Data Protection Declaration
Osiris Asset Management AG (hereinafter called “Osiris”) places great importance on the protection of your personal data. We handle your data confidentially and in accordance with the statutory data protection regulations as well as this Data Protection Declaration. This Data Protection Declaration is intended to inform you about the processing by Osiris of your personal data that is collected within the context of your relationship with Osiris (business relationship/use of the website). In addition, this declaration informs you about your rights pertaining to the processing of your data.
Osiris processes the personal data in accordance with the statutory data protection regulations of the Liechtenstein Data Protection Act [Datenschutzgesetz – “DSG”] and the likewise directly applicable European Regulation (EU) 2016/679 (General Data Protection Regulation – “GDPR”). GDPR provisions are cited in the following in the interest of simplicity.
Our processing of the personal data of our users is limited to the data that is required to render our services or to provide a properly functioning website as well as our content and services within the context of our business relationships. We collect only the personal data that is actually required to perform and settle our tasks and services or that you have made available to us voluntarily.
This Data Protection Declaration may be amended by Osiris at any time and without prior notice, and shall come into force at the time of its publication.
If you have any questions arising out of this Data Protection Declaration, please do not hesitate to contact our Data Protection Officer, who can be reached under email@example.com.
2. General information
Who is responsible for processing your data?
The Data Controller responsible for processing your personal data within the meaning of Art. 4 No. 7 GDPR is:
Osiris Asset Management AG
T +423 230 03 13
Who can you contact in respect of the processing of your data?The enterprise Data Protection Officer of Osiris can be contacted by post using the above-specified address, for the attention of “the Data Protection Officer”.
In addition, you can contact the Data Protection Officer by e-mail:
The Data Protection Officer is available to answer all questions relating to data protection.
What does personal data mean?
Personal data means details and information that relates directly or indirectly to a specific individual or could be linked to this individual, e.g. name, address, telephone number or date of birth.
Where does the personal data processed by Osiris come from?
Osiris processes all personal data that we received within the context of the business relationship with current and/or potential customers and/or is required to render our services and/or was provided by the respective person voluntarily.
If this is necessary for the rendering of the services of Osiris, Osiris processes personal data that we received lawfully from you or other third parties (e.g. to fulfil legal agreements or with your consent). In addition, we also process personal data from sources in the public domain (e.g. commercial register and register of associations, the media, the internet) that we receive on a regular basis and are entitled to process.
Who receives your data?
At Osiris, only those persons have access to your data who need this to fulfil the contractual, statutory and regulatory obligations of Osiris. Processors, service providers and vicarious agents commissioned by us may also receive access to data for the specified purposes if they are either subject to the same data protection provisions or likewise undertake to adhere to the corresponding data protection provisions of Osiris and to comply with our written instructions pursuant to data protection legislation and regulations. The service providers and vicarious agents commissioned by us are, for example, companies in the fields of banking services, tax consultancy, legal consultancy, IT services, logistics, printing services, telecommunications, consultancy as well as sales and marketing or similar.
If data is transferred to recipients outside Osiris, we may disclose information about you only if Osiris is required by law to do so, if you have granted your consent, if Osiris is authorised to transfer information and/or if processors, service providers and vicarious agents commissioned by Osiris guarantee adherence to GDPR provisions.
Which rights do you have in relation to your personal data?
You are entitled to be informed about the personal data stored by Osiris. If the respective statutory preconditions are met, you are entitled to correct, to erase, to restrict processing and to object to the processing. You also have the right to receive your provided personal data in a structured, accessible and machine-readable format. This includes the right to transmit this data to another data controller. Insofar as this is technically possible, you may also demand that Osiris transfers the personal data directly to the other data controller.
You may also submit complaints to the competent supervisory authority.
Will your personal data be transferred to any third party?
For specific technical data processing procedures Osiris uses the support of external service providers (for example tax consultants, banks, attorneys-at-law etc.) who receive your personal data to render these services. These service providers have been carefully selected and meet stringent data protection and data security standards. They are obliged to maintain strict confidentiality and process data only on behalf of and in accordance with the instructions of Osiris.
Apart from the cases set out in this Data Protection Declaration, Osiris transfers your data to third parties without your express consent only if Osiris is obliged to do this by law or an official or court ruling.
Will your personal data be transferred to a third-party country or an international organisation?
Data is transferred to countries outside the EU or EEA (so-called third-party countries) only if this is necessary and/or required by law within the context of the services rendered by Osiris (for example, tax consultants, banks, attorneys-at-law etc. domiciled in a third-party country) and/or to execute your orders (such as payment and securities orders) (for example on account of reporting obligations pursuant to tax laws) and/or if you have consented to this and/or in conjunction with the commissioned processing of data.
