Privacy 2018-05-24T17:08:23+00:00
Home » Privacy

Data protection declaration (05/2018)

1. wefox

The websites www.wefox.de, www.wefox.ch, www.wefox.at, and wefox APP are services offered by

FinanceApp AG
Stampfenbachstr. 138
8006 Zurich, Switzerland
HR CHE-375.651.476 / Canton Zurich

as the media owner. wefox is a brand of FinanceApp AG, which is utilised to offer the services of its subsidiary companies. By using wefox, you agree to the use of your data as described in the following.

Operatively, the services offered by FinanceApp AG subsidiaries are distributed regionally via the websites and the wefox app:

  • Switzerland
    FinanceApp Switzerland AG

    Stampfenbachstr. 138
    8006 Zurich, Switzerland
    HR CH-020.3.043.610-9 / Canton Zurich
  • Germany
    FinanceFox Germany GmbH

    Urbanstrasse 71
10967 Berlin, Germany
    HRB 170236 B / Charlottenburg Local Court
  • Austria
    FinanceApp Austria GmbH

    Thomas-Klestil Platz 3
    1030 Vienna, Austria
    FN 461009f / Vienna Commercial Court

wefox is a customer relationship management platform (CRM system based on Salesforce):

Salesforce.org EMEA Limited
100 New Bridge Street
London, United Kingdom
EC4V 6JA

Data is processed based on the power of attorney awarded to the broker and the conditions of use of the wefox app and the customer portal. If you have awarded wefox a broker power of attorney, data relevant to insurance matters will be recorded, and your data will be transferred to insurers to collect insurance information and for contract management purposes. Over the course of customer management, our data will be transmitted to Salesforce, external service providers, and stored on various servers.

Servers:

Amazon S3 – Frankfurt, GER
Amazon SNS – Frankfurt, GER
Heroku – Frankfurt, GER
Lionentry – Lwiw, UKR
Salesforce – Frankfurt, GER
Salesforce – London, UK

Service providers:

  • FinanceFox Services GmbH
    Urbanstrasse 71
    10967 Berlin, Germany
    HRB 171284 / Charlottenburg Local Court

    Service: Creation and maintenance of the homepage, IT services

  • FinanceFox Services BCN S.L.
    Carrer de Vilamarí, 50
    08015 Barcelona, Spain
    NIF: B66700949

    Service: IT support for app/web app

  • Apella AG
    Friedrich-Engels-Ring 50
    17033 Neubrandenburg, Germany
    HRB 5046 / Neubrandenburg Local Court

    Service: Commission and transaction data management (Germany)

  • finanzen.de
    Vermittlungsgesellschaft für Verbraucherverträge AG
    Schlesische Strasse 29-30
    10997 Berlin, Germany
    HRB 122171 B / AG Charlottenburg

    Service: Commission and transaction data management (Germany)

  • Fonds Finanz Maklerservice GmbH
    Riesstrasse 25
    80992 Munich, Germany
    HRB 159670 / Munich Local Court

    Service: Commission and transaction data management (Germany)

  • Lionentry
    Mitchell Street 5
    UK EH6 7BD Edinburgh, United Kingdom

    Service: Data Content Management (UK – Scotland)

2. Who is responsible for the safety of your data at wefox?

In the following, we will inform you about the treatment of your personal data within the scope of the wefox homepage, the web application (customer portal), and the wefox app. If you use our homepages at

www.wefox.ch
www.wefox.de
www.wefox.at

or the wefox app or the wefox service portal, personal data will be recorded and processed by us.

FinanceApp AG is the media owner responsible for the website www.wefox.at and use and security of the personal data of the users of this website. Both recording and saving, as well as the use of this information is therefore completed within the scope of applicable legal provisions only and, provided this is required, only following your corresponding consent. This applies in particular is personal data is collected by us and prior to any transfer of your data to third parties (e.g. our broker partners).

If you have questions or comments concerning data protection, you may also contact us via e-mail at [email protected] or via the respective subsidiary company of FinanceApp AG using the address indicated in the legal notice.

