PRIVACY POLICY
OF THE CONSILIA INSTITUTE

Data protection has a lot to do with protecting the trust you place in our company. That is why we only process the data about you that is necessary. We do this with due care, not least to protect you from possible misuse.

With these two data protection declarations (website and customers), we would like to give you an overview of the processing of your data and the rights to which you are entitled in accordance with the provisions of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Liechtenstein Data Protection Act (hereinafter referred to as “DPA”):

CONSILIA ANSTALT’S PRIVACY POLICY
for the use of the website

1. name and address of the controller and contact details of the data protection officer

The controller within the meaning of the GDPR is Consilia Anstalt, Pflugstrasse 20, 9490 Vaduz, Liechtenstein, info@gantengroup.com, Tel.: +423 388 28 88.

You can contact our data protection officer at datenschutz@gantengroup.com with the subject “Data protection” or at our postal address with the addition “The data protection officer”.

2. general information on data processing

Scope of the processing of personal data

Our processing of our users’ personal data is limited to the data required to provide a functional website and our content and services. The processing of our users’ personal data only takes place for the purposes agreed with them or if there is another legal basis (within the meaning of the GDPR). We only collect personal data that is actually required for the performance and processing of our tasks and services or that you have voluntarily provided to us.

Your rights (data subject rights)

As a data subject, you have the right to information about your personal data, in particular its origin and recipients and the purpose of the data processing. You also have the right to rectification, data portability, objection, restriction of processing or erasure of incorrect or unlawfully processed data.

You have the right to withdraw your consent to the use of your personal data at any time. The assertion of your right to information, deletion, correction, objection and/or data transfer can be directed to the address stated in section 1 of this declaration.

If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or your data protection claims have been violated in any other way, you have the option of lodging a complaint with a supervisory authority, in particular in the EEA state of your place of residence, your place of work or the place of the alleged violation. In Liechtenstein, the data protection authority is responsible for this.

3. description and scope of data processing

Provision of the website

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected:

• Information about the browser type and version used
• Operating system of the user
• Internet service provider of the user
• IP address of the user
• Date and time of access
• Website of origin

This information is only used to display the website and is not stored. Processing is carried out for reasons of data security in order to ensure the stability and operational security of our system. The legal basis is Art. 6 para. 1 lit. f GDPR.

We do not carry out our own web analyses on our website and do not use any web analysis tools. This means that the aforementioned visitor and usage data is not analyzed.

Cookies

We do not use cookies on our website.

Contact form/e-mail

If you fill out a contact form or send us an e-mail or other electronic message, your details will only be stored for the purpose of processing the inquiry or related correspondence and will only be used in the context of the inquiry.

The legal basis for processing your request is Art. 6 para. 1 lit. b GDPR.

File downloads

We do not require any personal information from you in order for you to download files from our website.

Google Fonts

We use Google Fonts for the uniform display of fonts. When a page is called up, the user’s browser loads the required web fonts into its own browser cache in order to display texts and fonts correctly. These web fonts are stored locally on our servers. No connection is established to the Google servers.

Google Maps

We do not use Google Maps to display a map. When a page is called up, the map is automatically blocked and no connection to Google’s servers is established. The map is only loaded if you actively agree. Only at this point does the user’s browser establish a connection to Google’s servers. This informs Google that our website has been accessed from the user’s IP address.

The integration of Google Maps is necessary for the needs-based design of our website. This is also our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

Google LLC is responsible for further data processing. Further information on how Google handles your data can be found at: https://policies.google.com/privacy?hl=de and at https://developers.google.com/fonts/faq.

Current version, May 2025

CONSILIA ANSTALT’S PRIVACY POLICY
for customers

Data protection has a lot to do with protecting the trust you place in our company. That is why we only process the data about you that is necessary. We do this with due care, not least to protect you from possible misuse.

With this privacy policy, we would like to give you an overview of the processing of your data and the rights to which you are entitled under the provisions of the General Data Protection Regulation (hereinafter referred to as “GDPR”) and the Liechtenstein Data Protection Act (hereinafter referred to as “DPA”):

1. name and address of the controller and contact details of the data protection officer

The controller within the meaning of the GDPR is Consilia Anstalt, Pflugstrasse 20, 9490 Vaduz, Liechtenstein, info@consilia.li, Tel.: +423 388 28 88.

You can contact our data protection officer at datenschutz@gantengroup.com with the subject “Data protection” or at our postal address with the addition “The data protection officer”.

 

2. collection and storage of personal data and the nature and purpose of their use, legal basis

We only process the necessary data, which may differ depending on the group of persons concerned.

When you contact or commission us, we collect the following information in particular:

• Client and address data (name, date of birth, private and business address, nationality, profession, telephone number, e-mail address);
• Identification data (identification documents, including copies of passports or ID cards, utility bills, tax numbers, authentication data, including specimen signatures);
• Data relevant to due diligence (contractual partners, identification of beneficial owners, profile of the business relationship with information on professional and personal background such as profession and hobbies, World Check data, clarifications in accordance with the DDA)
• Mandate information (company documents, bank documents, correspondence, SPG documents, tax data, board resolutions);
• Accounting data (transaction and booking information);
• Correspondence;
• Legal entity data (articles of association, by-laws, certificates, mandate agreements, signing authorizations);
• Tax reporting data (FATCA, AEOI, LDF reports).

