1. Scope of processing of personal data
1.1 Personal data
Personal data means any information through which a natural person can be directly or indirectly identified. We process the following data categories, among others:
- Master data (names, addresses, dates of birth, nationality)
- Contact data (email, phone numbers)
- Content data (text input, photos, videos)
- Usage data (visited pages, access times)
- Technical data (IP addresses, browser type, operating system)
- Payment data (account details, transaction data)
- Financial information (asset details, professional information)
1.2 Sources of personal data
We receive data through contact, contract initiation, and pre-contractual measures.
1.3 Processing of personal data
Processing takes place (i) for contract performance, (ii) to comply with our legal and regulatory obligations, (iii) for fraud and money laundering prevention, and (iv) to safeguard legitimate interests.
1.4 Sensitive personal data
If we receive sensitive personal data about you, we'll only process it on the basis of a legitimate reason and purpose under Art. 9(2) GDPR – particularly for AML/KYC identification and the fulfilment of regulatory obligations.
1.5 For identification
PXL Vision AG (Rautistrasse 33, 8047 Zurich) acts as a processor for ID document verification.
2. Your rights (data subject rights)
2.1 Right of access
You have the right to request information about the personal data we process about you. Written request with proof of identity addressed to the controller. We generally respond to requests within one month of receipt.
2.2 Right to rectification or erasure
You have the right to request, in writing and free of charge, rectification or erasure of data concerning you – to the extent that the data is incorrect or the legal basis for processing has ceased to apply.
2.3 Right to object or withdraw consent
You have the right to object in writing to the processing of your data in whole or in part, or to withdraw your consent.
2.4 Right to restriction of processing
You have the right to request the restriction of processing of your personal data under the conditions of the GDPR.
2.5 Right to data portability
Where processing is based on your consent or a contract and is carried out by automated means, you have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, or to request its transmission to another controller.
2.6 Right to lodge a complaint
You can lodge a complaint with the Liechtenstein Data Protection Authority:
Datenschutzstelle Liechtenstein
Kirchstrasse 8, P.O. Box 684
LI-9490 Vaduz
Tel.: +423 236 60 90
Email: info.dss@llv.li
3. General data collection
Each visit to our website automatically captures: browser type and version, operating system, IP address (host name), date and time, referrer URL.
Storage period: maximum 6 months. Legal basis: Art. 6(1)(b) and (f) GDPR.
3.1 Google Analytics
We use Google Analytics to analyse usage of the website. Provider: Google LLC / Google Ireland Limited. IP anonymisation ("anonymizeIP") is enabled. Cookie storage period: 2 years. Automatic deletion after 14 months. Legal basis: Art. 6(1)(a) GDPR (consent). Where personal data is transferred to the US, this takes place on the basis of an adequacy decision of the European Commission (EU-U.S. Data Privacy Framework) or other appropriate safeguards under the GDPR.
3.2 Google Remarketing
We use Google Analytics Remarketing to re-engage website visitors with personalised advertising. Maximum duration: 18 months. Legal basis: Art. 6(1)(a) GDPR.
3.3 Matomo
For web-based solutions and our mobile apps we use the open-source software Matomo. Captured data includes location, country, language, device type, screen resolution, operating system, browser, transaction codes, and timestamps. Storage is on Tantum's own AWS servers – no transfer to third parties. IP addresses are anonymised. Legal basis: Art. 6(1)(a) GDPR.
4. Data security
During website visits we use the widely-used SSL (Secure Socket Layer) protocol with the highest available encryption strength. We additionally rely on access restrictions, physical access restrictions, regular audits, and employee training.
5. Cookies
Cookies are small files that your browser automatically creates and stores on your device. We use the following types:
- Temporary cookies – deleted after session end
- Persistent cookies – remain after browser close
- First-party cookies – set by Tantum
- Third-party cookies – set by advertisers
- Necessary cookies – required for operation
- Statistics, marketing & personalisation cookies – for reach measurement
Legal bases: with consent Art. 6(1)(a) GDPR; without consent Art. 6(1)(f) GDPR (legitimate interests). You can object at any time via your browser settings.
Consent & withdrawal: Optional analytics and marketing cookies (including Matomo and Google Analytics) are only set after you click “Accept” in the cookie banner. These services are loaded together via our tag manager. Without your consent no reach measurement takes place; technically necessary cookies may be used to provide and securely operate the website. You can change or withdraw your choice at any time via the “Cookie settings” link in the footer of this website.
