1. Controller
Below, we, FWU AG, FWU Life Insurance Lux S.A., FWU Life Insurance Austria AG and FWU Invest S.A,.as applicable according to the imprint, hereinafter also referred to as "FWU", "we", "us", "our", inform you about the processing of your personal data in connection with the use of our websites:"

Should you have any other questions concerning data protection in connection with our website or the services offered on the website, please contact the relevant Data Protection Officer/ the data protection support team:

 
2. Scope, Purpose and Legal Basis of the Processing of Personal Data
In the following situations, we collect and use personal data directly from our users or from other sources (as presented below):

2.1. Provision of the Website and Creation of Log Files
Every time a user accesses our website, our system automatically records data and information from the requesting computer system. In this context, the following data ("technical information") are collected:

The data are also saved to our system's log files. These data will not be stored together with other personal data of the user.
In this context, we collect and use this technical information for purposes related to (network) security (e.g. to be able to combat cyber-attacks), marketing, to gain a better understanding of our users' needs, to continually improve our website and to enable the delivery of the website to the respective user's computer.
The objective of the storage in log files is to ensure the operability of the website. Moreover, we use the data to optimise the website and to ensure the security of our information technology systems. In this connection, the data are not analysed for any marketing purposes.
The legal basis for the temporary storage of the data and of the log files is Art. 6 (1) f GDPR.

2.1.1. Use of Cookies
Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser on the user's computer system. When a user accesses a website, a cookie may be saved to the user's operating system. This cookie contains a specific character sequence that enables unique identification of the browser when the website is accessed again.
Cookies are stored on the user's computer, from where they are transmitted to us. You as the user have full control over the use of cookies. You can deactivate or limit the transmission of cookies by changing the settings of your web browser. Previously stored cookies can be deleted whenever you wish. This can even take place automatically. If cookies are deactivated for our website, it might no longer be possible to fully use all functions of the website.
For further information on the cookies we use, their purpose and legal basis, please refer to our Cookie Policy.

2.1.2. Tracking Tools
Our website uses tracking tools. Tracking tools are used to boost the efficiency of our website.
For further information on the individual tools we use, their purpose and legal basis, please refer to our Tracking Tool Policy.

2.1.3. Social Media Plugins
On our website, we use social media plugins in form of a “two-click solution”. With the "two-click solution", your data will only be transmitted to the respective social media.
The use of the plugins on our website is based on our legitimate interests in connection with marketing purposes (Art. 6 (1) f GDPR).
For further information on the individual plugins, please also refer to our Cookie/Tracking Tool Policy.

2.1.4 Marketing Automation

FWU AG uses Hubspot as marketing automation software for communication purposes and to collect customer data.

Hubspot hosts its product infrastructure on Amazon Web Services in the United States east region. Hubspot also leverages Google Cloud Platform in the EU (Frankfurt, Germany) to support the processing of local customer data that is critical to the customers' businesses. This includes leads, email events, and analytics. European customer data is processed and secured in the EU before being transmitted and stored in the U.S. The cloud infrastructure hosted on GCP provides additional redundancy for all HubSpot customers for critical components of the system.

In light of the recent Schrems II ruling, Hubspot has publicly reiterated the commitment to protecting the customer data, including providing for a safe and legitimate transfer mechanism for data transfers from the EU to the US. Hubspot relies on the standard contractual clauses to transfer personal data to the US. Hubspot no longer relies on the EU-US Privacy Shield as a transfer mechanism, however Hubspot continues to apply the principles of the EU-US Privacy Shield to all data transferred from HubSpot’s EU customers to the US. Please see Hubspot’s Data Processing Agreement and HubSpot's Commitment to Protecting EU Data Transfers for further information.

Use for Web analysis:
For the purposes of Web analysis, data are automatically collected and stored on our websites with technology from Hubspot, Inc. (www.hubspot.com), and are used to create usage profiles using pseudonyms. In accordance with Article 6 paragraph 1 section 1(f) GDPR, this serves to safeguard our legitimate prevailing interests to the optimised presentation of our offer within the scope of a balance of interests. Cookies may be used for this purpose. Following cessation of the intended purpose and the end of the application of Hubspot by us, the data collected within this context will be deleted.

Use for user account management and communication:
We also rely on website technologies from Hubspot, Inc. to manage user accounts.
If you contact us using a contact form or chat and provide your email address, a user account will be created and the content of the communication will be saved to it so as to be able to process this and future enquiries better. If you do not provide an email address, a user account is not created and the content of the communication is not stored. In addition, we also use Hubspot to send emails.

2.1.5 Use of Mailchimp

With our internet presence and the contact forms contained therein, we offer you the possibility of finding out about our services.

For the purposes of communication and collecting client data, FWU AG uses the internet service ‘MailChimp’, a service from The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter ‘The Rocket Science Group’.

With certification in accordance with the EU–US Privacy Shield, which can be consulted here, The Rocket Science Group guarantees that EU data protection guidelines shall also be adhered to when data are processed in the USA. In addition, The Rocket Science Group offers further data protection information at http://mailchimp.com/legal/privacy/.

