Customers

Partner

Customers

Data protection

Data protection

Internet

Data protection information sheet (Internet)

1. Name and contact details of the controller and the company data protection officer

This data protection information applies to data processing by

Controller: Liechtenstein Life Assurance AG (hereinafter: LLA), Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein

E-mail: datenschutz@liechtensteinlife.com; Telephone: +423 265 34 40; Fax: +41 71 539 11 50

You can contact our data protection officer at the above address or by email with the addition ‘Data Protection Officer’.

In Switzerland, you can contact our representative, appointed in accordance with Art. 14 of the Swiss Data Protection Act, at the following address: prosperity solutions (Switzerland) AG, Data Protection Officer, Gutenbergstrasse 10, 8002 Zurich E-mail: privacy@tpc.li

2. Collection and storage of personal data and the nature and purpose of their use

a) When visiting the website

When you visit our website www.liechtensteinlife.com, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without any action on your part and stored until it is automatically deleted:

Visitor (IP addresses are automatically anonymised),
Time of access with indication of the time zone,
Visitor's request (HTTP request method, requested file, version of the HTTP protocol),
HTTP status code (server response) and size of the server response,
Name and URL of the retrieved file,
Website from which the access was made (referrer URL),
the browser used and, if applicable, the operating system of your computer and the name of your access provider and
other similar data and information used for security purposes in the event of attacks on our information technology systems.

We process the aforementioned data for the following purposes

Ensuring a smooth connection to the website,
Ensuring a comfortable use of our website,
optimising the content of our website and advertising for it
analysing system security and stability and
for other administrative purposes.

The legal basis for data processing is Art. 6 para. 1 sentence 1 lit. f GDPR. Our legitimate interest follows from the data collection purposes listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about your person. We also use cookies and analysis services when you visit our website. You can find more detailed explanations on this in sections 4 and 5 of this privacy policy.

b) When using our contact option and applying via the website

Due to legal regulations, our website contains information that enables quick electronic contact with our company and direct communication with us. If a data subject contacts us by email, the personal data transmitted by the data subject is automatically stored by us. In this respect, data processing for the purpose of processing and establishing contact is carried out in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR on the basis of your voluntarily granted consent. This personal data will not be passed on to third parties. The above also applies if you send us corresponding application documents as an applicant by electronic means, for example by e-mail. If you are not hired, the application documents will be deleted by us four months after notification of the rejection decision, provided that no other legitimate interests on our part prevent deletion.

c) When registering for the newsletter and invitations to events

In addition to the purely informational use of our website, we offer a subscription to our newsletter, which we use to inform you about current developments (products, funds, etc.) and events. If you subscribe to our newsletter, the following data will be collected, stored and processed by us for the purpose of sending you electronic mail (newsletter and event invitations): the page from which the page was requested (so-called referrer URL), the date and time of the request, the description of the type of web browser used, the IP address of the requesting computer, which is shortened so that a personal reference can no longer be established (anonymized data), the e-mail address, first name, surname, company and position, the date and time of registration and confirmation.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can revoke your consent by sending an e-mail to the above address.

3. Forwarding of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We only pass on your personal data to third parties if

you have given your express consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
in the event that there is a legal obligation for the disclosure pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR, and
this is legally permissible and necessary for the processing of contractual relationships with you in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

4. Cookies

We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not cause any damage to your end device and do not contain any viruses, Trojans or other malware.

Information is stored in the cookie that results in each case in connection with the specific end device used. However, this does not mean that we obtain direct knowledge of your identity.

We use the following types of cookies:

4.1 Technically necessary and functional cookies

These cookies ensure basic functions for the use of our website. They are essential for smooth navigation and the use of certain functions, such as our rate calculator and the selection of a desired advisor to display the corresponding agent homepage. These cookies can only be deactivated by changing the settings in your Internet browser, but this may mean that some areas of our website may no longer function properly.

The processing is carried out to implement the user relationship in the context of the use of the website and its functionalities in accordance with Art. 6 para. 1 lit. f GDPR.

The cookies are necessary for the use of the website and its functionalities. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. However, completely deactivating necessary cookies may mean that you cannot use all the functions of our platform.

4.2 Performance-related cookies

These cookies help us to better understand user behavior on our website. They enable us to analyze visitor numbers, identify sources of access and determine the most and least frequently visited pages. The aim is to optimize the user experience on our website. The data collected is anonymous so that no conclusions can be drawn about individual persons.

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given this consent in the cookie settings.

4.3 Personalization cookies

We use these cookies to show you personalized ads (both online and on social media) and to track how often certain ads are presented to you. For example, we use data on your surfing behavior or interactions such as clicks on our website. These advertisements appear not only on our website, but also on partner sites. It is not possible to draw any direct conclusions about you personally. If you reject these cookies, you will continue to see advertisements, but they may be less relevant to you.

The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided that you have given this consent in the cookie settings.

5. Analysis tools, retargeting and marketing cookies

The tracking measures listed below and used by us are carried out on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR. With the tracking measures used, we want to ensure a needs-based design and the continuous optimisation of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimising our offer for you. These interests are to be regarded as legitimate within the meaning of the aforementioned provision. The respective data processing purposes and data categories can be found in the corresponding tracking tools.

a) Google Analytics (performance-related cookies)

We use Google Analytics, a web analysis service of Google Inc (https://www.google.de/intl/de/about/) (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter referred to as ‘Google’) for the purpose of designing and continuously optimising our website in line with requirements. In this context, pseudonymised user profiles are created and cookies (see section 4) are used. The information generated by the cookie about your use of this website, such as

Browser type/version,
operating system used,
Referrer URL (the previously visited page),
Host name of the accessing computer (IP address),
time of the server enquiry,

are transmitted to a Google server in the USA and stored there. The information is used to analyse the use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage for the purposes of market research and the needs-based design of this website. This information may also be transferred to third parties if this is required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that they cannot be assigned (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=de).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

Further information on data protection in connection with Google Analytics can be found in the Google Analytics help centre (https://support.google.com/analytics/answer/6004245?hl=de).

b) Meta pixel (Facebook and Instagram) (personalization cookies)

We also use the “visitor action pixel” of Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5 Ireland (“Meta”) and Meta Platforms, Inc, 1601 Willow Rd, Menlo Park, CA 94025 on our website.

