Privacy Notice for Website Visitors


a. Name and address of the responsible person


Controller within the meaning of the European Union's General Data Protection Regulation GDPR (hereinafter "GDPR") is Codex Holding Anstalt, Lova-Center, P.O. Box 1150, 9490 Vaduz.


b. Data processing in general


Processing of personnel data on our website is limited to such data technically needed to provide a functional static website. The purpose of this website is to provide our clients with transparent information under the GDPR.


c. Description and scope of data processing


1. Provision of the website
Our system records data and information about the computer used by the user automatically and with every visit on our website.
We do not perform any web analysis on our website and do not use any web analysis tools (e.g. Google Analytics). The previously mentioned user and visitor data will not be evaluated or analysed.


2. Cookies
Except to technical cookies essentially needed to provide this website, we do not use additional cookies to process personnel data.


d. Your Rights


1. Right to Information

You have the right to request information about your personal data that is stored by the Companies. A request for information, together with proof of identity, must be sent in writing to the controller (see i.).
Upon receipt of your request for information, you will be informed within the statutory period of 30 days. The information may be refused, restricted or postponed to the extent required by law or due to the prevailing interest of a third party or the company the request is addressed to.
The request for information may be combined with a request for rectification or erasure of data.


2. Right to Rectification or Erasure
You have the right to request, in writing and free of charge, the rectification or erasure of your personal data, insofar as these are incorrect or stored or processed without good reason. A reasoned request for rectification or erasure must be sent to the controller (see i.), accompanied by a proof of identity.
Your request for rectification or erasure will be processed upon receipt within a reasonable time. Thereafter, the completion of your request for rectification or erasure will be confirmed to you.
Erasure may be prevented by legal regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


3. Right to Objection or Cancellation
You have the right to object in writing, in whole or in part, to the processing of your personal data or to cancel your consent to the processing of such data. The objection or cancellation must be addressed in writing to the controller (see i.).
The receipt of your objection or cancellation will be confirmed to you and thereafter the concerned data will be deleted.
To comply with an objection or cancellation may be contrary to statutory regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


4. Right to Restriction
You have the right to restrict the processing of your personal data with regard to the transmission of such data to third parties. An application for restriction must be sent in writing to the controller (see i.) accompanied by proof of identity.
The receipt of your application for restriction will be confirmed and your application will be completed within a reasonable time.
Such restriction may conflict with legal regulations. In such a case, the Companies will only transmit your personal data to third parties to the extent necessary to comply with the statutory requirements.


5. Right to Complaint
You have the right to file a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority of an EU or EEA Member State, for example at your place of residence or work or at the place of the alleged infringement.
The contact details of the Data Protection Authority in Liechtenstein are as follows:


Liechtenstein Data Protection Authority
Staedtle 38
P.O. Box 684
LI‐9490 Vaduz
+423 236 60 90
info.dss@llv.li


e. Contact


For questions about data protection and data processing, please contact the controller in writing. You can contact the controller Officer as follows:

Codex Holding Anstalt
Lova Center
P.O. Box 1150
LI-9490 Vaduz
+423 388 2000
office@codextrust.com


PRIVACY NOTICE FOR CLIENTS


Data Collection in the Implementation and Processing of our Services and Tasks



a. Preamble

The companies Codex Holding Anstalt, Codex Management Anstalt, Codex Treuhand AG and CTX Treuhand AG (hereinafter referred to as Companies), all domiciled at Lova-Center, P.O. Box 1150, 9490 Vaduz, process information and personal data that refer to you.

Basically, such information is processed by the Companies in the context of existing or intended business relations, including the use of websites. The Companies seek the best possible protection of your personal data.

Controller within the meaning of the European Union's General Data Protection Regulation GDPR (hereinafter "GDPR") is Codex Holding Anstalt, Lova-Center, P.O. Box 1150, 9490 Vaduz.


b. Data Processing Purposes

We process personal data from our clients for the following purposes:

  • activities pursuant to the Trustees Act and the Persons and Companies Act, in particular:
    • mandate administration (incl. administration of legal entities);
    • fulfilment of statutory accounting requirements;
    • correspondence;
    • compliance with legal requirements in connection with the Lawyers Act, the Trustees Act, the Persons and Companies Act, and the Civil Code)

c. Data Categories

In our data directories, the following data categories are directly processed in accordance with Art. 9 GDPR to perform our activities within the scope of purposes listed under a.:

 

