Data protection
Internet
Data protection information sheet (Internet)
This section supplements our data protection information with specific notes on the collection and processing of personal data via the Liechtenstein Life Assurance AG website (www.liechtensteinlife.com) and related services.
You can reach our data protection officer at: Liechtenstein Life Assurance AG, Data Protection Officer, Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein, privacy@liechtensteinlife.com.
Controllers for website-related processing
- Liechtenstein Life Assurance AG, Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein, privacy@liechtensteinlife.com
- the prosperity company AG (applications), Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein, privacy@tpc.li
- prosperity solutions AG (Partner Life and the prosperity App), Feldkircher Strasse 31, 9494 Schaan, Principality of Liechtenstein, privacy@tpc.li
The respective responsibility is shown on the website in the legal notice.
Use of our website
We work with various third-party providers in connection with the use of our website. Most of these providers are established in the EEA or Switzerland. Some of them belong to globally active groups, so transfers to countries outside these regions, including the USA, cannot be ruled out.
Various external links are integrated into the website, including links to social media providers. Details on how these providers handle your personal data can be found in their own privacy notices, for example those of Google, LinkedIn, Facebook, and Instagram. This privacy policy does not apply to processing by such external providers.
If you use a link to an external provider on our website, data is transmitted to that provider. We have no knowledge of the content of the transmitted data or how it is used there. By using the relevant products and services, such as Google, LinkedIn, Facebook, or Instagram, you agree to their privacy policies.
We process the data collected for as long as this is necessary, taking into account statutory retention periods, our stated processing purposes, and our overriding legitimate interests. We aim for purpose-based retention and store data only as long as required. Web server log files are generally deleted after 30 days; longer retention only takes place where there are concrete indications of misuse or unlawful use. Depending on the purpose, retention can otherwise range from a few days to several years or longer. Once data is no longer required, we delete or anonymise it.
When you access and use our website, our web servers collect certain technical data about your visit and record it in logs, for example:
- date and time of access and other process-related data
- the website from which access originated (referrer URL)
- any search term used
- the country from which access originated
- the Internet Protocol address (IP address) of the requesting computer or device
- the name of your internet provider
- device attributes, such as whether you use a computer, tablet, or mobile phone, and interaction data relating to the website
Technical data on its own does not normally allow conclusions to be drawn about your identity. Although we know your provider and therefore the region from which you access the website on the basis of your IP address, we cannot normally identify you directly from this.
We process the data listed above for the following purposes:
- ensuring a smooth connection to the website
- ensuring a convenient use of the website
- optimising website content and advertising
- analysing system security and stability
- additional administrative purposes
We also use this data for technical troubleshooting and in order to detect, defend against, and investigate attacks on our systems. Liechtenstein Life Assurance AG reserves the right to review log data retrospectively if there are concrete indications of unlawful use.
Where the GDPR applies, the legal basis is our legitimate interest under Article 6(1)(f) GDPR in providing a secure and reliable user experience.
Our website contains legally required information that enables fast electronic contact and direct communication with us. If you contact us by email, the personal data you transmit is stored automatically. Where the GDPR applies, processing for the purpose of handling your enquiry and establishing contact is based on Article 6(1)(b) GDPR where the enquiry is aimed at concluding or performing a contract, and otherwise on our legitimate interest under Article 6(1)(f) GDPR in the efficient handling of enquiries. This data is not passed on to third parties. The same applies if you contact us by email as an applicant.
Our website also offers the option to register for webinars. We use Livestorm, a service of Livestorm SAS, to provide these webinars. In this context, registration and usage data are processed and stored in order to organise webinars, communicate with participants, and improve our webinar processes and services.
Where the GDPR applies, processing is based on your consent under Article 6(1)(a) GDPR and on our legitimate interest under Article 6(1)(f) GDPR in offering webinars efficiently and effectively. Your data is disclosed to Livestorm SAS as the technical service provider for webinar delivery.
We use different digital enquiry and form journeys on our website. For certain journeys, especially in the partner context and for individual campaigns or microsites, we use services of heyflow GmbH. We have concluded a data processing agreement with heyflow GmbH that complies with data protection requirements.
For other contact and consultation enquiries, especially in the customer context, we provide our own web forms on the website and process the data entered in our systems or via technical service providers engaged by us. With your explicit consent, we also forward data from contact and consultation enquiries to external sales partners associated with us. This consent is obtained by means of a separate consent declaration.
In connection with our website, we use various services from Google Ireland Ltd. and Meta Platforms Ireland Ltd. As part of Google marketing services and Meta services for Facebook and Instagram, data about visitors to our website is collected and analysed.
We have no influence over the scope of data processed by Google and/or Meta or their further use of such data and accept no responsibility or liability for it. If you have a Google, Facebook, or Instagram account or are registered for one of their services, these companies may, for example, combine your clicks on paid advertisements of Liechtenstein Life Assurance AG with other data. Data may also be linked across devices with your account and your browser or app history.
You can adjust cookies on our website, block third-party cookies via your browser settings, prevent cross-site tracking, and/or use ad-blocking software. Data collected by Google and/or Meta may be transferred to countries outside the EEA and Switzerland, in particular the USA. If you have a Google and/or Meta account, you can adjust the relevant privacy settings there.
Cookies and similar technologies
Information on cookies and similar technologies can be found below. The overview is based on technical reviews of the website in a standard browser profile and in a separate test system without ad filtering. Which cookies are actually set in an individual case depends in particular on your selection in the cookie banner, the subpages you visit, embedded third-party content, your browser settings, and any advertising parameters such as fbclid or gclid. We use cookies and comparable technologies in the analytics, personalisation, and marketing categories exclusively on the basis of your consent (Article 6(1)(a) GDPR; technically necessary cookies are based on Article 6(1)(f) GDPR).
