- 1 I. Introduction
- 2 II. Who is responsible for collecting and using your information?
- 3 III. What purposes do we use your information for?
- 4 a. Cookies
- 5 aa. Terminology
- 6 bb. Cookies we use
- 7 cc. How to control cookies – Opt Out
- 8 b. Web Analytics
- 9 aa. Google Analytics
- 10 bb. Mixpanel
- 11 cc. Optimizely
- 12 dd. NewRelic
- 13 c. Marketing
- 14 aa. Unbounce
- 15 bb. Facebook Pixel/Custom Audiences
- 16 cc. Google AdWords Conversion-Tracking
- 17 dd. Google Doubleclick
- 18 ee. Affilinet
- 19 d. Use of your data to secure the functioning and security of our website
- 20 e. Social Plug-ins
- 21 f. Links to social media websites
- 22 IV. With whom and how do we share your information?
- 23 V. When will your information be deleted?
- 24 VI. What rights do you have regarding to the processing of your information?
- 25 VII. Consent and withdrawal of consent
- 26 VIII. How to contact us?
This data protection policy aims to inform about the processing of your personal data by wefox Germany GmbH as operator of wefox (hereinafter also referred to as “controller” or “we”) when using this website, our customer platform, our contact form or our newsletter.
II. Who is responsible for collecting and using your information?
wefox Germany GmbH is the controller and therefore responsible for the collection and processing of your personal data according to the applicable data protection law:
wefox Germany GmbH
E-Mail: [email protected]
III. What purposes do we use your information for?
1. How your information is used when you visit the website
When you visit our website, your browser transmits certain data to our web server. This is done for technical reasons in order to provide you with the information you have requested. In order to enable you to visit the website, the following data is collected, briefly stored and used:
- IP address,
- Date and time of the request,
- Time zone difference to Greenwich Mean Time (GMT),
- Content of the request (specific site),
- Access status/HTTP status code,
- Transferred volume of data,
- Website from which the request comes,
- Browser, operating system and its interface, language and version of the browser software.
Moreover, to protect our legitimate interests, we store this data for a limited time in order to be able to initiate a tracking of personal data in the event of unauthorized access or access attempts to local servers. This is permitted to us according to Art. 6 (1) (f) GDPR.
In case you have any questions about the particular cookies and their functions, you can contact us at
wefox Germany GmbH
E-Mail: [email protected]
bb. Cookies we use
- Functionality of the website
Cookies that are technically necessary for our website to function technically or that offer a service or option you have requested; e.g. a cookie that “remembers” your personal settings, such as selected language or similar.
- Performance analysis of the website
- Social media cookies
In order to share content from our website via social media channels such as Facebook or Twitter, a cookie must be installed on your device. Further information can be found in the guidelines of the respective company.
- Targeting and Tracking Cookies
We store this data until the end of the term of a respective cookie or until you delete the cookies.
Further processing of personal data by means of cookies can be found in the relevant sections of this information.
b. Web Analytics
We use your information in the context of website analyses in order to make them more user-friendly and for market research purposes. Therefore we use web analytics tools. These tools use your IP address either in abbreviated form or not at all. Such analysis cookies are used pursuant to Art. 6 (1) (f) GDPR. As the operator of this website, we have a legitimate interest in analysing user behaviour in order to optimise our website. Learn more about the web analysis tools we use.
For such exceptional cases, in which personal data is transferred to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
The data processing also takes place in the United States. The participation of Mixpanel Inc. in the EU-U.S. Privacy Shield ensures an adequate level of data protection (https://www.privacyshield.gov/EU-US-Framework).
On behalf of wefox Optimizely will use this information to evaluate your use of the website and to compile reports on website activities. The IP address transmitted by your browser will not be merged with other Optimizely data.
In addition to the options mentioned under III.1.a.cc., you can deactivate Optimizely tracking at any time and prevent Optimizely from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by following the instructions at http://www.optimizely.com/opt_out.
The data processing also takes place in the United States. An adequate level of data protection is ensured by the participation of NewRelic Inc. in the EU-U.S. Privacy Shield.
