Privacy policy

Which of your data is processed in detail and how it is used depends largely on the relationship you have with one of the above-mentioned public bodies or which public body processes your data and for what purpose

In the following you will find general information on data protection for all public bodies. This is followed by notes on the use of the website of the National Administration Liechtenstein.

I. General data protection information for all public bodies

Person responsible

The National Administration is responsible for the use of the website of the National Administration; the respective public body is responsible for the data processing specific to its offices.

This Privacy Policy applies to the entire Liechtenstein National Administration and its public offices:

Data Protection Officer for the National Administration

If you have any questions about your personal data processed by the Liechtenstein National Administration, please contact the responsible office or the Data Protection Officer for the National Administration

Data protection office
Government Chancellery
Peter-Kaiser-Platz 1
P.O. Box 684
FL-9490 Vaduz

Phone: +423 236 73 08
E-mail: [email protected]
Website: www.fds.llv.li

II. special information on key terms, data processing and the legal basis as well as the rights of data subjects

Definition of personal data and sensitive data

Personal data is any information relating to an identified or identifiable natural person. Completely anonymized information is not personal data. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

Personal data includes, in particular, information such as your (real) name, address or telephone number. This may also include your email address if it contains your name and can be used to determine your identity. Information without any reference to your identity, e.g. only your age or gender, is not personal data.

Sensitive data is personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership. The category of sensitive data also includes the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller

Collection and processing of personal data

As a rule, you can use the website without actively providing personal data. However, certain personal data is processed automatically. Details regarding automated data processing can be found below under the point:

All citizens and all natural persons sooner or later approach a public body of the National Administration with a request. As a rule, the public body must then process personal data in order to process the respective request. The collection and processing of personal data by the individual public bodies is carried out in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the national data protection law and the respective national special law. The processing of personal data by a public body can take place, among other things, by collecting, storing, using, transmitting, linking, making available for retrieval or by deleting and destroying.

Legal basis

The activities of the offices of the Liechtenstein National Administration are based on a specific legal mandate. The specific laws are generally listed on the website of the respective office or linked to the applicable regulations and laws. The legal basis for the processing of your personal data therefore arises at least from Art. 6 para. 1 let. e) of the General Data Protection Regulation (GDPR) in conjunction with Art. 4 of the Liechtenstein Data Protection Act (DSG) and the respective standards of the applicable special law.

Details on the legal basis and further information on the processing of data transmitted to the respective office via online forms can be found in the office-specific data protection notice, which you can access on the website of the respective office

Under certain circumstances, your consent is also the legal basis for processing your personal data in accordance with Art. 6 para. 1 letter a) GDPR or the processing is based on the fulfillment of a contract or is carried out on the basis of pre-contractual measures in accordance with Art. 6 para. 1 letter b) GDPR.

The processing of personal data in connection with our Internet presence/this website is carried out in accordance with Art. 6 para. 1 GDPR on the basis of:

- your consent, if you provide us with your data voluntarily, e.g. the newsletter

   subscribe (Art. 6 para. 1 let. a) GDPR);

- our legitimate interest, e.g. in ensuring stability and operational security    

   of the system (Art. 6 para. 1 letter f) GDPR)

The legal bases allow the Liechtenstein National Administration to process your personal data, which is necessary for the fulfillment of the tasks incumbent upon it.

Forwarding of data to third parties

Data is only passed on to third parties within the framework of the statutory provisions. Services from third-party providers may be used, who are then obliged to comply with the data protection requirements and specifications as so-called processors. The processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the controller

Under certain circumstances, public authorities may also jointly determine data processing with other controllers. In such cases, joint responsibility is also regulated in accordance with the provisions of the GDPR and the FADP.

If we transfer personal data to service providers outside the EU, this will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees, e.g. EU standard contractual clauses, are in place. A list of third countries and international organizations with an adequate level of data protection can be found in Annex 1 of the General Data Protection Regulation (GDPR)

Under certain circumstances, service providers are used for technical solutions that are based outside the EU/EEA. Details can be found below under III.

Duration of storage and deletion of personal data

Your data will be stored after collection by the respective public body of the National Administration for as long as is necessary for the fulfillment of the respective task, taking into account statutory retention periods. An overview of the statutory retention periods can be found on the website of the supervisory authority, www.datenschutzstelle.li under Services.

The data stored by the National Administration will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data of the data subjects are not deleted because they are required for other and legally permissible purposes, their processing will be restricted.

