Privacy

Table of contents


    Data protection at wefox

    We are very pleased that you are interested in our company. Data protection has a particularly high priority for all companies of the wefox group (hereinafter “wefox”). It is therefore generally possible to use our website without providing personal data. However, if you want to use certain services from us, your personal data will usually have to be processed. However, this only happens on the basis of a legal basis or with your consent.

    With this data protection declaration, we want to inform you about who is responsible for data processing within wefox (1.) and about the purpose, type and scope of data processing on this website (2.), our app (3.) and as part of our insurance products (4.). If you are a business partner or a third party, you will find data protection information under (5.). You can also view the list of the service providers we use (under 6.) and receive information on many other data protection issues (7. -12.). Finally, under point 13, you can read about your rights.

    If you have any questions or comments about data protection at wefox, you are welcome to contact our data protection department at dataprotection@wefox.com at any time.

    The terms used are not gender specific.

    As of June 1, 2023

    1. Who is responsible?

    The person responsible within the meaning of the General Data Protection Regulation (hereinafter GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

    wefox Insurance AG
    Aeulestrasse 56
    9490 Vaduz
    Liechtenstein

    You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection. Please use our email address for this. Alternatively, you can also write to us by post:

    wefox Insurance AG
    Aeulestrasse 56
    9490 Vaduz
    Liechtenstein
    Email: dataprotection@wefox.com

    2. Which of your data is processed on this website?

    In the following we inform you about the processing of your personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, contact details, user behavior. In this way we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

    2.1. Overview

    Here you will find a brief overview of which of your data is processed for which purposes and which legal bases can be considered for this.

    Data category

    • Contact details
    • Contract data
    • Payment/bank details
    • Content data
    • Applicant data
    • Usage data
    • The Meta/Communication Data
    • Sensitive data (e.g. health data)

    Categories of data subjects

    • Contractor
    • Interested persons
    • User
    • Applicant
    • Business partner
    • Estate agents
    • Third

    Purposes

    • Provision of our online offer and user-friendliness
    • Provision of contractual services and customer service
    • Management and response to inquiries
    • Profiles with user-related information
    • Damage reporting, feedback and communication
    • Safety measures
    • Reach measurement and statistics
    • Tracking
    • Further development of our platform and insurance products
    • Information technology infrastructure
    • Direct-/Marketing
    • Office and organizational procedures

    Legal bases of data processing

    • Article 6 paragraph 1 sentence 1 lit. a GDPR ("consent"): If you have voluntarily, in an informed manner and unequivocally agreed by means of a declaration or other clear confirmatory action that you consent to the processing of your personal data have consented to one or more specific purposes;
    • Art. 6 (1) sentence 1 lit. b GDPR: If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures that are carried out at your request;
    • Art. 6 (1) sentence 1 lit. c GDPR: If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory storage obligations);
    • Article 6 (1) sentence 1 lit. f GDPR ("legitimate interests"): If the processing is necessary to protect legitimate (in particular legal or economic) interests of wefox or a third party, provided your conflicting interests or rights do not prevail (especially if you are a minor);
    • Article 9 (2)(a) GDPR ("consent"): If you object to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, have expressly consented to biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation for one or more specified purposes;
    • Article 9(2)(f) GDPR ("Legal Claims"): If processing is necessary to assert, exercise or defend legal claims or if courts become active as part of their judicial activities.

    The storage of information in your end device or access to information already stored in your end device is only permitted if one of the following legal bases applies:

    • § 25 Para. 1 TTDSG: If you have given your consent on the basis of clear and comprehensive information. Consent must be given in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR;
    • § 25 Para. 2 No. 1 TTDSG: If the sole purpose is to transmit a message via a public telecommunications network or
    • § 25 Para. 2 No. 2 TTDSG: If storage or access is absolutely necessary so that we can provide you with a telemedia service that you have expressly requested.

    For the processing operations carried out by us, we indicate below the applicable legal basis in each case. The processing can also be based on several legal bases.

    2.2. In detail:

    2.2.1. Data collection when accessing our website

    For the provision of our online offer, we use storage space, computing capacity and software that we rent from an appropriate provider (so-called "web hosting"). When accessing our website, your internet browser automatically transmits data for technical reasons, even when using or viewing our website for purely informational purposes:

    • Processed data categories: usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. browser and device information, IP addresses).
    • Purposes of processing: Provision of our online offer and user-friendliness; Information technology infrastructure (operation and provision of information systems and technical devices such as computers, servers, etc.); Safety measures.
    • Legal basis: Legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR.
    • Right to object: You have the right to object to the processing, see point 13 below for details.
    2.2.2. Ensuring the functionality and security of our website

    Access to our online offer is logged in the form of so-called "server log files".

    Processed data categories: In addition to the server log files, the address and name of the websites and files accessed, date and time of access, amounts of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page) and im As a rule, IP addresses and the requesting provider belong.

    • Purpose of processing: The server log files are used for security and performance purposes, for example to avoid server overload and to ensure server utilization and stability.
    • Legal basis: Legitimate interests pursuant to Article 6 (1) sentence 1 lit. f) GDPR.
    • Duration of storage: Log file information is stored for a maximum of 30 days and then deleted or made anonymous. Data whose further storage is required for evidence purposes are excluded from deletion until the respective incident has been finally clarified.
    2.2.3. Registration and use of your user account

    The user account we offer is a function that is only available to a closed group of people. The prerequisite for your registration is that you are insured with wefox Insurance AG or that an "Exclusive Advisor" has brokered a contract for you with another insurer. With the user account you can easily view and manage your contracts, damage reports, benefits and other information. If you want to conclude an insurance contract with us, only the data you have provided or the data passed on by third parties with your consent will be used. In particular, this concerns:

    • Processed data categories: All information about your insurance relationship, i.e. in particular the data you provided during registration, such as contact details (e.g. surname and first name, address, email address, telephone number (landline and / or Mobile phone number) and date of birth and information that we have stored there ourselves in the course of the insurance relationship, i.e. in particular contract, damage and benefit data.
    • Purpose of processing: Creation and use of a customer-specific user account for the purpose of contract management.
    • Legal basis: Your consent in accordance with Article 6 (1) lit. a GDPR and for the fulfillment of the contract in accordance with Article 6 (1) lit. b GDPR and legitimate interests in accordance with Article 6 (1) lit. f GDPR.
    • Duration of storage: Until you delete your user account or your contractual relationship with us ends and any existing statutory retention periods have expired.
    2.2.4. Contact and inquiry management (damage report, help requests and consultation appointment)

    When contacting us (e.g. by reporting damage or requesting help using the contact form, email, telephone or via social media) and within the framework of existing user and business relationships, the details of the requesting person are processed to the extent that this is necessary to answer the contact request and any requested measures .

