Data Protection Declaration
The protection of your personal data is very important to us. For this reason we process your data exclusively on the basis of the statutory provisions (General Data Protection Regulation “GDPR”, Data Protection Act “DSG”).
This data protection notice is designed to inform you about the most important aspects of the processing of your personal data that is collected within the context of the use of our website, social media profile, mobile apps or other web applications. In addition, a number of precautions are explained that safeguard the confidentiality of the transmitted data and serve to protect your privacy.
This Data Protection Declaration applies to the website of Sora Bank AG. We reserve the right to amend this Data Protection Declaration without prior notice in order to bring it into line with changed legal circumstances or in the event of changes to our range of services or data processing. Amendments come into force once they have been published on our website. Individual pages may contain links to other providers within and outside Sora Bank AG that are not covered by the Data Protection Declaration. We assume no liability whatsoever for this content.
Contact with us
If you contact us using the form on the website or by e-mail, the data you provide will be processed by us for the purpose of processing the enquiry and possible follow-up questions.
We collect, process and use personal data on our websites in order to provide you with even better products and services, to focus our business processes even more strongly on our clients and to ensure efficient access to product information and online banking applications.
Web analysis, targeting and cookies
Our website uses so-called cookies. These are small text files that are deposited on your device with the help of your browser. They do not cause any damage, but instead serve to facilitate the use of the pages and to customise these.
Certain cookies remain saved on your device until you delete these. They enable us to recognise your browser next time you visit. These include, for example, cookies that are technically necessary for the function of our website or of a service or option requested by you, e.g. a cookie that “remembers” your personal settings such as the selected language etc.
The use of Google Analytics
The website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are saved on your computer and facilitate analyses of your use of the website. As a rule, information about your use of this website generated by the cookie will be forwarded to a Google server in the USA, where it will be saved. In the event of IP anonymisation being activated on this website, however, your IP address will first be abbreviated by Google within the member states of the European Union or in other European Economic Area member states. The full IP address will be forwarded to a Google server in the USA only in exceptional cases, where it will be abbreviated. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage. The IP address forwarded by your browser within the context of Google Analytics will not be merged by Google with other data. You can prevent the saving of cookies by setting your browser software accordingly; however, we point out that in this event you may not be able to fully utilise all the functions of this website. You may furthermore prevent the recording of the data generated by the cookie that relates to your use of the website (incl. your IP address) by Google as well as the processing of this data by Google by downloading and installing the browser add-on from this following link: (http://tools.google.com/dlpage/gaoptout?hl=en).
Further information about the terms and conditions of use as well as data protection is available under www.google.com/analytics/terms/gb.html or underwww.google.com/analytics/learn/privacy.html. We draw your attention to the fact that on this website Google Analytics has been extended by the code “gat._anonymizeIp();” in order to ensure the anonymised collection of IP addresses (so-called IP masking).
We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. If you do not want this to happen, you can deactivate this using the relevant settings (https://www.google.com/settings/ads/onweb/?hl=en).
In addition, targeting service providers may place temporary cookies on the hard disk of your PC or on your mobile device when certain of our pages are visited. These are automatically deleted after a specific period of time has elapsed. These cookies contain a mechanically generated alphanumerical identifier that does not permit any inferences to be made about your person or the IP address of your computer. You can prevent the use of the targeting cookies by setting your browser to stop cookies being stored.
As a rule, anonymised data is collected with the help of the aforementioned cookies, making it possible to analyse the use of our website.
A cookie needs to be installed on your device in order to enable you to share the content of our website using social media channels such as Facebook or Twitter etc. When these functions are used, responsibility for the subsequent data processing lies with the corresponding company. For further information, see their guidelines.
Control of cookies
As described above, cookies help you to make the most of the functions of our website. Insofar as cookies are used for web analysis purposes, tracking etc., you will be expressly called upon to accept these (opt-in) before installation.
Our website can be visited even if cookies are excluded. If you deactivate or do not permit cookies, however, the function of our website may be restricted. If you do not want cookies, you may use browser settings to be kept informed about the placement of cookies, enabling you to permit this only on a case-by-case basis. In addition, you can set your web browser in such a way that this automatically deactivates cookies. Please note that most browsers offer different opportunities to protect your private sphere. As a rule, instructions for managing cookies on your browser are found under the help function of the browser or in the operating instructions of your smartphone.