If service providers are engaged in a third-party country, they are obliged to adhere to the standard of data protection in Europe and for this purpose in addition to written instructions to adhere to the standard EU contractual clauses. It is a matter of particular importance to us to ensure that data is transferred only to bodies outside the EU or EEA if these are able to demonstrate that their security standards and other relevant data processing criteria are equivalent.
How will your personal data be protected?
All employees who access personal data must adhere to the internal instructions, rules, guidelines and processes for the processing of personal data, in order to protect this and to safeguard its confidentiality. They are also obliged to adhere to all technical and organisational security measures that are taken to protect personal data.
In addition, Osiris has taken appropriate technical and organisational measures to protect personal data from unauthorised, accidental or unlawful destruction, amendment or disclosure and from unauthorised, accidental or unlawful loss, misuse or access as well as from all other unlawful forms of processing. When implementing these security measures, state-of-the-art technology, implementation costs as well as the risks associated with the processing and the nature of the personal data have been taken into account, whereby particular attention has been paid to sensitive data.
How long will your personal data be saved?
Osiris processes and saves your personal data for as long as is necessary to fulfil our contractual and statutory obligations. In this conjunction it is important to note that our business relationship constitutes an ongoing obligation extending over several years. We check the various data categories saved by us using various criteria, in order to ensure that we do not retain this for an unreasonably long period of time.
Data that is no longer required to fulfil our contractual and statutory obligations is regularly erased, unless the continued processing thereof is required – for a limited period – e.g. for the following purposes:
- Adherence to the retention periods pursuant to the applicable laws, such as for example the Due Diligence Act [Sorgfaltspflichtgesetz], company law, civil law, tax law, etc.
- Safeguarding all information of greater relevance, if a legal dispute may reasonably be expected, meaning that Osiris may be obliged to retain documents for an indefinite period.
3. Your data while using the Osiris website
When visiting the Osiris websiteWhen the Osiris website is accessed, the Osiris servers automatically save data about the accessing system. This includes:
- the browser type used,
- the browser version,
- the operating system used,
- the website from which the Osiris website is being accessed,
- the clicked sub-pages of the Osiris website,
- the date and time of the accessing,
- the internet protocol address (IP address),
- the internet service provider as well as data comparable with this data.
The legal basis for the processing of personal user data is first sentence of Art. 6 Sub-paragraph 1 lit. f GDPR.
How are cookies used on the website?
As a rule, a cookie contains the name of the domain sending the cookie data, as well as information about the age of the cookie and an alphanumerical identifier. Cookies enable Osiris to structure the website attractively for the user, and also facilitate the use thereof, for example by saving certain entries in such a way that they do not need to be repeatedly entered. The information saved in the cookies is not used to identify the user, and shall not be merged with other personal data that is saved about the user. The cookies remain saved until you, the user, delete them.
The legal basis for the processing of personal user data using cookies is Art. 6 Para. 1 Sub-paragraph 1 lit. f GDPR.
How is data processed that is entered on a contact form?
When filling in a contact form, your data is saved for the processing of your inquiry and possible further information relating thereto.
The legal basis for the processing of user inquiries is Art. 6 Para. 1 Sub-paragraph 1 lit. b GDPR.
What happens when subscribing a newsletter on the website?
When subscribing a newsletter you declare your approval for processing personal data that is necessary thereto. To subscribe a newsletter, the personal data provided by the user is the first name, last name and e-mail address. The user may provide further information voluntarily.
This data is exclusively used for sending a newsletter and is not transferred to third parties. The legal basis for the processing of personal data is Art. 6 Para. 1 Sub-paragraph 1 lit. a GDPR.
The user is entitled to withdraw consent to receive a newsletter at any time without affecting the legality of the processing carried out with your consent up to the withdrawal. The user will then no longer receive a newsletter. When subscribing the IP address of the accessing system and the date and exact time of the subscription as well as of the e-mail address verification are collected. This data is exclusively processed to retrace a possible misuse of the e-mail address. The legal basis for the processing of the data aforesaid is Art. 6 Para. 1 Sub-paragraph 1 lit. f GDPR.
Do downloads from the website affect your data?
Osiris does not demand that you provide any personal data in conjunction with downloading.
Are plugins used on the Osiris website, and are your personal data be affected by this?
This website uses the map service Google Maps via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
It is necessary to save your IP address in order to use the functions of Google Maps. As a rule, this information is transferred to a Google server in the USA and is stored there. The provider of this website has no influence over this data transfer.
The Google Maps service is used in the interest of an attractive presentation of our online services and to make it easier to find us at the sites indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR.
For more information on the handling of user data, please review Google’s Data Privacy Declaration under: https://policies.google.com/privacy?hl=en.