Right to information:

You have the right to obtain information about the personal data stored about you at any time, informally and without justification. This also applies to their origin and recipients and also to the purpose of storage. You will receive this information free of charge (Art. 15 GDPR). Requests for information about your stored data should be addressed directly to the relevant public body responsible or to the Data Protection Office

Rectification, restriction of processing, erasure, complaint, withdrawal of consent, data portability:

In addition, you have further rights, such as the right to rectification of inaccurate data, restriction of processing and erasure of your personal data (Art. 16 GDPR, Art. 17 GDPR, Art. 18 GDPR), as well as data portability, provided that the conditions for this are met (Art. 20 GDPR).

If you suspect unlawful data processing, you can lodge a complaint at any time with the supervisory authority responsible for us, the Data Protection Authority (DSS), www.datenschutzstelle.li. If you have given your consent to the National Administration, you can revoke it at any time with effect for the future (Art. 7 GDPR).

Right to object:

Insofar as we do not process your personal data on the basis of consent, but on the basis of a legal requirement such as Art. 6 para. 1 e) GDPR, you can object to the future processing of your personal data at any time for reasons arising from your particular situation (Art. 21 GDPR). The existence of a particular situation is subject to a case-by-case assessment.

Right to withdraw consent:

If you have consented to the processing of your data by the respective office (e.g. online forms; newsletter order) on the basis of your corresponding declaration, you can revoke your consent at any time and without reason for the future. The legality of the data processing carried out on the basis of the consent until the revocation is not affected by this revocation

III General information on visiting the website of the National Administration of the Principality of Liechtenstein

Voluntary personal data

The processing of your personal data as a user of our website is limited to the data required to provide a functional website and our content and services. The processing of our users' personal data only takes place for the purposes agreed with you or if there is another legal basis (within the meaning of the GDPR). We only collect personal data that is actually required for the performance and processing of our tasks and services or that you have voluntarily provided to us. These are:

-         contact details (e.g. name, email address)

-         Content data (e.g. text input)

-         Usage data (e.g. websites visited, interest in content, access times)

-         meta/communication data (e.g. device and browser information, IP address)

-         Data in connection with online forms (e.g. applications, notifications)

As soon as you access a page of our website and the online services embedded on our website, the IP address, the URL address of the page accessed, the date and time of access and information about the browser (program, version, PC or mobile, etc.) are stored on our web servers in so-called log files (web server log). These logs are used exclusively for technical purposes - e.g. to clarify technical problems - and for information security; they are neither analyzed in any other way nor linked to other data. This logging data is automatically deleted after 48 weeks.

-         Provision of the website in question, its functions and content

-         Responding to contact requests and communicating with users

-         Providing the services described in the content

-         security measures

-         Reach measurement and statistics

Applicable legal bases regarding the Internet presence

The legal bases for data processing in connection with our website are the provisions contained in Liechtenstein legislation on the fulfillment of the tasks of the Liechtenstein National Administration, e.g. according to the Law on Electronic Commerce with Public Authorities (E-Government Act; E-GovG).

Deletion of data when visiting the website of the National Administration

The data processed by us will be deleted or its processing restricted in accordance with Art. 17 and 18 GDPR. Unless expressly stated in this privacy policy, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations

Cookies

We use cookies on our website to make our offering more user-friendly. Cookies are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our website. This allows us to recognize your browser the next time you visit.

We use Matomo, formerly "Piwik", for web analysis. This is an open source web analysis tool that creates evaluations using cookie technologies. These are text files that are stored on your end device (laptop, tablet, smartphone, etc.) and transmit and store the information obtained back to us or our processor. This enables us to evaluate and analyze your usage behavior when you visit and use our website. The hosting of the Matomo database is outsourced to our processor, Ops One AG, based in Switzerland. The information generated by cookies about your use of our website is not passed on to third parties.

We understand the evaluations and analyses as part of our Internet service and thus follow our public mandate from Art. 6 para. 1 let. e) GDPR, Art. 4 FADP and from EU Regulation 2018/1724 on the single digital gateway to procedures, etc. Our aim is to continuously improve our website and adapt it to the needs of our visitors. If you do not want your data to be used for web analysis, you can independently prevent cookies from being stored in your browser. However, this may mean that you will no longer be able to use some functions of our website that require identification, e.g. newsletter registration

If you are interested in further information on the terms of use of Matomo and the corresponding data protection regulations, you will find it on the following website:  https://matomo.org/privacy/ .