| Type | Name | Provider | Purpose | Storage period | Category |
|---|---|---|---|---|---|
| Cookie | ASLBSA | LLA / hosting infrastructure | Used for load balancing and the stability of the website infrastructure. | Session | Technically necessary |
| Cookie | ASLBSACORS | LLA / hosting infrastructure | Used for load balancing and the stability of the website infrastructure in cross-origin requests. | Session | Technically necessary |
| Cookie | NEXT_LOCALE | LLA | Stores the language or locale version you selected. | Session | Technically necessary |
| Cookie | cc_cookie | LLA | Stores your selection in the cookie banner, including the categories and services you approved. | approx. 6 months | Preference / record of consent |
| Cookie | _ga | Google Analytics | Distinguishes browser instances for reach measurement and usage analytics. | up to 400 days | Analytics |
| Cookie | _ga_RC1KY5E6W9 | Google Analytics | Stores the session-related measurement status for the specific Google Analytics property of the website. | up to 400 days | Analytics |
| Cookie | _gcl_au | Google Ads | Used for conversion measurement and the attribution of advertising interactions. | approx. 90 days | Personalisation / marketing |
| Cookie | _gcl_aw | Google Ads | Used for conversion measurement after an ad click with Google identifiers such as gclid. | approx. 90 days | Personalisation / marketing |
| Cookie | _lfa | Dealfront | Recognises returning browsers for Dealfront's B2B analytics and attribution tools. | approx. 12 months | Analytics |
| Cookie | _fbp | Meta Pixel | Associates visits and interactions with a browser instance for advertising and measurement purposes. | approx. 90 days | Personalisation / marketing |
| Cookie | _fbc | Meta Pixel | Supports the attribution of advertising interactions after a visit with Meta identifiers such as fbclid. | approx. 90 days | Personalisation / marketing |
The cookies \_gcl_aw and \_fbc were observed in the test only when the website was accessed with advertising parameters such as gclid or fbclid.
| Type | Name | Provider | Purpose | Storage period | Category |
|---|---|---|---|---|---|
| Cookie | IDE | Google / DoubleClick | Used for advertising and conversion measurement in the DoubleClick / Google Ads environment. | up to 400 days | Personalisation / marketing |
| Cookie | __cf_bm | LinkedIn / Cloudflare | Used for technical protection and bot detection in LinkedIn services. | approx. 30 minutes | Technical / security |
| Cookie | AnalyticsSyncHistory | Supports synchronisation and measurement for LinkedIn advertising and analytics functions. | approx. 30 days | Personalisation / marketing | |
| Cookie | bcookie | Recognises browsers in the LinkedIn network and supports advertising and security functions. | approx. 12 months | Personalisation / marketing | |
| Cookie | bscookie | Security and identification cookie used by LinkedIn for browser and session association. | approx. 12 months | Personalisation / marketing | |
| Cookie | li_sugr | Supports conversion measurement, browser matching, and advertising attribution in LinkedIn. | approx. 90 days | Personalisation / marketing | |
| Cookie | lidc | Supports routing, delivery, and technical stability of LinkedIn services. | approx. 24 hours | Technical / security | |
| Cookie | UserMatchHistory | Supports matching browsers to LinkedIn marketing and conversion functions. | approx. 30 days | Personalisation / marketing |
Third-party cookies were observed in the technical review in particular after consent had been given for all optional categories. Whether such cookies are actually set in your browser also depends on your browser's privacy and tracking-protection settings and on any filtering or ad-blocking software.
In the technical review of the website, network requests for Google Analytics, Google Ads, LinkedIn, Dealfront, and Umami were also observed after consent had been given for all optional categories. No cookie-based storage by Umami was observed in the browser profile tested; however, the service may nevertheless process technical usage data or similar identifiers.
Web analytics
To understand how our website is used and to improve our online offering, we use web analytics tools. These tools are generally provided by third parties. The information collected via cookies about the use of a website is typically transmitted to servers of the relevant provider, which may also be located abroad.
The data is transmitted with shortened IP addresses so that your device cannot be identified directly. The IP address transmitted by your browser when using third-party tools is not merged with other data of those providers.
Google Analytics uses cookies that enable an analysis of your use of our website and online services. The information generated by the cookie is generally transmitted to a Google server in the USA and stored there.
IP anonymisation is activated on our website, so your IP address is shortened by Google within the EEA or Switzerland before transmission. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there.
Google uses this information on our behalf to evaluate the use of the website, compile reports on website activity, and provide other services related to website and internet use. We receive only anonymous evaluations from Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
Participation in tracking can be controlled via the cookie settings. Where the GDPR applies, the legal basis is your consent under Article 6(1)(a) GDPR.
We also use the Umami web analytics tool, which is integrated via our own domain. In this context, technical usage and event data is processed, in particular information about pages accessed, referrers, access times, and browser and device information, in order to evaluate the reach and use of our online offering in a privacy-conscious way and to improve it technically.
Where the GDPR applies, we rely for this purpose on our legitimate interest under Article 6(1)(f) GDPR in privacy-conscious audience measurement and in the technical optimisation of our online offering.
Online services
We use various online services from third-party providers on our website. Whether you wish to participate in the relevant tracking procedures can generally be determined via the cookie settings. Where the GDPR applies, the legal basis is your consent under Article 6(1)(a) GDPR unless stated otherwise below.
We use Google Ads for advertising purposes. As part of conversion tracking and remarketing, Google may place cookies and similar technologies on your device in order to recognise whether and how users interact with our website via advertisements. This enables us to evaluate the effectiveness of our advertising measures and to address visitors again with information about our products on websites of members of the Google partner network.
The information obtained through conversion tracking is used to analyse our advertising, for example the total number of users who clicked on an advert and visited a page tagged for conversion tracking.
No personal data is disclosed to members of the Google partner network in a way that would allow them to identify you directly.
We use Dealfront on our website, a service provided by Dealfront GmbH, to identify and analyse the origin of website visitors at company level. Dealfront uses cookies and similar technologies to collect information about companies, IP addresses, and website activities. This information helps us optimise our marketing and sales activities and provide more relevant content.
Where the GDPR applies, the processing is based on your consent in accordance with Article 6(1)(a) GDPR, provided that you have given it in the cookie settings. Further information on data protection at Dealfront can be found at https://www.dealfront.com/privacy-policy/.
We use conversion-tracking components of LinkedIn Ireland Unlimited Company in order to display advertising that is relevant to you and based on your interests. We receive aggregated and anonymous reports from LinkedIn about ad activities and about how you interact with our website.
Our website integrates the visitor action pixel of Meta Platforms Ireland Ltd. and Meta Platforms, Inc. This allows the behaviour of website visitors to be tracked after they have been redirected to our website by clicking on a Facebook or Instagram advertisement. This enables us to evaluate the effectiveness of Facebook and Instagram advertisements for statistical and market-research purposes and to optimise future advertising measures.
The data collected in this way is anonymous to us as the website operator. We cannot draw conclusions about the identity of users from it. However, the data is stored and processed by Meta, which may associate it with the relevant usage profile and use it for its own advertising purposes in accordance with Meta's data use policy. We cannot influence such use of the data.
Embedded third-party services and content
We integrate third-party content and services into our online offering, such as Vimeo videos, embedded Instagram content, appointment-booking services such as Calendly, webinars via Livestorm, forms via Microsoft Forms, or other graphics and content from third-party websites.
