Valid from: May 2018
Data Protection is important to Real Treuhand- und Consulting Anstalt and accordingly we will explain in this Data Protection Policy how we collect and process personal data (in short: “personal data”, i.e. data concerning an identified or identifiable natural person, such as name, address, nationality, email address, user behaviour on websites). We are obliged to protect your privacy and have a duty of confidentiality and on this basis we take numerous technical and organizational data protection measures for the processing of personal data. This Data Protection Policy is based on the EU General Data Protection Regulation (in short: “GDPR”).
1. Name and Address of the Data Controller and Data Protection Officer
1.1. The Data Controller is Real Treuhand- und Consulting Anstalt, Landstrasse 39, 9490 Vaduz, Liechtenstein.
1.2. The contact details of the Data Protection Officer are as follows:
Tel: +423 235 51 51
Should you have questions concerning details of data processing or your rights, the Data Protection Officer of Real Treuhand- und Consulting Anstalt can be contacted at the abovementioned address.
2. General information concerning data processing
2.1. Scope of Data Processing
The processing of the personal data of our clients is limited to data which is required for the provision of our services. The personal data of our clients is only processed in accordance with the purpose agreed with them or another legal basis is present (in accordance with the GDPR). Personal data will only be collected insofar as it is actually necessary for the provision and implementation of our responsibilities and services, or you have voluntarily provided it to us. Within the scope of our business relationship we must collect and process personal data which is required for the commencement and performance of the business relationship and the fulfilment of legal and contractual obligations as well as for the delivery of our services.
2.2. Yours Rights (Rights of Data Subjects)
In accordance with the EU General Data Protection Regulation you have the following rights:
Right of Access: To receive information in relation to the processing purpose, the categories of personal data, the category of recipients who will receive access to your data, the planned storage period, the existence of a right of rectification, erasure, restriction or objection of processing, the existence of a right of complaint, the source of your data insofar as it was not collected by us, as well as the existence of automated decision-making, including profiling and, if appropriate, meaningful information concerning its specifics.
Right to Rectification: the right to correct inaccurate personal data concerning you. This also includes the right to have incomplete personal data completed.
Right to Erasure: Data subjects have the right, under certain circumstances, to have personal data erased.
Right to restriction of processing: Data subjects have the right, under certain circumstances, to request from the data controller the restriction of the processing.
Right to data portability: The right to data portability gives data subjects the right to receive person data from a data controller in a structured, commonly used, and machine-readable format.
Right of revocation: You have the right to revoke at any time a consent given for the use of your personal information.
Right to object: Data subjects have the right, under certain circumstances, to object at any time to the processing of personal data concerning them.
Right of Complaint: Insofar as you are of the opinion that the processing of your personal data by us is contrary to the data protection regulations, you have the possibility to complain to the Data Protection Commission. See www.datenschutzstelle.li
We do not make any automated decisions, including profiling.
3. Collection of personal data and purpose of the processing, description and extent of the data processing
3.1. We limit the collection of personal data primarily to personal data which we receive in connection with our services from our clients, cooperation partners or other involved persons.
3.2. In particular we collect from you in specific cases and depending on the purpose (see below) the following personal data:
- First Name/Surname
- Email address
- Telephone number(s)
- Date of Birth
- Place of Birth
- Family circumstances
- Taxpayer Identification Number
- Bank details
- Education, profession, business activities
3.3 We collect your personal data in various ways, for example:
- from information you give us when we meet;
- from information about you provided by your firm or an intermediary;
- if you communicate with us via telephone, fax, email or other form of electronic communication. In connection with this we can monitor, record and save these communications;
- if you complete our client on-boarding or other forms (or we complete them on your behalf);
- from your agents, advisors, intermediaries, custodian banks, asset managers etc.
In addition to client data, we will, where necessary, process personal data from other parties to the business relationship, for example authorized attorneys, representatives, legal successors of the beneficial owner of a business relationship etc.
3.4 Furthermore we obtain and process data, insofar as it is allowed and indicated, in specific cases additional information from publicly accessible sources (e.g. Land Register, Commercial Register, Press, Media, Internet, Worldcheck) or receive such data from other group companies, public authorities and institutions, from your personal surroundings such as family, legal advisors and other third parties.
3.5 We require this data in particular for the following purposes:
- the conclusion and implementation of Service Contracts, for example entity formations, Mandate Agreements, Asset Management Contracts
- the identification of you as a client or cooperation partner
- correspondence with you
- the completion of our due diligence processes
- compliance with further legal requirements
- issuing invoices
- the delivery of the best possible and customized services to you and the further development of our service offering
- communications with third parties
- the assessment and answering of job applications
We process your personal data primarily on the basis of your request and the purposes set out in Art. 6.1. (b) GDPR (performance of a contract or processing pre-contract measures), Art. 6.1. (c) (the processing is required for compliance with legal obligations the data processor is subject to), Art. 6.1.(f) (the processing is necessary for the legitimate interests of the data processor) or the processing the data processing is necessary for the performance of a task carried out in the public interest or in the exercise of public authority. Furthermore, we process data insofar as we have received a consent from you which has not been revoked, or an overriding legitimate interest is being pursued. A consent can be revoked at any time.
