Data Protection Information (Web Notice)
With this data protection information (Web Notice) we would like to give you a brief overview of the type, scope, and purpose of the collection and processing of personal data at EAS Liechtenstein as well as their websites. We also explain precautions we take to ensure the confidentiality of the transmitted data and the protection of your privacy.
We reserve the right to change this data protection information without prior notice in order to adapt it to revised legal requirements or to changes in our range of services or our data processing. Changes enter into effect upon publication on our website.
Name and address of the controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and the national data protection legislation is:
Deposit Guarantee and Investor Compensation Foundation PCC
Austrasse 46
LI-9490 Vaduz
+423 230 15 16
info@eas-liechtenstein.li
General information on data processing
The protection of personal data is important to us. We collect, process, and use personal data only in compliance with the relevant data protection provisions. Data processing is limited to data actually necessary for operating a functioning website as well as our contents and services.
Relevant personal data collected and processed may be in particular information about persons (e.g. first name, surname, other status data) as well as address and contact data (e.g. business address, telephone number, email address), information about the professional background (e.g. job title, professional function, etc.), information on personal contact or electronic communication (e.g. date and occasion of the contact, enquiries, etc.).
Legal basis for data processing
We process personal data in order to fulfil our legal mandate (Article 6 (1) (c) GDPR) within public interest (Article 6 (1) (e) GDPR) as a protection scheme in the area of deposit insurance and investor compensation pursuant to Article 4 or Article 34 Deposit Insurance and Investor Compensation Act (EAG) as well as for the performance of contractual obligations (Article 6 (1) (b) GDPR). If you have given us your consent to process personal data for specific purposes (e.g. when contacting us, to receive information material or via the participant contracts), the data processing is carried out on this legal basis (Article 6 (1) (a) GDPR). You have the right to revoke your consent at any time without any formal requirements. Please note that the withdrawal of consent shall only have effect for the future. Any processing that was carried out prior to the withdrawal shall not be affected thereby. The withdrawal also has no influence on any data processed on another legal basis.
In addition, and to the extent necessary, we process your data to protect our legitimate interests or those of a third party for specifically defined purposes (Article 6 (1) f GDPR).
Contact with us, collection and use of personal data as well as access to data
We collect, process, and use personal data on our website for the following purposes:
- Your data will be stored if you contact us for the purpose of concluding a contract to participate in our protection scheme and in the event of follow-up questions as an email message, in the customer relationship management (CRM) system, and/or in EAS's content management system (contact form data may be converted into an email).
- If you send us enquiries by email, your details, including the contact data you have provided, will be stored for the purpose of processing your request.
- We do not require any personal information when you download files from our website, unless they are in the protected participant area.
- For sending information material, provided that the user has given us appropriate consent.
- When access is set up for the closed participant area, username and password data are collected and stored in the CMS.
Access to the participant area is reserved for EAS participants. Authorised persons must register on their first visit, specifying a username and personal password. Your password will be encrypted before it is stored and thus is unreadable for third parties. By completing the registration, you simultaneously agree that we may process and store your personal data, which you have provided to us for the purpose of accessing the closed participant area. You have the right to revoke your consent at any time without any formal requirements by notifying us of the deletion of your access authorisation. The withdrawal must be sent to the following email address: mitteilungen@eas-liechtenstein.li. We use the personal data collected during registration exclusively for the proper processing of your access rights.
As a matter of principle, your data will only be accessed by the employees of EAS Secretariat who need it to perform their duties. In addition, in the context and within the framework of activities as a protection scheme, knowledge of personal data of affiliated participants, their officers as well as employees may be obtained by employees of other affiliated participants through their work in EAS committees or external bodies when performing external representation functions (e.g. sending of information to email distribution lists, Doodle surveys, etc.). In compliance with data secrecy, service providers and cooperation partners of EAS may also have access to personal data in order to fulfil the legal mandate and within the purpose for which the personal data have been initially collected. In particular, EAS has outsourced its IT infrastructure as well as accounting to an external service provider. Furthermore, there is a cooperation agreement for the implementation of depositor compensation and repayment of deposits in a payout event with an external partner. We have concluded a corresponding contract for order GDPR data processing with these providers and obligated them to comply with data protection provisions.
Retention and transfer of data
Your data will be retained by us as long as there are legal retention obligations or retention is necessary to perform our legal or contractual obligations, and beyond that until the expiration of statutes of limitations.
Subject to these limitations, personal data is only stored as long as necessary in relation to the purposes for which they were collected or otherwise processed (principles of purpose). In the case of enquiries, the data will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after your enquiry has been completed).
Within the scope of EAS membership, we store the personal data of our affiliated participants, their officers and employees for the entire duration of the company's membership until revocation (in particular also personal data which were communicated for the purpose of access to the closed participant area).