When you use such content, the relevant third-party providers may collect information about you, such as your IP address, geolocation, or other technical usage data. We have no influence over how they use this information, including for statistical purposes. Depending on the integration, content is activated only once you open it yourself or trigger the relevant action; in other cases, technical connection data is transmitted to the relevant service already when the page loads.
The following key details apply in particular to the third-party providers mentioned: Vimeo (Vimeo Inc., USA) – video integration; Calendly (Calendly LLC, USA) – appointment booking; Microsoft Forms (Microsoft Ireland Operations Ltd., Ireland) – forms; Instagram (Meta Platforms Ireland Ltd., Ireland) – embedded content; Livestorm (Livestorm SAS, France) – webinars. For transfers to the USA, we rely on the EU-U.S. Data Privacy Framework where the relevant provider is certified, otherwise on EU standard contractual clauses together with supplementary technical and organisational measures.
Where the GDPR applies, the legal basis is our legitimate interest under Article 6(1)(f) GDPR in making these contents available as part of our service. If such services are only activated once you select them, the legal basis is your consent under Article 6(1)(a) GDPR.
Social media presences and embedded content
We maintain online presences on social networks such as LinkedIn, YouTube, and Instagram and link to these offerings from our website. In addition, content from social networks, in particular Instagram, may be embedded in individual areas of our website.
If you use such links or embedded content, data such as IP address, device and browser information, and usage data may be transmitted to the relevant provider. If you are logged in there, the relevant provider may be able to associate the access with your user account. We have no influence over the providers' further processing.
Where the GDPR applies, the legal basis for external links, social media presences, and embedded content is our legitimate interest under Article 6(1)(f) GDPR in making these contents available as part of our service and using social media for information, marketing, and communication purposes. If services or embedded content are activated only after you select them, the legal basis is your consent under Article 6(1)(a) GDPR.
Communication
How we process personal data in principle is set out in the other sections of this privacy policy. The following notes describe specific features of individual communication channels and interactions.
Unless stated otherwise, where the GDPR applies, the legal basis depends on the occasion and content of the respective communication. Depending on the case, we process your data on the basis of your consent under Article 6(1)(a) GDPR, for the performance of pre-contractual measures or a contract under Article 6(1)(b) GDPR, or on the basis of our legitimate interest under Article 6(1)(f) GDPR in appropriate communication and in the further development of our services.
Electronic communication and related data security
You have various options for contacting Liechtenstein Life Assurance AG via our website. Personal data transmitted by you is protected by encryption mechanisms that correspond to the current security standard. Despite extensive technical and organisational safeguards, however, data may still be lost or intercepted and/or manipulated by unauthorised persons.
We are concerned about data security and take suitable technical and organisational measures to prevent this within our systems. Your computer remains outside the security area controlled by Liechtenstein Life Assurance AG. It is therefore your responsibility as a user to inform yourself about the necessary security precautions and to take appropriate measures.
Liechtenstein Life Assurance AG accepts no liability whatsoever for damage resulting from data loss or manipulation on your systems or during transmission. The internet is a globally open network. Whenever you transmit personal data over the internet, you do so at your own risk. In unencrypted electronic communication, data may be intercepted and manipulated by third parties or lost.
Use of links
Except in passwordless log-in or verification processes expressly triggered by you, Liechtenstein Life Assurance AG does not use links in general communications, in particular emails, SMS, instant messaging services, chats, social media messages, or physical mail with QR codes, that lead directly to log-in pages or to the entry of sensitive data. Sensitive data includes, in particular, usernames, passwords, PINs, policy numbers, email addresses, payment information, dates of birth, names, and postal addresses.
In the context of passwordless log-in or verification processes expressly requested by you, however, we may send a time-limited link to the email address stored for you so that you can access the requested service directly and securely. Outside such user-initiated processes, general emails do not contain links to log-in portals such as the prosperity App.
If you want to send confidential content to Liechtenstein Life Assurance AG by email, the email should be encrypted to prevent unauthorised access to or falsification of the content in transit.
If you send unencrypted emails to Liechtenstein Life Assurance AG, data security cannot be guaranteed. Liechtenstein Life Assurance AG therefore excludes any warranty and liability in this regard. As an alternative to encrypted email communication, we recommend contacting us directly via the prosperity App.
Telephone
If you are in telephone contact with Liechtenstein Life Assurance AG, calls may be recorded, transcribed, or analysed for quality assurance and documentation purposes. Where the GDPR applies, processing is based on your consent under Article 6(1)(a) GDPR or on our legitimate interest in quality assurance and documentation under Article 6(1)(f) GDPR. Recordings are generally deleted after 90 days, unless longer retention is required by law or necessary to preserve evidence. You may object to the recording at any time.
Depending on your request, we use traditional person-to-person customer telephony and/or newer technologies such as voice dialogue systems, voice recording, or so-called voicebots. In a voice dialogue system, your call is answered automatically and routed to the responsible team. You can recognise such systems by the machine-controlled dialogue. When voicebots are used, your request may be processed automatically, including with the help of artificial intelligence.
Visits to our premises
Access to our premises is only possible by prior appointment. Unannounced visitors may be asked to leave. When you visit, your name is processed at reception by a processor.
Rights of data subjects
You can request information about the personal data stored about you in accordance with Article 15 GDPR using the contact details listed above. Under certain conditions, you may also request rectification under Article 16 GDPR, erasure under Article 17 GDPR, restriction of processing under Article 18 GDPR, and the provision of data you have supplied in a structured, commonly used, and machine-readable format under Article 20 GDPR.
Under Article 7(3) GDPR, you can withdraw consent at any time with effect for the future. This means that we may no longer continue the processing based on that consent in the future.
You may also lodge a complaint on data protection issues with the competent supervisory authority. For Liechtenstein, the competent authority is the Data Protection Authority, Städtle 38, P.O. Box 684, 9490 Vaduz, Principality of Liechtenstein, info.dss@llv.li. For processing in Switzerland, you may contact the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern. Data subjects may also contact the data protection supervisory authority in the EEA competent for their habitual residence, place of work, or the place of the alleged infringement.
Right to object
Under Article 21(1) GDPR, you have the right to object to the processing of your personal data based on Article 6(1)(e) or (f) GDPR if there are reasons relating to your particular situation. You also have the right under Article 21(2) GDPR to object to processing for direct marketing purposes. You can submit such an objection using the contact details listed above in any form.
Topicality and amendment of this privacy policy
This privacy policy is currently valid and was last updated in May 2026. It may become necessary to amend it due to the further development of our website and services or due to changes in legal or regulatory requirements. We will inform you in good time and in a suitable form of material amendments, where this is required by law. The current version can be accessed and printed at any time via the website.