With its help, we can track the actions of users after they have seen or clicked on a Facebook or Instagram ad. This allows us to record the effectiveness of Facebook and Instagram ads for statistical and market research purposes. The data collected in this way is anonymous to us, i.e. we do not see the personal data of individual users. However, this data is stored and processed by Meta, about which we will inform you to the best of our knowledge. Meta may link this data to your Facebook or Instagram account and also use it for its own advertising purposes in accordance with Meta's privacy policy (https://www.facebook.com/privacy/policy/?entry_point=about_fb)/).

We also use Facebook's remarketing or “Custom Audience” function. This allows us to display individualized, interest-based advertising to visitors to our website if they are on Facebook or its partners. Facebook uses cookies to analyze website usage. This records the visitors to the website and anonymized data about the use of the website.

c) LinkedIn Pixel (personalization cookies)

We use the analysis and conversion tracking technology of the LinkedIn platform on our website. This is a service provided by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. With this LinkedIn technology, you will be shown more relevant advertising based on your interests. We also receive aggregated and anonymous reports from LinkedIn about advertising activities and information about how you interact with our website. You can find more information on data protection at LinkedIn here: https://www.linkedin.com/legal/privacy-policy#choices-oblig. You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations (“opt-out”) by clicking on the “Opt out on LinkedIn on English” (for LinkedIn members) or “Opt out on English” (for other users) at the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

d) Salesforce Pardot

We use the Pardot Marketing Automation System (“Pardot”) of Pardot LLC, 950 E. Paces Ferry Rd. Suite 3300 Atlanta, GA 30326, USA. This tool collects and uses data to evaluate user behavior on the website and to improve the user experience and the offers on the website. You can find out more about the tool here: https://www.salesforce.com/de/pardot. When you visit our website, Pardot records your click path and uses it to create an individual user profile using a pseudonym. Cookies are used for this purpose, which enable your browser to be recognized.

6. Social media plug-ins

We use social plug-ins from the social networks Facebook, Instagram, LinkedIn and YouTube on our website on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR in order to make our company better known. The underlying advertising purpose is to be regarded as a legitimate interest within the meaning of the GDPR. Responsibility for data protection-compliant operation must be guaranteed by their respective providers. We integrate these plug-ins using the so-called two-click method in order to protect visitors to our website in the best possible way.

a) Facebook

Social media plugins from Facebook are used on our website to make their use more personal. We use the “LIKE” or “SHARE” button for this purpose. This is an offer from Facebook.

When you visit a page on our website that contains such a plugin, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transmitted by Facebook directly to your browser, which integrates it into the website.

By integrating the plugins, Facebook receives the information that your browser has accessed the corresponding page of our website, even if you do not have a Facebook account or are not currently logged in to Facebook. This information is transmitted directly from your browser to a Facebook server in the USA and stored there.

If you are logged in to Facebook, Facebook can directly associate your visit to our website with your Facebook account. If you interact with the plugins, for example by clicking the “LIKE” or “SHARE” button, the corresponding information is also transmitted directly to a Facebook server and stored there. The information is also published on Facebook and displayed to your Facebook friends.

Facebook can use this information for the purposes of advertising, market research and the needs-based design of Facebook pages. For this purpose, Facebook creates usage, interest and relationship profiles, e.g. to evaluate your use of our website with regard to the advertisements displayed to you on Facebook, to inform other Facebook users about your activities on our website and to provide other services associated with the use of Facebook.

If you do not want Facebook to assign the data collected via our website to your Facebook account, you must log out of Facebook before visiting our website.

The purpose and scope of the data collection and the further processing and use of the data by Facebook as well as your rights in this regard and setting options to protect your privacy can be found in Facebook's data protection information (https://www.facebook.com/about/privacy/)

b) Instagram

Our website also uses so-called social plugins (“plugins”) from Instagram, which is operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”).

The plugins are marked with an Instagram logo, for example in the form of an “Instagram camera”.

When you visit a page of our website that contains such a plugin, your browser establishes a direct connection to Instagram's servers. The content of the plugin is transmitted by Instagram directly to your browser and integrated into the page. Through this integration, Instagram receives the information that your browser has accessed the corresponding page of our website, even if you do not have an Instagram profile or are not currently logged in to Instagram.

This information is transmitted directly from your browser to an Instagram server in the USA and stored there. If you are logged in to Instagram, Instagram can directly associate your visit to our website with your Instagram account. If you interact with the plugins, for example by clicking the “Instagram” button, this information is also transmitted directly to an Instagram server and stored there.

The information is also published on your Instagram account and displayed there to your contacts. If you do not want Instagram to assign the data collected via our website directly to your Instagram account, you must log out of Instagram before visiting our website. You can find more information on this in Instagram's privacy policy (https://help.instagram.com/155833707900388).

c) LinkedIn

Social plugins (“plugins”) from LinkedIn are also used on our website. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible for data protection matters outside the USA.

Each time you visit our website, which is equipped with a LinkedIn component (LinkedIn plug-in), this component causes the browser you are using to download a corresponding representation of the LinkedIn component. Further information about the LinkedIn plug-ins may be accessed under https://developer.linkedin.com/plugins. As part of this technical process, LinkedIn receives information about which specific subpage of our website you are visiting.

If you are logged in to LinkedIn at the same time, LinkedIn recognizes which specific subpage of our website you are visiting each time you visit our website and for the entire duration of your stay on our website. This information is collected by the LinkedIn component and assigned to this LinkedIn account by LinkedIn. If you click on a LinkedIn button integrated on our website, LinkedIn assigns this information to this LinkedIn user account and stores it.

LinkedIn always receives information via the LinkedIn component that you have visited our website if you are logged in to LinkedIn at the same time as accessing our website; this occurs regardless of whether you click on the LinkedIn component or not. If you do not want this information to be transmitted to LinkedIn, you can prevent it from being transmitted by logging out of your LinkedIn account before accessing our website.

LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads and to manage ad settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame, which may set cookies. Such cookies can be rejected at https://www.linkedin.com/legal/cookie-policy. The applicable data protection provisions of LinkedIn may be retrieved under https://www.linkedin.com/legal/privacy-policy LinkedIn's cookie policy is available at https://www.linkedin.com/legal/cookie-policy

d) YouTube

We have integrated YouTube components on this website. The operating company of YouTube is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA. YouTube, LLC is a subsidiary of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

By calling up a website with an integrated YouTube component (YouTube video), your Internet browser is automatically prompted by this to download it. Further information about YouTube can be found at https://www.youtube.com/yt/about/de/. During the course of this technical procedure, YouTube and Google gain knowledge of which specific sub-page of our website you are visiting.