Defense measures against DDoS attacks

Distributed Denial of Service. The purpose of such attacks is to overload websites and applications with targeted and distributed requests so that they are no longer accessible, the web server is put out of action and the entire service is denied. As a defensive measure, LLV relies on the content delivery network from Cloudfare. The company is based in Munich, Germany, but its headquarters are in the USA. The exact address is: Cloudfare, Inc, 101 Townsend St, San Francisco, CA 94107, USA. Their privacy policy can be found on their website at https://www.cloudflare.com/de-de/privacypolicy/

The following personal data is processed via the service provider:

-         Full IP address of the requesting computer

-         Date and time of access

-         Name and URL of the requested file

-         Page from which the file was requested

-         Access status (file transferred, file not found, etc.)

-         Web browser and operating system used

-         Amount of data transferred

Search field

The search function built into our website is a service provided by Elasticsearch BV ("Elasticsearch"). This means, among other things, that your IP address and your search query entered in this search field will be forwarded to Elasticsearch. You acknowledge and agree that Elasticsearch's Privacy Policy (located at https://www.elastic.co/legal/privacy-statement) applies to your use of the search box.

Feedback function

When you access the feedback function on our website, an email is created. In its subject line, information is written about the subpage from which you accessed the feedback function and the browser you are using, including the associated components (e.g. .NET version). This information is used exclusively to clarify technical problems in connection with your request that you send us via the feedback function. All other information in your email will be used exclusively to process your request.

Emails sent to us

We draw your attention to the fact that - subject to an explicit agreement and configuration - emails sent to us are sent unencrypted.

If you wish to send confidential or sensitive information, please contact the relevant office in advance to agree a secure way to send the data.

Contact form, complaint form

If you fill out a contact or complaint form, your details will only be stored for the purpose of processing this request and any other related questions and will only be used in the context of this request. The legal basis for processing your request is usually consent in accordance with Art. 6 para. 1 letter a) GDPR or the fulfillment of a contract or pre-contractual measures in accordance with Art. 6 para. 1 letter b) GDPR. You have alternative options for contacting us, e.g. by post, telephone or over the counter.

When you register for our newsletter, we will immediately send an e-mail containing a hyperlink to the e-mail address you have provided. By clicking on this link, you confirm your newsletter registration (double opt-in procedure). If you do not confirm your registration within 24 hours, we will delete the email address from our temporary list and no registration will have taken place.

Entering your title, surname and first name when registering for one of the Liechtenstein National Administration's newsletters is voluntary and is used solely to address you in the newsletter

By entering your email address and, if applicable, your title, surname and first name, as well as selecting one or more newsletters and submitting this information to us, you consent (Art. 6 para. 1 let. a GDPR) to the storage of this information, including the date of registration, IP address and the list name of the desired newsletter, on our systems. We only use this information for the administration and sending of the newsletter you have selected.

my.llv.li

The my.llv.li account ("service account") of the Liechtenstein National Administration (LLV) serves citizens and companies as a digital access account to administrative services in accordance with the requirements of the e-Government Act (E-GovG), the Service of Documents Act and the Act on the Central Register of Persons. Among other things, data processing enables secure access to personal and company data, traceable communication via ePostPlus and the use of various applications via single sign-on (SSO).

Personal data is collected and processed to fulfill legal obligations in accordance with E-GovG, ZPRG and ZustG. This includes in particular the provision of central master data, the handling of electronic communication with authorities and companies and secure electronic delivery.

All data that you enter in online forms that are transmitted electronically will be stored permanently on our systems after you select the "Send" function, including the date and time of submission. The data entered in online forms is always transmitted in encrypted form (https).

All activities that you carry out in connection with electronic identification using eID.li or lilog (e.g. registration, login, incorrect password entry, change of user account, etc.) are recorded and stored permanently. Sensitive data using lilog, such as the user name or password, is stored in encrypted form and cannot be read by us.

This data is used exclusively for the purpose of electronic identification and to clarify technical problems and for information security.

EU Single Market rules give people and businesses the Legal Division to move freely within the European Economic Area for work, study, business or other purposes. Where our authorities are involved in the implementation of these rules, information is exchanged with competent authorities in other countries where appropriate. Details on the Internal Market Information System IMI can be found on the website of the European Commission at the following link: https://ec.europa.eu/internal_market/imi-net/index_de.htm.

IV. Questions from you

If you have any questions or comments as a data subject regarding the processing of your personal data by the offices of the National Administration, please contact the respective office or the Data Protection Officer of the National Administration directly using the contact details provided above.

Supervisory authority as complaints body

In the event that you wish to lodge a complaint about the Liechtenstein National Administration, the Data Protection Authority is the competent supervisory authority and can be contacted as follows:

Data Protection Authority for the Principality of Liechtenstein
Städtle 38
P.O. Box 684
FL-9490 Vaduz

Phone: +423 236 60 90

E-mail: [email protected]
Website: www.datenschutzstelle.li