Security Policy
The importance of the protection of personal data is very important to us. We take great care to ensure the confidentiality of the data you entrust to us. This is due to the fact that we offer comprehensive advice on data protection law and act as external data protection officers.
In accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Liechtenstein Data Protection Act (DPA), the following information gives you an overview of the processing of your personal data and your related rights. We therefore ask you to read the following information carefully.
Personal data
We, Equanimity AG, only collect, process and use your personal data with your consent or mandate or order for the purpose agreed with you or if there is another legal basis in accordance with the GDPR and the DPA; this is in compliance with the provisions of data protection and civil law.
We only collect personal data that is required for the performance and processing of our legal services or that you have voluntarily provided to us.
Personal data are all data that contain individual information about personal or factual circumstances, such as name, address, email address, telephone number, date of birth, age, gender, national insurance number, video recordings, photos, voice recordings of individuals and user behaviour. Sensitive data, such as health data or data related to criminal proceedings, may also be included.
Controller
Marcel Füssinger
Equanimity AG
Wuhrstrasse 14, 9490, Vaduz, Liechtenstein
Data security
Your personal data is protected by appropriate organisational and technical precautions. These precautions relate in particular to protection against unauthorised, illegal or even accidental access, processing, loss, use and manipulation.
Notwithstanding our efforts to maintain an appropriately high standard of due diligence at all times, it cannot be ruled out that information which you disclose to us via the Internet may be viewed and used by other persons.
Please note that we therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and/or unauthorised access by third parties (e.g. hacking attack on email account or telephone, interception of faxes).
Use of the data
We will not process the data provided to us for purposes other than those covered by the mandate agreement or by your consent or otherwise by a provision in accordance with the GDPR and the DPA. An exception to this is the use for statistical purposes, provided that the data made available has been anonymised.
In particular, the collection of your personal data is carried out
to be able to identify you as our client,
to conclude the contract of mandate,
to provide all necessary legal services,
for correspondence with you,
to issue invoices,
to provide the services you request through our websites,
to ensure that our websites are presented to you in the most effective and interesting manner possible,
to be able to process your enquiry via the contact form on our websites.
Your data will be processed on the basis of Art 6 (1) (a), (b), (c), (f) GDPR.
Notification of data breaches
We endeavour to ensure that data breaches are identified at an early stage and, where appropriate, reported immediately to you or the relevant supervisory authority, including the relevant categories of data involved.
Retention of data
We will not retain data for longer than is necessary to fulfil our contractual or legal obligations and to defend against any liability claims.
Server data
For technical reasons, in particular to ensure a secure and stable Internet presence, data is transmitted by your Internet browser to us or to our web space provider. These socalled server log files include the type and version of your internet browser, the operating system, the website from which you accessed our websites (referrer URL), our websites that you visit, the date and time of the respective access as well as the IP address of the internet connection from which our websites are used.
The data collected in this way is temporarily stored, but not together with other data about you.
This storage takes place on the legal basis of Art 6 (1) (f) GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our websites.
The data is deleted after seven days at the latest, unless further storage is required for evidence purposes. Otherwise, the data is completely or partially excluded from deletion until the final clarification of an incident.
Client account / Registration function
If you create a client account with us via our websites, we will collect and store the data you enter during registration (e.g. your name, your address or your e-mail address, etc.) exclusively for pre-contractual services, for the fulfilment of the contract or for the purpose of client care. At the same time, we store the IP address and the date of your registration together with the time.
During the further registration process, your consent to this processing will be obtained and reference will be made to this Privacy Policy. The data collected by us in this process will be used for the provision of the client account.
Insofar as you consent to this processing, Art 6 (1) (a) GDPR is the legal basis for the processing.
If the opening of the client account also serves pre-contractual measures or the fulfilment of the contract, the legal basis for this processing is also Art 6 (1) (b) GDPR.
In accordance with Art 7 (3) GDPR, you may revoke your consent to the opening and maintenance of the client account at any time with effect for the future. To do so, you only need to inform us of your revocation.
The data collected in this respect will be deleted as soon as processing is no longer necessary. However, we must observe the corresponding retention periods.