Customer
Data protection information sheet (customer)
We attach great importance to the responsible handling of your personal data. Protecting your privacy is important to us. We process personal data with care, strive for the greatest possible data security in the use of information technologies, and as a matter of principle collect only the data that is necessary.
We use appropriate technical and organisational measures, including encryption and/or pseudonymisation, instructions, confidentiality commitments, and controls, to protect your data against manipulation, loss, destruction, or unauthorised access. Our employees receive regular data protection training and are subject to special confidentiality obligations. Compliance is monitored continuously, including in relation to processors engaged by us.
This privacy policy explains how we collect and process personal data, for which purposes, who may receive it, how long we retain it, what rights you have, and how you can contact us. These data protection provisions are not part of the contract and may be amended by us within the limits of applicable law; we will inform you in good time and in a suitable form of material amendments, where this is required by law. The version published on our website applies. Where language versions differ, the version made available to you applies; the German version serves additionally as an interpretation aid.
Information on data protection
For the purposes of this section, personal data means all information relating to an identified or identifiable natural person, for example name, date of birth, email address, ID data, authentication data, tax data, or IP address. We also process special categories of personal data, for example health data. Information that is anonymised or aggregated and can no longer be used to identify a particular person is not treated as personal data.
Processing means any handling of personal data, such as collection, storage, use, disclosure, modification, archiving, or deletion. The primary legal basis and purpose of processing your data is the initiation and/or performance of the insurance contract. In addition, we rely on legal obligations, consent given by you or a person authorised by you, and the overriding legitimate interests of Liechtenstein Life Assurance AG, in particular in pursuing the purposes described below and implementing appropriate measures.
We process personal data according to the principles of fairness, lawfulness, transparency, data minimisation, proportionality, accountability, and data security.
Liechtenstein Life Assurance AG is subject to the legal provisions applicable in Liechtenstein. Liechtenstein is a member of the European Economic Area. The EU General Data Protection Regulation (GDPR) applies together with the applicable national laws, including the Liechtenstein Data Protection Act (DSG-LI), the Swiss Data Protection Act (DSG-CH), the German Federal Data Protection Act, and, where applicable, the Italian Data Protection Code (Codice della privacy, Legislative Decree no. 196 of 30 June 2003).
This privacy policy does not contain an exhaustive description of all data processing. Individual matters may be regulated in whole or in part by specific information. Exceptions to the duty to provide information may apply where providing the information is impossible or would involve disproportionate effort, where you already know about the processing, where processing is required by law, or where we are subject to statutory secrecy obligations.
If you wish to conclude an insurance contract with us, you must provide all data necessary for establishing and performing the business relationship and for fulfilling the associated contractual obligations. Without such data, we are unable to conclude or perform an insurance contract or provide benefits.
In certain cases, we collect data from third parties or receive data from third parties. We only collect personal data without your involvement if direct collection would be unreasonable or disproportionate or would violate business secrecy under Article 104 of the Liechtenstein Insurance Supervision Act.
If you intend to conclude insurance for another person, for example family members, or provide us with data of third parties, for example beneficiaries, please ensure that these persons know our privacy policy or the relevant product information and that you are authorised to disclose their data to us.
Controller
The controller within the meaning of the GDPR is:
Liechtenstein Life Assurance AG
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@liechtensteinlife.com
Liechtenstein Life Assurance AG is part of the prosperity group. Other companies in the prosperity group are the prosperity company AG, prosperity solutions AG, and prosperity cashtech AG, each with registered office in Schaan/Liechtenstein, prosperity solutions GmbH in Berlin/Germany, and prosperity solutions (Switzerland) AG in Zurich/Switzerland.
Purposes of processing
We process personal data that you provide to us, or that we lawfully receive from companies of the prosperity group, partners, intermediaries, or other third parties, in particular for the following purposes:
- initiation and performance of insurance contracts
- claims handling and benefit settlement
- risk assessment and premium calculation
- statutory notifications
- internal administration, for example IT security, audit, and controlling
- communication with you by post, email, or telephone
- detection, prevention, and combating of possible insurance fraud
- legal services and compliance, in particular compliance with regulatory and legal requirements, the prevention of money laundering, terrorist financing, bribery, and corruption, and the fulfilment of statutory information, disclosure, and reporting obligations
- customer surveys and marketing in order to inform you about our products and services and to develop customer relationships within the prosperity group
- general and insurance-specific statistics, risk management, market research, and the further development of our insurance business
- use of artificial intelligence systems to support communication and document processing, the automated handling of customer enquiries, compliance checks, the identification of regulatory risks, and the research and analysis of relevant information; AI systems are used exclusively in a supportive capacity; final decisions with legal effect for the data subject are made exclusively by employees of Liechtenstein Life Assurance AG; data processed in connection with such AI interactions is not used to train AI models, and transparency obligations under the EU AI Act (in particular for chatbots and voicebots) are complied with
Legal bases
Where the GDPR applies, we rely in particular on the following legal bases:
- Article 6(1)(b) GDPR for pre-contractual measures and contract performance; where special categories of personal data are required for this, for example health data when concluding a life insurance contract, we obtain the required consent in accordance with Article 9(2)(a) in conjunction with Article 7 GDPR
- Article 6(1)(c) GDPR for compliance with legal obligations, for example supervisory, regulatory, commercial and tax, retention, reporting, anti-money-laundering, and risk-related obligations
- Article 6(1)(f) GDPR for legitimate interests, for example IT security, efficient service provision, consultation with and data exchange with credit agencies, business management, further development of services and products, the assertion or defence of legal claims, advertising for our own products and products of cooperation partners, market and opinion surveys, and the prevention and investigation of criminal offences
- Article 6(1)(a) GDPR for consent-based processing, for example in connection with advertising or health data
- Article 9(2)(a) and (j) GDPR for health data and statistical analyses involving special categories of personal data
Collection of data
We collect personal data primarily directly from you, for example in online forms and application forms.
If you report data concerning third parties, please ensure that those persons know our privacy policy, that the information provided is correct, and that you are authorised to disclose it.
In certain cases, we collect data from or receive data via third parties or public bodies where permitted by law, for example from authorities, financing companies, banks, other insurers, distribution partners, employers, doctors, clinics, experts, credit agencies, the press, or the media.
Where permitted, we also obtain data from publicly accessible sources, such as debt enforcement registers, land registers, commercial registers, the media, or the internet, or receive such data from other companies of the prosperity group, from authorities, cooperation partners, or other third parties.