If you are logged in to YouTube at the same time, YouTube recognizes which specific subpage you are visiting when you access a subpage of our website that contains a YouTube video. This information is collected by YouTube and Google and assigned to your YouTube account. If you do not want this information to be transmitted to YouTube and Google, you can prevent it from being transmitted by logging out of your YouTube account before accessing our website.

The data protection provisions published by YouTube, which can be accessed at https://www.google.de/intl/de/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Goog

7. Rights of data subjects

You may also have the right to restrict the processing of your data in accordance with Article 18 GDPR and the right to receive the data you have provided in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR.

In accordance with Article 7 (3) GDPR, you can revoke your consent to us at any time. The consequence of this is that we may no longer continue the data processing based on this consent in the future.

You also have the option of lodging a complaint about data protection issues with our data protection officer or, in accordance with Article 77 GDPR in conjunction with Article 55 FADP, with a data protection supervisory authority. The data protection supervisory authority responsible for us is: Datenschutzstelle, Städtle 38, Postfach 684, 9490 Vaduz, Principality of Liechtenstein; e-mail address info.dss@llv.li.

For processing in Switzerland, please contact the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern.

8. Right to object

In accordance with Article 21(1) GDPR, you have the right to object to the processing of your personal data on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) if there are reasons for this arising from your particular situation, as well as a right to object to the processing of your personal data for the purpose of direct marketing in accordance with Article 21(2) GDPR. You can send the above objection to our above-mentioned contact details in any form.

9. Data security

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser when you visit our website. As a rule, this is 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can recognise whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser. We also use suitable technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.

10. Topicality and amendment of this privacy policy

This privacy policy is currently valid and was last updated in September 2024. It may become necessary to amend this privacy policy as a result of the further development of our website and services or due to changes in legal or official requirements. You can access and print out the current privacy policy at any time on the website at https://www.liechtensteinlife.com/impressum-und-datenschutz.

Customer

Data protection information sheet (client)

With this information, we inform you about the processing of your personal data by Liechtenstein Life Assurance AG (hereinafter referred to as ‘Liechtenstein Life Assurance AG’ or ‘we’) and the rights to which you are entitled under data protection law.

Controller for data processing Liechtenstein Life Assurance AG, Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein; Telephone +4232653440; Fax: +41715391150; Email address: datenschutz@liechtensteinlife.com.

You can contact our data protection officer by post at the above address with the addition ‘Data Protection Officer’.

Categories of personal data and their collection

We process personal data that we receive from you as part of our business relationship. We also process personal data that we have received from other companies or other third parties (e.g. from cooperation partners, insurance brokers, insurance advisors, database providers or credit agencies) in a permissible manner (e.g. for the execution of orders, fulfilment of contracts, debt collection, factoring or on the basis of your consent) and will receive in the future, insofar as this is necessary for the provision of our services. On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. debtor directories, commercial and association registers, press, media) and are authorised to process.

We only collect personal data without the cooperation of the person concerned if direct collection would be unreasonable or disproportionate or would violate business confidentiality in accordance with Article 104 of the Liechtenstein Insurance Supervision Act. In this case, we ask you to inform the persons concerned about the data storage. This may, for example, be an insured person or a representative.

Relevant personal data includes personal details (name, address and other contact details, date of birth, place and country of birth, nationality, profession), identification data (e.g. ID card data), authentication data (e.g. specimen signature) and tax data (e.g. tax identification number, tax domicile). In addition, we process special categories of personal data (e.g. your health data). Furthermore, this may also include order data (e.g. payment order), data from the fulfilment of our contractual obligations, information about your financial situation (e.g. creditworthiness data, scoring/rating data, income data, data on the origin of assets, account data at credit institutions, data on lifestyle income and expenditure), register data, data about your use of the telemedia we offer (e.g. time of accessing our websites, apps or newsletters, pages viewed by us or entries) and other data comparable with the categories mentioned.

Purposes and legal bases of data processing

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Data Protection Act (DSG), the provisions of the Insurance Contract Act relevant to data protection law and all other relevant laws.

If you submit an application for insurance cover, we need the information you provide in order to prepare a needs analysis, provide advice, conclude the insurance contract and assess the risk to be assumed by us. If the insurance contract is concluded, we will process this data to fulfil the contractual relationship, e.g. to issue policies or invoices, to execute your orders and for all activities required for the operation and administration of an insurance company. We require information on the claim, for example, in order to be able to check whether an insured event has occurred and how high the claim is. Your details are also required in the event of a claim in order to determine the existence of insurance cover and the existence of the insured event.

It is not possible to conclude or execute the insurance contract without processing your personal data.

In addition, we require your personal data to compile insurance-specific statistics, e.g. for the development of new tariffs or to fulfil regulatory requirements. We use the data from all existing contracts with Liechtenstein Life Assurance AG to analyse the entire client relationship, for example to advise on contract adjustments, contract supplements, goodwill decisions or to provide comprehensive information.

The legal basis for this processing of personal data for pre-contractual and contractual purposes is Article 6(1)(b) GDPR. If special categories of personal data are required for this (e.g. your health data when concluding a life insurance contract), we will obtain your consent in accordance with Article 9 (2) a) in conjunction with Article 7 GDPR. If we compile statistics with these data categories, this is done on the basis of Article 9(2)(j) GDPR.

We also process your data in order to protect our legitimate interests or those of third parties. The legal basis for this is Article 6(1)(f) GDPR. This may be necessary in particular:

to ensure IT security and IT operations,
to consult and exchange data with credit agencies (e.g. CRIF, Boniversum) to determine creditworthiness or default risks and current addresses
to review and optimise procedures for needs analysis and direct client contact;
for measures for business management and further development of services and products;
for the assertion of legal claims and defence in legal disputes
for advertising for our own insurance products and for other products of our cooperation partners as well as for market and opinion surveys, provided you have not objected to the use of your data and all other legal requirements are met;
for the prevention and investigation of criminal offences, in particular we use data analyses to identify indications of insurance fraud.