Contact requests / Contact option
If you contact us via the contact form or e-mail, the data you provide will be used to process your enquiry. The provision of the data is necessary for the processing and answering of your enquiry – without their provision we cannot answer your enquiry or at best only to a limited extent.
The legal basis for this processing is Art 6 (1) (b) GDPR.
Your data will be deleted if your enquiry has been conclusively answered and the deletion does not conflict with any legal obligations to retain data, e.g. in the case of any subsequent contract processing.
Linking social media via graphic or text link
We also promote presences on the social networks listed below on our websites. The integration takes place via a linked graphic of the respective network. The use of this linked graphic prevents the automatic establishment of a connection to the respective server of the social network when a website with a social media advertisement is called up in order to display a graphic of the respective network itself. Only by clicking on the
corresponding graphic will the user be redirected to the service of the respective social network.
After the user has been forwarded, information about the user is collected by the respective network. It cannot be ruled out that the data collected in this way will be processed in the USA.
Initially, this is data such as the IP address, date, time and page visited. If the user is logged into his or her user account of the respective network during this time, the network operator may be able to assign the collected information of the user’s specific visit to the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal user account and also published. If the user wants to prevent the collected information from being directly assigned to his or her user account, he or she must log out before clicking on the graphic. In addition, it is possible to configure the respective user account accordingly.
The following social networks are integrated into our website through links:
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA; Privacy Policy:
https://www.facebook.com/policy.php
Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA; Privacy Policy:
LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA; Privacy Policy:
https://www.linkedin.com/legal/privacy-policy
Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, a subsidiary of Facebook Inc., 1601 S. California Ave., Palo Alto, CA 94304, USA; Privacy Policy:
https://help.instagram.com/519522125107875
Google Analytics
We use the web analysis service Google Analytics. This is a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
The Google Analytics service is used to analyse the usage behaviour of our website. The legal basis for this is Art 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimisation and economic operation of our websites.
Usage and user-related information, such as IP address, location, time or frequency of visits to our website, is transferred to a Google server in the USA and stored there. However, we use Google Analytics with the so-called anonymisation function. This function allows Google to truncate the IP address within the EU or EEA.
The data collected in this way is in turn used by Google to provide us with an evaluation of the visit to our website and the usage activities there. This data may also be used to provide other services related to the use of our websites and the use of the internet.
Google states that it will not associate your IP address with any other data.
In addition, Google offers a so-called deactivation add-on at https://tools.google.com/dlpage/gaoptout?hl=en together with further information on this. This add-on can be installed with the usual Internet browsers and offers you further
control over the data that Google collects when you call up our websites. The add-on informs the JavaScript (ga.js) of Google Analytics that information about your visit to our websites should not be transmitted to Google Analytics. However, this does not prevent information from being transmitted to us or to other web analytics services. Of course, you can also find out whether and which other web analytics services we use in this data protection statement.
For more information on Google’s privacy policy and terms of use, please visit https://policies.google.com/.
Google reCAPTCHA
We use Google reCAPTCHA on our websites to check and prevent interactions on our website by automated access, e.g. by so-called bots. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
This service enables Google to determine from which website a request is sent and from which IP address you use the so-called reCAPTCHA input box. In addition to your IP address, Google may also collect other information that is necessary for the provision and guarantee of this service.
The legal basis for this is Art 6 (1) (f) GDPR. Our legitimate interest lies in the security of our website and in the defence against unwanted, automated access in the form of spam or similar.
For more information on Google’s privacy policy and terms of use, please visit https://policies.google.com/.
Google Maps
We use Google Maps on our websites to display our location and to provide directions. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
To enable the display of certain fonts on our websites, a connection to the Google server in the USA is established when you access our website.
If you call up the Google Maps component integrated into our websites, Google will store a cookie on your terminal device via your internet browser. In order to display our location and provide directions, your user settings and data are processed. We cannot exclude the possibility that Google uses servers in the USA.
The legal basis is Art 6 (1) (f) GDPR. Our legitimate interest lies in optimising the functionality of our websites.
Through the connection to Google established in this way, Google can determine from which website your request was sent and to which IP address the directions are to be transmitted.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your internet browser. Details on this can be found above under the item “Cookies”.
In addition, the use of Google Maps and the information obtained via Google Maps is subject to the Google Terms of Use and the Terms and Conditions for Google Maps.