    • Types of data processed: contact details (e.g. e-mail, telephone numbers); Content data (your entries in online forms, free text fields, images and attachments); Usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Affected persons: communication partners.
    • Purposes of processing: contact requests and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via online form); Provision of our online offer and user-friendliness.
    • Legal basis: Legitimate interests (Art. 6 Para. 1 S. 1 lit. f GDPR); Fulfillment of contract and pre-contractual measures (Art. 6 Para. 1 S. 1 lit. b GDPR).
    2.2.5. Payment data

    If you would like to settle the current premium payments for your insurance contract with us by credit card, you must enter your relevant credit card details on our website or application. The credit card data you enter will not be stored by us, but by our payment service provider in a certified infrastructure that meets the high Payment Card Industry (PCI) standards. We only manage a so-called credit card alias, which is linked to the credit card data at the payment service provider.

    • Types of data processed: payment, bank details and credit card data.
    • Affected persons: insured persons and interested parties.
    • Purposes of processing: Payment of the premium(s) for the respective insurance product(s) by the insured person or transmission of the payment data as part of the application process.
    • Legal basis: Fulfillment of contract and pre-contractual measures (Art. 6 Para. 1 S. 1 lit. b GDPR).
    • Duration of storage: On the website: Until you change your payment method or payment information. The financial data are kept until the legal deadlines have expired and then deleted.
    2.2.6. Applicant data

    Our website offers a career portal on which the latest job advertisements are published and to which suitable candidates can apply.

    • Types of data processed: contact, resume and cover letter data.
    • Affected persons: Applicants.
    • Purposes of processing: Execution and processing of the application process.
    • Legal basis: Art. 88 GDPR in connection with the law of the respective member state, in Germany § 26 BDSG.
    • Duration of storage: If the person responsible for processing concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the person responsible for processing does not conclude an employment contract with the applicant, the application documents will be deleted three months after notification of the rejection decision, provided that deletion does not conflict with any other legitimate interests such as proceedings before an authority or a court.
    2.2.7. Web analysis, monitoring, optimization and performance

    The web analysis (also referred to as "reach measurement") serves to evaluate the flow of visitors to our online offer and can include behavior, interests or demographic information about the visitors, such as age or gender, as pseudonymous values. With the help of the range analysis, we can, for example, recognize at what time our online offer or its functions or content are used most frequently or invite you to reuse them. We can also understand which areas need optimization.

    In addition to web analysis, we can also use test procedures, e.g. to test and optimize different versions of our online offer or its components.

    Unless otherwise stated below, profiles, i.e. data summarized for a usage process, can be created for these purposes and information can be stored in a browser or in a terminal device and read out from it. The information collected includes, in particular, websites visited and elements used there, as well as technical information such as the browser used, the computer system used and information on usage times. If users have given their consent to us or the providers of the services we use to collect their location data, location data can also be processed.

    The IP addresses of the users are also saved. However, we use an IP masking process (i.e. pseudonymization by shortening the IP address) to protect users. In general, no clear user data (e.g. e-mail addresses or names) are stored in the context of web analysis, A/B testing and optimization, but pseudonyms. This means that we and the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purposes of the respective process.

    • Types of data processed: usage data (e.g. websites visited, interest in content, access times); Meta/communication data (e.g. device information, IP addresses).
    • Affected persons: users (e.g. website visitors, users of online services).
    • Purposes of processing: range measurement (e.g. access statistics, recognition of returning visitors); Profiles with user-related information (creating user profiles); Tracking (e.g. interest/behavioral profiling, use of cookies); Provision of our online offer and user-friendliness.
    • Security measures: IP masking (pseudonymization of the IP address).
    • Legal basis: Consent (Art. 6 Para. 1 S. 1 lit. a) GDPR).
    • Further information on processing processes, procedures and services:

    Google Analytics

    Web analysis, range measurement and measurement of user flows; Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;

    GoogleAnalytics/Firebase (metrics)

    We also use the "Google Firebase" service to analyze and categorize user groups and to send push notifications. Firebase is a Google subsidiary based in San Francisco (CA), USA. For more information, see Firebase's privacy policy at: https://www.firebase.com/terms/privacy-policy.html.

    Google Places API

    We use Google Places API to facilitate location-based searches. By using wefox, the user automatically agrees to this service. The data collected by a search powered by the Google Places API is bound by the Google Terms of Service. You can find more information about this at: https://www.google.com/policies/privacy/?hl=de.

    Salesforce CMS

    We use the customer management system from the provider Salesforce to be able to process user inquiries faster and more efficiently. Information on data protection is available from salesforce.com Germany GmbH, Erika-Mann-Str. 31, 80636 Munich can be found at https://www.salesforce.com/.

    Intercom

    Intercom offers messaging for sales, marketing and customer service on one platform and improves interaction with users via chat. Information on data protection is available from Intercom Inc., 55 2nd St, San Francisco, CA 94105, USA; https://www.intercom.com.

    Twilio

    We use Twilio, a cloud communications company (PaaS) that makes and receives phone calls, sends and receives text messages, and performs other communication functions through its web service APIs. Information on data protection is available from Twilio Inc., 375 Beale St #300, San Francisco, CA 94105, USA; https://www.twilio.com/legal/privacy.

    Amazon S3

    Amazon S3 or Amazon Simple Storage Service is a service offered by Amazon Web Services (AWS) that provides object storage through a web service interface. Amazon S3 can be used to store any type of object, enabling uses such as web application storage, backup and recovery, disaster recovery, data archives, data lakes for analytics, and hybrid cloud storage. Information on data protection is available from Amazon Web Services, Inc., 410 Terry Avenue North, Seattle WA 98109, United States; https://d1.awsstatic.com/legal/privacypolicy/AWS_Privacy_Notice_English_2020-08-15.pdf.

