Privacy & Data Protection Notice

Last updated: March 2026

‍

We will process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws. This forms the basis of our trustworthy business relationships with partners, customers and prospective clients.

‍
We treat your personal data confidentially and protect it using appropriate technical and organisational measures that reflect the current state of the art.

‍

‍

1. Controller (Art. 13 GDPR)

‍

The controller responsible for the processing of personal data within the meaning of Art. 4(7) GDPR is:

‍

VIQTORIOUS AG

Brunnenbritschen 8

9493 Mauren

Principality of Liechtenstein

‍

(hereinafter "Magnat" or "We")

‍

Email: team@magnat.fund

‍

VIQTORIOUS AG operates under the brand “MAGNAT”.

‍

VIQTORIOUS AG is regulated by the Financial Market Authority (FMA) Liechtenstein.

‍

We process certain personal data for the purposes specified in this Data Protection Information on the basis of the GDPR and our legal relationship.

‍

We have not appointed a Data Protection Officer, as we are not legally required to do so under Art. 37 GDPR.

‍

‍

‍

2. Definitions

‍
2.1. ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‍

2.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‍

2.3. ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‍

2.4. ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

‍

‍

‍

3. Type of Data

‍

Personal data is information relating to an identified or identifiable natural person. As part of our services, we process data about you to the extent permitted by law, always taking into account the principle of data minimisation. This applies in particular to the following information:

‍

1. Data that you make available to us: When you use our services, you provide us with various information about you, such as your name, contact details, e-mail address and telephone number(s), account information. The data categories that you provide to us depend on your specific contractual relationship with us.
   ‍
2. Data that we collect about you: While you are using our website, we automatically collect certain data about you, such as the date and time of your visit, your IP address, data about the device which you use (e.g. browser settings; browser type, operating system, device ID).
   ‍
3. Data collected from third parties: In the course of the initiation and performance of a contact, we may also process your personal data provided to us by third parties. For example, data records of contractual partners, cooperation partners and suppliers, as well as other third parties.
   ‍
4. Special categories of personal data: In principle, we do not collect and process any special categories of personal data. Special categories of personal data include data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sexual life, as well as genetic data, biometric data for the unambiguous identification of a natural person. Should it be necessary in individual cases to collect or otherwise process special categories of personal data, such as church membership for tax reasons, we will always process these in accordance with the GDPR and the relevant national regulations as well as the provisions of this Data Protection Information.

‍

‍

‍

4. Legal Basis for the Processing of Your Data

‍

We process your personal data only where a legal basis exists, typically pursuant to Art. 6 GDPR, and where applicable Art. 9 GDPR, or on the basis of your consent pursuant to Art. 7 GDPR.

‍

1. Consent pursuant to Art. 6(1)(a) and Art. 7 GDPR (and, where applicable, Art. 9(2)(a) GDPR):
   We process certain personal data only on the basis of your previously given express and voluntary consent. You have the right to withdraw your consent at any time with effect for the future.
   ‍
2. Performance of a contract or steps prior to entering into a contract pursuant to Art. 6(1)(b) GDPR:
   Processing is necessary for the initiation and performance of a contractual relationship with MAGNAT or in order to take steps at your request prior to entering into a contract.
   ‍
3. Legitimate interests pursued by the controller or by a third party pursuant to Art. 6(1)(f) GDPR:
   MAGNAT processes certain personal data to safeguard our legitimate interests, provided that there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of your personal data override those interests.
   ‍
4. Disclosure of personal data to third parties:
   We only disclose your personal data to third parties where
   • you have given your express consent pursuant to Art. 6(1)(a) GDPR,
   • the disclosure is necessary pursuant to Art. 6(1)(f) GDPR for the establishment, exercise or defence of legal claims and there is no reason to assume that your interests or fundamental rights and freedoms requiring the protection of your personal data override those interests,
   • there is a legal obligation to disclose personal data pursuant to Art. 6(1)(c) GDPR, or
   • disclosure is legally permissible and necessary for the performance of contractual relationships with you pursuant to Art. 6(1)(b) GDPR.

