Privacy Policy

Contact Details

W Asset Management AG

• General

  The following privacy policy applies to the use of the websites www.valuefonds.eu and www.valuefonds.at (hereinafter referred to as “Website”) and to the personal data collected via this website, as well as to the general data processing at WL Asset Management AG. For websites of other providers, to which links are provided, for example, the respective privacy notices and policies apply. We attach great importance to data protection, as the protection of your personal data is a particular concern for us. Therefore, we process your data exclusively on the basis of legal provisions (GDPR). This statement describes how and for what purpose your data is collected and used, and what choices you have regarding personal data. By using this website, you agree to the collection, use, and transfer of your data in accordance with this privacy policy.

  Overview

  • Name and address of the controller
  • General information on data processing
  • Data processing in asset management
  • Website provision and creation of log files
  • Use of Cookies
  • Contact form and email
  • Data Security
  • Disclosure of data to third parties
  • Applications
  • Rights of the data subject

• Name and address of the controller

  The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection provisions, is:

  WL Asset Management AG
  Grabenackerweg 3
  9491 Ruggell
  Liechtenstein
  Phone: +423 239 8970
  Email: office@valuefonds.eu

  Currently, no data protection officer is required.

• General information on data processing

  Scope of personal data processing

  We generally process personal data of our users only to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users regularly takes place only with the user’s consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of data is permitted by legal regulations.

  Legal basis for the processing of personal data

  Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis.
  When processing personal data that is necessary for the performance of a contract to which the data subject is party, Art. 6 para. 1 lit. b GDPR as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
  Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR as the legal basis.
  In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR as the legal basis.
  If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights, and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 lit. f GDPR as the legal basis for processing.

  Data deletion and retention period

  The personal data we collect from data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. Storage may also occur if this has been provided for by the European or national legislator in Union law regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned norms expires, unless there is a necessity for further storage of the data for the conclusion or fulfillment of a contract.

• Data processing in asset management

  With the following data protection information, we would like to give you an overview of the processing of personal data managed by our asset management company and the resulting rights according to the provisions of the new EU General Data Protection Regulation (GDPR) and the Data Protection Act (DSG). Which data is processed in detail and how it is used depends largely on the services and products to be provided or agreed upon. The asset management company is legally obliged to protect your privacy and confidentiality and, for this reason, takes a variety of technical and organizational data protection measures for all personal data processing.

  Within the scope of our business relationship, we are dependent on processing personal data that is necessary for establishing and conducting the business relationship, fulfilling associated legal or contractual obligations, and providing services or executing orders. Without this data, we will generally not be able to enter into or maintain a business relationship, process an order, or offer services and products.

  Which data is processed (data categories) and from which sources does it originate (origin)?

  We collect and process personal data that we receive within the scope of our business relationship with our clients. Personal data can be processed at any stage of the business relationship and may differ depending on the group of persons.
  Generally, we process personal data that you provide to us through submitted contracts, forms, your correspondence, or other documents. If necessary for the provision of the service, we also process personal data that arises or is transmitted due to the use of products or services, or that we have legitimately received from third parties (e.g., a trust company), from public bodies (e.g., UN and EU sanctions lists). Finally, personal data from publicly accessible sources (e.g., commercial and association registers, press, internet) may be processed.
  In addition to client data, we may also process personal data of other third parties involved in the business relationship, such as data of (additional) authorized representatives, legal successors, or beneficial owners of a business relationship. We ask you to also inform any third parties about this data protection information.
  Personal data, in particular, includes the following data categories:

  Master data

  • Personal details (e.g., name, date of birth, nationality)
  • Address and contact details (e.g., physical address, phone number, email address)
  • Identification data (e.g., passport or ID card data) and authentication data (e.g., signature sample)
  • Data from publicly accessible sources (e.g., tax identification numbers)

  
  Additional basic data

  • Information on services and products used (e.g., investment experience and investment profile, consultation protocols, data regarding executed transactions)
  • Information on household composition and relationships (e.g., information on spouses or civil partners and other family details, authorized signatories, legal representatives)
  • Information on financial characteristics and financial situation (e.g., portfolio and account number, origin of assets)
  • Information on professional and personal background (e.g., professional activity, hobbies, wishes, preferences)
  • Technical data and information on electronic communication with the asset management company (e.g., records of access or changes)

  
  For what purposes and on what legal basis is your data processed?

