Please note that this is a translation of our German Data Protection Declaration. In case of deviations, the German version shall prevail.
Your data and the necessary protection of it is important to us. We only process necessary data about you. Hereby we can guarantee to do this with the necessary care, not least to protect you from any possible misuse.
With this Data Protection Declaration, we would like to provide you with an overview of the manner in which we process your data and your rights in this connection according to the provisions of the European General Data Protection Regulation (hereinafter called “GDPR”) and the Liechtenstein Data Protection Act (Datenschutzgesetz, hereinafter called “DSG”):
Name and address of the Data Controller
Collection and storage of personal data and nature and purpose of the use of data
We only process necessary data. What is necessary may differ, depending on the particular extent of our mandate.
As soon as you contact or mandate us, we collect the following information in particular:
- Personal details (e.g. salutation, first name, last name)
- Address and contact details (e.g. address, e-mail address, phone number)
- Information necessary in order to provide you with the agreed and contractual service or for the fulfilment of our mandate
The purpose of the collection of this data is:
- to enable us to identify you as our client;
- to provide you with proper advice and to defend them if necessary;
- to conduct correspondence with you;
- to perform our contract with you;
- to provide you with the agreed services;
- for invoicing purposes;
Without this data, we are as a rule unable to enter into or maintain a client relationship. It is possible that we process data that is not collected directly from you, but for example from third parties, from publicly accessible sources or from other data subjects.
Generally, the data is processed upon your request for representation and is necessary pursuant to Art. 6 Para. 1 lit b GDPR for the aforementioned purposes (performance of contracts or pre-contractual measures) for the adequate handling of the mandate and for the mutual fulfilment of obligations arising from the client relationship.
Furthermore, your data is processed in order to fulfil legal duties (Art. 6 Para. 1 lit. c GDPR) or due to public interest (Art. 6 Para. 1 lit. e GDPR), in particular in order to adhere to statutory and supervisory requirements (e.g. Data Protection Act, Trustee Act, Asset Management Act, provisions concerning due diligence, anti-money laundering and prevention of market abuse, tax laws and agreements).
In addition, your data can be processed to protect legitimate interests by us or third parties (Art. 6 Para. 1 lit. f GDPR) for specifically defined purposes, in particular to assert and enforce claims, to ensure IT security and IT operations as well as for building and equipment security.
In other respects, your data may be processed on the basis of your consent (Art. 6 Para. 1 lit. a GDPR). You have the right to withdraw your consent at any time. This also applies to consent given prior to the entry into force of the GDPR. The withdrawal of consent shall, however, not affect the lawfulness of the data processed prior to the withdrawal of consent.
We also reserve the right to further process personal data that was collected for one of the aforementioned purposes for the other purposes as well, if this is compatible with the original purpose or permitted or provided for by law (e.g. possible reporting obligations).
Recipients or categories of recipients of the personal data
Within Ochsner Law, employees may process your data if they are required in order to comply with our contractual, statutory and supervisory obligations and to protect legitimate interests. Third parties may also obtain personal data for these purposes, this includes processors, for example in the category of IT services or bookkeeping. Ochsner Law contractually binds its processors to establish adequate technical and organizational measures in order to ensure the protection of your data.
Your personal data will also be transferred to third parties, insofar as this is necessary in the context of business relationships and legal obligations, e.g. to courts and other public authorities for correspondence services.
Transfer of personal data to third party states
Data is only transferred to countries outside the European Economic Area (so-called third countries) within the context of adequacy decisions of the European Commission or if this is necessary for the implementation of pre-contractual measures or the performance of a contract, if you have given us your explicit consent (e.g. within the context of specific services), if the transfer is necessary for significant reasons of public interests or is stipulated by law.
Storage period for personal data
Generally, the personal data collected by us for purpose of the mandate shall be retained until expiration of the statutory retention period (after a period of 10 years, calculating from the date the mandate ends) and thereafter be deleted, unless we deem a longer retention period necessary pursuant to Art. 6 Para. 1 lit. c GDPR on the basis of statutory obligations under tax-, company- or supervisory law with regard to retention and documentation (in particular arising out of PGR, SPG or SteG/MwStG) or if you have given your consent to longer retention in accordance with Art. 6 Para. 1 lit. a GDPR. Further processing and longer storage may be conducted for reasons of preservation of evidence, for example for the duration of the applicable statutes of limitation.
Your data protection rights
As our client or in general as a data subject, you are entitled – subject to the trustee’s duty of confidentiality – to be informed about your personal data at any time, in particular about its origin and recipients, as well as the purpose of the data processing. You additionally have the right to rectification, data portability, to object and to restriction of the processing or deletion of incorrect or improperly processed data.
We kindly request you to inform us of any changes to your personal data.
You have the right to withdraw any given consent to use your personal data at any time. The exercising of your right of access, deletion, rectification, objection and/or data portability may be addressed to the contact details listed under item I. 1 of this Declaration.
If you are of the opinion that our processing of your personal data is in breach of applicable data protection law or that your statutory data protection rights have been infringed otherwise, you may file a complaint with the competent supervisory authority. In Liechtenstein, the Data Protection Office (www.datenschutzstelle.li) is the competent authority.
This is the currently valid Data Protection Declaration as of March 2019.
Due to the continued development of our website and associated services or organizational modifications within our law firm or on the grounds of amended legal or regulatory requirements, it may become necessary to amend this Data Protection Declaration. You can access and print out the respective current Data Protection Declaration on our website at any time.