Privacy Statements Gable Insurance AG in Liquidation

Data protection has a lot to do with protecting the trust you have in our company. Therefore, we only process such of your data that we really need. We do this by taking due diligence, not least to protect you from any misuse.

With these three Privacy Statements, we wish to provide you with an overview of the processing of your data and the rights you have according to the provisions of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Liechtenstein Data Protection Act (hereinafter referred to as “DPA”):

1. Privacy Statement: Filing of Claims

1.1. Name and address of the Controller and contact details of the Data Protection Officer

The Controller in terms of the GDPR is Gable Insurance AG in liquidation, represented by Batliner Wanger Batliner Rechtsanwälte AG, Am Schrägen Weg 2, LI-9490 Vaduz, Liechtenstein, office@bwb.li, phone no.: +423 239 78 78. You can contact our Data Protection Officer at dsb.gable@bwb.li or by sending a letter to our postal address by adding “der Datenschutzbeauftragte”/ (“the Data Protection Officer”).

1.2. Collection and storage of personal data as well as type and purpose of their use; legal bases (including legitimate interest)

We only process necessary data.

If you contact us, we particularly collect the following information:

  • creditor and address details (name, date of birth, private or business address, phone number, e-mail address);
  • identification data (policy numbers);
  • insurance information (insurance contracts, bank details, correspondence, court decisions).

Such data are collected for the following purposes:

  • to be able to identify you as our creditor;
  • to communicate with you;
  • for bankruptcy processing;
  • to meet statutory obligations (particularly arising from the Liechtenstein Persons and Companies Act, Law concerning the Professional Trustees and Fiduciaries, Law on Due Diligence, tax laws and tax agreements).

In general, data processing is carried out upon your request and, according to point (b) of Article 6(1) GDPR, it is required for the stated purposes (execution of the contract), for the adequate execution of our job and for the mutual fulfilment of obligations arising from the customer relationship.

Furthermore, your data are processed for the compliance with legal obligations (point (c) of Article 6(1) GDPR), particularly for complying with statutory and regulatory requirements (e.g. Data Protection Act, Insurance Supervision Act and Bankruptcy Regulations).

In addition, your data are processed in order to protect the legitimate interests pursued by us or by a third party (point (f) of Article 6(1) GDPR) for specified purposes, particularly for the processing for internal administrative purposes, to execute a contract with a third party, to guarantee IT security and IT operation as well as potentially the building and plant safety and for the defence against unjustified claims.

We reserve the right to further process personal data that were collected for one of the aforementioned purposes for the remaining purposes as well, if this is compatible with the original purpose or permitted and/or stipulated by a legal provision (e.g. any potential reporting obligations).

1.3. Recipients or categories of recipients of personal data

Within our company, employees are only allowed to process your data if they require them for the fulfilment of our contractual, statutory and regulatory obligations as well as for the protection of legitimate interests.

Your personal data are only forwarded to third parties where required for the provision of our services. Third parties include banks, insurance companies, lawyers, auditors or other cooperation partners and processors, e.g. in the IT services field.

If we are required to fulfil statutory or regulatory obligations, the following bodies in particular may receive personal data:

  • government authorities and public bodies (e.g. supervisory authorities, courts);
  • tax authorities;
  • authorities of third countries or international organisations.

1.4. Transmission of personal data to third countries

If we transfer personal data of creditors to another country, they are protected and transferred according to the statutory provisions. Transmission of data outside the European Economic Area takes place in Switzerland. The European Commission decided on 26 July 2000 that Switzerland provides reasonable data protection.

1.5. Origin of the data

The data are collected directly (e.g. during meetings or from correspondence with creditors; internal background checks) and partly by third parties (service providers or other third parties).

1.6. Duration of storage of personal data

The personal data collected by us for the engagement will be processed until the expiry of the statutory retention obligation (usually 10 years) and then erased, unless a longer retention is deemed necessary by us according to point (c) of Article 6(1) GDPR due to retention and documentation obligations under tax, corporate or regulatory law (particularly based on PGR [Liechtenstein Persons and Companies Act] or SteG [Liechtenstein Tax Act]/MwStG [Liechtenstein Value Added Tax Act]) or you have consented to longer-term storage according to point (a) of Article 6(1) GDPR. The further processing and storage may also take place for a longer period for reasons of preserving evidence, e.g. during the period of the applicable rules on limitation periods.