Automated individual decisions and profiling
Based on the risk information you provide when applying, we may make fully automated decisions about the conclusion or termination of the insurance contract, possible risk exclusions, or the amount of the premiums to be paid. Based on your information about an insured event, data stored in relation to your insurance contract, and, where applicable, information received from third parties, we may also decide fully automatically on our obligation to provide benefits. Such automated decisions are based on predetermined rules for the weighting of information. You have the right to obtain human intervention on the part of Liechtenstein Life Assurance AG, to express your point of view, and to contest the decision.
Profiling going beyond the automated assessments described, in the sense of a comprehensive automated personality assessment, does not take place.
Disclosure of data and categories of recipients
We protect your data and do not sell it to third parties. Personal data may be disclosed to processors and third parties where this is necessary for the conclusion or performance of the contract or for other purposes described in this privacy policy. Where legally required, such recipients are contractually obliged to comply with applicable data protection law, confidentiality obligations, and, where applicable, secrecy duties.
Within Liechtenstein Life Assurance AG, data is disclosed only to those departments that require it to fulfil contractual and legal obligations. Processors engaged by us may also receive data for these purposes, in particular service providers in the fields of IT, software engineering, logistics, printing, communication, payment services, financing, debt collection, advice, consulting, sales, marketing, and information or address research.
Possible recipients may include in particular:
- reinsurers, insofar as this is required in relation to the risk or insured event
- insurance intermediaries supporting you in insurance and financial-services matters
- factoring companies to which claims against you or assumed claims may be sold
- credit agencies and compliance databases, in particular the World-Check service of LSEG for sanctions and politically exposed person checks, as well as CRIF AG, Hagenholzstrasse 81, 8050 Zurich, Switzerland, and infoscore Consumer Data GmbH, Rheinstrasse 99, 76532 Baden-Baden, Germany, for credit checks and default-risk assessments; the categories of data processed include in particular name, address, date of birth, payment history and, where applicable, a score value based on mathematical-statistical procedures; this does not involve a decision based solely on automated processing within the meaning of Article 22 GDPR
- companies of the prosperity group, where certain business processes are carried out centrally within the EEA or Switzerland under group-level data-processing agreements
- external service providers engaged for the performance of contractual and legal obligations
- providers of electronic and legally binding signature solutions used in electronic business transactions
- authorities, social security institutions, financial authorities, law-enforcement bodies, supervisory authorities, customs, the Financial Intelligence Unit, and other bodies where disclosure is required by law
- credit institutions for payment processing
- bodies for which you have given consent or released us from confidentiality
- your previous insurer, where this is necessary in order to verify or supplement information provided when concluding or performing the insurance contract
A list of recipients with whom we have more than a temporary business relationship is available in the current version of our service provider list on our website under "Data protection".
Processors and third-country transfers
We work with processors, such as suppliers and IT or other service providers, to fulfil contractual and legal obligations. They are contractually bound to process data only for the purposes specified by Liechtenstein Life Assurance AG.
If we transfer personal data to service providers in countries outside the EEA, this takes place only if the relevant third country has been recognised by the European Commission as ensuring an adequate level of protection or if other appropriate safeguards exist, such as binding corporate rules or EU standard contractual clauses together with supplementary technical and organisational measures, unless the transfer is required by law or ordered by an authority or court.
At present, we transfer personal data to service providers in third countries outside the EU, in particular Switzerland and the USA. The European Commission recognised Switzerland on 15 January 2024 as providing a level of protection comparable to that of the EU. For transfers to the USA, the Commission recognised on 10 July 2023 that an equivalent level of protection exists for transfers to organisations certified under the EU-U.S. Data Privacy Framework. Should this adequacy decision lapse or be restricted, we rely for transfers to the USA on EU standard contractual clauses combined with a transfer impact assessment and supplementary measures. If a service provider is not certified thereunder, we ensure that other appropriate safeguards are in place.
In the context of maintenance of IT components and systems, it also cannot be ruled out in individual cases that an IT service provider from a third country, for example the USA, may obtain controlled and limited access to personal data or that a merely theoretical possibility of access cannot be excluded. Where required by law, we will inform you separately about such transfers.
Retention period
Personal data is deleted as soon as it is no longer required for the purposes described above. Longer retention may nevertheless be necessary, for example if legal claims may be asserted against us. In such cases, data is stored for the relevant statutory limitation periods, which generally range from three to thirty years.
In addition, we are legally obliged to retain certain personal data for longer periods, in particular under company law, tax law, and due-diligence legislation. The relevant retention periods are up to ten years.
In particular, the following retention periods apply:
- contract and claims data: up to 10 years after the contract or case has ended
- health data: until the expiry of statutory limitation periods, generally up to 10 years and in individual cases up to 30 years
- consents: up to 3 years after withdrawal
Obligation to provide data and statutory notifications
Within the scope of our business relationship, you only need to provide the personal data that is necessary for establishing, performing, and ending the relationship, that we require in order to safeguard our legitimate interests, or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the insurance contract or execute the order, or we may no longer be able to perform an existing contract and may have to terminate it.
In particular, under anti-money-laundering rules, the rules on the automatic exchange of information in tax matters (AEOI), and the Foreign Account Tax Compliance Act (FATCA), we are required to identify you before establishing the business relationship, for example by means of your identification document, and to collect your name, place of birth, date of birth, country of birth, nationality, and residential address and to record the identification document electronically. We also require additional information for a business profile, in particular your tax identification number, tax domicile, occupation, and the origin of the assets used to pay premiums. You must provide this information and the necessary documents and notify us of any changes during the business relationship without delay.
We may also be required by law to report data on the insurance contract, the policyholder, the beneficial owner, and the relevant personal and tax data to state authorities. Such notifications may include, in particular:
- FATCA notifications
- notifications under the Automatic Exchange of Information in Tax Matters (AEOI)
- annual notifications of contributions paid for basic pension insurance contracts with a connection to Germany
- annual notifications of pension payments to the competent German authorities and, where applicable, statutory health insurers
- notifications of the conclusion of insurance contracts brokered by intermediaries based in Germany with a connection to Germany
Consent
By concluding an insurance contract with us, you acknowledge the content of this data processing information sheet and consent to the corresponding use of your data. The current version is available on our website under "Data protection".
Rights of data subjects
As a data subject, you have the right to obtain information about the personal data stored about you. In certain cases, you may also request rectification, erasure, restriction of processing, objection, or transfer of your data.
In particular, you have the following rights:
- access under Article 15 GDPR
- rectification under Article 16 GDPR
- erasure under Article 17 GDPR
- restriction of processing under Article 18 GDPR
- data portability under Article 20 GDPR
- objection under Article 21 GDPR
- withdrawal of consent under Article 7(3) GDPR with effect for the future
Please note that withdrawal of consent may have consequences for the insurance relationship. If certain processing activities are necessary for the performance or continuation of the insurance contract, for example in order to assess benefits or handle claims, a withdrawal may mean that we can no longer provide our contractual services, or can only do so to a limited extent. In such cases, we reserve the right not to continue the contract unless another legal basis for the processing exists.
