Information in accordance with Art. 13 of the General Data Protection Regulation (GDPR)
Privacy policy
Trust is important, especially when it comes to your data. For this reason, we consider it our duty to collect only the data that is absolutely necessary and to manage the data with due care and protect it from misuse. Scarabaeus Wealth Management AG strictly adheres to the data protection regulations when collecting and processing your data. Compliance with data protection laws (namely the EU General Data Protection Regulation [“GDPR”]) and thus the protection and confidentiality of your personal data is an important concern for Scarabaeus Wealth Management AG. This Privacy Policy informs you about how our company collects and handles personal data in our role as controller and, in particular, what rights you have in relation to your personal data. Below you will find information on the processing of your data and the rights to which you are entitled.
Name and contact details of the controller and the data protection officer
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
The controller within the meaning of the General Data Protection Regulation is the:
This privacy policy applies (A.) to the website of Scarabaeus Wealth Management AG (www.scarabaeus.li) and to the personal data collected via this website and (B). to general data processing at Scarabaeus Wealth Management AG. For external websites which e.g., have been referred to, the corresponding own data protection guide lines are applicable.
If you have any questions regarding individual data processing, please contact the data protection officer named above.
General
The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Scarabaeus Wealth Management AG. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of the rights to which they are entitled by means of this data protection declaration.
A. Data processing on our website
Categories of processed data and origin
We collect and process personal data that we receive as part of our business relationship with our customers. In principle, as little personal data as possible is processed. The data processed may differ depending on the group of persons. Personal data may be collected or (further) processed at any stage of the business relationship, from the initiation of the business relationship to the termination of the business relationship. In addition to customer data, we may also process personal data of other third parties involved in the business relationship. By personal data we mean the following data categories:
Personal data
Identification data and authentication data
Information from the fulfillment of our legal obligations
Other master data
Data from the fulfillment of contractual obligations
Information on financial situation and professional background
Documentation data
Marketing data
Technical data
Information from your electronic communication with our company
Data from publicly accessible sources
Relationship personal data from the following sources
Scarabaeus Wealth Management AG obtains its data from the following sources:
Personal data that we receive from you by means of submitted contracts, forms, correspondence or other documents.
Personal data that we receive from third parties, from public authorities (e.g. UN and EU sanctions lists) or from other companies in a permissible manner (e.g. for the execution of orders or fulfillment of contracts).
Personal data – to the extent necessary for the provision of our services – that we have legitimately obtained from publicly accessible sources or other sources, such as databases for checking and monitoring business relationships (e.g. judicial, official or administrative measures, memberships and offices).
Personal data from publicly accessible sources for the purpose of customer acquisition and the prevention of money laundering.
Personal data on the basis of your consent.
Categories of personal data collected
Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. The basis for data processing is Art. 6 para. 1 lit. f GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. The following data is collected:
Complete IP address of the requesting computer;
Date and time of access;
Internet pages from which the user’s system accesses our website (referrer URL);
Host name of the accessing computer;
Name of the requested file;
Access status (file transferred, file not found, etc.);
Type of web browser used, web browser version and operating system used;
Amount of data transferred.
Processing purposes
The processing of personal data on our website is limited to the data required to provide a functional website and user-friendly content and services. As well as for the following purposes:
For the performance of a contract or in order to take steps prior to entering into a contract.
If the processing of personal data is necessary for the performance of a contract (such as the provision of financial services) to which the data subject is a party, the processing is based on Art. 6 para. 1 lit. b GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our services.
To fulfill legal obligations.
If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax, regulatory or anti-money laundering obligations, the processing is based on Art. 6 para. 1 lit. c GDPR.
To safeguard legitimate interests.
Processing operations may also be based on Art. 6 para. 1 lit. f GDPR. Processing operations that are not covered by any of the aforementioned legal bases are based on this legal basis if the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of you do not prevail. Such legitimate interests include in particular the following processing activities:
Prevention of fraud
Direct marketing
Transmission of data for internal administrative purposes
Ensuring network and information security
Prevention of possible criminal offenses
In particular, we therefore collect personal data on our website for internal administrative purposes (e.g. to ensure the stability and operational security of the system).
Legal basis
The processing of personal data in connection with our website is carried out in accordance with Art. 6 para. 1 GDPR on the basis of:
Your consent, if you provide us with your data voluntarily (letter a);
our legitimate interest, e.g. in ensuring the stability and operational security of the system (letter f).
Storage and forwarding of data
Access to your data may be granted to departments both within and outside our company. Within the company, only departments or employees may process your data if they need it to fulfill our contractual, legal and regulatory obligations and to protect legitimate interests. If business areas and services of the company are outsourced in whole or in part to Group companies (e.g. Group-wide coordination tasks in various areas, such as due diligence, risk management or customer relationship management) or service providers outside our Group or if they provide services (such as payment transactions, subscription and redemption of fund units, printing and dispatch of documents, IT systems and other support functions), this is done in accordance with the applicable legal provisions. All Group companies and external service providers or vicarious agents to whom personal data is transferred are contractually obliged to protect data privacy, to process your data only within the scope of the provision of services and to comply with data protection instructions and legal requirements. Processors may be companies in the categories of banking services, distribution agreements, IT services, logistics, printing services, telecommunications, debt collection, consulting and advisory services as well as sales and marketing.
Storage duration of data
We store the personal data collected each time our website is accessed and files are transferred for a maximum period of ten years or as long as our legitimate interest exists. The data is stored for reasons of data security – in particular to defend against attempted attacks on our web server – and to ensure the stability and operational security of our system.
Automated decision-making including profiling
Our decisions are not based exclusively on the automated processing of personal data. In particular, we do not use automated decision-making to establish and conduct the business relationship. Nor do we use profiling measures.