    Ixopay

    In our app we use ixopay to collect your bank and payment data, e.g. when changing your preferred payment method. Information on data protection is available from Ixopay GmbH, Mariahilfer Straße 77-79, A-1060 Vienna, Austria; https://www.ixopay.com/de/legal/privacy-policy.

    Google reCAPTCHA

    We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our websites. The provider is Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

    The purpose of reCAPTCHA is to check whether data is entered on our website (e.g. in a contact form) by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. reCAPTCHA evaluates various information for analysis. The data collected during the analysis is forwarded to Google. The reCAPTCHA analyzes run completely in the background. Website visitors are informed via our cookie banner and this data protection declaration that an analysis is taking place.

    • Categories of data processed: IP address of the website visitor, date, full screenshot of the browser window, referrer URL (the address of the page the visitor comes from), browser plugins, information about the operating system (Windows, Linux, iOS), cookies, and others Google cookies from the last 6 months, as well as NID cookies, which are suitable for creating user profiles and user device settings (e.g. language settings, location, browser, etc.).
    • Affected persons: Visitors to our website.
    • Purpose of processing: Optimization of our services and protection against cyber attacks.
    • Legal bases: Data processing is based on Art. 6 (1) (f) GDPR. We have a legitimate interest in protecting our website from abusive automated spying and from SPAM. Insofar as cookies have to be set for this purpose, this is only done with your consent Art. 6 Paragraph 1 lit. f) GDPR. If the processing of the data requires the storage of information in your terminal device or access to information that is already stored in the terminal device, Section 25 (1) and (2) TTDSG is the legal basis for this.
    • Duration of storage: We store your risk profile data on your end device for 24 hours. Your risk profile will be deleted if you do not accept an insurance offer from wefox. Otherwise we save your risk profile in your user profile for documentation purposes.
    • Service provider's data protection declaration: https://www.google.com/intl/de/policies/privacy/ and further information on reCAPTCHA https://www.google.com/recaptcha/intro/android.html.

    2.3. Which cookies do we use?

    We use cookies on our websites. Cookies are small text files that are stored on your end device with a characteristic character string and are assigned to the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore do not cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you.

    Cookies can contain data that make it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that cannot be related to individuals.

    A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

    • Technical Cookies: These are strictly necessary to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;
    • Performance cookies: These collect information about how you use our website, which pages you visit and e.g. B. whether errors occur when using the website; they do not collect any information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
    • Advertising cookies, targeting cookies: These are used to offer you tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months
    • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.

    You can find further details, in particular on the type, provider and storage period of the respective cookies used by us, in our cookie consent management tool. The legal basis for cookies, which are absolutely necessary to provide you with the service you have expressly requested, is Section 25 (2) No. 2 TTDSG. Any use of cookies that is not absolutely technically necessary for this represents data processing that is only permitted with your express and active consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit is. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have given your express consent to this in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

    In order to be able to manage your consent to the use of cookies and the associated processing and providers, we use a tool from the company Onetrust for cookie consent management. In this tool you can also declare your revocation for all cookies that are not technically or legally necessary. You can do this at any time simply by clicking the “Change cookie settings” button. You can find this button at the bottom of our website. Please note that if you reject certain cookies, you may not be able to use the full range of services on our website. Your consent and any revocations will not be requested each time you visit the website, but will be stored for legal reasons for verification purposes.

    Furthermore, cookies that have already been set can be deleted at any time via your Internet browser or other software programs. This is possible in all common Internet browsers. You can use the help functions of your internet browser to find out how to deactivate and/or delete cookies. Please note that deactivating/deleting cookies can result in individual functions of our website no longer functioning fully. Cookies that are required for certain functions of our website for technical reasons can be found in our cookie banner. In addition, the deactivation/deletion of cookies only affects the Internet browser used. If you use other internet browsers or end devices, the deactivation/deletion of cookies must be repeated accordingly.

    2.4. Which social media plugins do we use?

    We do not use any social media plugins on our websites. If our websites contain symbols from social media providers, we only use them for passive linking to the pages of the respective providers.

    No user data is transmitted from our website to the social media network. If you are already logged in to the relevant social media service when you click the button, the release dialog will recognize this so that you can release the content directly. If this is not the case, you will be asked to log into the social media network. From this point on you are on the website of the respective social media network. Below you will find information on data processing by the respective providers. Please note that we assume no liability for the content and topicality of this information.

    Facebook

    Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland ("Facebook"). You can find more information on data protection here: http://www.facebook.com/policy.php.

    Twitter

    Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; You can find more information on data protection here: https://twitter.com/privacy.

    Instagram

    Instagram is one of the products provided by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. For more information on privacy, see: https://help.instagram.com/519522125107875.

    LinkedIn

    LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland; You can find more information on data protection here: https://www.linkedin.com/legal/privacy-policy.

    3. What data does our app process?

    Our app also processes a large amount of your data for essentially the same or similar purposes as our website. You can find the data protection declaration for our wefox app in the app and also here:

    Data protection information for our wefox app

    We are very pleased that you are interested in our app. Data protection has a particularly high priority for all companies of the wefox group (hereinafter “wefox”). This app was developed to support you in managing your insurance relationship with wefox. In order to achieve this, we have created a profile containing your personal data (hereinafter "data") which you can access via the app. The app can be used as an IOS, Android or web version.

    With the present data protection information we would like to inform you who is responsible for the data processing within this app (3.1.) as well as about the purpose, type and scope of the data processing within the scope of this app (3.2.) and how the data processing takes place (3.3.-3.10 .). Finally, under 3.11. read what rights you have.

    If you have any questions or comments about data protection at wefox, you are welcome to contact our data protection department at dataprotection@wefox.com or visit our website at any time.

    The terms used are not gender specific.

    As of June 1, 2023.

    3.1. Who is responsible?

    The person responsible within the meaning of the EU General Data Protection Regulation (hereinafter "GDPR") and other national data protection laws of the member states as well as other data protection regulations is:

    wefox Insurance AG
    Aeulestrasse 56
    9490 Vaduz
    Liechtenstein

    You can contact our data protection officer directly at any time with any questions or suggestions regarding data protection. Please use our “Contact Us” function for this. Alternatively, you can also write to us by post or email:

    wefox Insurance AG
    Aeulestrasse 56
    9490 Vaduz
    Liechtenstein
    Email: dataprotection@wefox.com

    3.2. Which of your data is processed within this app?

    In the following we inform you about the processing of your personal data when using our app. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behavior. In this way we would like to inform you about our processing operations and at the same time comply with the legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

    3.2.1. Overview

    Here you will find a brief overview of which of your data is processed for which purposes and which legal bases can be considered for this.