Data Category

Data Description

Data Recipient

Client and address data

Name, company, date of birth, home and/or business address, nationality, occupation, telephone number, email address

e.g. external service providers (e.g. banks, asset managers, auditors) and public authorities (e.g. supervisory or tax authorities)

Identification Data

Identification documents, e.g. passport or identity card copies, utility bills, tax numbers, death certificates; authentication data, e.g. signature samples

Banks, asset managers, intermediaries, trust companies, tax advisors

Due diligence documents

e.g. contractual partners, identification of the beneficial owners, profile of the business relationship with information on professional and personal background (e.g. occupation and hobbies), World Check data, checks pursuant to the Due Diligence Act

Liechtenstein banks and asset managers (mandate-related persons subject to due diligence requirements)

Mandate information

e.g. corporate documents, bank documents, correspondence, due diligence documents, tax data, resolutions by bodies

Liechtenstein authorities due to statutory requirements

Accounting Data

Transaction and accounting information

Liechtenstein authorities due to statutory requirements

Correspondence Client orders, general Banks and members of bodies, Liechtenstein authorities due to statutory requirements
Data of legal entities Articles of incorporation, by-laws, certificates, mandate agreements, signatory powers Commercial register and Liechtenstein authorities due to statutory requirements
Tax Data FATCA-, AIA-, LDF reports Tax authorities due to statutory requirements

 

d. Access to and Forwarding of Data

Personal data of clients are processed by us exclusively for the fulfilment of our contractual, statutory and supervisory duties for the purposes specified under a.

For this purpose, the following parties may receive personal data:

  • group companies;
  • external service providers and parties (such as banks, asset managers, insurance companies, lawyers, auditors; suppliers, dealers, transport companies, subcontractors or other cooperation partners; associations, public-interest institutions); the forwarding of data to us by third party service providers only takes place with the express consent of the client.

If we have to fulfil legal or supervisory requirements, the following parties in particular may receive personal data:

  • official bodies and public authorities (e.g. supervisory authorities, courts);
    • tax authorities (e.g. within the framework of the Automatic Exchange of Information) [AIA, FATCA]).

e. Data Origin

The data is collected directly (e.g. in meetings or correspondence with clients; internal background and due diligence checks) and in part by third-party service providers (such as banks, asset managers, auditors).


f. Data Retention Period

Personal data will be processed and stored during the effective business relationship, unless there are special shorter deletion periods. After termination of the business relationship these data will be stored for at least 10 years due to statutory provisions (Persons and Companies Act, Due Diligence Act). Longer storage of data occurs exclusively on the basis of statutory or contractual storage requirements or for evidence purposes with regard to time-barring laws.


g. Automated Decision-Making (Art. 22 GDPR)

There is no automated evaluation of your data. Should such procedures be used in individual cases, we inform our clients to the extent required by law.


 

h. Your Rights

1. Right to Information

You have the right to request information about your personal data that is stored by the Companies. A request for information, together with proof of identity, must be sent in writing to the controller (see i.).

Upon receipt of your request for information, you will be informed within the statutory period of 30 days. The information may be refused, restricted or postponed to the extent required by law or due to the prevailing interest of a third party or the company the request is addressed to.

The request for information may be combined with a request for rectification or erasure of data.


2. Right to Rectification or Erasure

You have the right to request, in writing and free of charge, the rectification or erasure of your personal data, insofar as these are incorrect or stored or processed without good reason. A reasoned request for rectification or erasure must be sent to the controller (see i.), accompanied by a proof of identity.

Your request for rectification or erasure will be processed upon receipt within a reasonable time. Thereafter, the completion of your request for rectification or erasure will be confirmed to you.

Erasure may be prevented by legal regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


3. Right to Objection or Cancellation

You have the right to object in writing, in whole or in part, to the processing of your personal data or to cancel your consent to the processing of such data. The objection or cancellation must be addressed in writing to the controller (see i.).

The receipt of your objection or cancellation will be confirmed to you and thereafter the concerned data will be deleted.

To comply with an objection or cancellation may be contrary to statutory regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


4. Right to Restriction

You have the right to restrict the processing of your personal data with regard to the transmission of such data to third parties. An application for restriction must be sent in writing to the controller (see i.) accompanied by proof of identity.

The receipt of your application for restriction will be confirmed and your application will be completed within a reasonable time.

Such restriction may conflict with legal regulations. In such a case, the Companies will only transmit your personal data to third parties to the extent necessary to comply with the statutory requirements.

