Compliance with the data protection laws (in particular the EU’s General Data Protection Regulation [„GDPR“]) and the protection and confidentiality of your personal data are very important to our company. This data protection declaration provides you with information on how our company in its role as a controller collects and processes personal data, and in particular your rights in relation to your personal data shall be explained.

 

  1. General information

The processing of personal data, e.g. name, address, e-mail address or phone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to our company. With this data protection declaration, our company would like to inform the public about the nature, scope and purposes of the data collected, used and processed by us. In addition, the data subjects shall be made aware of their rights through this data protection declaration.

 

  1. Definitions

This data protection declaration is based on the terms used by the European legislator in the General Data Protection Regulation. Our data protection declaration shall be easily readable and easy to understand for both the public and our business partners. In order to guarantee this, we would like to explain the terms used in advance.

In this data protection regulation, we use (among others) the following terms:

 

  • Personal data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

 

  • Data subject

Data subject is every identified or identifiable natural person, whose personal data are processed by the controller responsible for the processing.

 

  • Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

  • Restriction of processing

Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.

 

  • Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

 

  • Recipient

Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

 

  • Third party

Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

 

  • Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

 

  1. Name and address of the controller and the data protection officer

Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Controller within the meaning of the General Data Protection Regulation is:

Scarabaeus Wealth Management AG, Pflugstrasse 20, 9490 Vaduz, Liechtenstein

Data protection officer:

Mr. Ludwig Rehm, Pflugstrasse 20, 9490 Vaduz, Liechtenstein

Should you have questions concerning specific cases of data processing, please contact the data protection officer named above.

 

  1. Scope of data processing
    • Categories of data processed and source

We collect and process personal data that we receive from our client within the scope of our business relationship. In general, as little personal data as possible are processed. Depending on the group of people, the data processed can vary.

Personal data may be collected and (further) processed during any stage of the business relationship, from its initiation to its termination.

In addition to client data, we may also process the data of third parties involved in the business relationship.

Personal data consists of the following data categories:

  • Personal data
  • Authentication information
  • Information deriving from the fulfilment of our legal obligations
  • Other master data
  • Data deriving from the fulfilment of contractual obligations
  • Information on financial situation and professional background
  • Documentation data
  • Marketing data
  • Technical data
  • Information deriving from your electronic communication with our company
  • Data from publicly accessible sources
  • We process personal data from the following sources:
  • Personal data provided by you through submitted contracts, submitted forms, your correspondence or other documents submitted
  • Personal data accumulated or transmitted through the use of products or services
  • Personal data permissibly transmitted by third parties, public authorities (e.g. UN or EU sanctions lists) or other companies (e.g. for mandates to be executed or for contracts to be fulfilled)
  • Personal data – as far as required for providing our services – permissibly obtained from publicly accessible sources or other sources like databases for the review and monitoring of business relationships (e.g. legal, official or administrative actions, memberships or offices)

 

  • Legal bases for and purposes of the processing of personal data

We process personal data in compliance with the General Data Protection Regulation’s provisions on the following legal basis and for the following purposes:

 

  • To fulfil a contract or to conduct pre-contractual measures

If the processing of personal data is necessary for the performance of a contract (e.g. to provide financial services) to which the data subject is party, then the processing is based on Art. 6 (1) point (b) GDPR. The same is valid for all processing required to perform pre-contractual measures, e.g. in cases of inquiries concerning the services provided by us.

 

  • To fulfil legal obligations

If our company is subject to a legal obligation requiring the processing of personal data, for instance to fulfil tax-related, supervisory or money laundering-related obligations, the processing is based on Art. 6 (1) point (c) GDPR.

 

  • To protect legitimate interests

Data processing may also be based on Art. 6 (1) point (d) GDPR. This includes all processing that cannot be subsumed under the previous provisions, if the processing is necessary to protect a legitimate interest of our company or a third party, provided the interests of basic rights and fundamental freedom do not prevail. Such legitimate interests include in particular the following processing activities:

  • Fraud prevention
  • Direct advertising
  • Transmission of data for internal administrative purposes
  • Guaranteed grid and information security
  • Prevention of potential criminal offences

In addition, personal data are collected from publicly accessible sources for the purpose of the acquisition of clients and the prevention of money laundering.