    Data categorically

    • Contact details
    • Contract data
    • Payment/bank details
    • Content data
    • Usage data
    • The Meta/Communication Data
    • Sensitive data (e.g. health data)

    Categories of data subjects

    • Users of this app/ insured persons
    • estate agents

    purposes

    • Ensuring usability
    • Provision of contractual services and customer service
    • Management and response to inquiries
    • Profiles with user-related information
    • Damage reporting, feedback and communication
    • Safety measures
    • Reach measurement and statistics
    • Tracking
    • Further development of our platform and insurance products
    • Information technology infrastructure
    • Direct marketing

    Legal bases of data processing

    • Article 6 paragraph 1 sentence 1 lit. a GDPR ("consent"): If you have voluntarily, in an informed manner and unequivocally agreed by means of a declaration or other clear confirmatory action that you consent to the processing of your personal data have consented to one or more specific purposes;
    • Art. 6 (1) sentence 1 lit. b GDPR: If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures that are carried out at your request;
    • Art. 6 (1) sentence 1 lit. c GDPR: If the processing is necessary to fulfill a legal obligation to which we are subject (e.g. statutory storage obligations);
    • Article 6 paragraph 1 sentence 1 lit. f GDPR ("legitimate interests"): If the processing is necessary to protect legitimate (in particular legal or economic) interests of wefox or a third party, provided your conflicting interests or rights do not prevail ( especially if you are a minor);
    • Article 9(2)(a) GDPR ("consent"): If you object to the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, have expressly consented to biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation for one or more specified purposes;
    • Article 9(2)(f) GDPR ("Legal Claims"): If processing is necessary to assert, exercise or defend legal claims or if courts become active as part of their judicial activities.

    The storage of information in your end device or access to information already stored in your end device is only permitted if one of the following legal bases applies:

    • § 25 Para. 1 TTDSG: If you have given your consent on the basis of clear and comprehensive information. Consent must be given in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR;
    • § 25 Para. 2 No. 1 TTDSG: If the sole purpose is to transmit a message via a public telecommunications network or
    • § 25 Para. 2 No. 2 TTDSG: If storage or access is absolutely necessary so that we can provide you with a telemedia service that you have expressly requested.

    For the processing operations carried out by us, we indicate below the applicable legal basis in each case. The processing can also be based on several legal bases.

    3.2.2. Which data is processed in detail:
    3.2.2.1 When downloading?

    If you download this app, certain necessary data will be transmitted from you to the respective app store (e.g. Apple App Store or Google Play).

    When downloading, the e-mail address, the user name, the customer number of the downloading account, the individual device code and the time of the download are sent to the App Store.

    We have no influence on the collection and processing of this data; it is done exclusively through the app store you have selected. Accordingly, we are not responsible for this collection and processing; the responsibility for this lies solely with the respective app store.

    3.2.2.2. When registering and using the app?

    The user account we offer is a function that is only available to a closed group of people. The prerequisite for your registration is that you are insured with wefox Insurance AG or that an "Exclusive Advisor" has brokered a contract for you with another insurer. With the user account you can easily view and manage your contracts, damage reports, claims and other information. If you want to conclude an insurance contract with us, only the data you provide or the data passed on by third parties with your consent will be processed.

    • Types of processed data: All information about your insurance relationship, i.e. in particular the data you provided during registration such as contact details (e.g. surname and first name, address, e-mail address, telephone number (landline and/or mobile phone number) and Date of birth and information that we have stored there ourselves as part of the insurance relationship, i.e. in particular contract, damage and benefit data as well as device information: The access data includes IP address, device ID, device type, device-specific settings and app settings as well as app properties , date and time of retrieval, time zone, amount of data transferred and notification as to whether the data exchange was complete, app crash, browser type and operating system.We process this access data in order to technically enable the secure operation of the app.
    • Affected persons: users of the wefox app.
    • Purpose of processing: Creation and use of a customer-specific user account.
    • Legal basis: Your consent in accordance with Article 6 (1) (a) GDPR; to fulfill a contract in accordance with Article 6(1)(b) GDPR; and on the basis of legitimate interests, Article 6 (1) (f) GDPR. If you transmit sensitive data to us, the legal basis is either Article 9 (2) (a) or Article 9 (2) (f) GDPR. If the processing of the data requires the storage of information on your device or access to information already stored in the device, Section 25 (1) and (2) TTDSG is the legal basis for this.
    • Duration of storage: Until you delete your user account. In addition, data will only be deleted if there are no legal storage requirements to the contrary.
    3.2.2.3. In contact and inquiry management?

    When contacting us (e.g. damage report or request for help via contact form, e-mail, telephone or via social media) and in the context of existing usage and business relationships, the details of the requester are processed to the extent necessary in each case to answer the contact request and, if necessary, .Requested measures.

    • Types of data processed: contact information (e.g. email, phone numbers, your name); Content data (your entries in online forms, free text fields, images and attachments); Meta/communication data (e.g. device information, IP addresses).
    • Affected persons: users of the wefox app.
    • Purposes of processing: processing inquiries and communication; managing and responding to inquiries; Feedback (e.g. collecting feedback via an online form); Provision of our online offer and usability.
    • Legal basis: Legitimate interests, Article 6 Paragraph 1 Sentence 1 lit. f GDPR; Fulfillment of contract and pre-contractual measures, Art. 6 (1) sentence 1 lit. b GDPR. If you transmit sensitive data to us, the legal basis is either Article 9 (2) (a) or Article 9 (2) (f) GDPR.
    • Duration of storage: Up to 10 years.
    3.2.2.4. While paying?

    If you wish to settle the ongoing premium payments for your insurance contract with us by credit card, you must enter your relevant credit card details on our website or application. The credit card data you enter will not be stored by us, but by our payment service provider in a certified infrastructure that meets the high standards of the Payment Card Industry (PCI). We only manage a so-called credit card alias, which is linked to the credit card data from the payment service provider.