3. Which data must be protected?

Because the protection of your privacy is important during use of the app, we wish to inform you via the following information regarding which of your personal data are collected, used, and processed by us. You may access this data protection declaration at any time via the “data protection” section on our webpages:

CH: https://www.wefox.ch/datenschutz
DE: https://www.wefox.de/datenschutz
AT: https://www.wefox.at/datenschutz

Please note that the data protection declaration only describes the respective data collection, processing, and use of your personal data that takes places within the scope of use of wefox.at and the functions connected with this and as listed in the general terms and conditions (https://www.wefox.at/agb) and the broker power of attorney completed with wefox.

The offer provided by wefox.at may also include links to the pages of other providers. Since wefox does not have any influence on these websites, we recommend the user inform himself regarding the information provided there concerning data protection. wefox cannot accept responsibility for the content of linked pages.

The object of data protection includes all personal data that could be used to make connections with your identity.

In particular, master data like your name, address, e-mail, or IP address, telephone number, or usage data are collected. Usage data includes data that are required to use our websites, e.g. information regarding the start, end, and scope of the use of our websites and registration data. Furthermore, content data may also be affected, for example scanned-in insurance contracts or data that may be derived from this, especially health data specified by you. Health data qualify as sensitive data that are subject to special protection regulations.

Your personal data may also be processed via Internet use, e.g. via data transmission, on servers outside of the EU and the EEC by service providers located there, i.e. outside of the scope of application of guideline 95/46/EC of the European Parliament and the Council dated 24 October, 1995 on the protection of natural persons during processing of personal data and concerning free movement of data (OJ EC No. L 281 P. 31).

We hereby indicate that data transmissions on the Internet are generally subject to security gaps. Naturally, we always endeavour to protect your data according to the current technical standards as far as possible for this reason. However, we request your understanding that seamless protection of your data cannot be guaranteed.

4. Use of your personal data

Your data are essentially stored on the servers used by us and utilised for the purposes described in the following in particular.

4.1 Data collection while accessing www.wefox.at

During access to wefox websites, your web browser automatically transmits data for technical reasons. The following data are stored separate from other data that you may provide to us under some circumstances:

  • Date and time of access
  • Browser type/version
  • Operating system used
  • URL of the previously visited website
  • Quantity of data sent

These data are only saved for technical reasons and shall not be assigned to a certain person at any time.

4.2 Registration and log-in

In order for you to use all of the benefits of wefox, registration and the related input of specific personal data is necessary. The entry of all data is voluntary. This involves the following data categories:

  • Dane and complete address data
  • Landline telephone number and/or mobile telephone number
  • E-mail address
  • Birth data (date, location, birth name)

4.3 Data utilisation for use by registered users

If you utilised services from wefox as described in the general terms and conditions and in the broker power of attorney that may have been completed with wefox, the personal content data entered by you shall only be used:

  • to provide the services offered via wefox.at as they are described in the general terms and conditions and in the client contract that may have been completed with wefox,
  • if other special types of personal data are used and you have consented to this herein,
  • for the purpose of sending advertising, if you have provided corresponding consent to this, and
  • in addition to this, wefox requires this and other data entered by you to document the business relationship and to be able to react to requests, questions, and criticism.

4.4 Transfer to third parties and data protection on third-party websites

Furthermore, transfer of personal data to third parties without your consent shall only occur in the following cases:

  • If required for legal proceedings, personal data, and especially in case of cases of abuse, may be transferred to prosecuting authorities and damaged third parties.
  • Provision may also take place if this facilitates assertion of usage conditions or other agreements. wefox shall also be legally obliged to provide information to certain public agencies upon request. This includes requests from supervisory or financial authorities or courts.
  • Occasionally, we are required to utilise contractually bound external companies and service providers to offer our services, for example to provide our customer service or in case of hosting for wefox.at. In these cases, information shall be provided to these companies or individual persons to enable further processing. All service providers are carefully selected by us, regularly checked, and may only use the data for the purposes specified by us. They are also contractually obligated by us to treat your data according to this data protection declaration and the applicable data protection laws.

