The protection of your data is important to us
I. Provider and responsible party
Valvest Advisors AG (hereinafter Valvest), Wuhrstrasse 13, 9490 Vaduz, Liechtenstein. The company's data protection officer can be contacted at the above address in the name of Ms Thompson, or at
II. General information on data processing
1. Scope of the processing of personal data
In principle, Valvest processes personal data of website visitors as well as data provided by means of submitted enquiries, forms, contracts. In addition, personal data that Valvest has permissibly received from third parties (e.g., a bank), from public bodies (e.g., sanctions list of the UN and the EU) is also processed. Finally, personal data from publicly accessible sources (e.g., commercial and association registers, press, Internet) may be processed. We only collect personal data that is required for the performance and processing of our tasks and services or that you have voluntarily provided to us.
- Personal details (e.g., name, date of birth, nationality)
- Address and contact details (e.g., address, telephone number, e-mail address)
- Data from publicly accessible sources (e.g., tax identification)
- Information on services and products used (e.g., investment experience and investment profile, advisory protocols, transactions executed)
When you access our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file:
- Visitors (IP addresses are automatically anonymised),
- Time of access with indication of the time zone,
- Name and URL of the retrieved file,
- Website from which the access is made (referrer URL),
- Browser used and, if applicable, the operating system of your computer as well as the name of your access provider and,
- other similar data and information that serve to avert danger in the event of attacks on our information technology systems.
The company's systems required for data processing are in Liechtenstein.
2. Purpose and legal basis
Valvest processes data for the performance of a contract (Art. 6 para. 1 lit. b) or for the implementation of pre-contractual measures in the context of the provision of services in the field of «asset managements» for investment funds domiciled in Liechtenstein. In addition, data processing is carried out to fulfil legal obligations (Art. 6 para. 1 lit. c) or to comply with legal requirements (e.g., DSGVO, DSG, Asset Management Act, Due Diligence Act, etc.) as well as to safeguard legitimate interests ((Art. 6 para. 1 lit. f) marketing, advertising, statistics, etc.) and based on your consent (Art. 6 para. 1 lit. a), which you have given us. The revocation of consent is only effective for the future and does not affect the lawfulness of the data processed until the revocation.
Valvest employees are given access to your data if they need it to fulfil our contractual, legal and regulatory obligations and to protect legitimate interests. Processors may be companies in the categories of asset management services, IT services, printing services, advice and consulting, and sales and marketing. Furthermore, recipients of your data in this context may be other financial services institutions or comparable institutions to which we transmit personal data in order to carry out the business relationship (e.g., custodian banks, brokers, stock exchanges, information centres).
Data transfer to countries outside the EU or the EEA (so-called third countries) only takes place if
- this is to carry out pre-contractual measures or to fulfil a contract,
- it is necessary for the provision of services or settlement of orders (e.g., securities transactions)
- you have given us your consent
- this is necessary for important reasons of public interest (e.g., due to money laundering prevention) or
- this is required by law.
The duration of storage is determined by the necessity and purpose of the respective data processing. If the data is no longer required for the fulfilment of contractual or legal obligations or for the protection of our legitimate interests (achievement of the purpose) or if a granted consent is revoked, it is regularly deleted, unless further processing is necessary due to contractual or legal retention periods and documentation obligations or for reasons of preserving evidence for the duration of the applicable statute of limitations.
As a matter of principle, the company only transfers your personal data to countries that have been certified by the EU Commission as having an adequate level of data protection.
3. Your rights (data subject rights)
- Right to information (e.g., information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period): You have the right to request information about the data concerning you that is stored by Valvest. A request for information must be sent to Valvest in writing together with proof of identity.
- Right to rectification, erasure and restriction of processing: You have the right to request in writing and free of charge the rectification or erasure of data relating to you insofar as it is inaccurate or has been wrongly stored or processed. A substantiated request for rectification or deletion must be sent to Valvest together with proof of identity.
- Right of revocation and right to object: You have the right to object in writing to the processing of data relating to you in whole or in part or to revoke your consent to data processing. An objection or revocation must be sent in writing to Valvest together with proof of identification.
Receipt of your objection or revocation will be confirmed to you and subsequently the data concerned will be deleted. Compliance with an objection or revocation may, under certain circumstances, be precluded by legal provisions. In such a case, Valvest will only continue to process the data relating to you to the extent necessary to fulfil its legal obligations.
- Right to data portability: You have the right to obtain the personal data concerning you that you have provided to the controller in a structured, commonly used and machine-readable format and to have this data transferred to another controller.
- Right of appeal: You have the right to lodge a complaint with the competent Liechtenstein supervisory authority. You can also contact another supervisory authority in an EU or EEA member state, for example in your place of residence or work or in the place of the alleged violation.
The contact details of the competent data protection authority in Liechtenstein are as follows:
Telephone + 423 236 60 90
III. Description and scope of data processing
1. Provision of the website
We do not conduct our own web analyses on our website and do not use any web analysis tool (such as Google Analytics). Thus, no evaluation of the visitor and usage data takes place.
Cookies remain stored permanently or temporarily for the duration of the session. This allows us to recognise your browser the next time you visit. If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivating cookies means that you will not be able to use all the functions of our website.
When using the company's website, access data (e.g., log files, IP address, date and time of access, name of the file accessed, access status, top level domain, web browser used, operating system used) is stored. The company uses this data for statistical purposes as well as for technical evaluations, for the optimisation of the server infrastructure, to determine the access frequencies and finally to be able to draw conclusions for an improvement of the user-friendliness and the functionalities.