We also process your personal data in order to adhere to various Compliance Regulations (e.g. FATCA, CRS and Due Diligence). Therefore, the provision of your personal data is legally or contractually required or necessary for the conclusion of a contract. If the personal data is not provided, this could mean that we cannot offer, or must suspend, our services.
Insofar as personal data is processed on the basis of a legitimate interest in accordance with Art. 6.1. (f) GDPR, you have the right, in accordance with Art. 21 GDPR, to object to the processing of your personal data insofar as there are reasons existing as a result of your particular situation.
4. Recipients of Personal Data
4.1 Inside our business employees may only process your data insofar as this is necessary for the fulfilment of our contractual, legal and regulatory obligations as well as for the safeguarding of legitimate interests.
4.2 Your personal data will only be given to third parties insofar as it is necessary for the delivery of our services. This may include in particular:
- Group companies
- Service companies such as banks and asset managers
- Professional advisors, e.g. tax advisors, lawyer, auditors
- Public Authorities, States Bodies, Courts
- Your authorized attorneys and representatives
4.3 Such a transfer of data is based either a legal obligation (e.g. data transfer in connection with the Common Reporting Standard), the fulfilment of a contract (e.g. foreign asset manager, tax advisor), for the fulfilment of a legal obligation by the data controller, a consent on your part, a public interest or on the basis of a legitimate interest on our part insofar as it outweighs your interests or basic rights and freedoms for the protection of your personal data.
5. Use of our website
Provision of the website
With every use of our website our web server automatically collects data and information from the computer system of the accessing computer in so-called Server-Log files. The following data is thereby collected:
- Brower type and browser version
- used operating system
- Referral URL
- IP-Address/Hostname of the accessing computer
- Time of the server request
This data cannot be attributed by us to any specific person. This information will be used to evaluate the website access statistics and stored long-term.
The therein contained information regarding the website and internet use of visitors can be processed and evaluated by Google. The data collected by Google will be transferred by Google to states outside of the EU and EEA, in particular the United States. Google has however subjected itself to the Privacy Shield Framework. You can find further information in relation your rights in this regard at:
In addition, we ensure that your IP address is anonymised prior to the transfer to Google.
Legal basis for the use of Google Analytics is Art. 6 1.1.(f) GDPR. It is carried out in order to evaluate the use of our website and to improve our internet presence and services.
If you do not want this, you can set-up your browser in such a way that it informs you about the cookie settings and you can allow them in individual cases. We would point out however that a deactivation will have the result that you cannot use all functions of our website.
Legal basis for the processing of data by cookies is Art. 6 1.1.(f) GDPR. It is carried out in order to evaluate the use of our website and to improve our internet presence and services.
Cookies retain their validity for an indefinite period and will be subsequently deleted by your browser.
6. Data Protection during job applications and the application process
We collect and process the personal data of job applicants for the purpose of dealing with the application process. If it results in an employment contract with the applicant, the received personal data will be used, in compliance with the legal requirements, during the implementation of the employment relationship. Otherwise, the application documents will be deleted twelve months after the confirmed rejection, provided that no legitimate interests on our part have been extinguished, in particular in order to be documented for any legal proceedings.
7. Storage Period
In general we retain your personal data for all long as it necessary for the purpose it was collected, as set out in this Data Protection Policy. It can however happen that we are legally obliged to retain data for a longer period. In this case we will ensure that during the entire period your personal data will be treated in accordance with this Data Protection Policy. In particular we refer you to Art. 20 of the Due Diligence Law.
In the most cases, in case claims should arise as a result of the provision of our services, your personal data will be stored for a period of 10 years following the end of our contractual or other relationship.
8. Data Security
We maintain up to date technical measures to ensure data security and in particular to protect your personal data from dangers during data transfers as well as access by third parties. These are adjusted in accordance with technical developments.
Furthermore, we use other appropriate technical and organizational security measures to protect your data from coincidental or deliberate manipulation, partial or total loss, destruction or unauthorized access by third parties. Our security measures are continually improved in line with technological developments.
Irrespective of the measures taken we would point that data transfers via the internet (e.g. by communication via email) can expose vulnerabilities. Complete protection against access by third parties is not possible.
In the context of the further development of our service offering, as well as on the basis of changes to the legal and regulatory requirements, we will update our Data Protection Policy regularly. The up to date Data Protection Policy can be accessed and printed on our website at any time.