  We process personal data in accordance with the provisions of the GDPR and the DSG for the following purposes or on the basis of the following legal grounds:

  • For the fulfillment of a contract or for the implementation of pre-contractual measures in the context of providing and brokering asset management, investment advice, and other financial services that can be provided by an asset management company. The purposes of data processing are primarily determined by the specific service or product (e.g., securities) and may include, among others, needs analyses, consulting, asset management and support, as well as the execution of transactions.
  • For the fulfillment of legal obligations, in particular compliance with statutory and supervisory requirements (e.g., compliance with the GDPR, the DSG, the Asset Management Act, due diligence and anti-money laundering regulations, market abuse regulations, tax laws and agreements, control and reporting obligations, risk management). Should you not provide us with the necessary data, we have corresponding supervisory obligations to fulfill and may be forced to terminate the business relationship.
  • For the protection of legitimate interests of us or third parties for specifically defined purposes, in particular for determining product development, marketing and advertising, business audits and risk management, reporting, statistics and planning, prevention and investigation of criminal offenses, video surveillance for the protection of property rights and for averting dangers.
  • Based on your consent, which you have given us for the provision of asset management services or based on orders, such as the transfer of data to service providers or contractual partners of the asset management company. You have the right to withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that were given to the asset management company before the GDPR came into force, i.e., before May 25, 2018. The withdrawal of consent is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.
    We reserve the right to further process personal data collected for one of the aforementioned purposes also for the other purposes if this is compatible with the original purpose or permitted or prescribed by law (e.g., reporting obligations).

  
  Who receives access to personal data and how long is it stored?

  Access to your data can be granted to entities both within and outside the asset management company. Within the asset management company, only entities or employees may process your data if they require it to fulfill our contractual, legal, and supervisory obligations, as well as to protect legitimate interests. In compliance with the relevant legal provisions, other companies, service providers, or vicarious agents may also receive personal data for these purposes. Processors may include companies in the categories of asset management services, distribution agreements, IT services, logistics, printing services, advice and consulting, as well as sales and marketing. Furthermore, recipients of your data in this context may be other financial service institutions or comparable entities to which we transmit personal data for the purpose of conducting the business relationship (e.g., custodian banks, brokers, stock exchanges, information agencies).
  In the event of a legal or supervisory obligation, public bodies and institutions (e.g., supervisory authorities, financial authorities, etc.) may also receive your personal data.
  Data transfer to countries outside the EU or EEA (so-called third countries) only takes place if

  • this is necessary for carrying out pre-contractual measures or for the fulfillment of a contract, for the provision of services or processing of orders (e.g., execution of securities transactions)
  • you have given us your consent (e.g., for customer support by another company),
  • this is necessary for important reasons of public interest or
  • this is legally required (e.g., transaction reporting obligations).

  We process and store personal data for the entire duration of the business relationship, unless shorter mandatory deletion obligations exist for certain data. It should be noted that our business relationships can be long-term. Furthermore, the duration of storage is determined by the necessity and purpose of the respective data processing. If the data is no longer required for the fulfillment of contractual or legal obligations or for the protection of our legitimate interests (purpose achieved) or if a given consent is withdrawn, it will be regularly deleted, unless further processing is necessary due to contractual or legal retention periods and documentation obligations or for reasons of preserving evidence during the period of applicable limitation periods. The retention period according to the Asset Management Act is generally five years, up to seven years upon request by the Financial Market Authority Liechtenstein. The retention period according to the Due Diligence Act is ten years. The retention period according to the Asset Management Act is generally five years, up to seven years upon request by the Financial Market Authority Liechtenstein. The retention period according to the Due Diligence Act is ten years.