Personal data is not transmitted to third parties unless it is passed on in accordance with the original purposes for which the data was collected, pursuant to mandatory legal provisions, or based on the express consent of the data subject.
Collection and retention of access data (web analytics and cookies)
Each time you visit our website, our content management system (CMS) automatically collects and stores data and information from the computer system of the accessing computer. The following data is collected:
- Information about the browser type and the version used
- The user's operating system
- The internet service provider of the user
- The IP address of the user
- Date and time of access
- Internet pages from which the user's system accesses our website (referrer URL)
The CMS is operated by Duncrow GmbH (Christian-Hummel-Weg 46, 6710 Nenzing, Austria). Visits are counted anonymously using a CMS statistics tool. Our service provider is not in a position to identify you or to establish a connection with you personally. The data is not merged with other data sources. We have concluded an appropriate contract with the provider for order processing and obliged the provider to comply with the data protection provisions.
We retain this information for a maximum period of 30 days. The data is retained for reasons of data security in order to ensure and optimise the stability and reliability of our system. The legal basis for the temporary retention of data is Article 6(1)(f) GDPR.
Web analytics:
We do not conduct own web analytics on our website and do not use any web analytics tools (such as Google Analytics). This means no evaluation of the aforementioned visitor and usage data is performed.
Cookies:
The purpose of cookies is to make our services more user-friendly, effective and more secure. They are necessary for the electronic communication process or to provide certain functions selected by you. The legal basis for the data processed by cookies is Article 6 (1) (f) GDPR. We use cookies on our website exclusively for access to the closed participant area. Cookies are small files that your browser automatically creates and that are stored on your device (notebook, tablet, smartphone, etc.) when you visit our website. The cookies remain stored until you delete them. This allows us to recognise your browser the next time.
If you do not want this to happen automatically, you can change the settings in your browser so that it informs you about cookies and asks you for permission in individual cases. We would like to point out, however, that deactivation entails that you will not be able to use all the functions of our website.
The cookies remain valid for 72 hours and are then deleted by your browser.
Integration of third-party services and content and use of plug-ins
It is possible that third-party content, such as videos on YouTube, maps from Google Maps, or graphics from other websites, may be integrated into our website. This always requires that the providers of this content use the IP address of the website users, given that without the IP address no content can be sent to the user's browser. Please refer to the guidelines and data protection policies of the selected service provider for information on how your data is processed.
Data security
When you visit our website, we use the widespread SSL method in connection with the highest level of encryption supported by your browser. Whether an individual page of our website is encrypted can be recognise by means of the closed lock symbol in the address bar of your browser.
Beyond this, we also use other appropriate technical and organisational security measures to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction, or unauthorised access by third parties. Our IT infrastructure complies with international security standards.
Regardless of the measures taken to protect your data, data protection and confidentiality in data processing via universally accessible media may sometimes be restricted. When using the internet as a transmission medium via computer, mobile phone, or other device, it cannot be completely excluded, given the way the internet is designed, that third parties may gain access to your data and thus draw conclusions about your person or that personal data may be transmitted to third countries without our intervention. We assume no responsibility or liability for direct and indirect damages arising in connection with the use of our website or its contents.
Your rights
You have the following data protection rights pursuant to the GDPR in respect of your personal data:
- Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data concerning you for one or more specific purposes at any time, where the processing is based on your explicit consent (Article 7 GDPR).
- Right of access: you may obtain information about whether and to what extent your personal data are being processed (Article 15 GDPR).
- Right to rectification, erasure and restriction of processing: You have the right to obtain the rectification (Article 16 GDPR) of inaccurate or incomplete personal data concerning you and to obtain restriction of processing (Article 18 GDPR). In addition, you have the right to have your personal data erased if the purpose is achieved or the consent is withdrawn, or if the data have been unlawfully processed (Article 17 GDPR). Here, the restrictions of Articles 34 and 35 Liechtenstein Data Protection Law (DSG) must be observed.
- Right to data portability: you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and to transmit those data to another controller (Article 20 GDPR).
- Right to object: You have the right to object, on grounds relating to your particular situation, without any formal requirements, to the processing of personal data concerning you, if such processing is in the public interest or in pursuit of the legitimate interests of the EAS or a third party (Article 21).
- Right to lodge a complaint: You have the right to lodge a complaint with the relevant supervisory authority if you assume that the processing of personal data by EAS infringes applicable data protection law (Article 77 GDPR).
For further information on your rights and complaint submission, please find below the contact details of the competent data protection supervisory authority in Liechtenstein:
Liechtenstein Data Protection Office, Städtle 38, P. O. Box 684, 9490 Vaduz, Principality of Liechtenstein, Phone +423 236 60 90, email: info.dss@llv.li, Web: www.datenschutzstelle.li (in German only)
If you have any questions about particular personal data processing or want to exercise your rights, you can reach us under the abovementioned contact data.