 

5. Right to Complaint

You have the right to file a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority of an EU or EEA Member State, for example at your place of residence or work or at the place of the alleged infringement.


The contact details of the Data Protection Authority in Liechtenstein are as follows:

Liechtenstein Data Protection Authority

Staedtle 38

P.O. Box 684

LI‐9490 Vaduz

+423 236 60 90

info.dss@llv.li


i. Contact

For questions about data protection and data processing, please contact the controller in writing. You can contact the controller Officer as follows:

 

Codex Holding Anstalt

Lova Center

P.O. Box 1150

LI-9490 Vaduz

+423 388 2000

office@codextrust.com


PRIVACY NOTICE FOR JOB APPLICANTS


a. Preamble


The companies Codex Holding Anstalt, Codex Management Anstalt, Codex Treuhand AG and CTX Treuhand AG (hereinafter referred to as Companies), all domiciled at Lova-Center, P.O. Box 1150, 9490 Vaduz, process information and personal data that refer to you.

Basically, such information is processed by the Companies in the context of existing or intended business relations, including the use of websites. The Companies seek the best possible protection of your personal data.

Controller within the meaning of the European Union's General Data Protection Regulation GDPR (hereinafter "GDPR") is Codex Holding Anstalt, Lova-Center, P.O. Box 1150, 9490 Vaduz.


b. Data Collection from Job Applicants


By submitting your application documents, you agree that your personal data may be processed for the purpose of our personnel selection. This data includes name, title, address, telephone number, date of birth, education, occupation, salary expectations as well as data and images contained in the cover letter, CV, motivation letter, certificates or other documents sent to us.
Your data will not be passed on to third parties without your consent. There is also no automated decision-making pursuant to Art. 22 GDPR. Data processing is based on the statutory provisions of Art. 6 (1) (a) (consent) and (b) (required for contract fulfilment) GDPR. If you are not employed, we will delete your data within 12 months in order to be documented for legal proceedings and unexpected vacancies, if any. At your request, we will delete the data immediately, if the application process does not lead to employment.


c. Your Rights


1. Right to Information
You have the right to request information about your personal data that is stored by the Companies. A request for information, together with proof of identity, must be sent in writing to the controller (see i.).
Upon receipt of your request for information, you will be informed within the statutory period of 30 days. The information may be refused, restricted or postponed to the extent required by law or due to the prevailing interest of a third party or the company the request is addressed to.
The request for information may be combined with a request for rectification or erasure of data.


2. Right to Rectification or Erasure
You have the right to request, in writing and free of charge, the rectification or erasure of your personal data, insofar as these are incorrect or stored or processed without good reason. A reasoned request for rectification or erasure must be sent to the controller (see i.), accompanied by a proof of identity.
Your request for rectification or erasure will be processed upon receipt within a reasonable time. Thereafter, the completion of your request for rectification or erasure will be confirmed to you.
Erasure may be prevented by legal regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


3. Right to Objection or Cancellation
You have the right to object in writing, in whole or in part, to the processing of your personal data or to cancel your consent to the processing of such data. The objection or cancellation must be addressed in writing to the controller (see i.).
The receipt of your objection or cancellation will be confirmed to you and thereafter the concerned data will be deleted.
To comply with an objection or cancellation may be contrary to statutory regulations. In such a case, the Companies will process your personal data only to the extent necessary to comply with the statutory requirements.


4. Right to Restriction
You have the right to restrict the processing of your personal data with regard to the transmission of such data to third parties. An application for restriction must be sent in writing to the controller (see i.) accompanied by proof of identity.
The receipt of your application for restriction will be confirmed and your application will be completed within a reasonable time.
Such restriction may conflict with legal regulations. In such a case, the Companies will only transmit your personal data to third parties to the extent necessary to comply with the statutory requirements.


5. Right to Complaint
You have the right to file a complaint with the competent Liechtenstein supervisory authority. You may also contact another supervisory authority of an EU or EEA Member State, for example at your place of residence or work or at the place of the alleged infringement.


The contact details of the Data Protection Authority in Liechtenstein are as follows:
Liechtenstein Data Protection Authority
Staedtle 38
P.O. Box 684
LI‐9490 Vaduz
+423 236 60 90
info.dss@llv.li


d. Contact


For questions about data protection and data processing, please contact the controller in writing. You can contact the controller as follows:

Codex Holding Anstalt
Lova Center
P.O. Box 1150
LI-9490 Vaduz
+423 388 2000
office@codextrust.com