Data protection officer and supervisory authority
You can contact our data protection officer at:
Liechtenstein Life Assurance AG
Data Protection Officer
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@liechtensteinlife.com
In Switzerland, you can contact our representative appointed under Article 14 of the Swiss Data Protection Act at:
prosperity solutions (Switzerland) AG
Data Protection Officer
Gutenbergstrasse 10
8002 Zurich
Switzerland
privacy@tpc.li
If you believe that Liechtenstein Life Assurance AG does not comply with applicable data protection law, we recommend first contacting the competent data protection officer named above. You may also lodge a complaint directly with the competent supervisory authority:
- Liechtenstein Data Protection Authority (DSS), Städtle 38, P.O. Box 684, FL-9490 Vaduz, https://www.datenschutzstelle.li
- Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, https://www.edoeb.admin.ch/de
Updating this information sheet
This data processing information sheet may be amended at a later date, in particular due to changes in statutory provisions. The current version of the information sheet and the list of service providers with whom we have more than a temporary business relationship can be obtained from our website under "Data protection".
Applicants
Data protection information sheet (applicants)
With this information, we inform you as an applicant about the processing of your personal data by the prosperity company AG or prosperity solutions GmbH and the rights to which you are entitled under data protection law.
Controllers
For applications in Liechtenstein and Switzerland:
the prosperity company AG
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@tpc.li
For applications in Germany:
prosperity solutions GmbH
Liegnitzer Str. 15, 2. Hinterhof
10999 Berlin
Germany
privacy@tpc.li
Purposes and legal bases
Within the application process, we collect and process personal data that you voluntarily provide to us in connection with your application. Processing is carried out in particular for:
- reviewing your application and deciding on possible employment
- communicating with you during the application process
- conducting interviews and tests
- fulfilling legal obligations in connection with the application process
We process your personal data in compliance with the GDPR, the Liechtenstein Data Protection Act, the Swiss Data Protection Act, the German Federal Data Protection Act, and all other applicable laws.
Your data is required to carry out and manage the application process and to assess your suitability for the relevant position. Where the GDPR applies, the primary legal basis is Article 6(1)(b) GDPR. Where necessary, we also process data on the basis of Article 6(1)(f) GDPR in order to safeguard our legitimate interests or those of third parties, for example authorities.
We also process data for statistical purposes, for example the number of applications received or the evaluation of recruiting channels. Such statistics are compiled exclusively for our own purposes. We also process personal data lawfully obtained from publicly accessible sources, for example professional social networks.
Applicant data is treated confidentially at all times. If we intend to process your data for a purpose not mentioned above, we will inform you in advance, where such information is required by law. Special categories of personal data, for example health data, are processed exclusively with your consent, unless statutory grounds for permission apply.
Categories of personal data
We process personal data that we receive from you in connection with your application. To the extent necessary for the application process, we also process personal data lawfully received from other companies or third parties, for example credit agencies for sanctions-list checks, and data lawfully obtained from publicly accessible sources, in particular social media.
We only collect personal data without the involvement of the data subject if direct collection would be unreasonable or disproportionate. In such cases, please inform the affected persons, for example former employers or supervisors, about the data storage.
Relevant personal data includes, in particular:
- personal details such as name, address, date of birth, occupation, and CV
- identification data such as ID card data
- authentication data such as signatures
- tax data such as tax identification number and tax domicile
- authorisation data such as professional licences
- order data where relevant
- data on your use of our telemedia, for example the time of access to websites, apps, or newsletters, pages accessed, or entries made
- other information that you provide voluntarily during the application process, for example via your profile in Personio or Workable
Recipients and group companies
Within the prosperity company AG, prosperity solutions GmbH, and our group of companies, access to your data is granted only to those departments that require it for the hiring decision and to fulfil contractual or legal obligations. Processors engaged by us may also receive data for these purposes, for example service providers in the areas of IT, software engineering, logistics, printing, communication, payment services, consulting, assistance services, insurance, and information services.
Specialised companies or divisions within our group carry out certain data processing tasks centrally. Personal details, identification data, master data, and comparable identification data may therefore be visible within the group so that incoming communication can be assigned to the responsible contact person.
Data may be transferred within the group to the following companies:
- Liechtenstein Life Assurance AG
- the prosperity company AG
- prosperity solutions AG
- prosperity cashtech AG
- prosperity solutions (Switzerland) AG
- prosperity solutions GmbH
Personio and Workable
To manage and process applications, the prosperity company AG uses the recruiting software Personio (Personio SE & Co. KG, Seidlstrasse 3, 80335 Munich, Germany) and prosperity solutions GmbH uses the recruiting software Workable (Workable Software Limited, 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom).
These services enable us to manage your application documents, communicate with you, and plan interviews. Personio stores data on servers in the EU. Workable processes and stores data on servers in the EU and the USA and states that it is certified under the EU-U.S. Data Privacy Framework. To the extent that processing operations are not covered by the DPF certification, we rely on EU standard contractual clauses together with supplementary technical and organisational measures. We have concluded data processing agreements with the relevant recruiting software providers in accordance with Article 28 GDPR.
Other recipients
We only disclose personal data to other third parties if this is necessary for the application process, for example to conduct background checks or to forward the application to the relevant specialist departments.
Recipients may include in particular authorities in order to fulfil legal notification and control obligations, for example social security institutions, financial authorities, and supervisory authorities such as BaFin, FMA, FINMA, or EIOPA. We may also transfer data to credit institutions for payment processing or to other bodies for which you have given consent or released us from confidentiality, for example AVAD.
Retention period
Your personal data is retained only as long as necessary for the purposes of the application process. If your application is unsuccessful, your application documents are generally retained for six months after the end of the application process in order to defend against any claims. This does not apply if statutory provisions prevent deletion, if further retention is required for evidentiary purposes, or if you have consented to longer retention.
Transfers to third countries
If we transfer personal data to service providers outside the EEA, this is done only where the European Commission has confirmed an adequate level of data protection for the relevant third country or where other appropriate safeguards exist, for example EU standard contractual clauses together with supplementary measures, unless the transfer is required by law or ordered by an authority or court.
At present, we transfer personal data to service providers outside the EU and EEA in Switzerland. On 15 January 2024, the European Commission decided that personal data in Switzerland is protected to the same extent as in the European Union. In connection with the maintenance of IT components and systems, it also cannot be ruled out in individual cases that an IT service provider from a third country, for example the USA, may obtain controlled and limited access to personal data. Appropriate agreements meeting GDPR requirements have been concluded for such cases.