    • Types of data processed: payment, bank and credit card data.
    • Affected persons: contractual partners.
    • Purposes of processing: Payment of the premium(s) for the respective insurance product(s) by the insured person or transmission of the payment data as part of the application process.
    • Legal basis: Fulfillment of contract and pre-contractual measures, Article 6 Paragraph 1 Sentence 1 lit. b GDPR.
    • Duration of storage: In the app: Until you change your payment method or payment information. The financial data is kept until the legal deadlines (up to 10 years) have expired and then deleted.
    3.2.2.5. When uploading insurance documents from other insurers

    Our app has the option of integrating insurance documents from other insurers into the app. This allows you to manage all your insurance contracts in one app. Your consent is required for the import of these documents.

    • Types of data processed: All information pertaining to your insurance relationship with a third party, in particular the data recorded on the policy.
    • Affected Persons: Persons named on the policies.
    • Purpose of processing: Management of all insurance contracts in one app.
    • Legal basis: Your consent in accordance with Article 6(1)(a) GDPR and to fulfill a contract in accordance with Article 6(1)(b) GDPR. If you import sensitive data, the legal basis is either Article 9(2)(a) or Article 9(2)(f) GDPR.
    • Duration of storage: Until you delete your third-party policies from your user account. However, your data will only be deleted if there are no legal storage requirements to the contrary. Otherwise your data will be blocked until the end of these periods and then deleted.
    3.2.2.6. In the case of a legal obligation to transmit certain data?

    We may be subject to a special statutory or legal obligation to make lawfully processed personal data accessible to third parties, in particular public bodies (e.g. Bafin, tax offices), Article 6 (1) sentence 1 lit. c GDPR.

    3.2.2.7. When using cookies?

    We use cookies in our app. Cookies are small text files that are stored on your end device with a characteristic character string and are assigned to the browser you are using and through which certain information flows to the place that sets the cookie. Cookies cannot run programs or transmit viruses to your computer and therefore do not cause any damage. They serve to make the Internet offer more user-friendly and effective overall, i.e. more pleasant for you.

    Cookies can contain data that enable the device used to be recognized. In some cases, however, cookies only contain information about certain settings that are not personal. Cookies cannot directly identify a user.

    A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session. With regard to their function, a distinction is made between cookies:

    • Technical cookies: These are mandatory to move around the website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they remember which websites you have visited;
    • Performance cookies: These collect information about how you use our website, which pages you have visited and, for example, if you experience any errors when using the website; they do not collect any information that can identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;
    • Advertising cookies, targeting cookies: These are used to offer the website user tailored advertising on the website or offers from third parties and to measure the effectiveness of these offers; Advertising and targeting cookies are stored for a maximum of 13 months;
    • Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); Sharing cookies are stored for a maximum of 13 months.

    You can find more details, in particular on the type, provider and storage period of the cookies we use in our cookie consent management tool. The legal basis for cookies, which are absolutely necessary to provide you with the service you have expressly requested, is Section 25 (2) No. 2 TTDSG. Any use of cookies that is not absolutely necessary for this purpose represents data processing that only takes place with your express and active consent in accordance with Section 25 (1) TTDSG in conjunction with Article 6 (1) sentence 1 lit. This applies in particular to the use of performance, advertising, targeting or sharing cookies. In addition, we only pass on your personal data processed by cookies to third parties if you have consented to this in accordance with Article 6 (1) sentence 1 lit.

    In order to be able to manage your consent to the use of cookies and the associated processing and providers, we use a tool from Usercentrics for cookie consent management. In this tool you can declare your revocation for all technically or legally unnecessary cookies. You can do this at any time by simply clicking on the "Cookie Settings" button. You can find this button in the footer of our app. Please note that if you refuse certain cookies you may not be able to use all the services of our website. Your consent and any revocations will not be requested again each time you visit the website, but will be stored for legal reasons for verification purposes.

    Furthermore, cookies that have already been set can be deleted at any time via your internet browser or other software programs if you use the web version of our app. This is possible in all common Internet browsers. You can use the help functions of your internet browser to find out how to disable and/or delete cookies. Please note that deactivating/deleting cookies can result in individual functions of our app no ​​longer working. All cookies that we use in our app can be found in our cookie banner. In addition, the deactivation/deletion of cookies only affects the Internet browser used. If you use other internet browsers or end devices, the deactivation/deletion of cookies must be repeated accordingly.

    For IOS and Android versions of our app, you must go to the profile section and click on "Privacy Settings".

    3.2.3 For the technologies we use?

    We use various technologies to constantly improve our app and make it more user-friendly.

    Google Analytics

    We use Google Analytics to analyze app usage. The data obtained in this way is used to optimize our app. Google Analytics is provided to us by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Google processes the app usage data on our behalf and contractually undertakes to take measures to ensure the security and confidentiality of the data processed.

    • Types of data processed: pages accessed, your behavior on the pages (e.g. length of stay, clicks, scrolling behavior), your approximate location (country and city), your IP address (in abbreviated form so that no clear assignment is possible) , technical information such as browser, Internet provider, end device and screen resolution, source of your visit (i.e. which website or which advertising medium you came to us from).
    • Affected persons: users of the wefox app.
    • Purposes of processing: app analysis, range measurement and measurement of user flows.
    • Place of processing: This data is transmitted to Google servers in the USA. We would like to point out that the same level of data protection as within the EU cannot be guaranteed in the USA.
    • Legal bases: Article 6 paragraph 1 sentence 1 lit. a GDPR.
    • Objection option (opt-out): opt-out plugin: https://tools.google.com/dlpage/gaoptout?hl=de.
    • Duration of storage: Google Analytics stores cookies for a period of two years since your last visit to your web browser. You can find more information on this in our cookie management tool. The recorded data is stored together with the randomly generated user ID, which enables the evaluation of pseudonymous usage profiles. This user-related data is automatically deleted after 14 months. Other data is stored in aggregate form indefinitely.
    • Service provider privacy policy: https://policies.google.com/privacy

    Firebase Crashlitics

    To improve the stability and reliability of our apps, we rely on anonymous crash reports. For this we use "Firebase Crashlytics", a service of Google Ireland Ltd., Google Building Gordon House, Barrow Street, Dublin 4, Ireland. In the event of a crash, anonymous information is transmitted to Google's servers in the USA. This information does not contain any personal data.

