Privacy Statement

Version from May 2020

Thank you for your interest in our company BDO (Liechtenstein) AG. Data protection is important to us and accordingly we explain to you in this data protection declaration how we collect and process which personal data (in short: "personal data", i.e. data relating to a specific or identifiable person, such as name, address, nationality, e-mail address, interests and hobbies, user behaviour on websites). This data protection declaration is based on the EU General Data Protection Regulation (in short: "GDPR").

1. Person responsible, data protection officer and representative

(1) BDO (Liechtenstein) AG is responsible for data protection.

(2) The Data Protection Officer can be reached as follows:

dsb@bdo.li

Tel: +423 238 20 00

2. Collection of personal data and purposes of processing

(1) We restrict the processing of personal data primarily to personal data which we receive in connection with our services and products from our customers, our cooperation partners or other persons involved or which we collect from users on our websites, apps or other applications.

(2) In particular, we collect the following personal data from you on a case-specific basis and depending on the purpose (see below):

Salutation / Title
First name, last name
Gender
Address
E-mail address
Telephone number(s)
Date of birth
Nationality
Hobbies / personal interests
Tax identification number
Bank details
IP address
Vehicle control sign (visitor parking)
Company affiliation

(3) In addition, where permitted and indicated, we obtain and process further data from publicly accessible sources (e.g. land register, commercial register, debt enforcement register, media, internet, Worldcheck) on a case-by-case basis or receive such data from other group companies, from authorities and institutions, from your personal environment (e.g. family, legal advisors) or from other third parties.

(4) We need this data in particular to fulfil the following purposes:

to identify you as a customer, cooperation partner or service provider or as a user of our websites, online services and apps
for correspondence with you
to carry out our due diligence obligations
to comply with other legal requirements
for the conclusion and execution of service contracts
for the conclusion and execution of purchase and sales contracts, e.g. for the purchase of products from suppliers or sales to interested parties
for invoicing
for the provision of further services from our company or, where applicable, in cooperation with third parties
To provide the best possible and tailored services to you and to further develop our service and product offering.
for communication with third parties (e.g. media)
to assess and respond to applications
to advertise and market our services and products (unless you have objected to the use of your data for this purpose)
to assert legal claims or defend our position in general
To ensure our operations in general (e.g. IT, websites, apps)
for video surveillance as a security element for access management (incl. visitor lists or other access controls)
to maintain further safety aspects

(5) We only process your personal data if we have a legal or contractual basis or if the data processing is necessary for the performance of a task which is in the public interest or in the exercise of official authority. We only process data beyond this if we have your consent and there is no revocation. Or if a legitimate interest on our part prevails (e.g. continuation of the delivery of newsletters to existing customers, provided there is no revocation here either). Consent can be revoked at any time.

3. Recipients of personal data and data transfer abroad

(1) We will only pass on your personal data to recipients or third parties within the scope of the purposes described above, insofar as this is permitted and indicated. This may include in particular:

Group companies (Pro Finance & International AG in LI and CH; Audita Revisions AG, Comptrollers AG)
Service companies such as banks, asset management companies, insurance companies, IT providers, printers, etc.
Suppliers, dealers, transport companies, subcontractors or other cooperation partners
Authorities, state institutions, courts, auditors
Associations, public interest bodies
Media, Press Offices

(2) Such disclosure of data is based either on a legal obligation (e.g. data transfer in the course of the automatic exchange of information), the performance of a contract (e.g. asset manager abroad), your consent, a public interest or on the basis of a legitimate interest on our part, unless the interests or fundamental rights and freedoms of you with regard to the protection of personal data prevail.

(3) The recipients may be in Switzerland or abroad. In particular, we would like to point out that we may exchange personal data within our group companies or transfer personal data to countries in which service companies from which we obtain services are located (e.g. Microsoft, SAP, Google, etc.).

In the case of recipients outside our company in the EU/EEA area or in countries with recognised data protection adequacy (e.g. Switzerland), we ensure data protection by concluding so-called commissioned data processing agreements where necessary and appropriate.