 

  • Based on your consent

Art. 6 (1) point (a) GDPR is the legal basis for all processing for which we seek consent for a specific processing purpose.

 

  • Use and storage of your personal data
    • Disclosure of data

Both bodies inside and outside our company might be given access to your personal data. Within our company, employees or bodies may only process your data if this is necessary in order to fulfil our contractual, legal or supervisory obligations or to safeguard legitimate interests.

Should business areas or services of the company in part or wholly be outsourced to companies of the same group (e.g. coordination tasks concerning the whole group like due diligence obligations, risk management or the maintenance of client relationships) or to service providers outside the group or if these provide services (e.g. payment services, subscription and redemption of fund shares, printing and distribution of documents, IT-systems and other supporting operations), this is done in accordance with the applicable legal provisions. All companies within the group as well as external service providers or vicarious agents that receive personal data are bound by contract to maintain data protection, to process your data exclusively in relation with the service provision and to comply with data protection directives and legal provisions. Processors may be companies in the fields of banking services, distribution agreements, IT-services, logistics, printing services, telecommunications, debt collection, advisory services, consulting services, distribution and marketing.

 

  • Data erasure and recording

Both bodies inside and outside our company might be given access to your personal data. Within our company, employees or bodies may only process your data if this is necessary in order to fulfil our contractual, legal or supervisory obligations or to safeguard legitimate interests.

Should business areas or services of the company in part or wholly be outsourced to companies of the same group (e.g. coordination tasks concerning the whole group like due diligence obligations, risk management or the maintenance of client relationships) or to service providers outside the group or if these provide services (e.g. payment services, subscription and redemption of fund shares, printing and distribution of documents, IT-systems and other supporting operations), this is done in accordance with the applicable legal provisions. All companies within the group as well as external service providers or vicarious agents that receive personal data are bound by contract to maintain data protection, to process your data exclusively in relation with the service provision and to comply with data protection directives and legal provisions. Processors may be companies in the fields of banking services, distribution agreements, IT-services, logistics, printing services, telecommunications, debt collection, advisory services, consulting services, distribution and marketing.

 

  • Automatic decision-making including profiling

Our decisions are generally not based on exclusively automatic processing of personal data. In particular, we do not use automatic decision-making for the establishment or development of business relationships. We also do not resort to profiling.

 

  1. Rights and obligations
    • Available data protection rights
      • Right to confirmation

You have the right to request confirmation whether or not any of your personal data are being processed. Should you wish to exercise your right to confirmation, feel free to contact the data protection officer at any time.

 

  • Right of access

At any time, you have the right to be informed which of your personal data is recorded and to obtain a copy of this information. This right of access includes the following information:

Processing purposes

Categories of personal data being processed

Recipients or categories of recipients to whom the personal data were or will be disclosed in the future, in particular if the recipients are based in third countries or in case of international organisations

If possible, the duration for which it is planned to record the personal data, or, if this is not possible, the criteria for the determination of this duration

The existence of a right to rectification or erasure of the data subject’s personal data or to restriction of processing by the controller or right to object to this processing

The right to lodge a complaint with a supervisory authority

If personal data have not been obtained from the data subject: all available information on the origins

The existence of automated decision-making, including profiling, referred to in Article 22 (1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

 

 

Furthermore, you have a right to know whether personal data was transmitted to a third country or an international organisation. Insofar as this is the case, you also have a right to access concerning the appropriate safeguards related to the transmission.

Should you wish to exercise this right to access, feel free to contact the data protection officer at any time.

 

  • Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning your person. Furthermore, taking into account the purposes of the processing, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Should you wish to exercise this right to rectification, feel free to contact the data protection officer at any time.

 

  • Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning your person without undue delay where one of the following grounds applies and where the processing is not necessary:

the personal data were collected or otherwise processed in relation to the purposes for which they are no longer necessary

you have withdrawn consent on which the processing is based according to point (a) of Article 6 (1), or point (a) of Article 9 (2), and where there is no other legal ground for the processing

you object to the processing pursuant to Article 21 (1) and there are no overriding legitimate grounds for the processing, or the you object to the processing pursuant to Article 21 (2)

the personal data have been unlawfully processed

the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Insofar as one of the above mentioned reasons applies and you would like to have your personal data recorded in our company erased, contact the data protection officer at any time. They will arrange for the erasure to be completed without undue delay.

