Protecting the privacy of Related Parties¹ is very important to us. In the following, we outline the basis on which we collect and process personal data, for what purposes we use and disclose your personal data and your rights in respect of your personal data.

In order to be able to provide our Services ², to adhere to our legal obligations in accordance with the Liechtenstein Due Diligence Act and Ordinance (“DDA“ and “DDO“) and to protect our legitimate interests (e.g. continuation of the delivery of newsletters to existing customers, provided there is no revocation), we, the Griffin Group³, process personal data that we obtain from our Related Parties.

In doing so, as a responsible organisation, we comply with the European General Data Protection Regulation ( “GDPR”⁴ ) and the Liechtenstein Data Protection Act.

In our data directories, the following personal data categories are processed in accordance with Art. 4 No. 1 GDPR in order to fulfill our activities within the scope of the purposes listed under number 1:

• Client and address data: Name, company, date of birth, private and / or business address, nationality, profession, telephone number, email address, bank account details;
• Identification data: identification documents, etc. Copies of passports or ID cards, utility bills, tax numbers, death certificates; authentication data, including Specimen signatures;
• Due diligence documents: Contractual partner, identification of the beneficial owner, profile of the business relationship with information about the professional and personal background (e.g. profession, source of wealth), World Check data, clarifications according to DDA/DDO;
• Correspondence: client orders, general; and
• Tax reporting data: ATCA, AIA, LDF and other relevant reports

To the extent necessary to meet our obligations under the DDA and the DDO and to provide our Services, we may obtain further information from publicly available sources, (e.g. registers, commercial and association registers, press, internet).

If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent.

The processing of these data is based on Art. 6 para. 1 lit. b GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases, the processing is based on your consent (Article 6 (1) a GDPR) and/or on our legitimate interests (Article 6 (1) (f) GDPR), since we have a legitimate interest in the effective processing of requests addressed to us.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

Personal data that we process is obtained from various sources, including but not limited to:

• Information you provide to us from time to time;
• Information about you provided to us by the contracting party acting on your behalf (e.g. your company or an intermediary);
• When you communicate with us by telephone, fax, email or other forms of electronic communication ;
• Our client on-boarding forms;
• Other companies in the Griffin Group;
• Your agents, advisers, intermediaries, and custodians of your assets;
• To the extent necessary to meet our obligations under the GDPR, the DDA and the DDO and to provide our Services, we may obtain further information from publicly available sources, (e.g. registers, commercial and association registers, debt directories, press, internet).

We protect your personal data through appropriate technical and organizational security measures and store them electronically on secure servers and physically in secure premises.

Please note that we will not transfer any data to a third party unless required by law (e.g. under the Common Reporting Standards) or required in the course of providing our Services to you (e.g. providing information to advisors, banks and lawyers, amongst others in order to facilitate transactions that we are undertaking on your behalf or enable them to comply with their own due diligence laws.

Any data that we hold about you will be stored as long as our relationship exists and thereafter for further 10 years.

We would like to inform you that under the GDPR, you have the following rights:

• the right to access according to Article 15 of the GDPR,
• the right to rectification according to Article 16 of the GDPR,
• the right to erasure according to Article 17 of the GDPR, the right to restrict processing according to Article 18 of the GDPR, the right of object according to Article 21 of the GDPR,
• if applicable – the right to data portability according to Article 20 of the GDPR.
• You may at any time lodge a complaint with the responsible data protection authority under Article 77 of the GDPR. More information in this regard can be found here: https://www.llv.li/#/1758/datenschutzstelle

The above rights may be subject to special laws in Liechtenstein (such as the DDA and the DDO) and we may be entitled to refuse requests where exceptions apply.

The person responsible within the meaning of the General Data Protection Regulation (DSGVO) is:

Griffin Group Foundation
T: +423 237 69 00
F: +423 237 69 10
W: www.griffin.li
Landstrasse 40, 9495 Triesen, Liechtenstein

The corporate data protection officer of the Griffin Group is contactable under the above mentioned address. Please direct your queries to the data protection officer at the address mentioned above or via email to dataprotection@griffin.li.

There is a possibility that your browsing patterns will be statistically analysed when your visit this website. Such analyses are performed primarily with cookies and with what we refer to as analysis programmes. As a rule, the analyses of your browsing patterns are conducted anonymously; i.e. the browsing patterns cannot be traced back to you.