    • Types of data processed: state of the app at the time of the crash, installation UUID, crash trace, mobile phone manufacturer and operating system, last log messages.
    • Affected persons: users of the wefox app.
    • Purposes of processing: Fulfillment of legal obligations, storage of consent.
    • Place of processing: EU and USA (USA anonymous only).
    • Legal basis: Consent, Article 6 Paragraph 1 Clause 1 Letter a GDPR.
    • Withdrawal of consent: You can withdraw your consent at any time by disabling the “Crash Reporting” feature in the iOS app settings. With Android apps, deactivation is always done in the Android settings. To do this, open the Settings app, select “Google” and there in the three-point menu at the top right the “Usage & Diagnostics” menu item. Here you can deactivate the sending of the corresponding data. You can find more information in the help for your Google user account.
    • Duration of storage: unlimited for non-personal data.
    • Service provider privacy policy: https://firebase.google.com/support/privacy such as https://docs.fabric.io/apple/fabric/data-privacy.html#data-collection-policies.

    Usercentrics

    This is a consent management service. Usercentrics (Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, data protection officer of the processing company can be reached at datenschutz@usercentrics.com) is used in our app as a processor for the purpose of consent management.

    • Types of data processed: opt-in and opt-out data, referrer URL, user agent, user preferences, consent ID, time of consent, type of consent, template version, banner language.
    • Affected persons: users of the wefox app.
    • Purposes of processing: Fulfillment of legal obligations, storage of consent.
    • Place of processing: European Union (consent database is located in Belgium).
    • Legal basis: Legal obligation, Article 6 Paragraph 1 Clause 1 Letter c GDPR in conjunction with Section 25 Paragraph 2 No. 2 TTDSG.
    • Duration of storage: The consent data (consent and revocation of consent) are stored for three years. The data will then be deleted immediately.
    • Service Provider Privacy Policy: https://usercentrics.com/privacy-policy/.

    Ixopay

    In our app we use ixopay (Ixopay GmbH, Mariahilfer Straße 77-79, A-1060 Vienna, Austria) to manage your bank and payment details, e.g. if you change your preferred payment method.

    • Types of data processed: bank and payment data.
    • Affected persons: users of the app.
    • Purposes of processing: Payment of insurance premium.
    • Place of processing: Austria.
    • Legal basis: Consent, Article 6 Paragraph 1 Clause 1 Letter a GDPR
    • Duration of storage: Until the German and Austrian legal storage requirements have been met (up to 10 years).
    • Service provider data protection declaration: https://www.ixopay.com/de/legal/privacy-policy
    3.2.4. With social media plugins?

    We do not use any social media plugins in our app. If our app contains symbols from social media providers, we only use them for passive linking to the pages of the respective providers.

    3.3. When do we delete your data?

    We delete your data as soon as they are no longer required for the purposes for which we collected or used them. We usually store your personal data for the duration of the usage or contractual relationship via the app. Your data will only be stored on our servers in Germany, subject to a possible data transfer as described under 3.6. described.

    In the event of a (pending) legal dispute or other legal proceedings, however, storage may take place beyond the specified period.

    Third parties used by us store your data on their systems for as long as this is necessary for us in connection with the provision of services in accordance with the respective agreement.

    Statutory regulations for the storage of personal data remain unaffected (e.g. § 257 HGB or § 147 AO). When the retention period required by law expires, the personal data will be deleted, unless further storage by us is required and there is a legal basis for this.

    3.4. How do we protect your data?

    As the person responsible for processing, wefox has implemented numerous technical and organizational measures to ensure the most complete protection possible for the processed data against loss, misuse, unauthorized access, disclosure, modification or destruction and to ensure availability. These include, for example, industry-standard firewalls and password systems. All measures are taken taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its likelihood and impact) for you. Our security measures are also continuously improved in line with technological developments. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, you are free to transmit personal data to us in alternative ways, for example by telephone.

    We offer dialog and contact forms on our website that use TSL (Transport Layer Security) encryption. This encryption protects your data from unauthorized access by third parties during transmission. For your own safety, we recommend that you always use these dialogue or contact forms. If you send us your data unencrypted, e.g. as a normal, unsecured e-mail, there is a possibility that your data will be taken note of or changed by unauthorized persons.

    We will be happy to provide you with further information on this upon request. To do this, please contact dataprotection@wefox.com.

    3.5. Which other bodies process your data?

    For individual functions of our app, commissioned service providers may be used. Like any larger company, we also use external domestic and foreign service providers (e.g. for the areas of IT, logistics, telecommunications, sales and marketing) to process our business. They only act according to our instructions and have been contractually obliged to comply with the data protection regulations in accordance with Art. 28 DSGVO.

    The following categories of recipients, which are usually processors, may have access to your data:

    Service providers for operating our app and processing the data stored or transmitted by the systems (e.g. for data center services, payment processing, IT security). The legal basis for the transfer is Article 6 Paragraph 1 Sentence 1 Letter b or Letter f GDPR, unless it is a processor;

    State bodies/authorities, insofar as this is necessary to fulfill a legal obligation. The legal basis for the transfer is Article 6 Paragraph 1 Clause 1 Letter c GDPR;

    Individuals employed to conduct our business (e.g., auditors, banks, insurance companies, legal advisers, regulators, those involved in acquisitions or the formation of joint ventures). The legal basis for the transfer is Article 6 Paragraph 1 Clause 1 Letter b or Letter f GDPR.

    In addition, we only pass on your data to third parties if you have given us your consent in accordance with Article 6 Paragraph 1 Clause 1 Letter a GDPR.

    If we pass on data from you to companies in the wefox group or receive data from companies in the wefox group, this is due to existing processing relationships, which are usually based on a contract for order processing.

    3.6. Do we process your data in third countries?

    As part of our business relationships, your personal data may be passed on or disclosed to companies outside the wefox group. These can also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill contractual and business obligations and to maintain your business relationship with us (legal basis is Art. 6 Para. 1 S. 1 lit. b or lit. f GDPR in conjunction with Art. 44 et seq. GDPR).

    The European Commission certifies some third countries with a data protection level comparable to the EEA standard by means of so-called adequacy decisions. A list of these countries and a copy of the adequacy decisions can be found here:

    https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

    In other third countries to which your data may be transmitted, there may not be a consistently high level of data protection due to a lack of legal regulations. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via Binding Corporate Rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Article 46 (1) and (2) lit. c GDPR, certificates or recognized codes of conduct. You can find more information on this on the website of the EU Commission:

    https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_de.

