Stand: Oktober 2025

According to Articles 13, 14, and 21 of the European General Data Protection Regulation (GDPR), Sections 32 and 33 of the German Federal Data Protection Act (BDSG), and Article 5 of the Liechtenstein Data Protection Act (DSG).

Ensuring the confidentiality of your data in accordance with the applicable provisions of data protection law is something we take very seriously. Protecting your data and its lawful collection, processing, and use is therefore an important concern for us. SWM AG therefore implements both technical and organizational measures to protect your data against manipulation, loss, destruction, or unauthorized access by third parties.
Our security measures are continuously updated in line with technological progress.

Below, we inform you about the processing of your personal data by SWM AG and the rights you are entitled to under data protection law.

SWM AG
Hampfländer 22
9496 Balzers
Principality of Liechtenstein

Board Member: Sonja Grasern
Email: s.grasern@swm-ag.li

If you have any questions regarding data protection, you can contact Ms. Sonja Grasern by post (see address above), by telephone, fax, or email.

Data Protection Office (DSS)
Städle 38
9490 Vaduz
Principality of Liechtenstein

Phone: +423 23 66 090
Email: info.dss@llv.li

We process personal data exclusively in accordance with the applicable data protection regulations of the EU, Liechtenstein, and Germany.

The purpose of processing is to provide and enable the use of the customer portal, manage existing contractual relationships, and fulfill legal obligations.

As part of the use of our customer portal, we process in particular:

• Registration data: Name, first name, email address, password, contract number, date of birth
• Contract and transaction data: Contract details, services, billing information
• Communication data: Support requests, messages, correspondence history
• Technical data: IP address, date and time of access, browser type, operating system, log files
• Cookies and session data: For user navigation and system security

Purpose of Processing	Legal Basis
Registration and Use of the Customer Portal	Art. 6(1)(b) GDPR	Contract performance
Management of customer relationships	Art. 6(1)(b) GDPR	Communication, contract changes
IT security and functionality	Art. 6(1)(f) GDPR	Protection against misuse, error analysis
Fulfillment of legal obligations	Art. 6(1)(c) GDPR	Retention or reporting obligations
Direct marketing for own products (e.g., portal notices)	Art. 6(1)(f) GDPR	Legitimate interest

To use the customer portal, registration is required.
The data provided during registration will be used exclusively for the use of the portal and for carrying out the underlying business relationship.

After deletion of the user account, the data will be erased unless statutory retention periods prevent this.

Our customer portal uses only technically necessary cookies to maintain the login status during your session.

This cookie is automatically deleted at the end of the session (session cookie).
It serves exclusively the technical functionality of the portal and does not contain any personal data that is stored beyond the session.

Consent is not required for this (Art. 6(1)(b) GDPR).

wfwaf-authcookie-[Hash]

• Provider: Wordfence (Defiant Inc., USA)
• Purpose: This cookie is set by the Wordfence security plugin. It checks whether the current visitor is a logged-in user and whether they have administrator rights. This enables Wordfence to prevent attacks and unauthorized access to the system.
• Type: Technically necessary security cookie
• Duration: Until the end of the session (session cookie) or up to 12 hours (depending on login status)
• Recipient: Defiant Inc. (operator of Wordfence, data processing generally within the EU in accordance with Wordfence privacy policy)

wordpress_logged_in_[Hash]

• Provider: WordPress
• Purpose: This cookie is set as soon as you log in to our website. It stores that you are logged in and recognizes you across different page views.
• This allows WordPress to enable access to protected areas (e.g., customer account or user profile).
• Type: Functional / Session-related cookie
• Duration: Until the end of the session
• Recipient: Website operator (no disclosure to third parties)

wordpress_sec_[Hash]

• Provider: WordPress
• Purpose: This cookie is used for authentication and security of logged-in users. It checks whether the current session is valid and thus protects against unauthorized access (e.g., session hijacking).
• Type: Technically necessary security cookie
• Duration: Until the end of the session
• Recipient: Website operator (no disclosure to third parties)

wordpress_test_cookie

• Provider: WordPress
• Purpose: This cookie is set to check whether the visitor’s browser accepts cookies. It does not contain any personal data.
• Type: Technically necessary cookie
• Duration: Until the end of the session
• Recipient: Website operator (no disclosure to third parties)

wp_lang

• Provider: WordPress
• Purpose: Stores the currently selected language of the user interface (e.g., during login or for multilingual content).
• This allows the website to be displayed in the visitor’s preferred language.
• Type: Functional cookie
• Duration: Until the end of the session
• Recipient: Website operator (no disclosure to third parties)

Your personal data will only be shared with parties that require it to fulfill contractual obligations or perform assigned tasks.

• Internal departments (Customer Service, Accounting, IT)
• Intermediaries, if they are involved in customer support
• External processors (e.g., IT service providers, hosting providers)
• Authorities, where legally required (e.g., tax or supervisory authorities)

All external service providers are contractually bound in accordance with Art. 28 GDPR and are regularly audited.

Eine Übermittlung Ihrer personenbezogenen Daten in ein Drittland (außerhalb des EWR) erfolgt nur, wenn

• an adequacy decision by the EU Commission exists or
• appropriate safeguards pursuant to Art. 46 GDPR (e.g., EU Standard Contractual Clauses) are in place.

Currently, no data is transferred to third countries unless this is specifically communicated in individual cases.

We store your personal data only for as long as it is required for the purposes mentioned above.
Once the purpose no longer applies or statutory retention periods have expired, the data will be deleted.

Statutory retention periods arise in particular from the German Commercial Code and the Fiscal Code and can be up to 10 years.

We implement appropriate technical and organizational security measures to protect your data against manipulation, loss, destruction, or unauthorized access. These include:

• Encrypted data transmission (SSL/TLS)
• Access restrictions and authorization controls
• Regular security audits and data backups

Our security measures are continuously adapted to technological progress.

Under the applicable legal provisions, you have the following rights:

• Access to your stored personal data (Art. 15 GDPR)
• Rectification of inaccurate or incomplete data (Art. 16 GDPR)
• Erasure of your data (“Right to be Forgotten”, Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data based on Art. 6(1)(f) GDPR. You may also object at any time to the processing of your personal data for direct marketing purposes.

Automated decision-making, including profiling, as defined in Art. 22 GDPR does not take place.

You have the right to lodge a complaint with the competent data protection supervisory authority regarding the processing of your personal data:

Data Protection Office (DSS)
Städle 38, 9490 Vaduz, Principality of Liechtenstein
Email: info.dss@llv.li

This Privacy Policy is currently valid and reflects the status as of October 2025.
We reserve the right to amend it in the event of changes to our data processing activities or legal requirements. The latest version is available in the customer portal.