Privacy policy

Protecting the privacy and integrity of personal data relating to Relevant Persons1 , applicants, and employees is of utmost importance to us. Below we outline the basis on which we collect, process and store personal data, the purposes for which we use or disclose it, and the rights of the data subjects.

1. General Information

We process personal data to provide our Services2 , to fulfil legal obligations (particularly under the Liechtenstein Due Diligence Act – SPG and Ordinance – SPV) and to protect our legitimate interests, such as maintaining client communication.

The processing is based on the EU General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act (DSG).

2. Types of Personal Data

Depending on the purpose, we may process the following categories of personal data:

  • Client Data: name, date of birth, address, nationality, occupation, contact details
  • Identification Data: ID copies, proof of residence, tax numbers, signature samples
  • Due Diligence and Mandate Records: beneficial ownership, banking and tax information, corporate documents, correspondence
  • Communication Data: emails, telephone logs, inquiries
  • Application Data: CVs, certificates, references, cover letters, related correspondence
  • Employee Data: personal details, employment contracts, payroll and bank details, performance records and, with consent, photos and professional profiles for publication on the corporate website

3. Sources of Data

We obtain personal data directly from clients, applicants, employees, business partners or from publicly available sources (e.g. company registers, press, internet).

4. Use and Disclosure

Personal data is used solely for the purposes stated above and disclosed only where legally required or necessary to provide our Services (e.g. to banks, advisors, or legal representatives).

Application data is processed solely for recruitment purposes and deleted after completion of the process unless legal retention duties apply.

Employee photos and profiles are published only with explicit consent.

5. Data Security

We apply appropriate technical and organisational security measures and store data on secure servers within the European Economic Area.

6. Retention

Personal data is retained for the duration of the client or employment relationship and thereafter for ten years in line with statutory obligations. Application data is deleted within six months unless consent for longer retention is given.

7. Data Subject Rights

Data subjects have the following rights under the GDPR:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Objection (Art. 21 GDPR)
  • Data portability (Art. 20 GDPR)

Requests can be directed to our Data Protection Officer:

Griffin Group Foundation
Feldkircher Strasse 70, 9494 Schaan, Liechtenstein
T: +423 237 69 00, E: dataprotection@griffin.li

8. Website Use

Our website is hosted on Webflow (USA) and uses a Content Delivery Network (CDN) via Cloudflare and Amazon Web Services (AWS). Technical usage data (IP address, timestamp, browser data) may be processed for operational and security purposes.

All service providers are bound by data processing agreements compliant with the GDPR.
Only technically necessary cookies are used; optional tools (e.g. analytics or marketing) are activated only upon consent.

1 “Relevant Parties“ means: Contracting Partners, Founders of Foundations, Institutions and Companies, p, Directors of Mandates, Persons who exercise control over companies that we administer, advisors, amongst others
2 “Services“ means a) company formation, management, administration, (b) provision of registered agent services, company secretarial services, nominee directors or shareholders, (c) bank or brokerage introductions, (d) trustee, board of foundation, advisory and other related services provided by Griffin Trust to Related Parties.