Privacy policy

The party responsible for processing data is Kessler & Co Inc., Josef Rheinberger Strasse 6, LI-9490 Vaduz, registered office: Vaduz (hereinafter referred to as “Kessler Liechtenstein”). Should you have data privacy concerns in relation to Kessler Liechtenstein, please contact us at the following address: Kessler & Co Inc., c/o Data Protection Officer Carole Fritz, Josef Rheinberger Strasse 6, LI-9490 Vaduz, carole.fritz@kessler.li.

We primarily process personal data that we receive within the scope of our business relationships with our customers and other business partners from these parties and other involved individuals. Kessler Liechtenstein does not have a website.

If permitted, we also obtain certain data from publicly accessible sources (such as debt collection registers, land registers, commercial registers, the press, the Internet) or from other companies, from the authorities and from other third parties. In addition to the data you provide to us directly, the categories of personal data that we obtain about you from third parties in particular comprise data from public registers, information that we obtain in connection with official and legal proceedings, information in connection with your professional functions and activities, information about you in correspondence and meetings with third parties, credit reports, information about you which is provided to us by persons associated with you (family, advisors, legal representatives, suppliers, etc.) so that we may conclude or process contracts with your involvement (such as references, your mailing address for correspondence, powers of attorney), information about compliance with legal requirements such as the combating of money laundering, information from banks, insurance companies or other contractual partners of ours for the utilization or provision of services by you (such as completed payments, information about you from the media and Internet, as far as this is indicated in the specific case, such as within the context of a job application, press review, marketing, etc.), your residential or business addresses and, if applicable, interests and other sociodemographic data for the purpose of building new business relationships.

We mainly use the personal data we collect in order to execute contracts with our customers and business partners, for example within the scope of risk, insurance and occupational pension advice and related activities with current or future business partners and in order to fulfill our statutory duties in Switzerland and abroad. If you work for one of these customers or business partners, your personal data may of course also be affected as a result of your function.

Moreover, we process personal data belonging to you and other individuals to the extent that this is permitted and we deem it to be appropriate, including for the following purposes, in which we (and sometimes third parties) have a legitimate interest that corresponds with the purpose of data collection:

• The provision and further development of our risk, insurance and occupational pension advice and related activities;
• communication with third parties and the processing of their inquiries (such as applications, media inquiries);
• the review and optimization of requirements analysis processes for the purpose of contacting customers directly and the collection of personal data from publicly accessible sources for the purpose of acquiring customers;
• advertising and marketing (including the staging of events), provided you have not objected to the use of your data (if we send you advertising as an existing customer, you may object to this at any time and we shall place you on a blocked list to prevent further advertising mailings);
• market and opinion research, media monitoring;
• the assertion of legal claims and the defense of legal disputes and official proceedings;
• the prevention and resolution of criminal acts and other misconduct (such as the conducting of internal investigations, data analyses to fight fraud);
• warranties by our company, in particular by IT, the warranty by the website of Kessler & Co Inc. (Switzerland) and the corresponding online services offered through it and by other platforms;
• video monitoring to protect property rights and other measures to ensure IT, building and equipment security and the protection of our employees and other individuals and the assets belonging or entrusted to us (such as access controls, visitor lists, network and email scanners, telephone recordings);
• the purchase and sale of business divisions, companies or parts of companies and other transactions under company law and the related transfer of personal data as well as measures for business management and compliance with legal and regulatory duties and the internal requirements of Kessler Liechtenstein.

If you have given us permission to process your personal data for specific reasons, we shall process your personal data within the scope of and based on this consent, provided we have no other legal basis and would require one. Once issued, consent may be withdrawn at any time, which, however, has no impact on data that have already been processed.

Kessler Liechtenstein does not have its own website. The sole website operator is Kessler & Co Inc., Switzerland (hereinafter referred to as “Kessler”). The Kessler website uses Google Analytics services (Google Analytics, Google LLC in the US, www.google.com) to measure and analyze traffic on the Kessler website (by means of data that is not traceable to any individual). Google Analytics does not receive any personal data as defined by the GDPR from Kessler, as the data is abbreviated in accordance with the GDPR and therefore no personal data as defined by the GDPR is processed. Kessler and, accordingly, Kessler Liechtenstein are only able to determine the country or, for example, the canton/region from which a user is visiting the Kessler website. No conclusions may be drawn about any identifiable natural person.

The IP addresses that are usually transmitted in connection with cookies for KesslerOnline and the cookies that are transmitted for the Network Partner Interface online portal are fully deleted, meaning that no personal data as defined by the GDPR is transmitted. As a result, Kessler and/or Kessler Liechtenstein is only able to determine if, how long and when an anonymous website user visits our website. No conclusions may be drawn about any identifiable natural person. It is also no longer possible to identify the region in which the website user is located.