‍

‍

‍

5. Purpose of Data Processing

‍

We will process your personal data exclusively for purposes permitted by data protection law. This applies in particular to the purposes listed below:

‍

1. purposes for which you have given us your prior consent;
2. the processing for the fulfilment of our contract with you;
3. the fulfilment of legal obligations to which we are subject;
4. safeguarding our legitimate interests or the legitimate interests of third parties, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate;
5. the assertion, exercise or defence of legal claims;
6. Marketing and Advertising.

‍

Your personal data may be processed, for example, for the following specific purposes:

‍

‍
5.1 Contract-related processing purpose
‍

We process your personal data for the implementation of the contract concluded with you, in particular for the purposes of:

‍

1. Contract initiation: To initiate a (further) contractual relationship, we send you product and service information.
2. Contract execution: The contract management organizes the administration and processing of the contracts between you and us.
3. Customer care: In the context of customer care to advise you and provide support.
4. Receivables management: We are entitled to receivables from the contracts concluded with you. In order to manage these receivables, we process your personal data (e.g. payments), especially in the case of outstanding receivables. In advance, we will contact you to clarify outstanding receivables.
5. Termination of contract: When our contractual relationship is terminated, we process your personal data within the framework of the legal retention periods.
6. Cooperation with partners and suppliers: Magnat cooperates with partners and suppliers in the context of the performance of the contract. In order to guarantee an optimal customer service, Magnat communicates the necessary personal data to the partners and suppliers in the context of the cooperation.

‍

‍
5.2. Consent based processing purpose

‍‍

In individual cases, we process your personal data on the basis of your declared consent to the processing.

‍

‍
5.3 Purpose of processing on the basis of legitimate interest:

‍
We process your personal data to protect our legitimate interests, unless your interests or fundamental rights and freedoms in the non-disclosure of your personal data predominate:

‍

1. Advertising and marketing: To inform you about our products and services that may be of interest to you.
2. Services: Certain services are provided by partner companies. To enable the partner companies to perform these services in accordance with the contract, we transfer your personal data to the extent necessary for this purpose.
3. Receivables management: The contractual relationship concluded with you may result in outstanding receivables. We will give you sufficient opportunity within the framework of our dunning system to settle these. In the event of fruitlessness, we reserve the right in individual cases to involve external lawyers or debt collection companies for the purpose of debt collection. Only information which is absolutely necessary for the collection of the outstanding debt would be transmitted.

‍

If we intend to process the personal data for a purpose other than that for which the personal data was obtained, we will provide you with information about that other purpose and any other relevant information in accordance with this Data Protection Information prior to such processing.

‍

‍

‍

6. Data Retention and Deletion

‍

We process and store your personal data only for as long as is necessary to fulfil the respective purposes for which the data were collected or as required by applicable legal retention obligations. If personal data are processed for multiple purposes, they will be deleted or anonymised once the last applicable purpose has been fulfilled, unless statutory retention obligations require further storage.

‍

In particular, we are subject to statutory retention obligations under commercial and tax law. These retention periods generally range from five (5) to ten (10) years. After expiry of the applicable retention periods, the corresponding data will be routinely deleted, unless further processing is required for the establishment, exercise or defence of legal claims.

We have implemented a structured deletion concept to ensure that personal data are deleted or anonymised in accordance with applicable legal requirements, in particular the principles of data minimisation and storage limitation pursuant to Art. 5(1)(c) and Art. 5(1)(e) GDPR, and the right to erasure pursuant to Art. 17 GDPR.

‍

‍

‍

7. Technical and Organisational Measures for the Protection of Your Data

‍

We process your personal data in accordance with the security requirements of Art. 32 GDPR. For this purpose, we implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. These measures are based on recognised industry standards and are regularly reviewed and updated to ensure the ongoing protection of personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data.