 

  • Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

the accuracy of the personal data is contested, for a period enabling the controller to verify the accuracy of the personal data

the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead

the controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims

you have objected to processing pursuant to Article 21 (1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Insofar as one of the above mentioned reasons applies and you would like to request the restriction of processing of the personal data recorded in our company, contact the data protection officer at any time. They will arrange for the restriction of processing.

The recipients the personal data were disclosed to will be informed about the rectification and erasure of data or a restriction of processing. This obligation to inform does not exist where it proves to be impossible or would involve a disproportionate effort.

 

  • Right to withdraw

You have the right to withdraw your consent to the processing of personal data at any time. This also applies to withdrawing consent that was given before the GDPR entered into force, meaning before May 25, 2018. Please be aware that a withdrawal will only take effect for the future. All processing executed before consent is withdrawn are not effected by the withdrawal. Should you wish to exercise your right to withdrawal, feel free to contact our data protection officer at any time.

 

  • Right to data portability

You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to point (a) of Article 6 (1) or point (a) of Article 9 (2) or on a contract pursuant to point (b) of Article 6 (1) and where the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In order to exercise your right to data portability, you may contact our data protection officer at any time.

 

  • Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6 (1), including profiling based on those provisions.

In case of an objection, our company will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims

Where our company processes personal data for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing. If you object to processing for direct marketing purposes, we will no longer process your personal data for such purposes.

 

  • Exercise of the rights

We accept requests for information in written form, along with a clearly legible copy of a valid official identity document (e.g. passport, ID, driver’s licence). You can address your request to our company’s data protection officer.

Further rights, e.g. the right to rectification, the right to erasure, the right to restriction of processing, as well as – insofar as this is applicable – the right to data portability can be exercised by sending us a message to this effect. Please address this message to our data protection officer.

 

  1. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a supervisory authority in an EU/EEA member state, in particular at your place of residence, your place of work or at the place of the alleged infringement of the GDPR. The competent supervisory authority for our company is the Datenschutzstelle Lichtenstein, Städtle 38, Postfach 684, 9490 Vaduz.

Should you require the contact information of a supervisory authority in another EU or EEA member state, do not hesitate to contact our data protection officer.

 

  1. Obligation to provide personnel data

We hereby inform you, that the provision of personal data is in some cases required by law (e.g. fiscal provisions, prevention of money laundering etc.) or might be the consequence of certain contractual provisions (e.g. information on contracting parties). In order to conclude a contract, it might in some instances be necessary that you provide us with your personal data, which we then need to process. For example, you are obligated to provide us with your personal data if our company enters into a contract with you. Should you not be willing to provide us with your personal data, then as a consequence the contract could not be concluded.

You are not obligated to consent to processing of data that are not relevant for the conclusion of the contract or which are not required by law or due to regulatory provisions.

 

  1. Contact form and e-mail contact

Our company’s website includes information for quick electronic contact with our company as well as to enable direct communication with us, including an address for so-called electronic mail (e-mail address). Should you contact us via e-mail or via the contact form, the personal data you indicate are recorded automatically. Such personal data transmitted voluntarily are recorded for purposes of establishing contact and processing your request. These personal data are not forwarded to third parties.

 

  1. Newsletter

On our company’s website, you may subscribe to our newsletter. The personnel data transmitted to our company upon subscription to the newsletter can be derived from the input mask.

Our company informs its clients and business partners periodically by Newsletter about offers and news. Generally, you can receive our newsletter if (1) you have a valid e-mail address and (2) you register for the newsletter. For legal reasons, a confirmation e-mail will be sent to the e-mail address indicated by you using a double-op-in process. This confirmation e-mail serves to verify if the owner of the e-mail address as data subject has authorised receiving the newsletter.