Kessler uses the social media platforms Xing and LinkedIn. However, Kessler does not use any social plug-ins from social or similar networks on its website. The two icons of LinkedIn and Xing in the footer are simply links to the corresponding platforms. When clicking on the links, no IP addresses or personal data are transmitted to LinkedIn or Xing. The operators of these websites are responsible for processing your personal data in accordance with their data protection provisions. Kessler and, accordingly, Kessler Liechtenstein do not receive any information about you from the operators.

Within the scope of our business activities and the purposes listed in section 3, provided it is permitted and we deem it to be appropriate, we also share data with third parties, either because they process the data for us or because they wish to use the data for their own purposes.

In particular, this includes the following entities:

• Internal and external service providers of Kessler Liechtenstein, such as insurance companies, pension schemes, banks, consulting firms, law firms;
• network partners such as Marsh and Mercer, suppliers, sub-contractors and other business partners;
• customers and their legal representatives or contact persons;
• domestic and foreign authorities, agencies or courts;
• the public, including the visitors of Kessler websites and social media;
• competitors, industry groups, associations, organizations and other bodies;
• buyers or potential buyers of business divisions, companies or other parts of Kessler Liechtenstein or the Kessler Group;
• other parties in potential or actual legal proceedings;
• other companies of the Kessler Group;

(hereinafter referred to jointly as the Recipients).

These Recipients are in some cases domestic, but may also be located abroad. In particular, they must expect their data to be transferred to the Kessler Group and our network partner Marsh or other brokers abroad. If we transfer data to a country without suitable statutory data protection, we shall, as provided for by the law, ensure an appropriate level of data security through the use of the corresponding contracts (in particular on the basis of the standard contractual clauses of the European Commission) or we shall rely on the statutory exceptions for consent, the processing of contracts, the identification, exercise or assertion of legal claims, overriding public interest and disclosed personal data because it is necessary to protect the integrity of the affected individuals or the affected individual has made the data generally accessible and has not expressly prohibited the data from being processed. You may obtain a copy of the aforementioned contractual guarantees at any time from the contact person listed in section 1. However, for reasons of data protection law or confidentiality, we reserve the right to redact or only provide excerpts of copies.

In order to fulfill our contractual duties, in exceptional cases the personal data of natural persons may be transmitted to the US in connection with the fostering of business relationships of our globally active customers. Moreover, please note that under US legislation, US authorities may undertake surveillance activities which allow for the general storage of all data transmitted from Liechtenstein to the US. This takes place without differentiation, restriction or exception on the basis of the stated aim and without objective criteria that would enable US authorities to limit access to personal data and their subsequent use to specific, strictly limited purposes which justify access to this data.

Furthermore, we would like to point out that there are no legal remedies in the US for affected individuals which would enable them to access, correct or delete the data related to them and that there is no effective legal protection against the general access rights of the US authorities. We are expressly notifying you of the law and facts in this situation so that you can make an informed decision about consenting to the use of your data.

We process and store your personal data as long as is required to meet our contractual and legal duties or the intended purposes of the data processing, which means for the duration of the business relationship (from the initiation, processing and through to the termination of a policy) and beyond in accordance with statutory retention and documentation duties. In the process, it is possible that personal data is stored for the period in which claims can be asserted against our company and in the event that we are otherwise legally obligated to do so or legitimate business interests require it (such as for evidence and documentation purposes).

We implement suitable technical and organizational security measures to protect your persona data from unauthorized access and misuse, for example, physical and digital access controls and restrictions, the encryption of data carriers and transfers, guidelines for handling personal and business data, guidelines for using mobile devices, data protection and compliance training and the ongoing monitoring of these measures.

Within the scope of our business relationship, you must provide the personal data necessary to initiate and execute a business relationship and to fulfill the corresponding contractual duties (in general, you are not subject to a statutory duty to provide us with data). Generally speaking, we will not be able to conclude or process a policy with you (or an office or individual who represents you) without these data.

Kessler Liechtenstein does not conduct profiling.

Under applicable data protection law and to the extent provided therein, you have the right of information, correction and deletion, the right to limit data processing and the right to object to our data processing and to the disclosure of certain personal data for the purpose of transmission to another entity. Please note that we reserve the right to assert the restrictions provided for by law, for example, if we are required to store or process certain data, have an overriding interest in doing so or require the data to assert claims. We shall notify you in advance should costs arise for you. Please note that the exercise of these rights may conflict with contractual agreements and this may result in premature termination of the policy or costs. We shall notify you in advance whenever this has not been regulated in a contract.

The exercise of such rights usually requires that you provide clear proof of your identity (such as with a copy of your ID, if your identity is otherwise not clear or cannot be verified). You may contact us at the address stated under section 1 in order to assert your rights.

Every affected individual also has the right to assert their claims in court or to file a complaint with the responsible data protection authority. The responsible data protection authority in Liechtenstein is the Liechtenstein Data Protection Office (https://www.llv.li/#/1758/datenschutzstelle).

We may amend this Privacy Policy at any time without prior notice. The current version published on our website shall apply. Insofar as the Privacy Policy forms part of an agreement with you, in case of an update we shall notify you of the change by email or in another suitable manner.