Rights of data subjects
Where the GDPR applies, you have in particular the following rights:
- access under Article 15 GDPR
- rectification under Article 16 GDPR
- erasure under Article 17 GDPR
- restriction of processing under Article 18 GDPR
- objection under Article 21 GDPR
- withdrawal of consent under Article 7(3) GDPR with effect for the future
Please note that the withdrawal of consent may affect the application process. If certain processing activities are necessary in order to conduct the process, such a withdrawal may mean that we can no longer continue processing your application.
Data protection contacts and supervisory authorities
You can contact the competent data protection contacts at:
the prosperity company AG
Data Protection Officer
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@tpc.li
prosperity solutions (Switzerland) AG
Data Protection Officer
Gutenbergstrasse 10
8002 Zurich
Switzerland
privacy@tpc.li
prosperity solutions GmbH
Liegnitzer Str. 15, 2. Hinterhof
10999 Berlin
Germany
privacy@tpc.li
If you believe that the prosperity company AG or prosperity solutions GmbH does not comply with applicable data protection law, we recommend first contacting the relevant data protection contact listed above. You may also file a complaint with the competent supervisory authority:
- Liechtenstein Data Protection Authority (DSS), Städtle 38, P.O. Box 684, FL-9490 Vaduz, https://www.datenschutzstelle.li
- Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, https://www.edoeb.admin.ch/de
- Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, DE-10969 Berlin, https://www.datenschutz-berlin.de
Provision of data
The provision of your personal data is necessary as part of the application process so that we can process your application. If you do not provide the required data, we will unfortunately not be able to process your application.
Automated decision-making and profiling
We do not use automated decision-making or profiling in the application process.
Updating this information sheet
This data processing information sheet may be amended at a later date, in particular due to changes in statutory provisions. The current version is available on our website under "Data protection".
Intermediary
Data protection information sheet (intermediaries)
We attach great importance to the responsible handling of personal data. Protecting your privacy is important to us. We process data with care, seek the greatest possible data security in the use of information technologies, and as a matter of principle collect only the data that is necessary.
We use appropriate technical and organisational measures, including encryption and/or pseudonymisation, instructions, confidentiality commitments, and controls, to protect personal data against manipulation, loss, destruction, or unauthorised access. Our employees receive regular data protection training and are subject to special confidentiality obligations. Compliance is monitored continuously, including in relation to processors engaged by us.
This privacy policy explains how we collect and process personal data, for which purposes, who may receive it, how long we retain it, what rights you have, and how you can contact us. These provisions are not part of the contract and may be amended by us at any time within the limits of applicable law. The version published on our website applies. The German version is authoritative and forms the basis for all language versions.
Information on data protection
For the purposes of this section, personal data means all information relating to an identified or identifiable natural person, for example name, date of birth, email address, ID data, authentication data, tax data, IP address, specimen signature, and authorisation data such as a trade licence or entry in the intermediary register. Information that is anonymised or aggregated and can no longer be used to identify a particular person is not treated as personal data.
Processing means any handling of personal data, such as collection, storage, use, disclosure, modification, archiving, or deletion. The primary legal basis and purpose of processing is the initiation and performance of the intermediary connection. In addition, we rely on legal obligations, consent given by you or a person authorised by you, and the overriding legitimate interests of Liechtenstein Life Assurance AG.
We process personal data according to the principles of fairness, lawfulness, transparency, data minimisation, proportionality, accountability, and data security.
Liechtenstein Life Assurance AG is subject to the legal provisions applicable in Liechtenstein. Liechtenstein is a member of the European Economic Area. The GDPR applies together with the applicable national laws, including the Liechtenstein Data Protection Act, the Swiss Data Protection Act, and the German Federal Data Protection Act.
This privacy policy does not contain an exhaustive description of all data processing. Individual matters may be regulated in whole or in part by specific information. Exceptions to the duty to provide information may apply where providing the information is impossible or would involve disproportionate effort, where you already know about the processing, where processing is required by law, or where we are subject to statutory secrecy obligations.
If you wish to conclude an intermediary connection with us, you must provide all data necessary for establishing and performing the business relationship and for fulfilling the associated contractual obligations. Without such data, we are unable to conclude or perform the intermediary arrangement or provide services.
In certain cases, we collect data from third parties or receive data from third parties. We only collect personal data without your involvement if direct collection would be unreasonable or disproportionate or would violate business secrecy under Article 104 of the Liechtenstein Insurance Supervision Act.
Controller
The controller within the meaning of the GDPR is:
Liechtenstein Life Assurance AG
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@liechtensteinlife.com
Liechtenstein Life Assurance AG is part of the prosperity group. Other companies in the prosperity group are the prosperity company AG, prosperity solutions AG, and prosperity cashtech AG, each with registered office in Schaan/Liechtenstein, prosperity solutions GmbH in Berlin/Germany, and prosperity solutions (Switzerland) AG in Zurich/Switzerland.
Purposes of processing
We process personal data that you provide to us or that we lawfully receive from companies of the prosperity group or other third parties, such as database providers or credit agencies, in particular for the following purposes:
- initiation and performance of the intermediary connection
- consultation with and data exchange with credit agencies for the determination of creditworthiness, default risks, and current addresses
- statutory notifications
- internal administration, for example IT security, audit, and controlling
- communication with you by post, email, or telephone
- review and optimisation of procedures for needs analysis and direct contact with business partners
- measures for business management and the further development of services and products
- safeguarding and asserting legal claims and defending legal disputes
- insuring against default risks
- legal services and compliance, in particular the prevention of money laundering, terrorist financing, bribery, and corruption, and the prevention, detection, or clarification of criminal offences, in particular commission fraud
- market and opinion surveys and marketing, where you have consented or not objected and all legal requirements are met
- general and intermediary-specific statistics, risk management, market research, and the development of new commission models
- use of artificial intelligence systems to support communication and document processing, the automated handling of partner enquiries, compliance checks, the identification of regulatory risks, and the research and analysis of relevant information; AI systems are used exclusively in a supportive capacity; final decisions with legal effect are made exclusively by employees of Liechtenstein Life Assurance AG; data processed in connection with such AI interactions is not used to train AI models, and transparency obligations under the EU AI Act are complied with
Legal bases
Where the GDPR applies, we rely in particular on the following legal bases:
- Article 6(1)(b) GDPR for pre-contractual measures, intermediary onboarding, and contract performance
- Article 6(1)(c) GDPR for compliance with legal obligations, for example supervisory, regulatory, commercial and tax, reporting, due-diligence, fraud-prevention, anti-money-laundering, and risk-related obligations
- Article 6(1)(f) GDPR for legitimate interests, for example IT security, efficient service provision, data exchange with credit agencies, business management, further development of services and products, the assertion or defence of legal claims, advertising for our own products and for cooperation-partner products, market and opinion surveys, and the prevention and investigation of criminal offences, in particular commission fraud
- Article 6(1)(a) GDPR for consent-based processing, for example in connection with advertising
Collection of data
We collect personal data primarily directly from you, for example in online forms and onboarding forms.