1.7. Automated decision-making

No automated decision-making is applied to the personal data of creditors. Should such procedures be used in individual cases, we will inform you as required by law.

1.8. Necessity of the data (point (e) of Article 13(2) GDPR)

We absolutely need the data stated in item 1.2 to be able to meet our duties as liquidator as well as the statutory obligations. Any non-provision of such data results in the rejection of your claim.

1.9. Your data protection rights

As a creditor, you are entitled to request information about your personal data at any time. You also have the right to rectification, data portability, objection, restriction of processing or erasure of incorrect and/or inadmissibly processed data.

Please notify us if your personal data change.

You have the right to withdraw any previously issued consent to the use of your personal data at any time.

If you are of the opinion that our processing of your personal data violates the applicable data protection law or that your data protection rights have been violated otherwise, you have the option to file a complaint with a supervisory authority, particularly in the EEA state of your residence, your workplace or the place of the alleged violation.

1.10. Valid version

This Privacy Statement is currently valid and was last updated in October 2019.

Due to the continued development of our website and the related offers and/or due to organisational adjustments within the company or due to amended statutory and/or regulatory requirements, it may become necessary to amend this Privacy Statement. You may retrieve and print the latest version of our Privacy Statement from our website at any time.

2. Privacy Statement for Business Partners

The protection of personal data of our contacts at suppliers and business partners is very important to Gable Insurance AG in liquidation. Therefore, the statutory provisions on the protection of personal data are of great significance.

2.1. Name and address of the Controller and contact details of the Data Protection Officer

See above, item 1.1.

2.2. Collection and storage of personal data as well as type and purpose of their use; legal bases (including legitimate interest)

We particularly collect the following categories of personal data:

  • contact details such as first name and surname, business address, business phone number, business mobile number and business e-mail address;
  • payment data such as details required for processing payment transactions or for fraud prevention;
  • further information that needs to be processed within the context of a project or the handling of a contractual relationship with Gable Insurance AG in liquidation or that is voluntarily provided by our contacts, enquiries made or project details;
  • information collected from public sources, information databases or credit agencies.

Such data are collected for the following purposes:

  • to communicate with business partners in connection with services and projects, e.g. to process enquiries made by the business partner;
  • to plan, execute and manage the (contractual) business relationship with the business partner, e.g. to process services;
  • to collect payments, for the purpose of accounting, billing and debt collection;
  • to maintain our services and our website, to prevent and uncover security risks, fraudulent behaviour and other criminal activities or acts carried out with malice;
  • to comply with legal requirements (e.g. retention obligations under tax and corporate law); and
  • to settle legal disputes, to enforce existing contracts and to assert, exercise and defend legal claims.

According to point (b) of Article 6(1) GDPR, the data processing is required for the stated purposes (execution of the contract or implementation of pre-contractual measures), for the adequate execution of our job and for the mutual fulfilment of obligations arising from the customer relationship.

Furthermore, your data are processed for the compliance with legal obligations (point (c) of Article 6(1) GDPR) or for the performance of a task carried out in the public interest (point (e) of Article 6(1) GDPR), particularly for complying with statutory and regulatory requirements (e.g. Data Protection Act, Insurance Supervision Act and Bankruptcy Regulations).

We reserve the right to further process personal data that were collected for one of the aforementioned purposes for the remaining purposes as well, if this is compatible with the original purpose or permitted and/or stipulated by a legal provision (e.g. any potential reporting obligations).

2.3. Recipients or categories of recipients of personal data

Personal data of business partners are collected by us exclusively for the fulfilment of our contractual, statutory and regulatory obligations for the purposes stated in item 2.2.

To this end, the following bodies may receive personal data:

  • external service providers and bodies:
    • insurance brokers
    • banks
    • asset managers
    • insurance companies
    • lawyers
    • auditors
    • suppliers
    • vendors
    • transport companies
    • sub-contractors
    • other cooperation partners
    • associations
    • domestic or foreign institutions of public interest

If we are required to fulfil statutory or regulatory obligations, the following bodies in particular may receive personal data:

  • government authorities and public bodies (e.g. supervisory authorities, courts)
  • authorities of third countries or international organisations.

