Data protection notice
In accordance with Art. 13 and Art. 14 of the EU General Data Protection Regulation (GDPR), we inform you below about the manner and background to the processing of your personal data in connection with our activities. The following information applies equally to applicants and applicants, contractual partners and persons subject to reporting obligations as well as other persons affected by data processing.
Responsible body
Office for Financial Market Innovation and Digitalisation
Aeulestrasse 38
P.O. Box 684
Telephone: + 423 236 76 70
E-Mail: [email protected]
Website: www.sfid.llv.li
You can address questions about data protection directly to us or to the Data Protection Office as the Competence Center Data Protection of the Liechtenstein National Administration.
Contact details of the Data Protection Officer
Competence Center Data Protection
Peter-Kaiser-Platz 1
9490 Vaduz
Telephone: +423 236 73 08
E-Mail: [email protected]
Website: www.fds.llv.li
Purpose of the processing
Personal data is processed as part of the fulfilment of our mandate as the Liechtenstein government's central advisory and coordination office for financial market innovations, new technologies and digitalization. This includes advising and supporting market participants, shaping and developing regulatory frameworks and coordinating the establishment of financial market-related companies. In addition, we process personal data as part of our international cooperation with institutions and committees as well as for the organization of events and networking activities. We are also responsible for the management and implementation of EU digitalization legislation and programs, whereby personal data may also be processed as part of this area of responsibility.
Legal bases
The legal basis for our processing activities based on a contract or pre-contractual measures is Art. 6 (1) (b) GDPR. Under certain circumstances, consent pursuant to Art. 6 (1) (a) GDPR may also apply, e.g. for the delivery of newsletters. Otherwise, the legal basis is our legitimate interest pursuant to Art. 6 (1) (f) GDPR, e.g. when collecting data from publicly accessible sources.
Data to be processed
The following personal data is collected, recorded and processed in the course of our activities: Surname, first name, e-mail address, business address, telephone number, employing institution, position/department.
Origin of the data
If the data is not collected from you personally, the information on the personal data comes from public information sources, such as the Internet, the website of the institution or similar sources.
Reception
We only transfer your data to other public bodies, such as the government, in cases prescribed and permitted by law.
Storage duration
The storage period for data processing is based on special legal requirements regarding retention periods or the Archiving Act. If the purpose of the data processing has been achieved and there are no statutory retention periods preventing the deletion of your data, the personal data will generally be added to the respective deletion concept.
Legal Divisions of the data subjects
When your personal data is processed, you have various rights under data protection law: access, rectification, erasure, restriction of processing, data portability, objection, complaint to the supervisory authority.
You can exercise your rights by submitting an informal application or request to the controller without giving reasons. However, it is recommended that you submit the application or request in writing or in a secure electronic form.
1. right to information
With the right to information in accordance with Art. 15 GDPR, you as the data subject can request information from the data controller about which data about you is stored or processed by the data controller.
You will also receive additional information from the controller, e.g. about the purposes of processing, the origin of the data if it was not collected directly from you, or about the recipients to whom your data is transmitted.
The right of access enables you to maintain an overview and therefore control over which of your personal data is processed, for what purpose and on what legal basis.
2. right to rectification
If you discover that your personal data is incorrect, you can demand that the controller rectify it without undue delay in accordance with Art. 16 GDPR. Immediately means without undue delay on the part of the controller, which means that a certain amount of time must be allowed for the request to be processed.
3. right to erasure
With the Legal Division to erasure in accordance with Art. 17 GDPR, you can in principle request the controller to erase your personal data without undue delay if one of the grounds in Art. 17 para. 1 a) to f) applies, e.g. the data is no longer necessary for the purposes of processing, consent has been withdrawn, an objection has been successfully lodged, the processing was unlawful, etc.
However, there may be exceptions to the right to erasure, which are listed in Art. 17 para. 3 GDPR. The controller must regularly check whether statutory retention periods or the Archiving Act preclude erasure.
4. right to restriction of processing
The Legal Division to restrict processing in accordance with Art. 18 GDPR can only be asserted under certain conditions, which are listed in letters a) to d) of the article. For example, if you request the rectification of your incorrect data or have objected to the processing, the processing of your data must be restricted by the controller until its verification has been completed. Furthermore, processing must be restricted if you expressly request restriction instead of erasure due to unjustified processing. Processing must also be restricted if the controller no longer needs your data for its own purposes, but you still wish to use it to pursue your own claims.
5. right to data portability
If you have provided your data to the controller, you can request to receive this data in a commonly used, machine-readable format in accordance with Art. 20 GDPR. This is intended to make it easier for you to transfer your data to another controller. The Legal Division on data portability applies if the processing is based on consent or a contract and is carried out using automated procedures.
6. right to object
Art. 21 para. 1 GDPR grants you the right to object, on grounds relating to your particular situation, by way of exception, to data processing which is lawful in itself, provided that the legal basis for the processing of your data is a balancing of interests on the part of the controller whose interests have prevailed in the balancing of interests carried out.
7. Legal Division to lodge a complaint
If you, as the data subject, believe that your data is being processed unlawfully, you can lodge a complaint with the competent supervisory authority at any time.
Contact details data protection - supervisory authority
The supervisory authority responsible for data protection in Liechtenstein is the Data Protection Authority with the contact details:
Data Protection Authority
Städtle 38
P.O. Box 684
FL-9490 Vaduz
Telephone: +423 236 60 90
E-Mail: [email protected]
Website: www.datenschutzstelle.li
Further information on data protection, in particular regarding the website of the Liechtenstein National Administration, can be found in the Data Protection Declaration.