Linking of third-party services and content as well as the use of plugins
Third-party content may be embedded in our websites, for example Twitter, Facebook, Videos on YouTube, map material from Google Maps or graphics from other websites (so-called external embedded components or plugins/widgets). This always requires the providers of this content to use the IP address of the user, because without the IP address no content can be sent to the browser of the user. By clicking on the respective symbol, you agree to communicate with the respective platform and to the transfer of information to the respective service provider. We have no influence over the scope of the data that the social network collects with the help of the button. According to our information, by embedding the plugins the social network receives merely the IP address of the user and the information that a user visited the corresponding page (URL of the respective website). When the function is used, responsibility for the subsequent data processing lies with the corresponding company. Please see the data protection notices of the selected service provider concerning the respective use of your data.
We draw your attention to the fact that when our website is visited, the website operator stores the IP data of the connection owner. Under certain circumstances (via corresponding input masks) personal information such as the name and address of the website user may also be collected.
We collect, use and process personal data that is required to fulfil the contract or when initiating business contacts or on the basis of your express consent, which may also be declared electronically (e.g. when requesting brochures). Once issued, a declaration may be revoked at any time with effect for the future. Personal data that is disclosed to us via our website shall be stored only until the purpose for which it was entrusted to us has been fulfilled. In the event of the conclusion of a contract, all data arising out of the contractual relationship shall be stored until the end of the statutory storage periods.
The information collected on this website shall be forwarded to the responsible unit within the bank once you have entered this data. Banking secrecy as well as the confidentiality of the data will continue to be safeguarded. The data shall not be transferred to any third party, insofar as this is not for example necessary to fulfil brochure requests (e.g. dispatch of brochures by a service provider). Personal data shall be used only in accordance with the purpose arising out of the respective page of our website on which the data was collected from you. Pages on which we collect personal data are normally indicated by the encryption symbol that is integrated in your browser. The use of state-of-the-art security software and certified coding and encryption procedures means that our IT infrastructure complies with international security standards. Our bank has implemented extensive additional security precautions and technical as well as organisational measures to protect your data from loss, unauthorised access or misuse in accordance with state-of-the-art technology for internet access to bank accounts and securities accounts.
Irrespective of the measures that have been implemented to protect your data, data protection and confidentiality may be limited in the case of universally accessible media. When the internet is used as a transfer medium by a computer, mobile telephone or other device, it is inherently the case that third parties may potentially obtain access to your data, enabling inferences to be drawn about any possible existing business relationships, or enabling personal data to flow to third-party states without our involvement.
We also wish to point out that particularly sensitive information and data, in particular personal or account data, should be sent only using secure communication channels. The inputting and/or transfer of personal or business data within the context of our website or other digital services is performed – in the knowledge of the associated risks – on a voluntary basis and waiving corresponding security. Any possible liability for direct and indirect damage that occurs in conjunction with the use of our website and the digital services or its content is comprehensively rejected.
You are essentially entitled to the right of access, rectification, erasure, restriction, data portability, revocation as well as the right to complain to the Data Protection Authority. Details about your rights as well as further information in addition to this web-specific data protection information are set out in the Data Protection Declaration pursuant to the EU General Data Protection Regulation. Further details about the GDPR are available under https://www.datenschutz-grundverordnung.eu or https://www.gesetze.li.
If you believe that the processing of your data breaches data protection law, or if you would like further information about your statutory data protection rights, you can contact us using the following contact data:
Sora Bank AG
Data Protection Officer
9490 Vaduz, Liechtenstein
Data Protection Notice
EU General Data Protection Regulation and Data Protection Act
Valid from: Mai 2018
Applicability: Clients and potential clients
In this Data Protection Notice we aim to provide you with an overview of the processing of the personal data held by the Bank and the resultant rights pursuant to the provisions of the EU’s new General Data Protection Regulation (GDPR). Which individual data is pro-cessed and the way in which it is used is chiefly determined by the respective agreed services and products to be provided. The Bank is obliged under banking secrecy requirements to protect your privacy and observe confidentiality. For this reason, all processing of personal data is subject to a large number of technical and organisational data protection policies.
During the course of our business relationship we are dependent on the processing of per-sonal data in order to instigate and conduct the business relationship, as well as to comply with our associated statutory and contractual duties, to provide services and execute in-structions. As a rule, without this data we would be unable either to enter into or to maintain a business relationship, nor would we be able to execute instructions or offer services and products.
Should you have any questions regarding individual instances of data processing or wish to exercise your rights, please contact: Controller:
Sora Bank AG
9490 Vaduz, Liechtenstein
Data protection officer’s contact details:
Sora Bank AG
Data Protection Officer
9490 Vaduz, Liechtenstein
1. What data is processed (categories of data) and what source does it derive from (source)?
We collect and process personal data which we obtain during the course of our business relationships with our clients. Personal data may be processed at any stage of the business relationship and may differ depending on the group of persons concerned.