2.4. Transmission of personal data to third countries

See above, item 1.4.

2.5. Origin of the data

The data are collected directly.

2.6. Duration of storage of personal data

The personal data are processed and stored during the ongoing business relationship in accordance with the statutory provisions. After the business relationship has ended, such data will be retained for 10 years in accordance with the relevant statutory provisions (PGR [Liechtenstein Persons and Companies Act], ABGB [Liechtenstein General Civil Code]). Such data will only be stored for a longer time if this is required due to statutory or contractual retention obligations or for the purpose of proof in line with the rules on limitation periods.

2.7. Automated decision-making (Article 22 GDPR)

See above, item 1.7.

2.8. Necessity of the data (point (e) of Article 13(2) GDPR)

We absolutely need the data stated in item 2.2. Any non-provision of such data results in the failure to establish or the termination of a business relationship.

2.9. Your data protection rights

See above, item 1.9.

2.10. Valid version

See above, item 1.10.

3. Privacy Statement for the Use of Our Website

3.1. Name and address of the Controller and contact details of the Data Protection Officer

See above, item 1.1.

3.2. Description and scope of our website, provision of our website

In the case of merely informative use of the website, i.e. if you do not register or otherwise provide us with information, we will only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data, which is technically necessary for us so that we are able to display our website and ensure its stability and security:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Contents of the request (specific page)
  • Access status/HTTP status code
  • The transferred data volume
  • Website from which the request originates
  • Browser
  • Operating system and its interface
  • Language and version of the browser software.

We save this information in line with legal requirements. Storage takes place on the grounds of data security, in order to ensure the stability and operational safety of our system.
The legal basis is the first sentence of point (f) of Art. 6(1) GDPR.

We make use of “Google Analytics”, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, on our website in order to evaluate the way in which it is used. Google Analytics uses cookies, which will be stored on your computer. The information which they contain regarding the visitor’s use of the website and of the internet can be processed and evaluated by Google. If necessary, the data collected by Google will be transferred by Google to states outside the EU and the EEA, to the USA in particular. However, Google has agreed to comply with the Privacy Shield Framework. You can find out more information about your rights at https://ec.europa.eu/info/law/law-topic/data-protection_en.

In addition, we ensure that your IP address is anonymised before it is transferred to Google.

The legal basis for the use of Google Analytics is the first sentence of point (f) of Art. 6(1) GDPR.

3.3. Cookies

We make use of cookies on our website in order to design our offer to be more user-friendly. Cookies are small files which are automatically created by your browser and which are saved on your end device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies are stored on your end device until you delete them. In this way, we are able to recognise your browser upon your next visit.

If you do not want this to happen, you can adjust your browser settings so that you are informed about the use of cookies and may only allow them to be used on a case-by-case basis. However, we would like to point out that a deactivation of cookies will lead to you not being able to make use of all functions of our website. The legal basis for the processing of data through cookies is the first sentence of point (f) of Art. 6(1) GDPR.

Temporary cookies are valid for the duration of the session, and are subsequently deleted by your browser. Permanent cookies remain intact according to your own browser specifications, or until these are manually deleted.

3.4. Newsletter

If you register for our newsletter, we immediately send an email containing a hyperlink to the email address provided. By clicking on this link, you confirm your registration for our newsletter (double opt-in procedure). Should this confirmation of registration not occur, we delete the email address from our temporary list, and no registration takes place.

Should you confirm your registration to the newsletter, you consent to the storage of your email address, including the date of registration, IP address, as well as the list name of the desired newsletter. We only make use of your email address and the personal data which was collected at the same time, such as title, surname, first names, country, policy number, email address, date of birth, and telephone number, for the purposes of administration and for sending you the newsletter as desired.

The legal basis for the storage of this data is the first sentence of point (a) of Art. 6(1) GDPR.

Our newsletters contain no obvious or hidden counters, third-party advertisements, or links to external sites which are not directly connected to the content of our newsletter. Each newsletter contains information on how you can unsubscribe from the newsletter.

3.5. Downloads from our website

We do not demand any personal information from you in order to be able to download files from our website.

3.6. Valid version

See above, item 1.10.