• Website provision and creation of log files

  Description and scope of data

  Each time our website is accessed, our system automatically collects data from the computer system of the accessing device. This includes:

  • Browser type and version
  • Operating system
  • Internet service provider
  • IP address
  • Date and time of access
  • accessed content/pages
  • if applicable, the website from which access is made

  The data is stored in log files; it is not merged with other personal data.

  Legal basis
  The processing is based on Art. 6 para. 1 lit. f GDPR, legitimate interest in the technical provision and security of the website.

  Purpose of data processing
  The temporary storage of the IP address is necessary to deliver the website. Storage in log files serves to ensure functionality, the security of our IT systems, and technical optimization. No evaluation for marketing purposes takes place.

  Storage duration
  The data is deleted as soon as it is no longer required for the purpose. For log files, this is usually the case after seven days at the latest. Longer storage may occur in individual cases if this is necessary to prevent or investigate security-relevant incidents.

  Right to object
  The collection of data and storage in log files is absolutely necessary for the operation of the website. There is no right to object in this respect.

• Use of Cookies

  We use cookies on our website to make our offer user-friendly. Cookies are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our site. The cookies remain stored until you delete them. This allows us to recognize your browser on your next visit.

  If you do not wish this, you can set up your browser to inform you about the setting of cookies and allow them in individual cases. However, we point out that deactivation will prevent you from using all functions of our website.

  Manage Cookies: Consent Preferences

  The legal basis for the data processed by cookies is Art. 6 Para. 1 S. 1 lit. f DSGVO.

  The cookies remain valid for one year and are then deleted by your browser.

  The following data is stored and transmitted in the cookies:
  a) Language settings
  b) Log-in information

  Furthermore, we use cookies on our website that enable an analysis of user browsing behavior.

  In this way, the following data can be transmitted:
  a) Entered search terms
  b) Frequency of page views
  c) Use of website functions

  The user data collected in this way is pseudonymized by technical measures. Therefore, it is no longer possible to assign the data to the accessing user. The data is not stored together with other personal data of the users.
  When accessing our website, users are informed about the use of cookies for analysis purposes via an info banner and referred to this privacy policy. In this context, there is also a note on how the storage of cookies can be prevented in the browser settings.
  When accessing our website, the user is informed about the use of cookies for analysis purposes and their consent to the processing of personal data used in this context is obtained. In this context, there is also a reference to this privacy policy.

  Legal basis for data processing

  The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f DSGVO. Die Rechtsgrundlage für die Verarbeitung personenbezogener Daten unter Verwendung von Cookies zu Analysezwecken ist bei Vorliegen einer diesbezüglichen Einwilligung des Nutzers Art. 6 Abs. 1 lit. a DSGVO.

  Optional cookies include

  • YouTube

  Purpose: YouTube allows the direct embedding of content published on youtube.com into websites. The cookies are used to collect visited websites and detailed statistics on user behavior. This data can be linked with the data of users logged in to youtube.com and google.com
  Usage based on legal basis of: Consent
  Provider: Google Ireland Inc.
  Privacy Policy: https://policies.google.com/privacy

  Purpose of data processing
  

  The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
  We need cookies for the following applications:
  a) Transfer of language settings
  b) Remembering search terms

  The user data collected by technically necessary cookies is not used to create user profiles.

  The analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimize our offer.

  Our legitimate interest in processing personal data in accordance with Art. 6 Para. 1 lit. f GDPR also lies in these purposes.

  Duration of storage, possibility of objection and removal
  

  Cookies are stored on the user’s computer and transmitted from there to our site. Therefore, as a user, you also have full control over the use of cookies. By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

  The transmission of flash cookies cannot be prevented via the settings of the browser, but by changing the setting of the Flash Player.

  Possibility of objection and removal

  You can change your cookie settings by clicking on the cookie button in the lower left corner of the screen.

• Contact form and email

  Description and scope of data processing

  There is a contact form on our website that can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and saved.

  This data is:

  1. a) Name*
  2. b) Your email address*
  3. c) Your phone number
  4. d) Your request

  Points a and b are mandatory here.