Upon subscription to our newsletter, we also save the IP address issued by the internet service provider (ISP) of the computer system used by the data subject at the time of the subscription, date and time of the registration. Collecting this data is required in order to be able to retrace the (potential) abuse of the data subject’s e-mail address at a later point in time and therefore provides legal cover for the controller responsible for the processing.

The personal data collected in connection with subscribing to our newsletter are late used to exclusively to send our newsletter. Furthermore, subscribers to the newsletter could be informed via e-mail, should this be necessary for operating the newsletter-service or a registration related thereto, as it might be in case of changes in the newsletter offer or in cases when technical circumstances change. The personnel data collected in connection with the newsletter service are not disclosed to third parties. You can cancel our newsletter at any time.

 

The consent you have given to the recording of your personal data in connection with the distribution of the newsletter can be withdrawn at any time. For the purposes of withdrawing your consent, there is a link in every newsletter. You can also cancel the newsletter at any time via our website or to communicate this to the controller in another way.

 

  1. Details on the use of cookies and analysing tools

When accessing our website, the user is informed about the use of cookies for analysing purposes, and their consent to the processing of personal data in this regard is obtained. Reference is also made to the data protection declaration.

 

  • Why are we using cookies?

All of our company’s websites use cookies for statistical purposes as well as for improving the user’s experience. By using our website, you declare that you consent to the use of cookies for this purpose.

 

  • What are Cookies?

Cookies are text files saved on your electronic device in order to keep track of your use of electronic services and your preferred settings when navigating between different websites, and when appropriate to save settings in between your visits. Cookies support the developers of electronic services in collecting statistical information on the frequency of visits to certain sections of a website and the help in designing electronic services more useful and user-friendly. A cookie contains a characteristic string of characters, allowing for the clear identification of the browser when the website is opened a further time.

Please be aware that most we browsers accept cookies automatically. You can configure your browser so that cookies cannot be saved on your electronic device, that cookies are only accepted from certain websites or that a message will appear before a new cookie is saved. If cookies are deactivated for our website, you may not be able to use all the website’s functions to their full extent.

 

  1. Analysing tools

We use analysing tools. In this context, pseudo-anonymised data are generated and cookies are used in order to analyse how the users use our electronic services. The information on your use of the website generated by cookies (e.g. host name of the electronic device used to access the website (IP-address), type and version of browser, operation system used, date and time of the server inquiry) may be transmitted to third parties by the server and are used for analysing purposes.

 

  1. Content delivery networks

For our online offer, based on our legitimate interests (meaning interests in analysis, improvement and economic operation of our online offer within the meaning of Article 6 (1) point (f) GDPR), we use contents or services from third parties in order to use e.g. special characters, tables, charts, pdf generating (hereinafter referred to as “content”). This requires that the third party providers of these contents register the users’ IP address, since they cannot send their contents to the users’ browsers without the IP address. The IP address is therefore required for the display of these contents. We make an effort to only use contents where the third party providers use IP addresses exclusively for the delivery of contents. Third party providers may also use so-called pixel tags (invisible graphics, also called “web beacons”) for statistical or marketing purposes.

 

 

Pixel tags are used to assess information like visitor traffic on the sites of this website. Pseudonymous information may also be recorded in cookies on the users’ devices and may among other things contain technical information on the browser, the operating system, referring websites, time of the visit and further information on the use of our online offer and may also be connected with information from other sources.

 

We use the following services and technologies:

https://cdn.datatables.net/ (tables and charts)

ajax.googleapis.com (visualisation)

CDN Cloudflare (PDF-Maker, JS-ZIP)

 

  1. Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:

Browser type and browser version

Operating system used

Referrer URL

Host name of the accessing computer

Time of the server request

IP address

These data will not be combined with data from other sources.

The basis for data processing is Art. 6 (1) point (f) GDPR, which allows the processing of data to fulfil a contract or pre-contractual measures.

 

  1. Google Web Fonts

For uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

 

For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. This constitutes a legitimate interest pursuant to Article 6 (1) point (f) GDPR.

 

If your browser does not support web fonts, a standard font is used by your computer.

 

Further information about Google We Fonts can be found on https://developers.google.com/fonts/faq and in Google’s privacy policy on https://www.google.com/policies/privacy/

 

Download: Our privacy policy as a PDF file