Legal Notice | Data Protection
Data protection is important to us. Below, we would like to explain what regulations apply, which obligations we must comply with when handling your data, and what your rights are in this matter.
Party responsible for data processing and contact details of the party responsible as defined in the data protection law:
AIQU TAX GmbH
1c, rue Gabriel Lippmann, L-5356 Munsbach
(hereinafter also referred to as the “Company”).
Contact details of our data protection officer:
What Is It All About?
This information on data protection takes into account the EU General Data Protection Regulation (“Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”, “GDPR”) applicable as of 25 May 2018, including the definitions outlined in the GDPR.
As controller, AIQU TAX GmbH processes automated personal data of natural persons in compliance with data protection regulations according to the GDPR.
Pursuant to Article 4(1) of the GDPR “personal data” is defined as follows:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;”.
According to Article 4(2) of the GDPR “processing” is defined as follows:
“any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;”.
Under Article 4(6) of the GDPR “filing system” is defined as follows:
“any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;”.
In accordance with Article 4(7) of the GDPR “controller” is defined as follows:
“the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;”.
What Happens to the Data?
The Company processes personal data of natural persons which have been made available to the Company, e.g. also if such data is transmitted to us via our website.
If the required personal data are not provided, the Company will not be able to make any agreements with the stakeholders or process any of their enquiries.
In addition, if the Company collects personal data from the data subject, the Company discloses at the time when personal data are obtained whether the provision of such information is a statutory or contractual requirement, or whether it is required to enter into a contract. In that regard, the Company generally identifies any information which has been provided on a voluntary basis and is not subject to one of the previously mentioned obligations or required to enter into a contract.
The Company processes the personal data of data subjects in compliance with the applicable data protection regulations for the following purposes:
- the execution of contracts with clients;
- the organization and performance of activities;
- the management of the companies register;
- accounting, the implementation and processing of subscriptions, the redemption, conversion and transfer of shares, and distributions to shareholders;
- the fight against fraud and during legal disputes; and
- the compliance with legal obligations and applicable identification rules relating to the laws on the fight against money laundering and terrorism financing, the requirements set by local or foreign regulatory or law enforcement authorities, tax identification and the transfer of tax information (where mandated by law), in particular pursuant to Council Directive 2011/16/EU of 15 February 2011 on administrative cooperation in the field of taxation and repealing Directive 77/799/EEC (as amended by Council Directive 2014/107/EU), the CRS, FATCA as well as the applicable IGA between Luxembourg and the United States, and any other information and disclosure obligations of the Company or the sub-fund.
The legal bases pertaining to processing are the following:
- Article 6(1) b) of the GDPR for the purposes set out under a) – d) (see above);
- Article 6(1) f) of the GDPR for the purposes set out under e) (see above);
- Article 6(1) c) of the GDPR for the purposes set out under f) (see above).
Generally, the Company will process personal data by itself or by contracted service providers. In either case, the following principles are taken into account.
Depending on the type of personal data, only certain departments/organizational units can access personal data. Due to a role and authorization concept, access is limited to such functions and scope that are required for the particular purpose of processing.
In accordance with legal confidentiality restrictions, the Company has assigned the processing of personal data to one or several processors.
Furthermore, data will only be transferred if and insofar as the Company is required to do so under applicable laws and regulations or following a mandatory court or administrative order or decision, e.g. vis-à-vis public administrations and local or foreign state and judicial authorities, including all competent supervisory authorities.
Subject to legal confidentiality restrictions, the Company may also disclose personal data to recipients where this is necessary for the purposes specified in this legal notice.
What Are the Rights of Data Subjects?
At any time, every data subject has the right to request from the Company information on the stored personal data concerning the data subject and obtain a rectification thereof if this information is inaccurate or incomplete. Also, the data subject can request the restriction of processing.
In addition, every data subject has the right to object to the processing of his or her personal data provided that the Company does not have an overriding interest in processing.
Moreover, every data subject has the right to withdraw his or her consent to the processing of his or her personal data at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
The data subject also has the right to request erasure of stored personal data concerning the data subject if:
- knowledge of it is no longer necessary for fulfilling the purpose pursued with the storage;
- the data subject withdraws consent on which processing is based, and there is no other legal ground for the processing;
- the personal data have been unlawfully processed; or
- personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the Company is subject.
As of 25 May 2018, the data subject also has the right to obtain his or her personal data that he or she provided, which the Company processes on the basis of a consent or where processing was necessary for the conclusion or performance of a contract, in a structured, commonly used and machine-readable format or request the transfer to a new controller (right to data portability).
For questions about processing of their personal data by the Company or in order to exercise their above-mentioned rights, data subjects may contact the Company at any time by using the contact details found in this information on data protection.
Every data subject has the right to lodge a complaint with a supervisory authority.
The Company can store personal data for as long as it has a legitimate interest in the storage of these data, and as long as such interest overrides the interest of the data subject to discontinue data storage. Even in cases where the Company does not have an overriding interest in the storage of data, such data may still be stored if it is required by law (e.g. in accordance with legal retention obligations). In such cases, personal data will be solely stored in order to comply with statutory requirements and made unavailable for any other purpose.
The Company will delete personal data in compliance with applicable data protection regulations even without the intervention from the data subjects as soon as knowledge of such data is no longer necessary for fulfilling the purpose pursued with the storage, or if its storage is inadmissible on other legal grounds.