This data is collected,

• to be able to identify you as our customer;
• for correspondence with you;
• to provide you with appropriate advice, to provide our services or to fulfill our mandate with you or third parties (mandate management, auditing function, fulfillment of legal and voluntary accounting obligations);
• to fulfill legal obligations (in particular under personal and company law, trustee law, due diligence law, tax laws and agreements);
• for invoicing.

Data processing is generally carried out at your request and is required in accordance with Art. 6 para. 1 lit. b GDPR for the purposes stated (fulfillment of a contract or for the implementation of pre-contractual measures) for the appropriate processing of our order and for the mutual fulfillment of obligations arising from the customer relationship.

Your data will also be processed to fulfill legal obligations (Art. 6 para. 1 lit. c GDPR) or in the public interest (Art. 6 para. 1 lit. e GDPR), in particular to comply with legal and regulatory requirements (e.g. DSG, Trustee Act, due diligence, money laundering and market abuse regulations, tax laws and agreements).

In addition, your data will be processed to protect the legitimate interests of us or third parties (Art. 6 para. 1 lit. f GDPR) for specifically defined purposes, in particular processing for internal administrative purposes, to fulfill a contract with a third party, to ensure IT security and IT operations and, if necessary, building and system security and to defend against unjustified claims.

We reserve the right to continue processing personal data collected for one of the above purposes for other purposes if this is compatible with the original purpose or is permitted or required by law (e.g. any reporting obligations).

3. recipients or categories of recipients of the personal data

Within our company, employees may only process your data if they need it to fulfill our contractual, legal and regulatory obligations and to protect legitimate interests. Third parties may also receive personal data for these purposes, including banks, asset managers, insurance companies, lawyers, auditors, dealers, transport companies or other cooperation partners or processors, for example in the area of IT services.

Your personal data will only be passed on to third parties if this is necessary for the provision of our services.

If we have to fulfill legal obligations, the following bodies in particular may receive personal data from us:

• Official bodies and public authorities (e.g. supervisory authorities, courts);
• Tax authorities;
• Authorities of third countries or international organizations.

4. transfer of personal data to third countries

If we transfer personal data of clients to another country, it will be protected and transferred in accordance with the statutory provisions. Data is transferred outside the European Economic Area with the following guarantees in particular:

• According to the European Commission, the country to which we send personal data offers an adequate level of protection for personal data;
• The transfer is necessary to carry out pre-contractual measures or to fulfill a contract or you have given us your express consent (e.g. in the context of special services) or the transfer is necessary for important reasons of public interest or required by law.

5. origin of the data

The data is collected directly (e.g. during meetings or as part of correspondence with clients; internal background and due diligence checks) and in some cases by third-party service providers (e.g. banks), from publicly accessible sources or from other data subjects.

6. duration of the storage of personal data

The personal data collected by us for the assignment will generally be processed until the expiry of the statutory retention obligation (usually 10 years) and then deleted, unless we deem longer storage necessary in accordance with Art. 6 para. 1 lit. c GDPR due to tax, company or supervisory law retention and documentation obligations (in particular from PGR, SPG or SteG/MwStG) or you have consented to further storage in accordance with Art. 6 para. 1 lit. a GDPR. Further processing and storage may also take longer for reasons of preserving evidence, for example for the duration of the applicable statute of limitations.

7 Automated decision making

No automated decision-making takes place with the personal data of clients. If such procedures are used in individual cases, we will inform you to the extent required by law.

8. necessity of the data (Art. 13 para. 2 let. e GDPR)

We require the data listed in section 2 in order to be able to offer you our services to the extent requested by you and in compliance with legal obligations. Failure to provide this data will result in the non-establishment or termination of the business relationship, in addition to any statutory reporting obligations to the competent supervisory authorities.

9. your data protection rights

As a customer or generally as a data subject, you have the right to information about your personal data, in particular its origin and recipients and the purpose of data processing, at any time, while maintaining fiduciary secrecy. You also have the right to rectification, data portability, objection, restriction of processing or erasure of incorrect or inadmissibly processed data.

If there are any changes to your personal data, please inform us accordingly.

You have the right to withdraw your consent to the use of your personal data at any time. The assertion of your right to information, deletion, correction, objection and/or data transfer can be directed to the address stated in section 1 of this declaration.

If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or your data protection claims have been violated in any other way, you have the option of lodging a complaint with a supervisory authority, in particular in the EEA state of your place of residence, your place of work or the place of the alleged violation. In Liechtenstein, the data protection authority is responsible for this.

10th valid version

This privacy policy is currently valid.

Due to the further development of our website and offers on it or organizational adjustments within the company or due to changed legal or official requirements, it may become necessary to change this privacy policy. The current privacy policy can be accessed and printed out on our website at any time.

Valid version. May 2025