More information on Google’s privacy policy and terms of use can be found at https://policies.google.com/.
CloudFlare
To secure our websites and optimise loading times, we use the CloudFlare service as a so-called CDN (content delivery network). This is a service provided by Cloudflare Inc, 101 Townsend Street, San Francisco, California 94107, USA, hereinafter referred to as “CloudFlare”.
The legal basis is Art 6 (1) (f) DSGVO. Our legitimate interest lies in the secure operation of our website and its optimisation.
If you access our website, your requests will be routed via the CloudFlare server. Statistical access data about your visit to our website is collected and CloudFlare stores a cookie on your end device via your internet browser. The access data includes
your IP address,
our website(s) that you accessed,
the type and version of the internet browser you use,
the operating system you use,
the website from which you accessed our website(s) (referrer URL),
the length of time you spend on our website(s) and
the frequency with which you visit our website(s).
The data is used by CloudFlare for the purpose of statistical evaluations of the accesses as well as for the security and optimisation of the offer.
If you do not agree to this processing, you have the option of preventing the installation of cookies by making the appropriate settings in your internet browser. Details on this can be found above under the item “Cookies”.
CloudFlare offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://www.cloudflare.com/privacypolicy/.
Payment processing via WebApp
We use the payment service of Stripe Inc., 510 Townsend Street, San Francisco, CA 94103, USA, hereinafter referred to as “Stripe”, to process payments for orders online via our WebApp.
For this purpose, we have integrated the so-called API code of Stripe into the final payment page of our web app.
The legal basis is Art 6 (1) (a) and (b) GDPR.
Stripe offers further information on the collection and use of data as well as your rights and options for protecting your privacy at https://stripe.com/de-us/privacy.
Cloud Services
We use software services accessible via the Internet and running on the servers of their providers (so-called “cloud services”, also referred to as “software as a service”) for the following purposes: document storage and management, database, sending e-mails, exchanging documents, content and information with certain recipients or publishing web pages, forms or other content and information.
In this context, personal data may be processed and stored on the servers of the providers, insofar as these are part of communication processes with us or are otherwise processed by us as set out in the context of this data protection declaration. This data may include, in particular, master data and contact data of users, data on transactions, contracts, other processes and their contents. The providers of the cloud services also process usage data and metadata that are used by them for security purposes and service optimisation.
If we use the cloud services to provide forms or other documents and content to other users or publicly accessible websites, the providers may store cookies on the users’
devices for the purposes of web analysis or to remember the users’ settings (e.g. in the case of media control).
Notes on legal basis: Where we ask for consent to use cloud services, the legal basis of the processing is consent. Furthermore, their use may be a component of our (pre)contractual services, provided that the use of the cloud services has been agreed within this framework. Otherwise, the users’ data is processed on the basis of our legitimate interests (i.e., interest in efficient and secure administration and collaboration processes). Legal bases are Art 6 (1) (a), (b), (f) GDPR.
Services used and service providers: www.equanimity.li/data-processing
Newsletter/Registration
We offer you the opportunity to register with us free of charge via our website.
We use Mailchimp, a service of Mailchimp The Rocket Science Group, LLC 675 Ponce de Leon Ave NE Suite 5000 Atlanta, GA 30308 USA, hereinafter only referred to as “Mailchimp”, to send the newsletter and to respond to registrations.
In addition, Mailchimp offers further data protection information at https://mailchimp.com/legal/privacy/.
If you subscribe to our newsletter or have registered, the data requested during the registration process, such as your email address and, optionally, your name and address, will be processed by Mailchimp. In addition, your IP address and the date and time of your registration will be stored. In the course of the further registration process, your consent to the sending of the newsletter is obtained, the content is described in detail and reference is made to this data protection declaration.
The newsletter subsequently sent via Mailchimp also contains a so-called counting pixel, also known as a web beacon. This pixel enables us to evaluate whether and when you have read our newsletter and whether you have followed any links contained in the newsletter. In addition to other technical data, such as the data of your computer system and your IP address, the data processed in this way is stored so that we can optimise our newsletter offer and respond to the wishes of our readers. The data is thus used to increase the quality and attractiveness of our newsletter offer.
The legal basis for sending the newsletter and the analysis is Art 6 (1) (a) GDPR
Profiling
We do not use automated decision-making or profiling within the meaning of Art 22 GDPR.