In general we process the personal data you furnish us with via contracts, forms, your correspondence or other documents. In so far as necessary for the provision of a service, we also process personal data which is generated or transmitted through the use of products or services, or which we legitimately receive from third parties (e.g. a credit agency), from public bodies (e.g. UN and EU sanction lists) or from other companies within the Ma-son Group. Finally, personal data from public sources (e.g. debitors lists, land registers, commercial registers and registers of association, the press, the Internet) can be processed.
Apart from client data we may also process the personal data of other third parties who are involved in the business relationship, for instance details of authorised agents, repre-sentatives, card holders, co-obligors of loans, guarantors, legal successors or economic beneficiaries from a business relationship. Please ensure that these parties too are aware of the present data protection notice.
By personal data we mean in particular the following categories of data:
- Personal details (e.g. name, date of birth, nationality)
- Address and contact details (e.g. address, telephone number, email address)
- Identification data (e.g. passport or ID-card data) and authentication data (e.g. signature sample)
- Information on services and products used plus order and risk management data (e.g. payment information, investment experience and investment profile, turnover data re payment transactions, information on compliance with duties of care and re money laundering prevention)
- Other master data and information on the business relationship (e.g. account, contract or portfolio numbers and contract durations, tax number(s), information on spouses or life partners and other family details, on authorised agents or legal representatives)
- Information on the financial situation and vocational and personal background (e.g. solvency data, origin of assets and needs, hobbies, wishes, preferences)
- Technical data and information generated from your contacts (e.g. records of consultancy meetings) or electronic transactions with the Bank (e.g. records of access or changes)
- Image and sound data (e.g. video or telephone call recordings)
- Data from public sources (e.g. debtors lists, land registers, commercial registers and registers of association)
2. For what purposes and on what legal basis will your data be processed?
We process personal data in conformity with the provisions of the GDPR as well as the Da-ta Protection Act (DPA) for the following purposes, and on the legal basis set forth below (cf. Article 6 paragraph 1 GDPR):
- For the performance of a contract or in order to take steps prior to entering into a contract in connection with the provision and brokering of bank transactions and financial services and for the execution of instructions. The purposes of the data processing are chiefly determined by the specific service or specific product involved (e.g. account, credit, securities, deposits, brokerage), and may comprise such activities as needs analysis, consultancy, asset management and support, as well as the execution of transactions.
- For compliance with a legal obligation or in the public interest, in particular compliance with statutory requirements or provisions of supervisory law (e.g. compliance with the GDPR, the DPA, the Banking Act, duty of care and money laundering provisions, market abuse provisions, tax laws and treaties, monitoring and reporting duties, risk management).
- For the purposes of upholding our legitimate interests or those of third parties for spe-cifically defined purposes, in particular to determine solvency, set up and liquidate col-lateral, pursue claims, develop products, for marketing and advertising, auditing and managing risk, reporting, statistics and planning, preventing and investigating criminal acts, video surveillance to uphold house rules and defend against dangers, recordings of telephone calls.
- Due to the consent you grant us to provide bank transactions and broker financial services or due to instructions you have given us, for instance the forwarding of data to Group companies, service providers or the Bank’s contractual partners. You are entitled to withdraw your consent at any time. This also applies to the withdrawal of declarations of consent made to the Bank prior to the entry into force of the GDPR, that is before 25 May 2018. Said withdrawal of consent only has future effect and does not affect the lawfulness of any data processing carried out prior to said withdrawal.
We reserve the right also to process personal data which was collected for one of the purposes set out above for other purposes, provided doing so is compatible with the original purpose, or permitted or prescribed by law (e.g. reporting duties).
3. Who receives access to the personal data and how long will it be stored?
Bodies both within and external to the Bank may receive access to your data. Within the Bank, bodies or personnel many only process your data in so far as this is necessary to comply with our contractual, statutory or supervisory law obligations as well as to uphold legitimate interests. In due compliance with bank client secrecy and data secrecy requirements, other Group companies, service providers or vicarious agents may receive personal data for these purposes. Processors of orders may include undertakings in the categories banking services, distribution agreements, IT services, logistics, printing services, debt collection, advice and consultancy, as well as sales and marketing. Moreover, recipients of your data in this connection may include banking and financial service institutions or comparable entities, to which we will transmit personal data in conducting the business relationship (e.g. correspondent banks, custodian banks, brokers, stock exchanges, information centres).