We also process your data on the basis of Article 6(1)(a) GDPR if you have given us your consent to process personal data for specific purposes (e.g. disclosure of data, obtaining information, release from the duty of confidentiality or business secrecy). Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. In principle, consent is essential for the processing of the application and for the conclusion, execution and termination of the insurance contract. Without consent, it will generally not be possible to process the application or conclude and fulfil the insurance contract.

In addition, we process your personal data to fulfil legal obligations, such as supervisory and regulatory requirements, retention and control obligations under commercial and tax law, reporting obligations, our duty to provide advice, fraud and money laundering prevention and the assessment and management of risks. The legal basis for the processing in this case is the respective statutory regulations (e.g. due to the Insurance Supervision Act, Due Diligence Act, FATCA Act, AEOI Act, tax laws, requirements of the supervisory authorities) in conjunction with Article 6 (1) c) GDPR.

If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance in accordance with the statutory provisions.

Categories of recipients of the personal data

Within Liechtenstein Life Assurance AG, your data is received by those departments that require it to fulfil contractual and legal obligations. Processors engaged by us (Article 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, software engineering, logistics, printing services, communication, payment service providers, financing, debt collection, advice and consulting, assistants, sales and marketing as well as information and address research. We may only pass on information about you if this is permitted or required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example

Reinsurers

We insure risks assumed by us with special insurance companies (reinsurers). For this purpose, it may be necessary to transmit your contract data and, if applicable, claims data to a reinsurer so that the reinsurer can form its own opinion about the risk or the insured event. In addition, it is possible that the reinsurer will support us in the risk or benefit assessment and in the evaluation of procedures due to its special expertise. We only transfer your data to the reinsurer to the extent necessary for the fulfilment of our insurance contract with you or to the extent necessary to protect our legitimate interests.

Insurance intermediaries

If you are supported by an insurance intermediary with regard to your insurance contracts, your intermediary processes acquisition and consulting data as well as the application, contract and claims data required for the conclusion and fulfilment of the contract. We also transmit this data to the intermediaries looking after you, insofar as they require the information for your support and advice in your insurance and financial services matters.

Factors

We may sell claims we have against you and claims we have assumed against you to factoring companies (e.g. reinsurers, credit institutions, factoring institutions, funds). For this purpose, it may be necessary to transmit your contract data to the factor so that he can form his own opinion of the collection risk. We only transfer your data to the factoring company to the extent that this is necessary for the fulfilment of the contractual relationship or to the extent necessary to protect our legitimate interests.

Credit agencies

We use databases provided by credit agencies to comply with our legal obligations under the Due Diligence Act to combat money laundering, terrorist financing, bribery, corruption and organised crime, e.g. for comparison with sanctions lists and Politically Exposed Persons. We use the World-Check service offered by Thomson Reuters for this purpose. You can find more information about its activities at https://risk.thomsonreuters.com/en/terms-of-business/world-check-privacy-statement.html#faqs.

In addition, to the extent necessary to safeguard our legitimate interests, we transmit your data (name, address and, if applicable, date of birth) to credit agencies (CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland - CRIF -- and Creditreform Boniversum GmbH, Hellersbergstrasse 11, 41460 Neuss, Germany - Boniversum -) for the purpose of credit checks and obtaining information to assess the risk of non-payment on the basis of mathematical-statistical procedures using address data and payment experience. Further information on the activities of the aforementioned credit agencies can be found in the information sheet in accordance with Art. 14 GDPR at

for CRIF: https://www.crif.ch/media/405792/ch-informationen_dsgvo_de.pdf
for Boniversum: https://www.boniversum.de/eu-dsgvo/informationen-nach-eu-dsgvo-fuer-verbraucher/

can be viewed. You can also request the information using the contact details above.

Companies in the group

Specialised companies or divisions of our group of companies perform certain data processing tasks centrally for the companies affiliated in the group. This means that data may only be stored once, even if you use services from different companies in the group. For example, personal details, legitimisation data, master data (e.g. bank details, contract number, tax ID) and comparable identification data can be viewed by companies in the group. In this way, incoming communication can always be assigned to the responsible contact person. In cases of doubt, incoming payments can also be booked correctly without further enquiry.

Data can be transferred between the following companies in our group: the prosperity company AG, prosperity solutions AG, prosperity.brokershome AG and cashyou AG, each based in Schaan/Liechtenstein, and prosperity services GmbH based in Berlin/Germany.

External service providers

We use external service providers to fulfil some of our contractual and legal obligations.

Conclusion of electronic business transactions

We offer electronic business transactions. In this area, we co-operate with service providers who guarantee an electronic and legally binding signature (digital signature).

A list of the above-mentioned recipients with whom we have more than a temporary business relationship can be found in the current version of our service provider list on our homepage under the heading ‘Data protection’. If you require further information, please contact the controller at the above address.

Other recipients

In addition, we may transfer your personal data to other recipients, such as authorities to fulfil statutory notification and control obligations (e.g. social security institutions, financial authorities, law enforcement authorities, supervisory authorities (e.g. BaFin, FMA, FINMA, EIOPA), customs, Financial Intelligence Unit, Allowance Office for Retirement Assets). We also transfer your personal data to credit institutions for the processing of payment transactions. Other data recipients may be those bodies for which you have given us your consent to transfer data or for which you have released us from our duty of confidentiality (e.g. health insurance funds, doctors, hospitals).

Data exchange with your previous insurer

In order to be able to check your details when concluding the insurance contract (e.g. for the transfer of a cover capital) or your details when an insured event occurs and to supplement them if necessary, personal data may be exchanged with the previous insurer named by you to the extent necessary for this purpose.

Duration of data storage

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. Personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years). We also store your personal data insofar as we are legally obliged to do so. Corresponding duties of proof and retention arise, among other things, from personal and company law, the Tax Act and the Due Diligence Act. The storage periods are up to ten years.

Rights of data subjects

You can request information about the personal data stored about you in accordance with Article 15 GDPR at the above address. In addition, under certain conditions, you can request the rectification of your data in accordance with Article 16 GDPR or the erasure of your data in accordance with Article 17 GDPR. You may also have the right to restrict the processing of your data in accordance with Article 18 GDPR and the right to receive the data you have provided in a structured, commonly used and machine-readable format in accordance with Article 20 GDPR.

