en
en

Privacy Policy

Status: April 2025

With the following data protection notice we would like to give you an overview on how personal data may be processed by our Asset Management Company and your rights in relation to this information under the new EU General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act (DPA). The specific data that will be processed and how the data will be used will essentially depend on the services and products that will be provided and/or have been agreed upon in each specific case. The Asset Management Company is legally bound to protect your privacy and keep your information confidential and will therefore implement a range of technical and organizational measures to ensure data security for all processing of personal data.

In the course of our business relationship, we will need to process personal data required for the purpose of setting up and conducting the business relationship, meeting applicable statutory or contractual requirements, providing services and executing orders. Without having this data, we would generally be unable to enter into or maintain a business relationship, process orders, or offer services and specific products.

Should you have any questions concerning specific data processing activities or wish to exercise your rights, further described under section 5 below, please contact:

Ott, Hagen & Partner AG, Phone: +423 399 49 90, Im Mühleholz 3, 9490 Vaduz, Liechtenstein.

1. Which data will be processed (data categories) and what are the sources (origin) of this data?

We collect and process personal data that we obtain in the course of our business relationship with our Clients. Personal data may be processed at any stage of the business relationship and the type of data will vary depending on the group of persons involved. Generally, we will process personal data that you provide in the course of submitting agreements/ contracts, forms, correspondence or other documents to us. As far as necessary in order to provide services, we will also process any personal data, which are generated or transmitted as a result of using products or services, or that we have lawfully obtained from third parties (e.g. Trust Company) or public authorities (e.g. UNO and EU sanctions lists). Finally, we may process personal data from publicly available sources (e.g. land registers, commercial registers and registers of associations, the press, the Internet). Apart from Client data, we may, where appropriate, also process personal data of other third parties involved in the business relationship, including data pertaining to (further) authorized agents, representatives, legal successors or beneficial owners under a business relationship. Please ensure that such third parties are also aware of this data protection notice. Personal data concerns the following categories of data in particular:

Master data:

  • Personal details (e.g. name, date of birth, nationality)

  • Address and contact details (e.g. physical address, telephone number, email address)

  • Identification data (e.g. passport or ID card details) and authentication data (e.g. signature specimen)

  • Data from publicly accessible sources (e.g. tax identification numbers)

Further basic data:

  • Information on services and products used (e.g. investment experience and investment profile, consultancy records, data concerning effected transactions)

  • Information about household composition and relationships (e.g. information about spouses or partners and other family details, authorized signatories, legal representatives)

  • Information about financial characteristics and financial situation (e.g. portfolio and account numbers, origin of assets)

  • Information about professional and personal background (e.g. occupation, hobbies, wishes, preferences)

  • Technical data and information regarding electronic communication with the asset management company (e.g. logs of access or changes)

  • Image and audio files (e.g. video or telephone recordings)

2. For what purposes and on what legal basis is your data processed?

We process personal data in accordance with the provisions of the GDPR as well as the Data Protectin Act (DPA) for the following purposes and on the following legal basis:

  • For the performance of a contract or to take steps prior to entering into a contract in connection with supplying and acting as intermediary in relation to asset management, investment advice and other financial services, which can be rendered by an Asset Management Company. The purposes for which data are processed will depend primarily on the specific service or specific product involved (e.g. securities) and may include, for example, needs analysis, advisory services, wealth and asset management and carrying out transactions.

  • To comply with legal obligations or in the public interest, in particular the compliance with statutory and regulatory requirements (e.g. compliance with the GDPR, the DPA, the Liechtenstein Asset Management Act, due diligence and anti-money laundering rules, regulations designed to prevent market abuse, tax legislation and tax treaties, monitoring and reporting obligations, and for the purpose of managing risks).

  • For the purposes of the legitimate interests pursued by us or by a third party that have been specifically defined, including determining product ratings, marketing and advertising, performing business checks and risk management, reporting, statistics and planning, preventing and investigating criminal offences, video surveillance to ensure compliance with house rules and to prevent threats, recordings of telephone calls.

