Data Protection Information on the occasion of a payout and compensation event

The protection of your personal data is of particular concern to EAS. EAS therefore processes your data exclusively on the basis of the statutory provisions (European General Data Protection Regulation - GDPR and Liechtenstein Data Protection Act - DSG).

To protect your personal data, all necessary organisational, contractual and technical measures are taken to ensure that the data protection regulations are complied with and that the data processed by EAS is protected against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. In addition, precautions are taken to ensure the confidentiality of the transmitted data and to protect your privacy.

If you have any questions regarding particular personal data processing or want to exercise your rights, please contact us:

Deposit Guarantee and Investor Compensation Foundation PCC
Austrasse 46
LI-9490 Vaduz
Phone: +423 230 15 16
info@eas-liechtenstein.li

 

What happens if a payout and compensation event occurs?

If a payout and compensation event at a bank occurs pursuant to Article 7(1) and Article 36(1) of the Deposit Guarantee and Investor Compensation Act (Einlagensicherungs- und Anlegerentschädigungsgesetz - EAG), EAS, as the statutory protection scheme pursuant to Article 2(1) no. 10 lit. a EAG, has assumed the responsibility to reimburse the banks’ clients (depositors and investors) up to a certain maximum amount.

A payout and compensation event occurs, if

  • the FMA has determined that a member institution is unable to repay deposits which are due and there is no current prospect of repayment at a later date resp. that a bank or other financial service provider is unable, for the time being, to meet its obligations arising out of investors' claims; or
  • a supervisory or judicial decision has been issued that results in prohibition on disbursements with respect to covered deposits or investments at a member institution or has the effect of suspending the rights of depositors’ resp. investors' ability to raise claims against the member institution (e.g. opening bankruptcy proceedings).

If you have a repayment claim against EAS as a depositor according to the EAG and are affected by a payout event, you will receive a corresponding information letter from EAS with details of the scope of eligible and covered deposits and the reimbursement procedure. Repayment claims of depositors do not have to be filed. The bank concerned will provide the necessary information on deposits and depositors as soon as the EAS requests it.

To ensure that your claims are processed optimally and covered deposits can be repaid as quickly as possible, a cooperation relationship exists with Einlagensicherungs- und Treuhandgesellschaft mbH (EIS), Cologne (Germany) (processing on behalf of a controller pursuant to Art. 28 GDPR). EIS is a specialised service provider for European deposit guarantee schemes and supports EAS in the reimbursement process. Accordingly, the data exchange necessary for the payout occurs primarily between the banks’ clients concerned and EIS (resp. its service provider and processor). Your personal data will be processed by EIS in accordance with the standardised European data protection regulations (GDPR) and treated confidentially at all times. EAS is subject to banking secrecy pursuant to Article 14 of the Banking Act (BankG) and has also contractually obliged EIS to comply with confidentiality, banking secrecy and data protection regulations.

Investor claims must be fully and correctly filed in writing to EAS and bank account details for the transfer of covered investor claims provided within six months of the occurrence of the compensation event. Personal investor data is thus only processed in the event of an application.

Further information on the provisions for investor compensation, the repayment of covered deposits and the conditions of the deposit protection as well as on the ongoing reimbursement and compensation procedure can be found on the EAS website at www.eas-liechtenstein.li/en/payout-event-sorabank.

Which data is processed in a payout and compensation event, by whom and where?

On the occasion of a payout and compensation event, the processing of certain personal data, as collected by the bank concerned or provided by the depositor/investor, is necessary for the handling of the payout and compensation event and reimbursement of depositors/investors. This relates in particular to the processing of depositors'/ investors' contact information (name, address), identification data (ID card/passport) and information on the bank account at the bank concerned (IBAN, amount of the eligible and covered deposits, amount of the specific repayment or compensation claim). In addition, personal data on the external bank account to which the reimbursement is to be instructed at the request of the depositor/investor (account holder, IBAN, any details of third-party holders) are processed.

