RottoR Trade

Privacy Policy

Version: March 2026

This privacy policy explains which personal data we, as the controller—and processors acting on our instructions—process or may process in the future, and what rights you have. It is based on the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national law, in particular the Liechtenstein Data Protection Act (DSG).

We aim to describe the main points clearly. Terms from the GDPR are used where they help precision. For full legal definitions, see the GDPR text on EUR-Lex.

If you have questions, please contact us using the details under Contact details of the controller or see our imprint.

Introduction and overview

In short: we only process personal data where there is a legal basis, and we inform you about the main processing activities connected to this website and email contact.

This site is built with Nuxt and related open modules (Nuxt UI, Nuxt Content, Nuxt Fonts). We do not use Google Tag Manager, Google Analytics, or other advertising or web-analytics tools that track you across the site for marketing or profiling.

Scope

This policy applies to personal data processed in connection with:

  • this website (including pages delivered as static or server-rendered content),
  • email communication when you write to us or use the contact form.

It does not cover processing that happens only in other contexts (e.g. separate contracts or offline processes); where that is the case, we will inform you separately if required by law.

“Personal data” means information relating to an identified or identifiable person within the meaning of Article 4(1) GDPR (e.g. name, email address, phone number, IP address).

Legal bases

We process personal data only if at least one of the following applies:

  • Consent (Art. 6(1)(a) GDPR) — where we ask for your consent for a specific purpose.
  • Contract or pre-contractual steps (Art. 6(1)(b) GDPR) — e.g. handling your enquiry or preparing a transaction.
  • Legal obligation (Art. 6(1)(c) GDPR) — e.g. retention required by tax or commercial law.
  • Legitimate interests (Art. 6(1)(f) GDPR) — e.g. operating, securing, and improving the website, provided your interests do not override ours.

National law Liechtenstein DSG applies alongside the GDPR where relevant.

Contact details of the controller

RoTToR Trade GmbH
Schellenbergerstrasse 39
FL-9493 Mauren
Liechtenstein

Email: thomas.tuertscher@rottor-trade.com
Phone: +43 664 1531192

Storage period

We keep personal data only as long as necessary for the purposes described or as required by law. When the purpose ends and no retention duty applies, we delete or anonymise the data as soon as practicable.

If you ask for erasure or withdraw consent, we will delete data without undue delay unless we must continue to store it (e.g. legal retention).

Specific retention periods depend on the processing activity (see below).

Your rights under the GDPR

Where the GDPR applies, you may have the right, subject to conditions and exceptions in law, to:

  • Information (Art. 15) — confirmation as to whether we process your data, access, and certain details about the processing.
  • Rectification (Art. 16) — correction of inaccurate data.
  • Erasure (Art. 17) — deletion in certain cases (“right to be forgotten”).
  • Restriction (Art. 18) — limitation of processing in certain cases.
  • Data portability (Art. 20) — receive your data in a structured, commonly used format where processing is based on consent or contract and is automated.
  • Object (Art. 21) — object to processing based on legitimate interests or to direct marketing (we do not use this site for profiling-based direct marketing).
  • Automated decisions (Art. 22) — not to be subject solely to automated decisions with legal or similar significant effect (we do not operate such decision-making on this website).
  • Withdraw consent at any time, where processing is based on consent, without affecting lawfulness before withdrawal.
  • Lodge a complaint (Art. 77) with a supervisory authority.

You can exercise these rights by contacting us at the address above.

Supervisory authority

If you believe that processing violates data protection law, you may lodge a complaint with a supervisory authority. For our company, the relevant authority is:

Liechtenstein Data Protection Authority (Datenschutzstelle)
https://www.datenschutzstelle.li/

Data transfers to third countries

We primarily process data in the European Economic Area (EEA) or Switzerland/Liechtenstein context where possible.

Some processors we use are based outside the EEA (e.g. in the USA), including Vercel (hosting) and Resend (email). We only permit such transfers where permitted by law, for example on the basis of an adequacy decision, the EU–US Data Privacy Framework, or standard contractual clauses (SCCs) approved by the EU Commission, combined with supplementary measures where required. Further information is available in the providers’ privacy notices and data processing terms.

We do not sell your personal data.

Security of processing

We implement appropriate technical and organisational measures to protect personal data (e.g. access control, encryption in transit via HTTPS/TLS). Transmission between your browser and our servers is encrypted where HTTPS is used; you can recognise this by the padlock symbol and https:// in the browser address bar.

Further detail on specific measures may be provided on request where appropriate.

Processors and data processing agreements

Where we use service providers who process personal data on our behalf, they act as processors under Article 28 GDPR. We conclude data processing agreements (DPAs) or rely on appropriate statutory terms where required, so that processing occurs only on our instructions.

Hosting and delivery (Vercel)

This website is deployed on Vercel (Vercel Inc., USA). Vercel provides the infrastructure that delivers the site and runs server-side functions (e.g. API routes such as the contact form). In doing so, Vercel may process technical data such as IP addresses, timestamps, request metadata, and similar information in server logs for operation, security, and performance.

Vercel acts as a processor in relation to this hosting and edge/serverless execution. We rely on appropriate contractual safeguards (including data processing terms offered by Vercel) and, where personal data is transferred to the USA, mechanisms recognised under the GDPR (such as the EU–US Data Privacy Framework and/or standard contractual clauses), as described in Vercel’s documentation and legal pages (e.g. Vercel Privacy Policy).

Email delivery (contact form)

When you use the contact form, we process the data you enter (e.g. first name, last name, email address, optional phone number, message) to:

  • send your enquiry to our team, and
  • send you a confirmation email via our email service provider.

Email transmission is handled by Resend (email API). Resend may process message content and metadata on servers that can include locations outside the EEA. We use Resend only to deliver these transactional messages, under a processing relationship consistent with Article 28 GDPR, with appropriate transfer safeguards as applicable.

Legal bases are typically Art. 6(1)(b) GDPR (pre-contractual/contractual handling of your request) and, where needed, Art. 6(1)(f) GDPR (operation of the contact channel).

Cookies and similar technologies

We do not use cookies for advertising, social plug-in tracking, or web analytics (such as Google Analytics).

Your browser may still store strictly necessary data required to display the site (e.g. session or preference data used by the application framework). Such use is limited to what is needed to provide the service and is typically based on Art. 6(1)(f) GDPR (legitimate interest in a functional website) or Art. 6(1)(b) GDPR where it is strictly necessary for a requested feature.

You can delete or block cookies in your browser settings; note that parts of the site may not work as intended if you block essential storage.

Website visit and server logs

When you access pages, the infrastructure that serves the site (Vercel; see Hosting and delivery (Vercel)) may automatically process technical data such as IP address, date and time of the request, HTTP method, URL, status code, browser type, and referrer. This processing serves to deliver the content, ensure security (e.g. abuse prevention), and troubleshoot errors.

Legal basis is usually Art. 6(1)(f) GDPR (legitimate interests in secure operation), or Art. 6(1)(b) where applicable.

Contact by email outside the form

If you contact us directly by email, we process the data you send (email address, content, attachments) to handle your request. Legal bases may include Art. 6(1)(b) and Art. 6(1)(f) GDPR.

Changes

We may update this privacy policy when our processing or legal requirements change. The version indicated at the top applies.

Last updated: March 2026