called web page
- The time spent on the website
- Frequency of a call of a site
The software runs exclusively on the servers of our website. A storage of the personal data of the users takes place only there. The data will not be passed on to third parties.
The software is configured so that the IP addresses are not stored completely, but 2 bytes of the IP address are masked (e.g.: 192.168.xxx.xxx). In this way, it is no longer possible to assign the shortened IP address to the calling computer.
The legal basis for the processing of users’ personal data is Art. 6 Para. 1 lit. f GDPR.
The processing of users’ personal data enables us to analyse the surfing behaviour of our users. By evaluating the data collected, we are able to compile information about the use of the individual components of our website. This helps us to constantly improve our website and its user-friendliness. In these purposes our legitimate interest also lies in the processing of data in accordance with Art. 6 Para. 1 lit. f GDPR. By anonymizing the IP address, the interest of users in the protection of their personal data is sufficiently taken into account.
The data is deleted as soon as it is no longer needed for our recording purposes.
In our case this is the case after 6 months.
On our website, we offer our users the option of opting out of the analysis process. To do this, you must follow the appropriate link. In this way, another cookie is placed on your system, which signals to our system that the user’s data is not to be stored. If the user deletes the corresponding cookie from his own system in the meantime, he must set the opt-out cookie again.
You can find more information on the privacy settings under the following link:
Within the scope of retargeting and banner advertising, we make use of services provided by third parties who set cookies on our website.
These are the following providers:
– Doubleclick by Google, Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; https://www.google.de/intl/de/policies/technologies/ads/
– Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA; https://www.facebook.com/about/privacy
– Linkedin Inc., 222 Scond Street San Francisco, CA 94105, USA; https://www.linkedin.com/legal/privacy-policy
– Salesforce Inc., Suite 300 San Francisco, CA 94105; https://www.salesforce.com/company/privacy/
– Pinterest Inc., 808 Brannan St San Francisco, CA 94103-4904; https://policy.pinterest.com/de/privacy-policy