  The following data is also saved at the time the message is sent:

  1. a) The IP address of the user
  2. b) Date and time of registration

  Alternatively, you can contact us via the email address provided. In this case, the personal data transmitted with the email will be saved.
  The data will not be passed on to third parties under any circumstances. The data will only be used to process the request.

  To protect our forms from misuse, we use a local CAPTCHA procedure. No data is passed on to third parties.

  Legal basis for data processing

  Art. 6 Para. 1 lit. a or b GDPR applies to the processing of data from the contact form or by email.

  Purpose of data processing
  
  The processing of personal data serves solely to process the contact and, if applicable, to initiate a contractual relationship.
  The additional data collected during the sending process (IP address, timestamp) serve to protect against misuse of the form and to ensure system security.

  Duration of storage
  
  The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected.
  This is the case when the respective conversation with the user has ended or it is clearly recognizable that no further contact is desired.
  The additional technical data collected during the sending process will be deleted after seven days at the latest.

  Possibility of objection and removal

  Users can object to the processing of their personal data at any time. In this case, the conversation will not be continued and all personal data stored in the course of the contact will be deleted, provided that there are no statutory retention requirements to the contrary.
  The objection can be sent to us informally at any time by email.

• Data Security

  We make every effort to ensure the security of your data within the framework of the applicable data protection laws and technical possibilities. Your personal data is transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission over the internet (e.g. when communicating by email) can have security gaps. Complete protection of data against access by third parties is not possible. To secure your data, we maintain technical and organizational security measures that we constantly adapt to the state of the art. We also do not guarantee that our offer will be available at certain times; disruptions, interruptions or failures cannot be ruled out. The servers we use are regularly carefully secured.

• Disclosure of data to third parties

  In principle, we only use your personal data within our company. If and to the extent that we involve third parties in the fulfillment of contracts, these third parties will only receive personal data to the extent that the transmission is necessary for the corresponding service. In the event that we outsource certain parts of the data processing (“order processing”), we contractually oblige order processors to use personal data only in accordance with the requirements of data protection laws and to guarantee the protection of the rights of the data subject.

• Applications

  Description and scope of data processing
  Your application documents will be processed exclusively for the purpose of deciding on the establishment of an employment relationship with W L Asset Management AG.

  Processed data may include in particular:

  • First name, last name, address, contact details
  • Date of birth
  • Education, professional experience, qualifications
  • Salary expectations, notice period
  • Application documents (curriculum vitae, certificates, cover letter, references)

  
  Legal basis for processing

  Art. 6 Para. 1 lit. b GDPR Implementation of pre-contractual measures as part of the application process

  Purpose of processing
  Review and decision on a possible hiring.

  Duration of storage
  Your application data will be processed for the duration of the selection process.
  If you are rejected, your data will be deleted no later than 6 months after the end of the application process, unless longer storage is necessary to defend against legal claims or you have expressly consented to longer storage.

  Possibility of objection and removal

  The user has the option to revoke the processing of personal data at any time.

• Rights of the data subject

  The following list includes all rights of data subjects under the GDPR. Rights that are not relevant to your own website do not need to be mentioned. In this respect, the list can be shortened.
  If your personal data is processed, you are a data subject within the meaning of the GDPR and you have the following rights vis-à-vis the controller:

  Right to information

  You can request confirmation from the controller as to whether personal data relating to you is processed by us.

  If such processing takes place, you can request the following information from the controller:
  a) the purposes for which the personal data are processed;
  b) the categories of personal data that are processed;
  c) the recipients or categories of recipients to whom the personal data relating to you have been or will be disclosed;
  d) the planned duration of the storage of the personal data relating to you or, if specific information on this is not possible, criteria for determining the storage duration;
  e) the existence of a right to rectification or erasure of the personal data relating to you, a right to restriction of processing by the controller or a right to object to such processing;
  f) the existence of a right of appeal to a supervisory authority;
  g) all available information about the origin of the data if the personal data are not collected from the data subject;
  h) the existence of automated decision-making, including profiling, in accordance with Art. 22 Para. 1 and 4 GDPR and – at least in these cases – meaningful information about the logic involved as well as the scope and intended effects of such processing for the data subject.