  • On the basis of the consent given by you for the purpose of supplying asset management or for the purpose of executing orders, including, for example, transferring data to service providers or contracting partners of the Asset Management Company. You have the right to withdraw your consent at any time. This also applies to declarations of consent provided to the Asset Management Company before the GDPR came into effect, i.e. prior to 25 May 2018. Consent may only be withdrawn with effect for the future and does not affect the lawfulness of data processing undertaken before consent was withdrawn.

We reserve the right to further process personal data collected for any of the aforementioned purposes for other purposes, provided this is compatible with the original purpose or permitted or required by law (e.g., reporting obligations).

3. Who has access to the personal data and how long is it stored?

Parties within and outside of the Asset Management Company may obtain access to your data. Departments and employees within the Asset Management Company may only process your data to the extent required for the purpose of fulfilling our contractual, statutory and regulatory duties as well as pursuing legitimate interests. Other companies, service providers or agents may also have access to personal data for such purposes, subject to statutory 27 regulations. The categories of processors may include companies supplying asset management services, companies operating under distribution agreements and companies supplying IT, logistics, printing, advisory and consultancy, distribution and marketing services. In this context, recipients of your data may also include other financial services institutions or similar organizations to which we transfer personal data for the purposes of conducting the business relationship (e.g. custodian banks, brokers, stock exchanges, information centers).

Public bodies and organizations (e.g. supervisory authorities, fiscal authorities) may also receive your personal data where there is a statutory or regulatory obligation.

Data will only be transferred to countries outside the EU or EEA (so-called third countries) if

  • this is required for the purpose of taking steps prior to entering into a contract, performing a contract, supplying services or executing orders (e.g., execution of securities transactions),

  • you have given us your consent (e.g. for client support provided by another company),

  • this is necessary for important reasons of public interest (e.g., due to anti-money laundering requirements), or

  • this is mandatory by law (e.g., transaction reporting obligations).

We process and store your personal data throughout the duration of the business relationship, unless there is a stringent obligation to erase specific data at an earlier date. It is important to note that our business relationships may subsist for many years. In addition, the length of time that data will be stored will depend on whether processing continues to be necessary as well as the purpose of processing. Data will be erased at regular intervals, if the information is no longer required for the purpose of fulfilling contractual or statutory duties or pursuing our legitimate interests, i.e. the objectives have been achieved, or if consent is withdrawn, unless further processing is necessary by reason of contractual or statutory retention periods or documentation requirements, or in the interests of preserving evidence throughout any applicable statutory limitation periods.

4. Will there be automated decision-making including profiling?

We basically do not make decisions based solely on the automated processing of personal data. We will inform you separately in accordance with the statutory regulations of any intention to use this method in particular circumstances. Certain business areas involve the automated processing of personal data at least to a certain extent, where the objective is to evaluate certain personal aspects in line with statutory and regulatory requirements (e.g. money laundering prevention), carry out needs-analysis in relation to products and services or for the purpose of managing risks. The Asset Management Company reserves the right, in future, to analyze and evaluate Client data (including the data of any third parties involved) by automated means for the purpose of identifying key personal characteristics in relation to Clients, predicting developments and creating Client profiles. Such data will be used, in particular, to perform business checks, provide customized advice, offer products and services and provide any information that the Asset Management Company may wish to share with Clients.

5. What data protection rights do you have?

You have the following data protection rights pursuant to the GDPR in respect of personal data relating to you:

  • Right of access: you may obtain information from the Asset Management Company about whether and to what extent personal data concerning you are being processed (e.g. categories of personal data being processed, purpose of processing).

  • Right to rectification, erasure and restriction of processing: You have the right to obtain the rectification of inaccurate or incomplete personal data concerning you. In addition, your personal data must be erased if the data are no longer necessary in relation to the purposes for which they were collected or processed, if you 28 have withdrawn your consent, or if the data have been unlawfully processed. You also have the right to obtain restriction of processing.