You also have the right to withdraw your consent to the processing of your personal data in accordance with Article 7(3) GDPR. You also have a right to object to the processing of your personal data on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing on the basis of a balancing of interests) in accordance with Article 21(1) GDPR and a right to object to the processing of your personal data for the purpose of direct marketing in accordance with Article 21(2) GDPR. You can send the above cancellation or objection to our contact details above without any formal requirements.

Right to object

You have the right to object to the processing of your personal data for direct marketing purposes.

If we process your data to protect legitimate interests, you can object to this processing if there are reasons arising from your particular situation that speak against data processing.

Obligation to provide personal data

As part of our business relationship, you only have to provide the personal data that is necessary for the establishment, execution and termination of a business relationship, that we need to pursue our legitimate interests or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the insurance contract or execute the order or will no longer be able to fulfil an existing insurance contract and may have to terminate it.

In particular, we are obliged under money laundering regulations to identify you before establishing the business relationship, for example by means of your identity document, and to collect your name, place of birth, date of birth, country of birth, nationality and residential address and to record the identity document electronically. In addition, we must record further information for a business profile, such as tax identification number, tax domicile, occupation and origin of the assets used for the contribution/premium payment. To enable us to fulfil these legal obligations, you must provide us with the necessary information and documents in accordance with the Due Diligence Act and notify us immediately of any changes that occur during the course of the business relationship. If you do not provide us with the necessary information and documents, we may not enter into or continue the business relationship you have requested.

Right to lodge a complaint

You have the option of lodging a complaint about data protection issues with our data protection officer or with a data protection supervisory authority in accordance with Article 77 GDPR. The data protection supervisory authority responsible for us is: Datenschutzstelle, Städtle 38, Postfach 684, 9490 Vaduz, Principality of Liechtenstein; email address info.dss@llv.li.

Data transfer to a third country

If we transfer personal data to service providers outside the European Economic Area (EU and EEA), the transfer will only take place if the third country has been confirmed by the EU Commission to have an adequate level of data protection or if other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place, unless the transfer is required by law or ordered by an authority or court. We currently transfer personal data to service providers outside the EU in Bermuda, the USA and Switzerland. The EU Commission decided for the latter two on 12 July 2016 and 26 July 2000 that personal data is protected there in the same way as in the European Union. In addition, in the context of remote maintenance of standard IT components and systems for troubleshooting or maintenance, it cannot be ruled out in individual cases that an IT service provider from a third country (e.g. USA) may in rare cases gain controlled and limited access to personal data or that the possibility of access, which is often only theoretical, cannot be ruled out.

If required by law, we will inform you separately about the data transfer.

Automated decision in individual cases

On the basis of your risk details, which we ask you about when you submit your application, we can also make fully automated decisions, for example on the conclusion or cancellation of the insurance contract, possible risk exclusions or the amount of the insurance premium to be paid by you. We can also make fully automated decisions about our obligation to pay benefits based on your details about the insured event, the data stored about your insurance contract and any information received from third parties. In the case of fully automated decisions, these are based on rules we have previously defined for weighting the information.

Obligation to provide personal data

In accordance with due diligence and money laundering regulations and the regulations on the Automatic Exchange of Information in Tax Matters (AEOI) and the Foreign Account Tax Compliance Act (FATCA), we are obliged to identify the contractual partner and the beneficial owner prior to the conclusion of the contract by means of an identification document and to collect the surname, first name, place of birth, date of birth, nationality, residential address, tax residency and tax identification number. You must provide us with this relevant information and documentation in order to fulfil our legal obligation and notify us immediately of any changes in this regard during the course of the business relationship. If you fail to do so, we may not conclude or continue an insurance contract with you.

Statutory notifications

Due to legal requirements, we may be obliged to report data on the insurance contract, the contractual partner and the beneficial owner of the insurance contract as well as the personal details and tax data of these persons to state authorities. These reports may include

FATCA notifications

The FATCA agreement concluded between the Principality of Liechtenstein and the United States of America to promote tax honesty aims to ensure that all accounts held abroad by US taxpayers are actually taxed in the USA. The agreement implements the US Foreign Account Tax Compliance Act (FATCA). Through our notification to the Liechtenstein tax authorities, the US tax authorities gain knowledge of the data and accounts of persons liable to tax in the USA or persons with a connection to the USA.

AEOI notifications

The Principality of Liechtenstein participates in the electronic exchange of tax data on the basis of the OECD standard (AEOI). As a result, Liechtenstein financial institutions are obliged to provide their national tax authorities with information about their foreign clients and their financial accounts whose countries also participate in the AEOI. The tax authorities of these foreign clients thus receive information on their financial accounts.

Notification of contributions paid for basic pensions

For basic pension insurance policies ("Basisrenten") with reference to Germany, we send an annual notification to Germany in accordance with the German Income Tax Act to the German Pension Insurance Association and the Federal Central Tax Office there regarding the amount of contributions paid and reimbursed in the respective contribution year, stating personal details, contract and tax data.

Notification of pension payments

In accordance with the German Income Tax Act, we send an annual notification to the German Pension Insurance Association (Rentenbezugsmitteilung) regarding the amount of the pension paid in the respective contribution year, stating personal details, contract and tax data. We also send the same data to the pension recipient's German statutory health insurance fund in accordance with the German Social Security Code V.

Notification of contract conclusion

In the case of insurance contracts brokered by intermediaries based in Germany and relating to Germany, we will notify the German Federal Central Tax Office of the conclusion of the contract in accordance with the German Income Tax Act, stating the personal details, contract and tax data.

Updating this information sheet

This information sheet on data processing may be amended at a later date due to changes, e.g. in statutory provisions. A current version of the information sheet and the service providers with whom we have more than a temporary business relationship can be found on our homepage under ‘Data protection’.

Consent

By concluding an insurance contract with us, you agree to the content of this data processing information sheet and give us your consent to the corresponding use of your data. The current version of our data processing information sheet can be found on our website in the ‘Data protection’ section.

If you have any questions about this data protection information, please contact the controller using the contact details above.

Applicants

Data protection information sheet (applicants)

With this information, we inform you as an applicant about the processing of your personal data by Liechtenstein Life Assurance AG (hereinafter referred to as ‘Liechtenstein Life Assurance AG’ or ‘we’) and the rights to which you are entitled under data protection law.