If we transfer personal data to third countries without adequate legal data protection, we ensure an adequate level of protection in accordance with legal requirements, for example on the basis of EU standard contractual clauses or other instruments (e.g. Binding Corporate Rules, US Privacy Shield).

4. Use of our website

In addition to the above, we inform you about the use of cookies, analytics/tracking or other technologies on our websites as follows:

(1) When you use the website for information purposes only (i.e. if you do not log in to use the website, register or otherwise provide us with information), we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website, which may include the following personal data in particular:

IP address
Date and time of the request
Time zone difference from Greenwich Mean Time (GMT)
Content of the request (concrete page)
Access Status/HTTP Status Code
Amount of data transmitted in each case
Website from which the request comes
Browser used
Operating system and its interface
Language and version of the browser software

(2) Our we site, as well as various online services such as Google, uses so-called cookies. These are small text files that are stored on your end device with the help of the browser. The cookies do not cause any damage.

We only use them to make our offer more user-friendly. Some cookies remain stored on your terminal device until you delete them. They enable us to recognise your browser on your next visit.

If you do not wish this, you can set up your browser so that it informs you about the setting of cookies and you only allow this in individual cases. However, we would like to point out that in this case you may not be able to use all the functions of our websites to their full extent.

(3) Our website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies (for this a)
Persistent cookies (b)

a) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This means that your computer can be recognised when you return to our homepage. The session cookies are deleted when you log out or close the browser.

b) Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. For us, this duration is 24 days. You can delete the cookies in the security settings of your browser at any time.

You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. We would like to point out that you may then not be able to use all the functions of this homepage.

5. Use of other web services

5.1 Google Analytics

We use Google Analytics on our websites. Google Analytics is a web analysis service provided by Google Inc. in the USA and uses cookies. Web analysis means the collection, compilation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website a data subject came to a website from, which subpages of the website were accessed or how often and for how long a subpage was viewed. A web analysis is mainly used to optimise a website and to analyse the costs and benefits of internet advertising.

The purpose of Google Analytics is to analyse the flow of visitors to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us showing the activities on our website and to provide other services related to the use of our website.

Furthermore, Google provides a so-called opt-out functionality through a browser plugin:
http://tools.google.com/dlpage/gaoptout?hl=de

For more information, please contact Google directly, in particular at the following links:

5.2 Google Adwords

The controller has integrated Google AdWords on this website. Google AdWords is an internet advertising service that allows advertisers to place ads both in Google's search engine results and in the Google advertising network. Google AdWords allows an advertiser to specify certain keywords in advance, by means of which an ad is displayed in Google's search engine results exclusively when the user retrieves a keyword-relevant search result with the search engine. In the Google advertising network, the advertisements are distributed on topic-relevant internet pages by means of an automatic algorithm and in compliance with the previously defined keywords.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to advertise our website by displaying interest-relevant advertising on the websites of third-party companies and in the search engine results of the Google search engine and to display third-party advertising on our website.

Furthermore, the data subject has the option to object to interest-based advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from any of the internet browsers he or she uses and make the desired settings there.

Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy.

5.3 Google Fonts

Use of Google Fonts:

Google Fonts is a service of Google LLC, Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which grants us access to a font library; we use these fonts to design our website. To integrate the fonts we use, your browser must establish a connection to a Google server in the USA and download the font required for our website. This provides Google with the information that our website was accessed from your IP address. Further information on Google Fonts can be found in Google's privacy policy, which you can access here: https://policies.google.com/privacy?hl=en.

5.4 Newsletter

On the website of the BDO (Liechtenstein) AG, users are given the opportunity to subscribe to our enterprise's newsletter. The personal data transmitted to the controller when the newsletter is ordered is specified in the input mask used for this purpose.

The BDO (Liechtenstein) AG informs its customers and business partners at regular intervals by means of a newsletter about enterprise offers. In principle, the data subject can only receive our company newsletter if (1) the data subject has a valid e-mail address and (2) the data subject registers for the newsletter mailing. For legal reasons, a confirmation e-mail is sent to the e-mail address registered by a data subject for the first time for the newsletter dispatch using the double opt-in procedure. This confirmation email serves to verify whether the owner of the email address as the data subject has authorised the receipt of the newsletter.