‍

‍

‍

8. Data Transfer to Third Parties

‍

We only transfer your personal data to third parties where this is necessary to fulfil contractual obligations, where we are legally obliged to do so, or where there is another legal basis under data protection law. When transferring personal data, we ensure that such transfers are carried out in compliance with applicable data protection laws.

‍

8.1 Data Transfer for Contract Performance

‍

For the purpose of performing contracts, we may transfer your personal data to cooperation partners, suppliers, logistics providers or other third parties involved in the provision of our services. These recipients process the data under their own responsibility where required for the fulfilment of contractual obligations.

‍

‍

8.2 Other Recipients

‍

In addition, we may transfer your personal data to external consultants, auditors, insurance companies or authorities where this is necessary to comply with legal obligations or to assert, exercise or defend legal claims.

All recipients are carefully selected and are contractually or legally obliged to ensure an appropriate level of data protection and confidentiality.

‍

‍

8.3 Data Transfer to Other Third Parties

‍

We may transfer your personal data to other third parties, such as external consultants, cooperation partners, transport companies or insurance providers, where this is necessary for the purposes defined in Section 5, for the performance of a contract, to comply with legal obligations, or to establish, exercise or defend legal claims. Such recipients process the personal data under their own responsibility. We carefully select these recipients and ensure that they are contractually or legally obliged to maintain confidentiality and to comply with applicable data protection laws.

‍

‍

8.4 Data Transmission to Non-EU/EEA Countries

‍

Where personal data are transferred to recipients in countries outside the European Union (EU) or the European Economic Area (EEA), we ensure that an adequate level of data protection is maintained. Such transfers take place only where:

• the European Commission has issued an adequacy decision for the respective country (Art. 45 GDPR), or
• appropriate safeguards have been implemented, in particular the use of EU Standard Contractual Clauses (SCCs) pursuant to Art. 46 GDPR, or
• another legal basis pursuant to Art. 44–49 GDPR applies.

‍

Where required, appropriate technical and organisational measures are implemented to ensure the protection of personal data during transfer and processing in third countries.

‍

‍

‍

9. Individual Data Collections

‍

9.1 Server Log Files

‍

‍

(a) Categories of data:

When you visit our website, certain data are automatically stored in server log files, which your browser automatically transmits to us. This information is temporarily stored in log files. The following data are collected without your intervention and stored until they are automatically deleted:

• IP address of the requesting device,
• date and time of access,
• name and URL of the retrieved file,
• website from which access is made (referrer URL),
• browser type and version as well as, where applicable, the operating system of your device and the name of your access provider.

‍

For data protection reasons, the IP address or host name of the accessing client is stored in anonymised form in the log files.

‍

(b) Purpose of processing:

The above data are processed for the following purposes:

• ensuring a stable and secure connection of the website,
• ensuring comfortable use of our website,
• evaluation of system security and stability,
• other administrative purposes.

‍

(c) Legal basis for processing:

The legal basis for the processing of the data is Art. 6(1)(f) GDPR. Our legitimate interest arises from the purposes listed above.

‍

(d) Deletion of your data:

Log file data are stored for a limited period of time and are then automatically deleted, unless further storage is required for security purposes (e.g. to investigate misuse).

‍

‍

9.2 Cookies (Technically Necessary Cookies)

‍

We use technically necessary cookies to ensure the proper functioning, security and basic features of our website.

The legal basis for the use of these cookies is Art. 6(1)(f) GDPR.

Further detailed information on the specific cookies used, including their purposes, storage duration and providers, can be found in our Cookie Policy.

‍

‍

9.3 Cookies and Third-Party Technologies

‍

In addition to technically necessary cookies, we may use cookies and similar technologies for analytics, tracking and the integration of third-party services. Such technologies enable us to analyse user behaviour, improve our website and integrate external content.

‍

These technologies are only used with your prior consent in accordance with Art. 6(1)(a) GDPR. You can withdraw your consent at any time with effect for the future.