    3.7. How is the profiling done?

    Your insurance-relevant data is summarized in an insurance profile created for you so that you can quickly organize and find all relevant data. This enables us to support you quickly and competently in the implementation and processing of the insurance relationship. Your insurance profile is constantly monitored by us in order to maintain your insurance cover and, if necessary, to inform you about new products.

    3.8. What automated decisions do we make?

    Our app does not have any automated decision-making function. However, automated decision-making can take place when applying for insurance or during the insurance relationship. If you want to learn more about this, visit our website on data protection.

    3.9. Do we use your data for advertising?

    The wefox app serves as an interface between you and us and should give you a quick and easy overview of your contracts, damage and benefit data and communication with us. In addition, the app is not used for advertising purposes, not even by third parties. If you would like to know how wefox generally deals with advertising communication outside of this app, then visit our website. You can find more information on this in the data protection section.

    3.10. Do we send push notifications?

    We send push notifications for submitted claims to let you know when the processing status changes. To do this, you must explicitly allow the receipt of push notifications in the settings of your device. Otherwise you will not receive any push notifications. We use Firebase Cloud Messaging, a service provided by Google Inc., to deliver our push notifications. The legal basis for data processing is Article 6 (1) (1) (a) GDPR. Categories of processed data are IP data.

    3.11. What rights do you have?

    The GDPR grants you the following rights, which you are welcome to assert against us via our contact form. Of course, you can also use the postal service:

    3.11.1. Right to information

    In accordance with Art. 15 GDPR, you have the right to request information about your data processed by us. In particular, you can obtain information about the processing purposes, the category of data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal , the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.

    3.11.2. Right to Rectification

    In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your data stored by us.

    3.11.3. Right to Erasure

    In accordance with Art. 17 GDPR, you can request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required.

    3.11.4. Right to restriction of processing

    In accordance with Art. 18 GDPR, you can request the restriction of the processing of your data if you dispute the accuracy of the data or the processing is unlawful.

    3.11.5. Right to data portability

    In accordance with Art. 20 GDPR, you have the right to receive your data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible ("data portability").

    3.11.6. Right to object

    In accordance with Article 21 GDPR, you have the right to object to the processing if the processing is based on Article 6 Paragraph 1 S. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, we ask that you explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

    3.11.7. Right of revocation

    In accordance with Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time, if you have given it. As a result, we are no longer allowed to continue the data processing based on this consent for the future.

    3.11.8. Right to complaint

    In accordance with Art. 77 GDPR, you can complain to a data protection supervisory authority about the processing of your personal data in our company. The supervisory authority responsible for wefox is:

    Data Protection Office Principality of Liechtenstein
    Städtle 38
    Postfach 684
    9490 Vaduz
    Liechtenstein
    T +423 236 60 90
    Email: info.dss@llv.li

    3.12. Can purposes change?

    Your personal data will only be processed for purposes other than those described in this data protection declaration if this is permitted by law or if you have consented to the changed purpose of data processing.

    In the event of further processing for purposes other than those for which the data was originally collected, we will inform you of these other purposes before further processing and provide you with all other relevant information.

    3.13. How do you stay up to date?

    So that we can continue to offer you an innovative app, we have to adapt our data processing processes from time to time. This also requires an adjustment of this data protection declaration. If your cooperation (e.g. your consent) is required for the changed data processing, we will inform you of this. So that you are always up to date with regard to the processing of your data, you should inform yourself about updates regularly. Simply visit this data protection declaration in your wefox app. Here you will always find the current version of our data protection declaration.

    4. What data is processed as part of individual insurance products?

    In order for you to be able to read how we process your data as part of our insurance products, we have listed all data protection information for the insurances we offer below. If you are a customer of ours, you have already received this information together with your insurance application.

    Link pdf data protection information Jobrad

    In addition, we use service providers who process your personal data independently and are closely related to the insurance product(s) you have taken out. You can find their data protection information below. Please note that this information is only made available by us in an effort to ensure the greatest possible transparency, but we assume no liability for its content and topicality.

    PDF link Arvato

    Link pdf HIS I

    Link pdf HIS II

    Finally, Wefox uses declarations of consent and release from confidentiality for certain insurance products. The content of these declarations has been agreed between the General Association of the German Insurance Industry (GDV) and the data protection supervisory authorities. This offers you even more security when handling your personal data.

    Link pdf declaration of consent and release from confidentiality

    5. What data from brokers, business partners and third parties do we process?

    Data privacy brokerage

    General Data Protection Notice for Suppliers and Service Providers

    6. Which service providers do we use?

    We keep a list of all service providers that wefox Insurance AG may commission for you as part of your insurance contract. We do this for reasons of transparency so that you know who is processing your personal data. The obligation to maintain this list results from the declaration of release from confidentiality and consent as well as the rules of conduct (Code of Conduct data protection), which were agreed between the German Insurance Association (GDV) and the data protection supervisory authorities. The list contains the service providers who, as agreed, collect, process or use health data and/or other personal data on behalf of wefox Insurance AG. The service providers are named specifically if their main task is the collection, processing and use of personal data. Service providers whose main task is not the processing of personal data, such as disposal companies for paper waste or electronic data carriers, are only mentioned in service categories. The same applies to service providers who only occasionally work for wefox.

    List of service providers

    7. How do we protect your data?

    As the person responsible for processing, Wefox has implemented numerous technical and organizational measures to ensure the most complete possible protection of the processed personal data against loss, misuse, unauthorized access, disclosure, modification or destruction and to guarantee availability. These include, for example, industry-standard firewalls and password systems. All measures are taken for you taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and effects). Our security measures are also continuously improved in line with technological developments. Nevertheless, internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every person concerned is free to transmit personal data to us in alternative ways, for example by telephone.

    We offer dialog and contact forms on our website that use TSL (Transport Layer Security) encryption. This encryption protects your data during transmission from unauthorized access by third parties. For your own safety, we recommend that you always use these dialogue or contact forms. If you send us your data unencrypted, e.g. B. as a normal, unsecured e-mail, there is a possibility that your data could be taken note of or changed by unauthorized persons.

    We take data security very seriously at wefox. If you discover something or want to tell us about security concerns, you can reach us at this email address: infosecurity@wefox.com.