Controller for data processing

Liechtenstein Life Assurance AG, Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein; telephone +4232653440; e-mail address: privacy@liechtensteinlife.com.

You can contact our data protection officer by post at the above address.

Categories of personal data and their collection

We process personal data that we receive from you as part of your application. In addition, we process - to the extent necessary for the application process - personal data that we have received from other companies or other third parties (e.g. from credit agencies) in a permissible manner (e.g. for clarification with sanctions lists) and will receive in the future. On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. social media) and are authorised to process.

We only collect personal data without the cooperation of the data subject if direct collection would be unreasonable or disproportionate. In this case, we ask you to inform the data subjects about the data storage. This may be a former employer or superior, for example.

Relevant personal data includes personal details (e.g. name, address, date of birth, occupation, CV), identification data (e.g. ID card data), authentication data (e.g. signature), tax data (e.g. tax identification number, tax domicile) and authorisation data (e.g. professional licence). This may also include order data (e.g. payment order), data about your use of the telemedia we offer (e.g. time of accessing our websites, apps or newsletters, pages viewed by us or entries) and other data comparable with the aforementioned categories.

Purposes and legal bases of data processing

We process your personal data in compliance with the EU General Data Protection Regulation (GDPR), the Liechtenstein Data Protection Act (DSG) and all other relevant laws.

Your data is required to carry out and process the application procedure and to assess the extent to which you are suitable for the position in question. The processing of your applicant data is necessary in order to be able to decide on the establishment of an employment relationship. Insofar as a legal relationship subject to the GDPR exists, the primary legal basis for this is Art. 6 para. 1 b) GDPR.

If necessary and insofar as a legal relationship subject to the GDPR exists, we also process your data on the basis of Art. 6 para. 1 f) GDPR in order to protect our legitimate interests or those of third parties (e.g. authorities).

We process data for statistical purposes (e.g. number of applications, evaluation of recruiting channels). The statistics are compiled exclusively for our own purposes.

We also process personal data that we have legitimately obtained from publicly accessible sources (e.g. professional social networks).

Your applicant data will be treated confidentially at all times. If we wish to process your personal data for a purpose not mentioned above, we will inform you in advance, unless you already have this information (insofar as a legal relationship subject to the GDPR exists in accordance with Article 13 para. 4 GDPR) or information is not required by law (insofar as a legal relationship subject to the GDPR exists in accordance with Art. 13 para. 4 and 14 para. 5 GDPR). The processing of special categories of personal data (e.g. health data) is carried out exclusively with your consent, insofar as a legal relationship subject to the GDPR exists, in accordance with Art. 9 para. 2 lit. a GDPR, unless legal authorisation such as Art. 9 para. 2 lit. b GDPR is relevant.

Categories of recipients of the personal data

Within Liechtenstein Life Assurance AG and our group of companies, the data is received by those departments that require it for the recruitment decision and to fulfil contractual and legal obligations. Processors employed by us (insofar as a legal relationship subject to the GDPR exists in accordance with Article 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, software engineering, logistics, printing services, communication, payment service providers, advice and consulting, assistants, insurance and information. We may only pass on information about the data if this is permitted or required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example

Group companies

Specialised companies or divisions of our group of companies perform certain data processing tasks centrally for the affiliated companies in the group. For example, personal details, legitimisation data, master data (e.g. bank details) and comparable identification data can be viewed by companies in the group. In this way, incoming communication can always be assigned to the responsible contact person.

Data can be transferred between the following companies in our group:

the prosperity company AG, prosperity solutions AG and prosperity cashtech AG, each based in Schaan/Liechtenstein. prosperity solutions GmbH, based in Berlin.

External service providers

We sometimes use external service providers to fulfil our contractual and legal obligations.

One such recipient, with whom we have more than a temporary business relationship, is Personio GmbH, based in Munich/Germany. For any further information, please contact the controller at the above address.

Other recipients

In addition, we may transfer personal data to other recipients, such as authorities to fulfil statutory notification and control obligations (e.g. social security institutions, tax authorities, supervisory authorities (e.g. BaFin, FMA, FINMA, EIOPA)). We also transmit personal data to credit institutions for the processing of payment transactions. Other data recipients may be those bodies for which you have given us your consent to transfer data or for which you have released us from our duty of confidentiality (e.g. AVAD).

Duration of data storage

We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If no employment relationship is established, we will delete your data after 3 months. This does not apply if statutory provisions prevent deletion or if further storage is required for the purpose of providing evidence or if you have consented to longer storage.

Rights of data subjects

You can request information about the personal data stored about you at the above address. In addition, under certain conditions, you can request the correction or deletion of your data.

You may also have the right to restrict the processing of your data and the right to receive the data you have provided in a structured, commonly used and machine-readable format. Insofar as a legal relationship subject to the GDPR exists, these rights arise from Articles 15, 16, 17, 18 and 20 GDPR.

Furthermore, you have the right to withdraw your consent to the processing of your personal data, including the right to object. You can send the above revocation or objection to our above-mentioned contact details in any form.

Obligation to provide personal data

As part of your application, you must provide the personal data required for the application process and suitability assessment. Without this data, we will not be able to carry out the application process and make a decision on the establishment of an employment relationship. Before you provide personal data, you can obtain information from us on a case-by-case basis about which personal data must be provided to carry out the application process and the suitability assessment.

Right to lodge a complaint

You have the option of lodging a complaint about data protection issues with our data protection officer

data protection officer, our representative in Switzerland or a data protection supervisory authority. The data protection supervisory authorities responsible for us are

Principality of Liechtenstein:

Data Protection Authority (DSS), Städtle 38, P.O. Box 684, 9490 Vaduz/Principality of Liechtenstein

Switzerland:

Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern 

Data transfer to a third country

We currently transfer personal data to service providers outside the EU in Switzerland. On 26 July 2000, the EU Commission decided that personal data in Switzerland is protected in the same way as in the European Union.

In addition, in the context of remote maintenance of standard IT components and systems for troubleshooting or maintenance, it cannot be ruled out in individual cases that an IT service provider from a third country (e.g. USA) may in rare cases gain controlled and limited access to personal data or that the possibility of access, which is often only theoretical, cannot be ruled out.