Cookies actually used (standard storage periods; may vary depending on configuration):
| Cookie | Provider | Purpose | Storage period |
|---|---|---|---|
_ga | Google Analytics | Distinguishes visitors | 2 years |
_ga_<ID> | Google Analytics | Session state | 2 years |
_gid | Google Analytics | Distinguishes visitors | 24 hours |
_gat | Google Analytics | Throttles request rate | 1 minute |
_pk_id | Matomo | Recognises returning visitors | 13 months |
_pk_ses | Matomo | Stores the current session | 30 minutes |
6. Use of social media plugins
This website currently does not use any social media plugins.
7. Embedding of third-party software, scripts, and frameworks
We embed software in our online services that we load from servers of other providers. Processed data: usage data, meta/communication data, contact data, content data.
Microsoft Office 365 – Microsoft Corporation, 1 Microsoft Way, Redmond, WA 98052, USA. Services: Outlook, Word, Excel, PowerPoint, OneDrive, Microsoft Teams. Privacy: microsoft.com/trustcenter/privacy. Microsoft processes personal data as a processor to provide email, communication, document, and collaboration services. Where personal data is transferred to third countries, this takes place on the basis of appropriate safeguards under the GDPR.
8. Use of contact data
The use of contact data published as part of imprint requirements for the purpose of sending unsolicited advertising and information materials is hereby objected to.
9. Hosting and email
The hosting services we use cover infrastructure and platform services, computing capacity, storage space, database services, and email delivery.
10. Transfer of personal data to third parties
Data recipients may include:
- Suppliers and external agencies
- Subsidiaries, partners, and representatives
- The Liechtenstein tax authority and supervisory authorities
- Professional advisors, debt collection agencies, legal successors
Reasons for transfer: compliance with legal obligations, court or administrative orders, fraud prevention, safeguarding legal claims, with consent, or on user instruction.
Third-country transfers: we only transfer data to countries the EU Commission certifies as having an adequate level of data protection. Where no adequacy decision of the European Commission exists for a data transfer to a third country, such transfers take place on the basis of appropriate safeguards, in particular the standard contractual clauses approved by the European Commission under Implementing Decision (EU) 2021/914, or other legally permissible mechanisms.
PXL Vision AG (Rautistrasse 33, 8047 Zurich) – Where you have given your explicit consent, PXL Vision may process biometric data to improve and further develop the identification methods used. Processing takes place exclusively on the basis of your separate consent under Art. 9(2)(a) GDPR. Withdrawal: privacy@pxl-vision.com.
11. Protection of personal data
We take appropriate technical and organisational measures regarding data processing, storage, and our online presence. Full assurance of confidential handling for data transmitted over the internet cannot be given.
12. Storage and retention
Personal data is processed in data centres within the EEA and, where applicable, under appropriate safeguards in accordance with the GDPR.
- During the contract term (continuing obligation over years)
- According to statutory deletion and retention periods
- For legitimate interests: until claims become time-barred (typically 5–10 years)
- Due to statutory retention obligations, in particular under regulatory, commercial, tax, and due-diligence law (regularly up to 10 years or longer, where legally required)
After expiry, the data is deleted or anonymised.
13. Newsletter
You can subscribe to our newsletter via the Tantum website. Required: your email address and your consent. Cancellation is possible at any time.
14. Automated decision-making and profiling
Identification: automated procedures are used in the course of identity verification to check the correspondence of identification and biometric data. Where legally required, an additional manual review is carried out by appropriately authorised employees or service providers.
AML/compliance review: we partially process personal data automatically to assess certain personal aspects (profiling), in particular to fulfil legal obligations in the areas of anti-money-laundering, fraud prevention, sanctions screening, and risk and compliance management.
15. Contact form
When you send us enquiries via the contact form, your details are processed for the purpose of handling the request. No transfer to third parties without consent. The legal basis is Art. 6(1)(b) GDPR where the enquiry serves the initiation or performance of a contract, as well as Art. 6(1)(f) GDPR with regard to the handling of other enquiries. Where consent is required, processing takes place on the basis of Art. 6(1)(a) GDPR. Withdrawal possible at any time by informal email.
16. Job applicant data
Captured data: name, title, address, phone, date of birth, education, professional experience, salary expectations, cover letter, CV, motivation letter, references.
- No transfer without consent
- No automated decision-making (Art. 22 GDPR)
- Deletion after 5 months (in case of rejection); on request, immediate deletion
Legal bases: Art. 6(1)(a) and (b) GDPR.
17. File downloads
We do not require any personal information for you to download files from our website.
18. Contact & Data Protection Officer
Controller:
Tantum AG, Landstrasse 114, 9495 Triesen, Liechtenstein
Data Protection Officer:
CLL Compliance Labs AG
Landstrasse 149, 9494 Schaan
Principality of Liechtenstein
Email: info@cll.li
Phone: +423 237 90 09