    8. When do we delete your data?

    Unless an express storage period is specified, your personal data will be deleted as soon as the purpose or legal basis for storage no longer applies. If deletion is not possible for legal reasons, your data will be blocked. Your data will be blocked, for example, if your data has to be stored for commercial or tax reasons or if its storage is necessary to assert, exercise or defend legal claims or to protect the rights of another natural or legal person. In the event of a block, your data will only be used for the purposes permitted by law and will not be processed for other purposes (such as advertising).

    Our data protection information may contain further information on the storage and deletion of data, which apply primarily to the respective processing.

    9. Do we process your data in third countries?

    As part of our business relationships, your personal data may be passed on or disclosed to companies outside the wefox group. These may also be located outside the European Economic Area (EEA), i.e. in third countries. Such processing takes place exclusively to fulfill the contractual and business obligations and to maintain your business relationship with us (the legal basis is Art. 6 Para. 1 lit. b or lit. f respectively in conjunction with Art. 44 et seq. GDPR).

    In some third countries, the European Commission certifies data protection that is comparable to the EEA standard by means of so-called adequacy decisions. You can find a list of these countries and a copy of the adequacy decisions here:

    https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en.

    In other third countries, to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we make sure that data protection is adequately guaranteed. This is possible via binding company regulations, standard contractual clauses of the European Commission for the protection of personal data in accordance with Article 46 (1), (2) (c) GDPR, certificates or recognized codes of conduct.

    You can find further information on this on the website of the EU Commission:

    https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection_de.

    10. Is profiling and automated decision making done with your data?

    Your insurance-relevant data will be combined in an insurance profile created for you so that all relevant data can be organized and found quickly. This allows us to be at your disposal quickly and competently in the implementation and processing of the insurance relationship. Your insurance profile is constantly monitored by us in order to maintain your insurance cover and to inform you about product innovations if necessary.

    We also use programs for automated decision-making. In particular, after entering your insurance-related data, the application is automatically accepted based on your information (profiling). Incorrect or incomplete information can result in the insurance contract not being accepted or being terminated if the information in question is relevant to the insurance for the conclusion of a contract or a specific claim.

    11. How does advertising communication take place, e.g. B. via e-mail, post, fax or telephone?

    In some cases, we process your contact data for the purposes of advertising communication (direct marketing), which can take place via various channels, such as e-mail, telephone, post or fax, in accordance with legal requirements. The legal basis for this can be your consent (Art. 6 Para. 1 S. 1 lit. a) GDPR) or our legitimate interests (Art. 6 Para. 1 S. 1 lit. f) GDPR).

    You have the right to revoke the consent you have given at any time.

    Furthermore, you have the right to object to the processing of your personal data for direct advertising purposes at any time, even without giving reasons. The objection can be sent by post, using the contact form or by email to kundenservice@wefox.com.

    After revocation or objection, we store the data required to prove the previous authorization for contacting or sending up to three years after the end of the year of the revocation or objection on the basis of our legitimate interests. The processing of this data is limited to the purpose of a possible defense against claims. On the basis of the legitimate interest in permanently observing the revocation or objection of the user, we also store the data required to avoid being contacted again (e.g. depending on the communication channel, the e-mail address, telephone number, name).

    12. How do we send newsletters and electronic notifications?

    You can subscribe to our newsletter, with which we will inform you about our current interesting offers, by giving your consent. Our newsletters generally contain information about our services and us.

    We use the so-called double opt-in procedure to register for our newsletter. This means that after you have registered, we will send you an e-mail to the e-mail address provided, in which we ask you to confirm that you are the owner of the e-mail address provided and that you wish to receive notifications. If you do not confirm your registration within the period specified in the confirmation email, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to be able to clarify any possible misuse of your personal data.

    The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending the newsletter. The legal basis is Article 6 Paragraph 1 Clause 1 Letter a GDPR.

    You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, or by sending an e-mail to kundenservice@wefox.com or by sending a message to the contact details given in the imprint.

    In addition, you can also give your consent for us to evaluate your user behavior when sending the newsletter.

    13. What rights do you have?

    The GDPR grants you the following rights, which you are welcome to assert against us via our contact form. Of course, you can also use the postal service:

    13.1. right to information

    In accordance with Art. 15 GDPR, you have the right to request information about your data processed by us. In particular, you can obtain information about the processing purposes, the category of data, the categories of recipients to whom your data was or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a right of appeal , the origin of your data, if they were not collected from us, and the existence of automated decision-making including profiling and, if necessary, meaningful information about their details.

    13.2. Right to Rectification

    In accordance with Art. 16 GDPR, you can immediately request the correction of incorrect data or the completion of your data stored by us.

    13.3. Right to Erasure

    In accordance with Art. 17 GDPR, you can request the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required.

    13.4. Right to restriction of processing

    In accordance with Art. 18 GDPR, you can request the restriction of the processing of your data if you dispute the accuracy of the data or the processing is unlawful.

    13.5. Right to data portability

    In accordance with Art. 20 GDPR, you have the right to receive your data that you have provided to us in a structured, common and machine-readable format or to request transmission to another person responsible ("data portability").

    13.6. right to object

    In accordance with Article 21 GDPR, you have the right to object to the processing if the processing is based on Article 6 Paragraph 1 S. 1 lit. e or lit. f GDPR. This is particularly the case if the processing is not necessary to fulfill a contract with you. Unless it is an objection to direct advertising, we ask that you explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

    13.7. right of revocation

    In accordance with Art. 7 Para. 3 GDPR, you have the right to revoke the consent you have given us at any time, if you have given it. As a result, we are no longer allowed to continue the data processing based on this consent for the future.

    13.8. Right to Complaint

    In accordance with Art. 77 GDPR, you can complain to a data protection supervisory authority about the processing of your personal data in our company. The supervisory authority responsible for wefox is:

    Data Protection Office Principality of Liechtenstein
    Städtle 38
    Postfach 684
    9490 Vaduz
    Liechtenstein
    T +423 236 60 90
    Email: info.dss@llv.li

    14. How do you stay up to date?

    So that we can continue to offer you innovative insurance products, we have to adapt our data processing processes from time to time. As a result, this also requires an adjustment of this data protection declaration. If your cooperation (e.g. your consent) is required for the changed data processing, we will notify you. So that you are always up to date with regard to the processing of your data, you should inform yourself regularly at this website.