4.5. Platform tools
The following web services that are used on the wefox platforms may not be deactivated by the user:

WebApp (wefox customer portal)

  • Affilinet Tracking
    Sale pixel of affiliate tracking network
    Data sent: account id/user IP
  • Logentries
    Collection and evaluation of server log event data, log entries
    Data sent: account id/user IP
  • NewRelic
    Monitors the performance of the web applications in real time
    Data sent: account id/user IP
  • Nano conversion
    Conversion pixel of traffic network
    Data sent: account id/user IP

WebSite

  • Google Search Console
    Uses Google search data to evaluate results data for the website.
    Data sent: sitemap
  • Unbounce
    Creates individual landing pages for marketing campaigns and uses overlays to increase conversions on all webpages.

App/web app & website

  • Cloudflare
    Tool for improving data security, distributed domain name server (DNS), content delivery network (CDN), Internet security services
  • Facebook Pixel
    Tool for measuring advertising effectiveness
    Data sent: no personalised data
  • Google Tag Manager
    Individualised property assignment to the user, tag management system, integrated third-party services
    Data sent: account id/user IP, event tracking
  • Google AdWords
    Tool for personalised control of advertisements
    Data sent: Account ID, user IP
  • Google Analytics
    Evaluation/reports on website traffic
    Sent data: page views, track goals (internal goal text keys), lead id, account id
  • Intercom
    Customer communication platform for live chats and on-boarding
    Data sent: Account ID/user IP
  • Mixpanel
    Tracking tool for analysis of web/app user interactions
    Data sent: Account ID/user IP
  • Mouseflow
    Product analysis and optimisation
    Data sent: no personalised data
  • Optimizely
    Tool for product analysis and optimisation of online marketing
    Data sent: no personalised data

APP/iOS & Android

  • GoogleAnalytics/Firebase (metrics)
    Evaluation of customer behaviour via windows/buttons used
    Data sent: screen and event tracking
  • Google Places API
    Enables access to HTTP interfaces, provision of geographic data and geocoding, route descriptions, altitude, location, and time zone data.
    Data sent: User location
  • Appsflyer
    Marketing source tracking
    Data sent: Account ID/user IP
  • Appsee (metrics)
    Tool for improving user friendliness, analyses track opened windows, click buttons, heat maps, video screen recording for UI interactions.
    Sending screen, event tracking, action funnels, video recording
    Data sent: no personalised data
  • Adjust (marketing campaigns)
    Evaluation of app installations via external html links, mailing campaign, etc.
    Data sent: device identifiers, marketing identifiers
  • Crashlytics (apps crash analysis)
    Tool for improving application stability, crash events, non-fatal errors, performance analysis
    Data sent: device identifiers, crash dump information, internal tracking data (e-mail, name, push token, performance app data, non-fatal error data)
  • Marketing Cloud (push notifications)
    Sending push messages
    Sent data: device identifiers, push token, Salesforce personal ID, User IP

4.7 Social plug-ins

wefox.at provides recommendation buttons (so-called “social plug-ins/like buttons) that enable users to share content with the social network facebook.com and its users. The operator of this network is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (referred to as “Facebook” in the following).

In this case, wefox.at uses the data protection-friendly “Shariff” technology:

http://www.heise.de/ct/ausgabe/2014-26-Social-Media-Buttons-datenschutzkonform-nutzen-2463330.html

This causes usage information (the content recommended by the user including the data and time and the IP address of the user) only to be transferred to Facebook after pressing the recommendation button in individual cases. Facebook itself, and not wefox, shall be responsible for further treatment of this information. The purpose and scope of any possible use of information by Facebook and the rights and setting options concerning this and protection of the user’s privacy are indicated in Facebook’s data protection guidelines:

http://www.facebook.com/policy.php

If usage information should not be transferred to Facebook, the user should refrain from pressing the recommendation button.