  • Right to withdraw consent: You have the right to withdraw your consent to the processing of personal data concerning you for one or more specific purposes at any time, where the processing is based on your explicit consent. This also applies to declarations of consent provided before the GDPR took effect, i.e. prior to 25 May 2018. Please note that consent may only be withdrawn with effect for the future and does not affect any data processing undertaken prior to withdrawing consent. Moreover, the withdrawal of consent has no effect in relation to data processing undertaken on other legal grounds.

  • Right to data portability: you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format, and to have the data transmitted to another controller.

  • Right to object: You have the right to object, on grounds relating to your particular situation, without any formal requirements, to the processing of personal data concerning you, if such processing is in the public interest or in pursuit ofthe legitimate interests of the Asset Management Company or a third party. You also have the right to object, without any formal requirements, to the use of personal data for promotional purposes. If you object to the processing of your personal data for direct marketing purposes, we will discontinue processing your personal data for this purpose.

  • Right to lodge a complaint: You have the right to lodge a complaint with the relevant Liechtenstein supervisory authority. You may also lodge a complaint with another supervisory authority in an EU or EEA member state, e.g.your place of habitual residence, place of work or the place in which the alleged breach took place.

6. Website usage

Scope of the processing of personal data

Our processing of personal data of our users is limited to the data necessary to provide a functional website as well as our content and services. The processing of personal data is carried out only for the purposes agreed with the users or if there is another legal basis (within the meaning of the GDPR). Only such personal data is collected that is actually required for the performance and execution of our tasks and services or that you have voluntarily provided to us.

Your rights (data subject rights)

You have the right to request information about the personal data we process about you. In particular, you may request information regarding the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, data portability, the origin of your data (if not collected directly from you), and the existence of automated decision-making including profiling.

You also have the right to withdraw any consent you may have given regarding the use of your personal data at any time.

If you believe that the processing of your personal data by us violates applicable data protection laws, you have the right to file a complaint with the relevant data protection authority.

Description and scope of data processing

Visitor and usage data

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected in this context:

  • Information about the browser type and version used

  • The user’s operating system

  • The user’s internet service provider (ISP)

  • The user’s IP address

  • Date and time of access

  • Websites from which the user’s system accesses our website (referrer)

We do not conduct our own web analytics on our website, nor do we use any web analytics tools (such as Google Analytics). Therefore, no evaluation of the aforementioned visitor and usage data takes place.

Cookies

We use cookies on our website to make our offering more user-friendly. Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. These cookies remain stored until you delete them, allowing us to recognize your browser upon your next visit.

If you do not wish this to happen, you can configure your browser to inform you about the setting of cookies and allow them only on a case-by-case basis. However, please note that disabling cookies may result in limited functionality of our website.

The legal basis for the data processed through cookies is Article 6(1)(f) of the GDPR.

Cookies remain valid for a period ranging from several weeks to months and are then automatically deleted by your browser unless you remove them manually beforehand.

File downloads (e.g. Software)

We do not require you to provide any personal information in order to download files from our website.

Data security

During your visit to our website, we use the common SSL/TLS encryption method combined with the highest level of encryption supported by your browser. You can recognize whether an individual page of our website is transmitted encrypted by the closed appearance of the key or padlock symbol in the address bar of your browser.

Furthermore, we apply additional appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

The contact details for the data protection authority in Liechtenstein are as follows:

Liechtenstein Data Protection Office, Kirchstrasse 8, Postfach, FL-9490 Vaduz, Principality of Liechtenstein, Telefon Nr. + 423 236 60 90, E-Mail: info.dss@llv.li

You should preferably submit any requests for access or raise any objections in writing with the Data Protection Officer. The Data Protection Officer is also the appropriate point of contact for any other data protection matters.

Contact

+423 399 49 90

info@ohp.li

Im Mühleholz 3, 9490 Vaduz, Liechtenstein

Ott, Hagen & Partner AG

Legal Notice

Terms and Conditions

Privacy Policy

Participation Policy

Sustainability

Imprint

© Copyright Ott, Hagen & Partner AG 2025. All rights reserved.