Online forms (e.g. contact form) The data transmitted to us via the online form will be processed exclusively for the purpose of handling the request contained therein. This data is therefore used solely for the purpose stated in the online form; it is neither analyzed in any other way nor linked to other data. For details on data processing by Scarabaeus Wealth Management AG in the context of a complaint form and on the corresponding deletion periods, please refer to the following section “B. General data processing by Scarabaeus Wealth Management AG”.
The complaint form is available on our website.
File downloads
We do not require any personal information from you in order for you to download files from our website.
Google Web Fonts
This website uses so-called web fonts provided by Google for the uniform display of fonts. When you call up a page, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. This gives Google knowledge that our website has been accessed via your IP address. The use of Google Web Fonts is in the interest of a uniform and appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. If your browser does not support web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/ Download: Our privacy policy as a PDF file
B. General data processing of Scarabaeus Wealth Management AG
Categories of personal data collected
Scarabaeus Wealth Management AG collects the following data:
Title, first name, surname;
address;
e-mail address;
telephone number (landline and/or cell phone);
date of birth;
bank details.
Processing purposes
This data is collected to the extent necessary
to be able to identify you as our client;
to conclude a mandate agreement;
for correspondence with you;
for invoicing.
Legal basis
Your data is processed on the basis of Art. 6 (1) GDPR.
Duration of the storage of personal data
Your data will be stored by Scarabaeus Wealth Management AG after collection for as long as this is necessary to
fulfill the above-mentioned purposes of Scarabaeus Wealth Management AG, taking into account the statutory retention periods;
is necessary due to legitimate interests (e.g. archive, documentation, liability issues).
C. Data security
Website
When you visit our website, we use the widespread SSL/TLS method in conjunction with the highest level of encryption supported by your browser. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser.
General data processing
In addition, we generally apply suitable technical and organizational security measures when processing data in order to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures correspond to the current state of the art.
D. Rights and obligations
Rights of affected persons
According to the EU General Data Protection Regulation, you have the following rights:
You have the right to obtain confirmation as to whether or not personal data concerning you is being processed.
To obtain information about the personal data processed or the categories of personal data processed, the purposes of processing, the categories of recipients to whom your data has been or will be disclosed, the intention to transfer data to a third country or an international organization, including suitable guarantees, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information on its details;
to request the correction, completion or deletion of your personal data that is incorrect or is not processed in accordance with the law;
to require us to restrict the processing of your personal data if one of the following conditions is met:
The accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data.
The processing is unlawful, but you oppose the erasure of the personal data and request the restriction of the use of the personal data instead.
The controller no longer needs the personal data for the purposes of the processing, but you require the personal data for the establishment, exercise or defense of legal claims.
You have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
to object to the processing of your personal data or to revoke the consent previously given for the processing, which is based on Art. 6 para. 1 lit. f GDPR. This also applies to profiling based on these provisions. In the event of an objection, our company will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.
The recipients to whom personal data has been disclosed shall be notified of the rectification or erasure of the data or restriction of processing. This notification obligation does not apply if this proves impossible or involves a disproportionate effort; If our company processes personal data for the purpose of direct marketing, you have the right to object at any time to the processing of your personal data for the purpose of such marketing. If you object to our company processing your personal data for direct marketing purposes, we will no longer process your personal data for these purposes.
You have the right to withdraw your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued before the GDPR came into force, i.e. before May 25, 2018. Please note that the revocation only takes effect for the future. Processing that took place before the withdrawal is not affected. If you wish to exercise your right to withdraw consent, you can contact our data protection officer at any time.
To receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, provided that the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and the processing is carried out by automated means, unless the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
You have the right to lodge a complaint with a supervisory authority in an EU or EEA member state, in particular at your place of residence, place of work or at the place of the alleged infringement of the provisions of the GDPR. The supervisory authority responsible for our company is the Liechtenstein Data Protection Authority, Städtle 38, P.O. Box 684, 9490 Vaduz.
If you require the contact details of a supervisory authority in another EU or EEA member state, you can contact the data protection officer. If you wish to exercise these rights, you can contact the data protection officer at any time.
Exercise of rights
We accept requests for information in writing, together with a legible copy of a valid official identification document (e.g. passport, identity card, driver’s license). You can send your request to our company’s data protection officer. You can exercise other rights, such as the right to rectification, the right to erasure, the right to restriction of processing and – where applicable – the right to data portability, by sending us a corresponding notification. Please address this notification to the data protection officer.
Obligation to provide personal data
We would like to inform you that the provision of personal data is partly required by law (e.g. tax regulations, money laundering prevention, etc.) or may also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary for you to provide us with personal data in order to conclude a contract, which must subsequently be processed by us. Failure to provide personal data would mean that the contract could not be concluded. If you are not prepared to provide us with your personal data, the contract cannot be concluded. You are not obliged to consent to the processing of data that is not relevant for the conclusion of the contract or is not required by law or official regulations.
Contact form and contact via e-mail
If you would like to exercise your rights, please inform us by email at info@scarabaeus.li or contact us or our data protection officer at the address provided.
In addition, our company’s website contains information that enables quick electronic contact to our company and direct communication with us, which also includes a general address for so-called electronic mail (e-mail address). If you contact our company by e-mail or via a contact form, the personal data you provide will be stored automatically. Such personal data transmitted on a voluntary basis is stored for the purpose of processing or contacting you. This personal data will not be passed on to third parties.
Apprendix
Definition of terms
The data protection declaration of our company is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used. We use the following terms, among others, in this privacy policy:
Personal data
Personal data means any information relating to an identified or identifiable natural person (“data subject” in the privacy policy). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Person affected
Person affected is any identified or identifiable natural person whose personal data is processed by the controller.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting its future processing.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Receiver
Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
Third party
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent
Consent is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