If required by law, we will inform you separately about the data transfer so that you can inform the data subjects.

Automated decisions in individual cases

We will provide you with further details on this here or in another context in due course.

Updating this information sheet

This data processing information sheet may be amended at a later date due to changes, e.g. in legal provisions. A current version of the information sheet and the service providers with whom we have more than a temporary business relationship can be found at www.liechtensteinlife.com/Datenschutz.

Consent

By submitting an application to us, you agree to the content of this data processing information sheet and give us your consent to the corresponding use of your data and the data of data subjects you have provided to us. The current version of our data processing information sheet can be found on the Internet at www.liechtensteinlife.com/Datenschutz.

If you have any questions about this data protection information, you are welcome to contact the controller, the data protection officer or our representative in Switzerland using the contact details given above.

Intermediary

Data protection information sheet (intermediaries)

With this information, we inform you as an intermediary with regard to the contractual relationships existing with us in this regard about the processing of personal data by Liechtenstein Life Assurance AG (hereinafter referred to as ‘Liechtenstein Life Assurance AG’ or ‘we’) and the rights to which you are entitled under data protection law.

Person responsible for data processing

Liechtenstein Life Assurance AG, Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein; Telephone +4232653440; Fax: +41715391150; Email address: privacy@liechtensteinlife.com

You can contact our data protection officer by post at the above address.

Categories of personal data and their collection

We process personal data of data subjects that we receive from you as part of our business relationship. In addition, we process - to the extent necessary for the provision of our services - personal data that we have received from other companies or other third parties (e.g. from cooperation partners, database providers or credit agencies) in a permissible manner (e.g. for the execution of orders, the fulfilment of contracts, for debt collection, in or for factoring or on the basis of consent given by you) and will receive in the future. On the other hand, we process personal data that we have legitimately obtained from publicly accessible sources (e.g. debtor directories, commercial and association registers, press, media) and are authorised to process.

Relevant personal data includes personal details (name, address and other contact details, date, place and country of birth, nationality, occupation, curriculum vitae), identification data (e.g. ID card data), authentication data (e.g. specimen signature), tax data (e.g. tax identification number, tax domicile) and authorisation data (e.g. business licence, entry in the register of intermediaries). This may also include order data (e.g. payment order), data from the fulfilment of our contractual obligations, information about your financial situation (e.g. creditworthiness data, scoring/rating data, income data, bank account data), register data, data about your use of the telemedia we offer (e.g. time of accessing our websites, apps or newsletters, pages viewed by us or entries) and other data comparable with the categories mentioned.

Purposes and legal bases of data processing

We process personal data in compliance with the EU General Data Protection Regulation (GDPR), the Liechtenstein Data Protection Act (DSG) and all other relevant laws.

If you submit an application for affiliation with us as an insurance intermediary, we need the information you provide in order to prepare a risk analysis, provide you with support, conclude the contract and assess the risk to be assumed by us. If the connection is established, we process this data for the execution of the contractual relationship, e.g. for invoicing, for your support and for all activities required for the operation and administration of an insurance company.

It is not possible to conclude or implement the broker connection without processing the personal data of natural persons.

In addition, we need the personal data to compile sales-specific statistics, e.g. for the development of new commission models or to fulfil regulatory requirements. We use the data from all existing contracts with Liechtenstein Life Assurance AG to analyse the entire business relationship.

Insofar as a legal relationship subject to the GDPR exists, the legal basis for this processing of personal data for pre-contractual and contractual purposes is Article 6(1)(b) GDPR.

We also process the data in order to protect our legitimate interests or those of third parties. Insofar as a legal relationship subject to the GDPR exists, the legal basis for this is Article 6(1)(f) GDPR. This may be necessary in particular

to ensure IT security and IT operations,,
to consult and exchange data with credit agencies (e.g. AVAD, Creditreform) to determine creditworthiness or default risks and current addresses
to review and optimise procedures for needs analysis and direct contact with business partners;
for measures for business management and further development of services and products;
for securing and asserting legal claims and defence in legal disputes
for advertising for our own insurance products and for other products of our cooperation partners as well as for market and opinion surveys, provided you have not objected to the use of your data and all other legal requirements are met;
for the prevention and investigation of criminal offences, in particular we use data analyses to identify indications that may point to commission fraud;
to insure against the risk of non-payment.

Insofar as a legal relationship subject to the GDPR exists, we also process the data on the basis of Article 6(1)(a) GDPR if you or the data subject have given us consent to process personal data for specific purposes (e.g. disclosure of data, obtaining information, release from the duty of confidentiality or business secrecy). Any consent given can be revoked at any time. This also applies to the revocation of declarations of consent given to us before the GDPR came into force, i.e. before 25 May 2018. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. In principle, consent is essential for the processing of the connection application and for the conclusion, execution and termination of the contract for the connection. Without consent, it will not be possible to process the application or conclude and fulfil the contract.

In addition, we process personal data to fulfil legal obligations, such as supervisory and regulatory requirements, retention and control obligations under commercial and tax law, reporting obligations, our duty of care, fraud prevention and the assessment and management of risks. Insofar as a legal relationship subject to the GDPR exists, the legal basis for the processing in this case is the respective legal regulations (e.g. due to insurance supervision law, tax laws, requirements of the supervisory authorities) in conjunction with Article 6 paragraph 1 c) GDPR.

If we wish to process the personal data for a purpose not mentioned above, we will inform you in advance within the framework of the statutory provisions so that you can inform the persons concerned.

Categories of recipients of the personal data

Within Liechtenstein Life Assurance AG, those departments receive the data that need it to fulfil contractual and legal obligations. Contractually bound processors (insofar as a legal relationship subject to the GDPR is contractually bound in accordance with Article 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, software engineering, logistics, printing services, communication, payment service providers, financing, debt collection, advice and consulting, assistants, insurance, sales and marketing as well as information and address research. We may only pass on information about the data if this is permitted or required by law, if you have given your consent or if we are authorised to provide information. Under these conditions, recipients of personal data may be, for example

Insurers

We insure risks assumed by us in relation to the repayment obligation of commission advances or purchase price payments with special insurance companies. For this purpose, it may be necessary to transmit your contract data to an insurer so that it can form its own opinion about the risk or the insured event. We transmit this data to the insurer only to the extent necessary for the fulfilment of our contract with you or to the extent necessary to protect our legitimate interests.