You have the option to object to such analyses or you can prevent their performance by not using certain tools. For detailed information about the tools and about your options to object, please consult our Data Protection Declaration below.

This website is hosted by an external service provider (host). Personal data collected on this website are stored on the servers of the host. These may include, but are not limited to, IP addresses, contact requests, metadata and communications, contract information, contact information, names, web page access, and other data generated through a web site.

The host is used for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b DSGVO) and in the interest of secure, fast and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f DSGVO).

Our host will only process your data to the extent necessary to fulfil its performance obligations and to follow our instructions with respect to such data.

In order to guarantee processing in compliance with data protection regulations, we have concluded an order processing contract with our host.

For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption programme. You can recognise an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.

If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

Each time our website is accessed, our system automatically collects data and information from the accessing computer system.

The following data is collected here:

• Information about the browser type and version used
• The operating system of the user
• The Internet service provider of the user
• The IP address of the user
• Date and time of access
• Internet pages from which the user’s system accesses our website

This data is not merged with other data sources.

This data is recorded on the basis of Art. 6 Sect. 1 lit. f GDPR. The operator of the website has a legitimate interest in the technically error free depiction and the optimization of the operator’s website. In order to achieve this, server log files must be recorded.

Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 month. For details please click the following link: https://support.google.com/analytics/answer/7667196?hl=en

Our websites and pages use what the industry refers to as “cookies.” Cookies are small text files that do not cause any damage to your device. They are either stored temporarily for the duration of a session (session cookies) or they are permanently archived on your device (permanent cookies). Session cookies are automatically deleted once you terminate your visit. Permanent cookies remain archived on your device until you actively delete them or they are automatically eradicated by your web browser.

In some cases it is possible that third party cookies are stored on your device once you enter our site (third party cookies). These cookies enable you or us to take advantage of certain services offered by the third party (e.g. cookies for the processing of payment services).

Cookies have a variety of functions. Many cookies are technically essential since certain website functions would not work in the absence of the cookies (e.g. the shopping cart function or the display of videos). The purpose of other cookies may be the analysis of user patterns or the display of promotional messages.

Cookies that are required for the performance of the electronic communications transaction or to provide certain functions you want to use (e.g. the shopping cart function), are stored on the basis of Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in storing cookies to ensure the technically error free and optimised provision of the operator’s services. If a corresponding agreement has been requested (e.g. an agreement to the storage of cookies), the processing takes place exclusively on the basis of Art. 6 para. 1 lit. a GDPR; the agreement can be revoked at any time.

You have the option to set up your browser in such a manner that you will be notified any time cookies are placed and to permit the acceptance of cookies only in specific cases. You may also exclude the acceptance of cookies in certain cases or in general or activate the delete function for the automatic eradication of cookies when the browser closes. If cookies are deactivated, the functions of this website may be limited.

In the event that third party cookies are used or if cookies are used for analytical purposes, we will separately notify you in conjunction with this Data Protection Policy and, if applicable, ask for your consent.

Data on the user or incident level stored by Google linked to cookies, user IDs or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) will be anonymized or deleted after 14 month. For details please click the following link: https://support.google.com/analytics/answer/7667196?hl=en

You do have the option to prevent the archiving of cookies by making pertinent changes to the settings of your browser software. However, we have to point out that in this case you may not be able to use all of the functions of this website to their fullest extent. Moreover, you have the option prevent the recording of the data generated by the cookie and affiliated with your use of the website (including your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

To ensure that fonts used on this website are uniform, this website uses so-called Web Fonts provided by Google. When you access a page on our website, your browser will load the required web fonts into your browser cache to correctly display text and fonts.

To do this, the browser you use will have to establish a connection with Google’s servers. As a result, Google will learn that your IP address was used to access this website. The use of Google Web Fonts is based on Art. 6 Sect. 1 lit. f GDPR. The website operator has a legitimate interest in a uniform presentation of the font on the operator’s website. If a respective declaration of consent has been obtained (e.g. consent to the archiving of cookies), the data will be processed exclusively on the basis of Art. 6 Sect. 1 lit. a DGDPR. Any such consent may be revoked at any time.

If your browser should not support Web Fonts, a standard font installed on your computer will be used.

For more information on Google Web Fonts, please follow this link: https://developers.google.com/fonts/faq and consult Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.

We use state of the art encryption supported by your browser during the visit to the website. Whether a single page of our website is transmitted encrypted, you can tell by the closed representation of the key or lock icon in the address bar of your browser.