When registering for the newsletter, we also store the IP address of the computer system used by the data subject at the time of registration as well as the date and time of registration, which is assigned by the Internet service provider (ISP). The collection of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a data subject at a later point in time and therefore serves as a legal safeguard for the controller.

The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the newsletter could be informed by e-mail if this is necessary for the operation of the newsletter service or a related registration, as could be the case in the event of changes to the newsletter offer or changes in the technical circumstances. No personal data collected as part of the newsletter service will be passed on to third parties. The subscription to our newsletter can be cancelled by the data subject at any time. The consent to the storage of personal data, which the data subject has given us for the newsletter dispatch, can be revoked at any time. For the purpose of revoking consent, a corresponding link can be found in each newsletter. Furthermore, it is also possible to unsubscribe from the newsletter mailing directly on the website of the controller at any time or to inform the controller of this in another way.

5.5 Tracking services

The newsletters of BDO (Liechtenstein) AG contain so-called tracking pixels. A tracking pixel is a miniature graphic that is embedded in such emails that are sent in HTML format to enable log file recording and log file analysis. This allows a statistical evaluation of the success or failure of online marketing campaigns. Based on the embedded tracking pixel, the BDO (Liechtenstein) AG may see if and when an e-mail was opened by a data subject, and which links contained in the e-mail were called up by the data subject.

Such personal data collected via the tracking pixels contained in the newsletters are stored and analysed by the controller in order to optimise the newsletter dispatch and to better adapt the content of future newsletters to the interests of the data subject. This personal data will not be disclosed to third parties. Data subjects are entitled at any time to revoke the separate declaration of consent given in this regard via the double opt-in procedure. After a revocation, this personal data will be deleted by the data controller. BDO (Liechtenstein) AG automatically regards a withdrawal from the receipt of the newsletter as a revocation.

6. Data protection in applications and the application process

We collect and process personal data from applicants for the purpose of processing the application procedure. The processing can take place on paper or also electronically by e-mail or by filling out a web form. If an employment contract is concluded with an applicant, the personal data received is processed for the purpose of handling the employment relationship in compliance with the statutory provisions. Otherwise, the application documents will be deleted three months after rejection, provided that no legitimate interests on our part, for example in connection with a duty of proof in the sense of equal treatment, conflict with deletion. Should BDO retain your application file for future positions, you will be explicitly asked for your consent.

7. RETENTION period

We generally only retain your personal data for as long as is necessary for the purposes for which it was collected in accordance with this privacy policy. However, there may be times when we are required by law to retain certain data for a longer period of time. In this case, we will ensure that your personal data is treated in accordance with this privacy policy for the entire period.

8. Your rights

(1) You have the right to request information from us at any time and free of charge about the personal data we have stored about you, as well as about its origin, recipients or categories of recipients to whom this personal data is passed on and the purpose for which it is stored.

(2) You also have the right to demand that we correct, delete or restrict the processing of your personal data at any time. You also have the right to data portability.

(3) You also have the right to object to the processing of your personal data by us at any time.

(4) If you have given us consent to use personal data, you can revoke this consent at any time without giving reasons.

(5) Furthermore, you have the right to complain directly to the Liechtenstein data protection authority (www.datenschutzstelle.li).

(6) If you wish to exercise the above rights, please contact the address mentioned in paragraph 1.

9. Data security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge. These are adapted to the current state of the art.

10. amendments

In the context of the technical further development of our range of services as well as the legal framework, we will also adapt our data protection declaration on an ongoing basis. To this end, changes to the data protection declaration will be published on our website. Please therefore regularly read the respective current version of this data protection declaration. Subject to applicable law, any changes to the Privacy Policy will take effect as soon as the updated Privacy Policy is published. If we have already collected data about you and/or are subject to a legal duty to inform you, we will additionally inform you about material changes to our data protection declaration and ask for your consent should this be required by law.