Insurance intermediaries

If the insurance contracts brokered by you are managed by another (sub-)insurance broker, this broker processes acquisition and consulting data as well as the application, contract and billing data required to conclude and fulfil the contract.

Factor

We may sell claims we have against you and claims we have assumed against you to factoring organisations (e.g. insurers, credit institutions, factoring institutions, funds). For this purpose, it may be necessary to transfer your contract data to the factor so that they can form their own opinion of the collection risk. We transmit this data to the factoring company only to the extent necessary for the fulfilment of the contractual relationship or to the extent necessary to protect our legitimate interests.

Credit agencies

We may transfer data (name, address and, if applicable, date of birth) to credit agencies for the purpose of credit checks and obtaining information to assess the risk of non-payment on the basis of mathematical-statistical procedures using address data and payment experience, insofar as this is necessary to safeguard our legitimate interests:

in Germany:

Information centre via insurance/building society field service and insurance brokers in Germany e.V., Veritaskai 2, 21079 Hamburg, Germany - AVAD --
Verband der Vereine Creditreform e.V., Hellersbergstraße 12, 41460 Neuss, Germany -- Creditreform
SCHUFA Holding AG, Kormoranweg 5, 65201 Wiesbaden, Germany - SCHUFA -

in Switzerland:

CRIF AG, Hagenholzstrasse 81, 8050 Zürich, Switzerland -- CRIF
Further information on the activities of the aforementioned credit agencies can be found in the information sheet in accordance with Art. 13 and 14 GDPR at
for AVAD: https://www.avad.de/avadDs.htm
for Creditreform: https://www.creditreform.de/eu-dsgvo.html
for SCHUFA: https://www.schufa.de/datenschutz
for CRIF: https://www.crif.ch/datenschutz/

can be viewed. You can also request the information using the contact details above.

Companies in the group

Specialised companies or divisions of our group of companies perform certain data processing tasks centrally for the affiliated companies in the group. This means that data may only be stored once, even if you use services from different companies in the group. For example, personal details, legitimisation data, master data (e.g. bank details, contract number, tax ID) and comparable identification data can be viewed by companies in the group. In this way, incoming communication can always be assigned to the responsible contact person. In cases of doubt, incoming payments can also be booked correctly without further enquiry.

Data can be transferred between the following companies in our group:

the prosperity company AG, prosperity solutions AG and prosperity cashtec AG, each based in Schaan/Liechtenstein, prosperity solutions GmbH based in Berlin.

External service providers

We sometimes use external service providers to fulfil our contractual and legal obligations.

A list of the above-mentioned recipients with whom we have more than a temporary business relationship can be found in the current version of our service provider list on our website under the heading ‘Data protection’. If you require further information, please contact the controller at the above address.

Other recipients

In addition, we may transfer personal data to other recipients, such as authorities to fulfil statutory notification and control obligations (e.g. social security institutions, financial authorities, law enforcement authorities, supervisory authorities (e.g. BaFin, FMA, FINMA, EIOPA)). We also transmit personal data to credit institutions for the processing of payment transactions. Other data recipients may be those bodies for which you have given us your consent to transfer data or for which you have released us from our duty of confidentiality.

Duration of data storage

We delete personal data as soon as it is no longer required for the above-mentioned purposes. Personal data may be stored for the period during which claims can be asserted against us (statutory limitation period of three or up to thirty years). We also store personal data insofar as we are legally obliged to do so. Corresponding duties of proof and retention arise, among other things, from personal and company law and tax law. The storage periods are up to ten years.

Rights of data subjects

The data subject can request information about the personal data stored about them at the above address.

The data subject may also have the right to restrict the processing of their data and the right to receive the data they have provided in a structured, commonly used and machine-readable format.

Furthermore, you have the right to withdraw your consent to the processing of your personal data for future processing. However, this is only possible if the data processing is not required in connection with contractual obligations. The data subject can send the above revocation or objection to our contact details mentioned above in any form.

Right to object

You have the right to object to the processing of your personal data for direct marketing purposes.

If we process your data to protect legitimate interests, you can object to this processing if there are reasons arising from your particular situation that speak against data processing.

Obligation to provide personal data

As part of our business relationship, you only have to provide the personal data of natural persons that is required for the establishment, execution and termination of a business relationship, that we need to exercise our legitimate interests or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or will no longer be able to fulfil an existing contract and may have to terminate it.

Right to lodge a complaint

The data subject has the option of contacting our data protection officer, our representative in Switzerland or a data protection supervisory authority with a complaint regarding data protection issues. The data protection supervisory authorities responsible for us are

Principality of Liechtenstein:

Data Protection Authority (DSS), Städtle 38, P.O. Box 684, 9490 Vaduz/Principality of Liechtenstein

Switzerland:

Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern

Data transfer to a third country

If we transfer personal data to service providers outside the European Economic Area (EU and EEA) or Switzerland, the transfer will only take place if the third country has an adequate level of data protection. This means that an adequate level of data protection has been confirmed by the EU Commission or other appropriate data protection guarantees (e.g. binding internal company data protection regulations or EU standard contractual clauses) are in place, unless the transfer is required by law or ordered by an authority or court.

In addition, in the context of remote maintenance of standard IT components and systems for troubleshooting or maintenance, it cannot be ruled out in individual cases that an IT service provider from a third country (e.g. USA) may, in rare cases, gain controlled and limited access to personal data or that the possibility of access, which is often only theoretical, cannot be ruled out.

If required by law, we will inform you separately about the data transfer so that you can inform the data subjects.

Automated decisions in individual cases

We will provide you with further details on this here or in another context in due course.

Updating this information sheet

This data processing information sheet may be amended at a later date due to changes, e.g. in legal provisions. You can obtain an up-to-date version of the information sheet and the service providers with whom we have more than a temporary business relationship at www.liechtensteinlife.com/Datenschutz.

Consent

By concluding a contract for connection with us, you agree to the content of this data processing information sheet and give us your consent to the corresponding use of your data and the data of data subjects you have provided to us. The current version of our data processing information sheet can be found on the Internet at www.liechtensteinlife.com/Datenschutz.

If you have any questions about this data protection information, please contact the controller using the contact details above.

Service Provider

SERVICE PROVIDER ›