We will also use your information to display advertising tailored to you and your interests. We use the following tools, which use your IP address (in abbreviated or unabbreviated form) for this purpose. We use this information on the legal basis of Art.6 (1) (f) GDPR. As the operators of this website, we have a legitimate interest in displaying product recommendations and carrying out marketing measures. Learn more about the tools we use for this purpose.
Further information can be found at https://www.facebook.com/about/privacy/
You can disable the Custom Audiences function at https://www.facebook.com/settings?tabR=ads. You will have to register first.
Facebook has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, to ensure an adequate level of privacy for your data.
In addition to the options listed under III.1.a.cc., you can deactivate personalised advertising for you in Google’s advertising settings at http://www.google.de/settings/ads
For more information on how we handle your data, please visit https://policies.google.com/privacy?hl=en&gl=en
You can prevent Google DoubleClick from collecting usage data by following the instructions at the following link: http://www.google.de/settings/ads.
d. Use of your data to secure the functioning and security of our website
We also use a web service of Cloudflare Inc., 101 Townsend St, 94107 San Francisco, USA (hereinafter: CloudFlare) to make the website faster and safer. Cloudflare collects your information such as IP addresses, system configuration information and other information about traffic to and from the website as well as log data. This data helps us to identify new threats and access by unauthorized third parties. The data processing is necessary for the purposes of pursuing our legitimate interests according to Art.6 (1) (f) GDPR. The error-free and secure functioning of our internet services are such legitimate interests.
Cloudflare has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework, to ensure an adequate level of data protection when processing your data in the USA.
For more information on how Cloudflare handles your data, visit https://www.cloudflare.com/de-de/privacypolicy/.
In addition, wefox uses the service “LogEntries”, which is operated by RAPID7, The One Building, 2nd Floor, 1 Grand Canal Street Lower, Dublin 2, Dublin, Ireland, to evaluate the log files. Log files (such as your IP address, operating system used and name of the Internet service provider) are transferred to LogEntries in order to evaluate them in an anonymous form. The evaluation takes place in order to ensure the functionality of the website. In addition, the data serves us to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. Therefore, the processing is based on the aforementioned legitimate interests, Art.6 (1) (f) GDPR. For more information, please visit: https://logentries.com/privacy/.
Data processing also takes place in the United States. Rapid7 Inc.’s participation in the EU-U.S. Privacy Shield ensures an adequate level of data protection.
e. Social Plug-ins
We have implemented Facebook’s, Google+’s and Twitter’s social plug-ins on our website. You can recognize the provider of the plug-in by the marking on the box by his initial letter or the logo. We use the so-called two-click solution. As a result, no personal data is passed on to the providers of the plug-ins during a purely informational visit of our website. We offer you the possibility to communicate directly with the provider of the plug-in via the button. Only if you click on the marked field and thereby activate it, the plug-in provider receives the information that you have accessed the corresponding website of our online offer. The data is transferred regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected with us will be directly assigned to your existing account with the plug-in provider. If you click the activated button and, for example, share the page, the plug-in provider will also store this information in your user account and will share it publicly with your contacts.
The legal basis for the use of the plug-ins is art.6 (1) (f) GDPR. Through the plug-ins we offer you the possibility to interact with your social networks and other users, so that we can improve our offer and make it more interesting for you as a user. The plug-in provider stores the data collected about you as user profiles and uses these for the purposes of advertising, market research and/or demand-oriented design of its website. Such an analysis takes place in particular (also for not logged in users) for displaying of demand-driven advertisement and in order to inform other users of the social network about your activities on our website.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the Privacy Policies of the respective providers as notified below. There you will also receive further information on your rights in this regard and setting options for the protection of your privacy. Below we have listed the addresses of the respective plug-in providers and URL with their data protection information:
Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Facebook”). Information on Facebook’s data protection: http://www.facebook.com/policy.php. Facebook has also submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc. 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. For more information and adjustment options, see:
Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
cc. Google +
Plugins of the social network Google+; is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). An overview of the Google+ plugins and their appearance can be found here: https://developers.google.com/+/plugins; information on data protection at Google+ can be found here: http://www.google.de/intl/de/policies/privacy/. Google has also submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
You will also find links to social media networks such as Facebook, Twitter, Google+, YouTube and LinkedIn on our website. These are not social plug-ins provided by the social media provider, which already transmit data to the provider when the page is loaded without the users having any influence. Behind the buttons to the social media networks there is only a link to the social media network including the transfer of the website to be shared. No user data is transmitted from the website to the social media network. If you are already logged in to the respective social media service at the time you click the button, the sharing dialog will recognize this so that you can share the content directly. If this is not the case, you will be asked to log into the social media network. From this point on you will be on the website of the respective social media network. Please find the information on data processing of the respective providers below.
Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (“Face-book”). Information on Facebook’s data protection : http://www.facebook.com/policy.php. Facebook has also submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Twitter, Inc. 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. For more information and customization options, see:
Twitter has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
Instagram is one of the products provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, https://help.instagram.com/519522125107875.
LinkedIn has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; https://www.linkedin.com/legal/privacy-policy.
LinkedIn has submitted to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.
XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany, https://privacy.xing.com/de/datenschutzerklaerung.
2. Email Requests
You can contact us via the e-mail address provided on our website. If you send us an e-mail, we collect, store and use your
- Name, last name
- E-mail address
- The contents of your message.
Processing will only take place to the extent necessary for processing your request and for corresponding with you. The legal basis for e-mail inquiries is Art.6 (1) (f) GDPR. If contact by e-mail is aimed at entering into a contract, the legal basis is Art.6 (1) (b) GDPR.
The collected data is used solely for the purpose of processing your request. The data collected during the sending process is necessary to prevent misuse of the function and to ensure the security of our systems.
3. Information Email and Newsletter
With your consent, you can subscribe to our newsletter, which will inform you about further products and services.
For the registration to our newsletter we use the so-called double opt-in procedure. This means that after your registration we will send you an e-mail to the e-mail address you have provided us with in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store your IP address and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. The indication of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation we will save your e-mail address for the purpose of sending you our newsletter. The legal basis is your consent according to Art.6 (1) (a) GDPR.
You can revoke your consent to receive the newsletter at any time (sec. VII.) and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, or by sending an e-mail to [email protected] or by sending a message to the contact details given in the imprint.
4. Registration on and use of our platform
You have the opportunity to use our customer platform and thus make use of our services as an insurance comparison portal and insurance broker in accordance with our General Terms and Conditions by registering on our platform. The mandatory information for registration includes:
- Name, last name
- Mobile telephone number
- Date of birth (date, place, name of birth)
The processing of this data is based on art.6 (1) (b) GDPR, since this information is necessary for the fulfilment of the services based on our general terms and conditions.
Within the framework of your brokerage or broker subcontract, we mediate insurance contracts (hereinafter referred to briefly as “brokerage”) and / or support and administer existing contractual relationships or support claims settlements. For this purpose, your personal data is required for pre-contractual measures, consulting documentation, contract application or conclusion, communication with the product providers as well as contract support. Your data will be collected, processed and used by the broker within the scope of your brokerage order for contract-related advice and processing and will be transmitted by the broker to providers (e.g. insurance companies, comparison platforms) requested by him for this purpose and stored and used by them for checking the application. The collection and use of your data is necessary to fulfil the contract with you and is based on Art.6 (1) (b) GDPR.
For special categories of personal data – such as your health data – the law requires the granting of an additional data protection consent. The scope and purpose of the relevant data processing results from the declaration of consent. The legal basis for this is art.6 (1) (a) GDPR.
Insofar as we use your data to inform you about other products and services, this will only be done with your consent pursuant to art.6 (1) (a) GDPR, which you can revoke at any time (sec. VII.).
1. Data transfer for data processing on our behalf
wefox outsources certain processes and tasks to service providers to ensure the handling of complex issues that require special knowledge or cannot be taken over internally or to be able to fulfil the contract with you, such as hosting our website, analyses of user behaviour on our websites, etc. Therefore we will forward your data to the following categories of recipients:
- Insurers, cooperating intermediaries, broker pools,
- Technical service providers
- For web analysis and marketing purposes to recipient mentioned in sec III.1.b and c.
We will only forward such information to the service providers and companies that are necessary for the respective service. Further information will not be transmitted to the companies.