Data controller in a payout and compensation event is EAS. For the purpose of deposit protection, EIS duly determines and verifies depositors' repayment claims as well as the necessary information on deposits and depositors and carries out the measures required to process the payout event on behalf of EAS, including the reimbursement procedure. The verification is based on an encrypted depositor file created by the bank concerned on the date of the occurrence of the payout event.

The data exchange between EAS and EIS generally is carried out via a web-based data exchange platform, which is used by the majority of European deposit guarantee schemes. In individual cases and for the exchange of information or files with security-relevant content between the bank concerned and the EAS, encrypted e-mail communication can also be used. Data processing takes place exclusively in Liechtenstein and Germany.

With regard to investor compensation, investors’ personal data is only processed by EAS in Liechtenstein.

For which purposes and on what legal basis is your data processed?

The legal basis for data processing in a payout and compensation event is the fulfilment of the statutory mandate (Article 6(1) lit. c GDPR) within public interest (Article 6(1) lit. e sentence 1 GDPR) as a protection scheme in the area of deposit protection and investor compensation (Article 4 and Article 34 EAG). The processing of personal data by EAS and its cooperation partner EIS is based on the obligation to process the payout and compensation event and reimburse depositors/investors (Article 7(3), Article 12 EAG resp. Article 37 EAG). The personal data is processed in particular for the following purposes:

  • Identification of and writing to eligible depositors or identification of investors who file a claim for investor compensation
  • Reimbursement of deposits and investors
  • Processing of the payout and compensation event and cooperation with the competent bodies (liquidator etc.)

 Who has access to the personal data and how long is it stored?

As a matter of principle, your data will only be accessed by EAS employees who need it to fulfil the legal obligation and to process the payout and compensation event. Based on the cooperation agreement with EIS for the implementation of reimbursement of depositors and repayment of covered deposits in a payout event (see point 1), the employees of EIS entrusted with the payout event will also receive access to depositors' personal data.

If bankruptcy proceedings are opened against the bank concerned or liquidation proceedings are initiated in the context of the payout and compensation event, the bank liquidator then appointed will also have an unrestricted right of access to all personal data and information relating to clients of the bank concerned. The bank liquidator is also obliged to comply with confidentiality, banking secrecy and data protection regulations in a payout and compensation event.

In compliance with data confidentiality, EAS service providers may also be granted access to personal data in order to fulfil the legal mandate and within the original purposes of data collection. In particular, EAS has outsourced its IT infrastructure to a service provider. EAS has concluded a corresponding contract with this provider for data processing on behalf of EAS and has obligated it to confidentiality and compliance with data protection regulations.

As a matter of principle, EAS only processes and stores personal data as long as statutory retention obligations exist or the retention is necessary to fulfil the legal mandate. Subject to these limitations, the data is only stored until the purpose for which it was entrusted to EAS has been fulfilled. The maximum storage period is 5 years after the payout and compensation event occurs, unless EAS has an overriding legitimate interest in longer storage (Article 6(1) lit. f GDPR).

What rights do you have according to GDPR with regard to your personal data?

With regard to your personal data, you are entitled to the data protection rights under Article 7 GDPR and Articles 15 to 21 GDPR.

You have the right of data access and may request confirmation as to whether and to what extent personal data concerning you is processed. You have the right of rectification of incorrect or incomplete personal data concerning you or to restrict its processing, as well as to erasure of your personal data if the purpose is achieved or consent is withdrawn or in the event of unlawful data processing. You also have the right to withdraw your consent to the processing of your personal data for one or more specific purposes at any time, if the processing is based exclusively on your explicit consent. Furthermore, you have the right to object, on grounds relating to your particular situation, without any formal requirements, to the processing of personal data concerning you, provided that the data processing operations are carried out in the public interest or for the purposes of the legitimate interests of EAS or a third party. In addition, you have the right to receive your data in a machine-readable format and the right to lodge a complaint with the competent supervisory authority.

You can find more information about your rights under the GDPR and how to lodge a complaint on the website of the Liechtenstein Data Protection Authority:

Liechtenstein Data Protection Office
Städtle 38
P.O. Box 684
LI-9490 Vaduz
Phone: +423 236 60 90
email: info.dss@llv.li

 

Stand: 05.03.2024