4.8. Data transfer to non-EU countries

Lionentry/Ukraine: In order to offer wefox without additional costs, one-time data processing within the scope of our data content management partner in Ukraine via Lionentry UKR is required following provision of your data via the wefox app or the wefox service portal. The data provided to Lionentry shall be irrevocably deleted by Lionentry following expiry of the legal storage periods.

Naturally, we shall also endeavour to ensure an appropriate level of data protection to you by obligating our service providers to a suitable level of data protection. Upon request, you may receive information about the data provided to Lionentry and the contractually ensured data protection level.

Questions/right of objection
In case of questions about data processing in non-EU countries, please contact:

[email protected]

If you do not consent to processing your data in the non-EU countries listed, please make use of your right of objection.

5. Profiling

The term “profiling” refers to a type of automated personal data processing that consists of using personal data to evaluate specific personal aspects that relate to natural persons.

Within the scope of the “Foxcheck”, your insurance data are compared automatically to enable an initial evaluation of your insurance situation and to supply your with information about suitable insurance products.
If you have awarded a support agreement, an automation-supported comparison of your data will be completed at regular intervals to enable a continuous check of the suitability of your insurance protection.

6. Data security

We secure our website, the wefox app, and other systems with technical and organisational measures against loss, destruction, access, and alteration or distribution of your data by unauthorised persons.

Confidentiality during electronic transfer of health data is also ensured by implementation of the electronic transfer of health data via networks that are secured according to state of the art technology in the area of network security to guard against unauthorised access, i.e. by securing data transmission using cryptographic or structural design measures that specify network access exclusively for a closed or limited user/user group and that include user authentication measures and only use those protocols and processes that result in complete encryption of health data. In particular, storage of health data on requirement-oriented storage media (cloud computing) only takes place in an encrypted form.

In order to transfer personal data or to store sensitive health data as securely as possible, wefox uses encryption with TLS 1.2 (Transport Layer Security – 128 bit GCM SHA256). Data are transferred exclusively via HTTPS. This type of encrypted data transfer is used for all personal data.

7. Right of cancellation

You may delete your user account at any time, free of charge, without indication of any reason or object to further use of data by wefox in writing or by e-mail. Your data shall no longer be available for further use, shall be blocked until expiry of the legal storage period or until expiry of the specified limitation period, and shall then be irrevocably deleted. The legally specified periods may amount to up to 10 years, depending on the application case. We are happy to provide specific information about individual cases upon request.

8. Storage, information, and correction

Your insurance-relevant data shall be stored for the complete duration of your contractual relationship until expiry of the legal storage periods. Legal storage periods may vary according to the object of data processing and amount to up to ten years.
FinanceFox Germany GmbH only stores the data provided by you yourself during use of the wefox app or entered into the wefox service portal or by third parties on your behalf. Provided nothing else has been agreed to, all data collected shall be used exclusively for fulfilment of the broker agreement.

You are entitled at all times to free information about the data stored by us, processing locations, and storage locations. In this case, simply contact us by mail (for the address, see page 1), or write a brief e-mail to:

[email protected]

9. Changes to the data protection declaration

wefox reserves the right to change this data protection declaration. The current version of the data protection declaration is always available at our homepage. If this data protection declaration is changed in the future, you shall be informed about the changes by e-mail.

10. Data protection officer

If you have any questions or concerns about privacy, please contact our data protection officer:

Ernst & Young Law GmbH Rechtsanwaltsgesellschaft Steuerberatungsgesellschaft (EY Law)

[email protected]

11. Complaints offices

In case of complaints, please contact our data protection officer and any legally specified complaints offices. In particular, the following complaints offices are available to you:

  • Switzerland
    Eidgenössischer Datenschutz- und Öffentlichkeitsbeauftragter EDÖB

    Feldeggweg 1
    3003 Bern, Switzerland
  • Germany
    Bundesbeauftragte für den Datenschutz und die Informationsfreiheit

    Husarenstrasse 30
    53117 Bonn, Germany
  • Austria
    Österreichische Datenschutzbehörde

    Hohenstaufengasse 3
    1010 Vienna, Austria