In certain cases, we collect data from or receive data via third parties or public bodies where permitted by law, for example from authorities, financing companies, banks, other insurers, distribution partners, employers, doctors, clinics, experts, credit agencies, the press, or the media.
Where permitted, we also obtain data from publicly accessible sources, such as debt enforcement registers, land registers, commercial registers, the media, or the internet, or receive such data from other companies of the prosperity group, from authorities, cooperation partners, or other third parties.
Automated individual decisions and profiling
Automated individual decision-making does not take place. Profiling in the sense of the automated creation of profiles also does not take place.
Disclosure of data and categories of recipients
We protect your data and do not sell it to third parties. Personal data may be disclosed to processors and third parties where this is necessary for the conclusion or performance of the contract or for other purposes described in this privacy policy. Where legally required, such recipients are contractually obliged to comply with applicable data protection law and confidentiality obligations.
Within Liechtenstein Life Assurance AG, data is disclosed only to those departments that require it to fulfil contractual and legal obligations. Processors engaged by us may also receive data for these purposes, in particular service providers in the fields of IT, software engineering, logistics, printing, communication, payment services, financing, debt collection, consulting, sales, marketing, and information or address research.
Possible recipients may include in particular:
- insurers that insure risks assumed by us in connection with repayment obligations for commission advances or purchase-price payments
- other insurance intermediaries if insurance contracts brokered by you are managed by another sub-intermediary
- factoring companies to which claims against you or assumed claims may be sold
- credit agencies for credit checks and default-risk assessments, in particular AVAD, Creditreform, SCHUFA, and CRIF; the categories of data processed include in particular name, address, date of birth, payment history and, where applicable, a score value based on mathematical-statistical procedures; this does not involve a decision based solely on automated processing within the meaning of Article 22 GDPR
- companies of the prosperity group, where certain business processes are carried out centrally within the EEA or Switzerland under group-level data-processing agreements
- external service providers engaged for the performance of contractual and legal obligations
- providers of electronic and legally binding signature solutions used in electronic business transactions
- authorities, social security institutions, financial authorities, law-enforcement bodies, supervisory authorities, customs, the Financial Intelligence Unit, and other bodies where disclosure is required by law
- credit institutions for payment processing
- bodies for which you have given consent or released us from confidentiality
A list of recipients with whom we have more than a temporary business relationship is available in the current version of our service provider list on our website under "Data protection".
Processors and third-country transfers
We work with processors, such as suppliers and IT or other service providers, to fulfil contractual and legal obligations. They are contractually bound to process data only for the purposes specified by Liechtenstein Life Assurance AG.
If we transfer personal data to service providers in countries outside the EEA, this takes place only if the relevant third country has been recognised by the European Commission as ensuring an adequate level of protection or if other appropriate safeguards exist, in particular EU standard contractual clauses or binding corporate rules together with supplementary technical and organisational measures, unless the transfer is required by law or ordered by an authority or court.
At present, we transfer personal data to service providers in third countries outside the EU, in particular Switzerland and the USA. The European Commission recognised Switzerland on 15 January 2024 as providing a level of protection comparable to that of the EU. For transfers to the USA, the European Commission's decision of 10 July 2023 on the EU-U.S. Data Privacy Framework applies for certified organisations. Should this adequacy decision lapse or be restricted, we rely for transfers to the USA on EU standard contractual clauses combined with a transfer impact assessment and supplementary measures. If a service provider is not certified thereunder, we ensure that other appropriate safeguards are in place.
Where required by law, we will inform you separately about such third-country transfers.
Retention period
Personal data is deleted as soon as it is no longer required for the purposes described above. Longer retention may nevertheless be necessary, for example if legal claims may be asserted against us. In such cases, data is stored for the relevant statutory limitation periods, which generally range from three to thirty years.
In addition, we are legally obliged to retain certain personal data for longer periods, in particular under company law, tax law, and due-diligence legislation. The relevant retention periods are up to ten years.
In particular, the following retention periods apply:
- contract and settlement data: up to 10 years after the contract or case has ended
- consents: up to 3 years after withdrawal
Obligation to provide data
Within the scope of our business relationship, you only need to provide the personal data that is necessary for establishing, performing, and ending the relationship, that we require in order to safeguard our legitimate interests, or that we are legally obliged to collect. Without this data, we will generally have to refuse to conclude the contract or may no longer be able to perform an existing contractual relationship and may have to terminate it.
Consent
By concluding a contract on the intermediary connection with us, you acknowledge the content of this data processing information sheet and consent to the corresponding use of your data. The current version is available on our website under "Data protection".
Rights of data subjects
As a data subject, you have the right to obtain information about the personal data stored about you. In certain cases, you may also request rectification, erasure, restriction of processing, objection, or transfer of your data.
In particular, you have the following rights:
- access under Article 15 GDPR
- rectification under Article 16 GDPR
- erasure under Article 17 GDPR
- restriction of processing under Article 18 GDPR
- data portability under Article 20 GDPR
- objection under Article 21 GDPR
- withdrawal of consent under Article 7(3) GDPR with effect for the future
Data protection officer and supervisory authority
You can contact our data protection officer at:
Liechtenstein Life Assurance AG
Data Protection Officer
Feldkircher Strasse 31
9494 Schaan
Principality of Liechtenstein
privacy@liechtensteinlife.com
In Switzerland, you can contact our representative appointed under Article 14 of the Swiss Data Protection Act at:
prosperity solutions (Switzerland) AG
Data Protection Officer
Gutenbergstrasse 10
8002 Zurich
Switzerland
privacy@tpc.li
If you believe that Liechtenstein Life Assurance AG does not comply with applicable data protection law, we recommend first contacting the competent data protection officer named above. You may also lodge a complaint directly with the competent supervisory authority:
- Liechtenstein Data Protection Authority (DSS), Städtle 38, P.O. Box 684, FL-9490 Vaduz, https://www.datenschutzstelle.li
- Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern, https://www.edoeb.admin.ch/de
Updating this information sheet
This data processing information sheet may be amended at a later date, in particular due to changes in statutory provisions. The current version of the information sheet and the list of service providers with whom we have more than a temporary business relationship can be obtained from our website under "Data protection".