The following cookie types and functions are distinguished:
- Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his browser.
- Permanent cookies: Permanent cookies remain stored even after the browser is closed. For example, the login status can be saved, or preferred content can be displayed directly when the user visits a website again. Likewise, the interests of users, which are used for range measurement or marketing purposes, can be stored in such a cookie.
- First-party cookies: First-party cookies are set by the company itself.
- Third-party cookies (also: third-party cookies): Third-party cookies are mainly used by advertisers (so-called third parties) to process user information.
- Necessary (also: essential or necessary) cookies: Cookies may be necessary for the operation of a website (e.g., to save logins or other user entries or for security reasons).
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses).
- Data subjects: Users (e.g., visitors to a website, users of online services).
- Legal basis: Consent (Art. 6 para. 1 lit. a DSGVO), Legitimate Interests (Art. 6 para. 1 lit. f. DSGVO).
If you do not wish to do this, you can set up your browser so that it informs you about the setting of cookies and you allow them in individual cases. However, we would like to point out that deactivating cookies means that you will not be able to use all the functions of our website.
The legal basis for the data processed by cookies is Art. 6 para. 1 lit. f DSGVO.
According to https://www.cloudflare.com/de-de/gdpr/introduction/, Cloudflare has no access to and no control over the data that customers transmit, route, switch and cache via the Cloudflare Anycast network.
The suspension of the Privacy Shield does not change the strong privacy protections Cloudflare has in place for the personal data Cloudflare processes on behalf of its customers. Cloudfare will continue to follow the data protection principles to which Cloudflare committed when it was certified under the Privacy Shield. Cloudflare now relies on Standard Contractual Clauses (SCCs) as the legal mechanism for transferring personal data from the EEA to the US. Cloudfare requires a judicial process before providing customer data to a government agency outside of an emergency and notifies customers of any judicial process requesting customer or billing data before disclosing information. Cloudfare has publicly stated that it has never provided encryption keys to a government or used devices for law enforcement. Cloudfare pledges to «exhaust all legal remedies to protect our customers from what we believe to be illegal or unconstitutional requests.»
You can find more information about security and data protection at Cloudflare here: https://www.cloudflare.com/privacypolicy/.
4. Contact form
If you fill out a contact form or send us an email or other electronic message, your details will only be stored for the purpose of processing the enquiry, possible related further questions and will only be used within the scope of the enquiry. We do not pass on this data without your consent. The processing of this data is based on Art. 6 para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 para. 1 lit. f DSGVO) or on your consent (Art. 6 para. 1 lit. a DSGVO) if this has been requested. The data you enter in the contact form will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g., after we have completed processing your enquiry). Mandatory legal provisions – in particular retention periods – remain unaffected.
5. Integration of third-party software, scripts and frameworks
We integrate software into our online offer that we retrieve from servers of other providers (e.g., function libraries that we use for the purpose of presentation or user-friendliness of our online offer). The respective providers collect the IP address of the user and may process this for the purpose of transmitting the software to the user's browser and for security purposes, as well as for the evaluation and optimisation of their offer.
- Types of data processed: Usage data (e.g., websites visited, interest in content, access times), meta/communication data (e.g., device information, IP addresses), contact data (e.g., e-mail, telephone numbers), content data (e.g., text input, photographs, videos).
- Data subjects: Users (e.g., visitors to the website, users of online services), communication partners.
- Legal basis: Consent (Art. 6 para. 1 lit. a DSGVO), legitimate interests (Art. 6 para. 1 lit. f. DSGVO).
The following third-party software, scripts or frameworks are used:
- Viewport Meta: Viewport generally refers to the size of the available display on mobile devices. This can be, for example, the display of a smartphone, tablet or phablet. However, the term viewport has a more specific meaning as a meta element in HTML5 and is an important part of mobile optimisation. It serves to optimally utilise the size of the display by scaling the content to be displayed. The meta element Viewport ensures that the content is displayed correctly and, above all, completely and legibly. This is done by adjusting the width and length of a website so that a mobile browser can optimally display this page. The ability to zoom into a website can also be defined with the viewport element. Mozilla Corporation, Attn: Legal Notices - Privacy, 331 E. Evelyn Ave, Mountain View, CA 94041, e-mail:
- German HREF LANG Usage Statistics: HREF LANG is an HTML attribute used to specify languages and geographical orientation(s) of a web page. If multiple versions of the same page exist in different languages, then HREF LANG tags can be used to tell search engines such as Google. This helps to serve the correct version to users. More info at https://ahrefs.com/blog/de/hreflang-tags/.
IV. Data security
When visiting our website, we use the common SSL procedure in conjunction with the highest encryption level supported by your browser. You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the address bar of your browser. In addition, we apply further appropriate technical and organisational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
The company takes appropriate technical and organisational measures regarding data processing and data storage as well as regarding its internet presence in order to protect all data from loss, unauthorised access or misuse.
Regardless of the measures taken to protect data, you must be aware that data transmission via the Internet – this applies to both websites and e-mail services – is uncontrolled and cross-border. Even if the sender and the recipient are in the same country, there may be cross-border data transmission. The Company cannot therefore guarantee the confidentiality of data transmitted over the Internet. If you disclose personal data via the Internet, you must know third parties may access, read, modify, falsify, monitor, destroy or misuse the data. Data transmission may also be delayed. Furthermore, the data may be lost during transmission. Furthermore, third parties could draw conclusions about existing business relationships. Therefore, the company cannot assume any responsibility for the security of your data during transmission via the Internet and rejects any liability for direct and indirect damage.