A statutory obligation, or one under supervisory law, may mean that public bodies and institutions (e.g. supervisory or tax authorities etc.) receive your personal data.
The transmission of data to countries outside the EU and the EEA (third countries) only occurs if necessary in order to take steps prior to entering into a contract or for the performance of a contract, the provision of services or execution of instructions (e.g. execution of payment orders and securities transactions or issuing a credit card), if you have granted us your consent (e.g. to customer care by another of the Bank’s Group companies), if it is necessary for a compelling reason of public interest (e.g. to prevent money laundering) or if it is prescribed by law (e.g. reporting duties under tax law).
We process and store the personal data throughout the business relationship, except where shorter binding erasure obligations exist for certain data. Here it should be noted that our business relationships may be set up to last for years. Furthermore, the duration of storage is determined by the necessity for and purpose of the data processing in question. Once the data is no longer necessary for the fulfilment of contractual or statutory duties or to uphold our legitimate interests (achievement of purpose), or if consent is withdrawn, the data is regularly erased unless its further processing is necessary in compliance with contractual or statutory storage periods and duties to keep records, or for reasons of retention of evidence throughout applicable limitation periods.
4. Does automated decision-making take place, including profiling?
Generally our decision-making is not founded on the exclusively automated processing of personal data. If we do use this process in individual cases you will be informed of the fact separately whenever doing so is prescribed by law.
However, in some lines of business personal data is processed automatically, at least in part. This is done with the aim of evaluating certain personal aspects in cases required by law and regulatory provisions (e.g. money laundering prevention), to analyse needs for services and products, in connection with granting credit, to assess affordability and your solvency, as well as in the field of risk management.
The Bank reserves the right henceforth to analyse and evaluate client data (including data on affected third parties) in an automated fashion in order to detect clients’ key personal characteristics, predict future developments and create client profiles. In particular, these serve the purpose of auditing, providing individual advice and preparing offers and information which the Bank or its Group companies may make available to clients. Client pro-files may also in future lead to automated individual decision-making, e.g. in order to accept and execute client instructions automatically during e-banking.
The Bank will ensure that a suitable contact person is available should the client wish to comment on an individual automated decision and the right to make such comment is pre-scribed by law.
5. What data protection rights do you have?
With respect to personal data concerning yourself, you have the following data protection rights (cf. Article 7 and Articles 15 to 21 GDPR):
- Right of access: You can always require the Bank to inform you as to whether and to what extent your personal data is being processed (e.g. categories of processed personal data, processing purpose, etc.).
- Right to rectification, erasure and restriction of processing: You have the right to demand the rectification of inaccurate or incomplete personal data. Moreover, your personal data must be erased if the data is no longer needed for the purposes for which it was collected or processed, if you have withdrawn your consent or if the data has been unlawfully processed. You also have the right to demand the restriction of processing.
- Right of withdrawal: You are entitled at any time to withdraw your consent to the pro-cessing of your personal data for one or more specific purposes provided the processing is founded on your express consent. This also applies to the withdrawal of declarations of consent made prior to the entry into force of the GDPR, that is before 25 May 2018. Please note that said withdrawal of consent only has future effect. It does not affect any data processing carried out prior to said withdrawal, nor does it have any effect on data processing performed on other legal grounds.
- Right to data portability: You have the right to receive the personal data concerning you, and which you have provided to the controller, in a structured, commonly used and machine-readable format and to transmit this data to another controller.
- Right to complain: You have the right to lodge a complaint with the competent supervisory authority in Liechtenstein. You may also appeal to the supervisory authority of another EU or EEA member state, for instance at your place of residence or work, or at the place of the putative infringement.
The contact details of the competent data protection authority in Liechtenstein are as follows:
Kirchstrasse 8, Postfach 684, FL-9490 Vaduz, Fürstentum Liechtenstein
Telefon Nr. 00423 236 60 90; E-Mail: email@example.com
Information concerning your right of withdrawal
You have the right to object in an informal manner to the data processing in individual cases on grounds relating to your particular situation, unless said processing is in the public interest or is being done to uphold the legitimate interests of the Bank or a third party.
Furthermore, you have the right to raise objection in an informal manner to the use of personal data for marketing purposes. If you object to the processing of your personal data for direct marketing purposes, we will no longer process your personal data for this purpose.
Requests for access or withdrawal should preferably be made in writing to the data protection officer. The data protection officer is also available as your contact person in relation to all other matters concerning data protection law.
We reserve the right to change or adapt this Data Protection Notice from time to time and to publish it on our website. You can find the date the current version was published at the start of this Data Protection Notice.