Further detailed information on the specific technologies used, including third-party providers and data transfers, can be found in our Cookie Policy.

‍

‍

‍

10. Data Subjects Rights Affected and Right To Appeal

‍

As a person affected by the processing of your personal data, you may assert certain rights against us (“Data Subject Rights”) in accordance with the GDPR and other applicable data protection regulations, as described below.

‍

10.1 Rights of Data Subjects

‍

i. Right of access pursuant to Art. 15 GDPR:

You may request information from us at any time about your personal data that we have stored about you. In particular, you may request information about the purposes of the processing, the categories of personal data concerned, the recipients to whom your data have been or will be disclosed, the origin of the data if we did not collect it directly from you, the planned storage period, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.

‍

ii. Right of rectification pursuant to Art. 16 GDPR:

You may request the rectification of inaccurate or incomplete personal data without undue delay. We take reasonable steps to ensure that the personal data we process about you are accurate, complete, up to date and relevant.

‍

iii. Right to erasure (“right to be forgotten”) pursuant to Art. 17 GDPR:

You may request the deletion of your personal data where the legal requirements are met. According to Art. 17 GDPR, this may be the case, for example, if:

• the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• you withdraw your consent on which the processing is based and there is no other legal basis for the processing;
• you object to the processing pursuant to Art. 21 GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing purposes;
• the personal data have been processed unlawfully.

‍

This does not apply where processing is necessary:

• to comply with a legal obligation requiring the processing of personal data (in particular statutory retention obligations);
• to establish, exercise or defend legal claims.

‍

iv. Right to restriction of processing pursuant to Art. 18 GDPR:

You may request that we restrict the processing of your personal data where:

• you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the data;
• the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
• we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
• you have objected to processing pursuant to Art. 21 GDPR, pending verification of whether our legitimate grounds override yours.

‍

v. Right to data portability pursuant to Art. 20 GDPR:

At your request, we will provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format so that you may transmit those data to another controller. This right applies only where the processing is based on your consent or on a contract.

‍

vi. Right to withdraw consent pursuant to Art. 7(3) GDPR:

You have the right to withdraw your consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

‍

vii. Right to object pursuant to Art. 21 GDPR:

If your personal data are processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR on grounds relating to your particular situation. This also applies to profiling based on these provisions.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing. If you object to processing for direct marketing purposes, the personal data will no longer be processed for those purposes.

Following an objection, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves the establishment, exercise or defence of legal claims.

If you wish to exercise your right of withdrawal or objection, you may send an email to: team@magnat.fund

‍

viii. Right to lodge a complaint pursuant to Art. 77 GDPR:

You have the right to lodge a complaint with a supervisory authority. As a rule, you may contact the supervisory authority at your habitual residence, place of work or the place of the alleged infringement.

‍

‍

10.2 Deadlines for Compliance with Data Subject Rights

‍

As a general rule, we endeavour to respond to all enquiries without undue delay and within the time limits prescribed by applicable data protection law. In certain cases, this period may be extended where necessary, taking into account the complexity and number of requests.

‍

‍

10.3 Limitation of Information for the Fulfilment of Data Subject Rights

‍

In certain situations we may not be able to provide information about all personal data due to legal obligations or statutory restrictions. If we must decline a request for information in such a case, we will inform you of the reasons for the refusal where legally permitted.

‍

‍

10.4 Complaints to Regulatory Authorities

‍

We take your concerns regarding data protection seriously. If you believe that the processing of your personal data does not comply with applicable data protection laws, you have the right to lodge a complaint with a competent data protection supervisory authority.

‍

‍

‍

11. Legal Basis

‍

You can download the text of the GDPR from the following homepage:

https://gdpr-info.eu

‍

‍

‍

12. Changes to this Notice

‍

We may update this Privacy & Data Protection Notice to reflect legal, regulatory, or operational changes.

The “Last updated” date indicates the most recent revision.

‍

‍