Data Protection

Data Protection

This policy informs data subjects about the processing of their personal data by Marxer Legal, in accordance with Regulation (EU) 2016/679 (GDPR), applicable in Liechtenstein as an EEA member, and the Liechtenstein Data Protection Act (Datenschutzgesetz, DSG).

1. Controller

Maximilien Marxer, Austrasse 15, 9490 Vaduz, Liechtenstein.
E-mail: rgpd@marxer.legal · Telephone: +423 232 02 02

2. Scope

This policy covers browsing on this website as well as the processing related to our services as lawyer, notary, fiduciary and workspace provider.

3. Categories of persons and data

Website visitors (connection data); clients and prospects (identity, contact details, file data, financial and asset-related data, beneficial owners); correspondents; job applicants. Depending on the matter, special categories of data (Art. 9 GDPR) may be processed, only where necessary for the engagement.

4. Purposes and legal bases (Art. 6 GDPR)

Performance of engagements and services: Art. 6(1)(b) (contract). Legal obligations, in particular due diligence (KYC/SPG), accounting and retention: Art. 6(1)(c). Security and proper functioning of the site, relationship management: Art. 6(1)(f) (legitimate interest). Newsletter and analytics cookies: Art. 6(1)(a) (consent).

5. Clients and prospects

Client data is processed to conclude and perform the engagement, for invoicing and to comply with our legal obligations. Prospect data (enquiries, initial contacts) is processed on the basis of our legitimate interest and your pre-contractual steps, and retained for up to 24 months after the last contact where no relationship is established.

6. Due diligence (KYC / SPG)

In particular as a fiduciary, we are subject to the Due Diligence Act (Sorgfaltspflichtgesetz, SPG): identification of the client and beneficial owner, establishment of the business relationship profile and retention of due diligence documents. Legal basis: legal obligation (Art. 6(1)(c) GDPR; SPG/SPV). This data cannot be erased or restricted while the legal retention obligation runs.

7. Electronic correspondence

E-mails and messages are processed for case handling and client relations (Art. 6(1)(b) and (f)) and retained in accordance with our professional and legal obligations. E-mail and office software are provided by Microsoft 365 (see sections 10 and 11).

8. Job applications

Applicant data is processed solely for recruitment purposes (pre-contractual measures, Art. 6(1)(b)) and retained for up to 6 months after the process closes, unless you consent to longer retention.

9. Cookies and site tools

Necessary technical cookies; analytics cookies subject to your prior consent via the banner, withdrawable at any time (Art. 6(1)(a) GDPR). Contact forms (Contact Form 7): the data entered is used solely to handle your request and is sent by e-mail to info@marxer.legal. Audience measurement: Google Analytics 4 (Google Ireland Ltd), enabled only with your consent. Newsletter: mailxpert AG (SwissNewsletter, Switzerland), with double opt-in; one-click unsubscribe in every mailing.

10. Recipients and processors

Website hosting and document vault: Infomaniak Network SA (Geneva, Switzerland). E-mail and office software: Microsoft. Newsletter: mailxpert AG (Switzerland). Audience measurement: Google. These providers act as processors, under data processing agreements (Art. 28 GDPR). Your data is neither sold nor disclosed to third parties for commercial purposes.

11. International transfers

Switzerland benefits from an adequacy decision of the European Commission. Some providers (in particular Microsoft and Google) may process data outside the EEA, in particular in the United States. Such transfers are governed by an adequacy decision (EU–US Data Privacy Framework) and/or by standard contractual clauses and appropriate safeguards (Art. 45 and 46 GDPR).

12. Retention periods

Due diligence documents (SPG): 10 years after the end of the business relationship (Art. 20 SPG). Accounting records: 10 years (legal obligations). Engagement files (lawyer and notary): 10 years, subject to applicable limitation periods. Prospect data: up to 24 months after the last contact. Applications: 6 months after the process closes. Newsletter: until consent is withdrawn. Technical server logs: a limited period for security purposes (a few months), managed by the host.

13. Professional secrecy

The activity of lawyer and notary is covered by professional secrecy. The exercise of certain rights (in particular access and erasure) may be limited to the extent necessary to comply with professional secrecy and legal retention obligations.

14. Your rights

You have the rights of access, rectification, erasure, restriction, objection and portability (Art. 15 to 21 GDPR), as well as the right to withdraw your consent at any time, to be exercised with the controller (rgpd@marxer.legal). These rights are exercised subject to legal retention obligations and professional secrecy.

15. Right to lodge a complaint

You may lodge a complaint with the Liechtenstein Data Protection Authority (Datenschutzstelle), Kirchstrasse 8, Postfach 684, 9490 Vaduz, info.dss@llv.li, www.datenschutzstelle.li.

16. Security

We implement appropriate technical and organisational measures to protect data against unauthorised access, loss or use.

17. Changes

This policy may be updated; the version in force is the one published on this site.