  You have the right to request information as to whether the personal data concerning you are transferred to a third country or to an international organization. In this context, you can request to be informed about the appropriate guarantees pursuant to Art. 46 GDPR in connection with the transfer.

  Right to rectification

  You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you are incorrect or incomplete. The controller must make the correction without delay.

  Right to restriction of processing

  Under the following conditions, you can request the restriction of the processing of personal data concerning you:
  a) if you dispute the accuracy of the personal data concerning you for a period that enables the controller to verify the accuracy of the personal data;
  b) the processing is unlawful and you refuse to erase the personal data and instead request the restriction of the use of the personal data;
  c) the controller no longer needs the personal data for the purposes of the processing, but you need them to assert, exercise or defend legal claims, or
  d) if you have lodged an objection to the processing pursuant to Art. 21 Para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller outweigh your grounds.
  e) If the processing of personal data concerning you has been restricted, this data – apart from its storage – may only be processed with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state.
  If the restriction of processing has been restricted in accordance with the above-mentioned requirements, you will be informed by the controller before the restriction is lifted.

  Right to erasure

  I.) Obligation to erase
  You may request that the controller erase personal data concerning you without undue delay, and the controller is obliged to erase such data without undue delay if one of the following reasons applies:
  a) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.
  b) You withdraw your consent on which the processing is based pursuant to Article 6(1) 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
  c) You submit in accordance with Article 21(1) 1 GDPR objection to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(1) 2 GDPR objection to processing.
  d) The personal data concerning you has been processed unlawfully.
  e) The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  f) The personal data concerning you has been processed in relation to information society services offered in accordance with Art. 8 (1) 1 GDPR collected.

  Information to third parties
  If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 Para. 1 GDPR, it shall take appropriate measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personal data that you, as the data subject, have requested them to erase all links to this personal data or copies or replications of this personal data.

  Exceptions
  The right to erasure does not exist if the processing is necessary
  a) to exercise the right to freedom of expression and information;
  b) to fulfill a legal obligation that requires processing under the law of the Union or the member states to which the controller is subject, or to perform a task that is in the public interest or in the exercise of official authority that has been delegated to the controller;
  c) for reasons of public interest in the field of public health pursuant to Art. 9 Para. 2 lit. h and i and Art. 9 Para. 3 GDPR;
  d) for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 Para. 1 GDPR, insofar as the right mentioned under section a) is likely to make it impossible or seriously impair the achievement of the objectives of this processing, or
  e) to assert, exercise or defend legal claims.

  Right to information

  If you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves to be impossible or involves disproportionate effort.
  You have the right to be informed about these recipients by the controller.

  Right to data portability

  You have the right to receive the personal data concerning you that you have provided to the controller in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that
  a) the processing is based on consent pursuant to Article 6(1) 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Article 6(1) 1 lit. b) the processing is based on Article 6(1)(b) GDPR; and
  b) the processing is carried out using automated means.
  In exercising this right, you also have the right to have the personal data concerning you transferred directly from one controller to another controller, where technically feasible. This must not adversely affect the freedoms and rights of other persons.
  The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  Right to object

  You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on point (e) or (f) of Art. 6 para. 1 GDPR, including profiling based on those provisions.
  The controller will no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
  Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  If you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
  In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

  Right to withdraw consent under data protection law

  You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  Automated individual decision-making, including profiling
  
  You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
  a) is necessary for entering into, or performance of, a contract between you and the controller,
  b) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  c) is based on your explicit consent.
  However, these decisions may not be based on special categories of personal data referred to in Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

  In the cases referred to in (1) and (3), the controller will implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

  Right to lodge a complaint with a data protection authority

  Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.
  The supervisory authority with which the complaint has been lodged will inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
  The contact details of the data protection authority responsible in Liechtenstein are as follows:
  Data Protection Authority Liechtenstein, Städtle 38, Postfach, FL-9490 Vaduz, Principality of Liechtenstein Telephone No. + 423 236 60 90, E-mail: info.dss@llv.li