Amendment of this Privacy Policy
We reserve the right to change this privacy policy at any time with effect for the future. A current version is available on the website www.equanimity.li. Please visit this website regularly and inform yourself about the applicable data protection declaration.
Cookies
We use so-called cookies with our websites in order to make our offer more user-friendly, effective and secure.
Cookies are small text files that we transfer via our web server to the cookie file of the browser on the hard drive of your computer. This enables our websites to recognise you as a user when a connection is established between our web server and your browser. Cookies help us to determine the frequency of use and the number of users of our Internet pages. The content of the cookies we use is limited to an identification number that no longer allows any personal reference to the user. The main purpose of a cookie is to recognise visitors to the website.
Two types of cookies are used:
Session cookies: these are temporary cookies that remain in the cookie file of your browser until you leave the website and are automatically deleted at the end of your visit.
Permanent cookies: For better user-friendliness, cookies remain stored on your terminal device and allow us to recognise your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of the website may be limited.
If necessary, cookies from partner companies with which we cooperate for the purpose of advertising, analysis or the functionalities of our websites may also be used with our website.
For details on this, in particular the purposes and legal basis of the processing of such third-party cookies, please refer to the following information.
Transmission of data to third parties
In order to fulfil your order, it may also be necessary or legally obligatory to pass on your data to third parties (e.g. the other party, substitutes, insurance companies, service providers whom we use and to whom we make data available, etc.), courts or authorities. Your data will only be forwarded on the basis of the GDPR, in particular for the fulfilment of your order or on the basis of your prior consent.
Furthermore, we inform you that in the context of our legal representation and support, factual and case-related information is regularly obtained from third parties.
Some of the above-mentioned recipients of your personal data are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that in Liechtenstein. However, we will only transfer your personal data to countries which the EU Commission has decided have an adequate level of data protection or we take steps to ensure that all recipients have an adequate level of data protection by entering into or seeking to enter into standard contractual clauses (2010/87/EC and/or 2004/915/EC)
Google AdWords with Conversion Tracking
In our websites, we use the advertising component Google AdWords and the so-called conversion tracking. This is a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, hereinafter referred to as “Google”.
We use the conversion tracking for the targeted advertising of our offer. The legal basis is Art 6 (1) (f) GDPR. Our legitimate interest lies in the analysis, optimisation and economic operation of our website.
If you click on an ad placed by Google, the conversion tracking used by us saves a cookie on your terminal device. These so-called conversion cookies lose their validity after 30 days and do not serve to identify you personally.
If the cookie is still valid and you visit a particular page of our websites, both we and Google can evaluate the fact that you have clicked on one of our advertisements placed with Google and that you have subsequently been redirected to our website.
Google uses the information obtained in this way to create statistics for us about visits to our websites. In addition, we receive information about the number of users who have clicked on our ad(s) and about the pages of our websites that were subsequently accessed. However, neither we nor third parties who also use Google AdWords will be able to identify you in this way.
You can also prevent or restrict the installation of cookies using the appropriate settings in your internet browser. At the same time, you can delete cookies already stored at any time. However, the steps and measures required for this depend on the specific internet browser you use. If you have any questions, please use the help function or documentation of your Internet browser or contact its manufacturer or support.
Furthermore, Google also offers further information on this topic at https://policies.google.com/, in particular on the possibilities of preventing the use of data.
Your rights
As a client or, more generally, as a data subject, you have the right – subject to the lawyer’s duty of confidentiality to obtain information at any time about your stored personal data, their origin and recipients and the purpose of the data processing, as well as the right to correction, data transfer, objection, restriction of processing and blocking or deletion of incorrect or inadmissibly processed data.
If there are any changes to your personal data, we request that you inform us accordingly.
You have the right to revoke your consent to the use of your personal data at any time. Your request for information, deletion, correction, objection and/or data transfer, in the latter case provided that it does not involve a disproportionate effort, can be addressed to us.
If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or that your data protection rights have been violated in any other way, you have the option of complaining to the competent supervisory authority. In Liechtenstein, the data protection authority (www.datenschutzstelle.li) is responsible for this
We offer a variety of flexible services that cater to all types of needs and wants.