Also in the context of forwarding your information to other service providers, we would like to ensure that your data is handled with care and that you can also enforce your rights when using other service providers. For this reason, appropriate contracts have been concluded with the service providers to the extent necessary to protect your information.
The transmission of your personal data takes place for the purpose of contract initiation or execution with you on the basis of Art.6 (1) (b) GDPR, due to our legitimate interest in keeping our products functional and safe, on the basis of Art.6 (1) (f) GDPR and if you have given us your consent for the processing of your personal data on the basis of your consent within the meaning of Art.6 (1) (a) GDPR.
2. Data transfer due to legal obligation
Beyond that we transmit your personal data only if a legal obligation exists for such transmission. The transmission takes place on the basis of Art.6 (1) (c) GDPR (e.g. to the police authorities in the context of criminal investigations or to the data protection supervisory authorities).
3. Processing of data outside the EU/EEA
Some of your data will also be processed in countries outside the European Union (“EU”) or the European Economic Area (“EEA”). In these cases, we ensure, for example, through contractual agreements (EU standard contract clauses) with our contractual partners that an adequate level of data protection is guaranteed for your data.
V. When will your information be deleted?
We store your data as long as this is necessary for the above-mentioned purposes or until you have withdrawn your consent (for more information see sec. VII.). If these purposes cease to exist or you have withdrawn your consent, we will delete your data.
We delete the data unless we have other legal reasons for further storage. If the data are not deleted because they are necessary for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. Information collected in connection with tax and legal obligations is sometimes stored for a corresponding period of time. The storage periods are then up to ten years. In addition, it may happen that personal data must be stored for the period during which claims can be asserted against wefox Germany GmbH (statutory limitation period up to thirty years).
VI. What rights do you have regarding to the processing of your information?
In order to inform you of all possibilities within the scope of the collection and use of your information/personal data, we would like to draw your attention to the rights you are entitled to in this context.
a. Right of access
You can request information on how, by whom, for what purposes and under what conditions your data is collected and used.
b. Right to rectification
We do not want to transfer false or outdated information in the context of the use of your personal information, e.g. to prevent misunderstandings or possible damages. Therefore, you have the opportunity to update or correct the information we have collected about you at any time.
c. Right to restriction of processing
You can also ask us to use your data only to a limited extent. This means that your data may still be stored but may only be used for limited purposes (e.g. to assert legal claims).
d. Right to object
If we collect and use your information on the basis of legitimate interests, you have the right to object to the use of your information.
e. Right to lodge a complaint with a supervisory authority
It is important to us to comply with all laws and provisions regarding your data. However, if you believe that by using your data we are in breach of the General Data Protection Regulation, you have the right to lodge a complaint with a supervisory authority.
f. Right to erasure
We also delete your data insofar as they no longer required for the purposes stated herein and if we are not obliged to retain them (sec. V. ). However, if you believe that there is no legal reason for further storage, you can assert your right to erase the data.
g. Right to data portability
You also have the right to transfer any data you have provided to us. This means that we provide you with this data in a structured, common and machine-readable format.
VII. Consent and withdrawal of consent
If you have given us your consent for the processing of your personal data, you can withdraw this at any time. Please note, the withdrawal has no effect on the legality of the data processing carried out in the past on the basis of your consent.
VIII. How to contact us?
To exercise your above rights or the withdrawal of your consent or if you have any further questions about data protection at wefox, you can contact us as follows: wefox Germany GmbH Urbanstrasse 71, 10967 Berlin, Germany, E-Mail: [email protected]
You can contact our data protection officer, Ernst & Young Law GmbH Rechtsanwaltsgesellschaft Steuerberatungsgesellschaft, Friedrichstraße 140, 10117 Berlin, at [email protected].
You can also contact us if you wish to complain about how we collect, store and use your personal data. It is our goal to provide the best possible remedy with regard to your complaints. However, if you are not satisfied with our answer, you can also contact the competent supervisory authority. The Berlin Commissioner for Data Protection and Freedom of Information can be contacted at [email protected]. Further contact information can be found on the Authority’s website at https://www.datenschutz-berlin.de.