Should you use our contact forms, the data requested during the registration process shall be processed by The Rocket Science Group. In addition, your IP address and the date of your registration shall be stored. The subsequent emails sent via The Rocket Science Group also contain a tracking pixel, also called a ‘Web beacon’, in order to be able to generate statistics for analysis.

Consent to the sending of emails can be revoked at any time as per Article 7 paragraph 3 GDPR with future effect. For this purpose, you are simply required to let us know about your revocation or to trigger this via the unsubscribe link contained in each email.

2.2. Use of the Services Offered on Our Website
On our website, we offer various different services and applications. To render these, we need to collect and process personal data of the user or of our customer.

2.2.1. Newsletter
On our website, you can subscribe to a free newsletter. The data you enter in the input dialogue when subscribing to the newsletter will be sent to us and processed by us:

Additionally, the following data are collected during the subscription:

In the course of the subscription process, your consent to the processing of the data will be obtained, and reference will be made to this Privacy Policy.
In connection with the data processing for the transmission of newsletters, no data will be forwarded to third parties. The data will be used exclusively for the purpose of sending the newsletter.
We process your data in connection with the newsletter in order to send you news that inform you about interesting topics from the FWU Group. Moreover, we process and use the entered e-mail address for the purpose of sending you personalised offers in connection with the newsletter.
If a link from the newsletter takes you to our web pages, your use of the Link will also be deemed to have permitted us to process and use your IP address, geo-data, web beacons or similar technologies in order to check whether the offers you are sent are in accordance with your requirements.
The legal basis for the processing of data after the user's subscription to the newsletter with the user's consent is Art. 6 (1) a GDPR.

2.2.2. Statistical Analyses
There is a possibility that your data may be analysed in order to evaluate the preferences of our members ("statistical analysis") in a data warehouse for the sake of interest-oriented marketing, an individualised approach and ongoing optimisation of our business process. The objective of this processing is to gain a better understanding of what our customers expect from us and to be able to offer you custom-tailored communication. Moreover, these analyses help us in the fields of fraud detection, audit and ensuring security; thus, we engage in this processing in order to protect our legitimate interests (Art. 6 (1) f GDPR).

2.2.3. Customer Portal
On our website you can log in to our customer portal. For the log in you’ll have to use a username and password given to you by us. Once you are logged in to the customer portal, you can change your master data as well as your contact data and your bank account details.
The objective of this processing is to make it easier for yourself to have a look at the personal data we collected from you as well as informing us about changes, e.g. changes of address due to moving.
The legal basis for the processing of your personal data in connection with the customer portal are our legitimate interests (Art. 6 (1) f GDPR) to guarantee an efficient data communication-system to our customers.
For further information on the customer portal please refer to your insurance policy contract.

2.2.4. Find my Advisor
On our website you can use our "Find my Advisor" service so that an advisor close to you can contact you. For this purpose, you have to enter your data (name, postal code, telephone number, e-mail) in the contact form and send it to us. We will then pass this information on to an advisor close to you who will contact you electronically or by post to arrange an appointment with you. A transfer to other recipients will not take place. The service will be made available to you for a period of 3 months from the date of dispatch, during this time the relevant advisor can contact you. We process your data to fulfill this service (Article 6 (1) b GDPR), to safeguard our legitimate interests (see Section 2.3.), (Article 6 (1) f GDPR) and to fulfill legal obligations (such as tax obligations) (Article 6 (1) c GDPR).
Your data will be stored at least for a period of 3 months (during the time the Service is made available to you). Furthermore, we refer to section 3 "Duration of the Data Processing" of this data privacy statement.

2.2.5. Request a Call back
On our website you can provide us with your contact data, such as your name, e-mail address, phone number as well as your post code, in order to request us to call you back.
We process your data for pre-contractual reasons, in order to comply with your contract (Art. 6 (1) b GDPR) as well as to protect our legitimate interests such as providing you with efficient customer service (Art. 6 (1) f GDPR).

2.2.6. Request a Brochure
On our website you can provide us with your e-mail-address in order to request a brochure. We process your e-mail-address to provide you with such requested brochure.
In the course of the request process, your consent to the processing of the data will be obtained, and reference will be made to this Privacy Policy.
The legal basis for the processing of data for receiving a brochure with the user's consent is Art. 6 (1) a GDPR.

2.2.7. “Work with us”
On our website you can provide us with your contact data such as your name, e-mail-address, phone number and province in order to apply to work with us as an advisor. We process your data in order to contact you.
The legal basis for such processing your data are pre-contractual reasons (Art. 6 (1) b GDPR).

2.2.8. Sales Information System (SIS)
On our website brokers can log in to the Sales Information System. For the log in you’ll have to use a username and password given to you by us. Once you are logged in to the Sales Information System, you can see information on your closed contracts.
The objective of this processing is to make it easier for yourself to retain an overview on your work and closed contracts.
The legal basis for the processing of your personal data in connection with the Sales Information System are contractual purposes (Art. 6 (1) b GDPR) as well as our legitimate interests (Art. 6 (1) f GDPR) to guarantee efficient working conditions.

2.3. Our Legitimate Interests in the Processing of Personal Data
In case Art. 6 (1) f GDPR represents the legal basis for the processing, our legitimate interests comprise the following points apart from the purposes listed above:

2.4. Other Processing Obligations
If we are required by law to do so, we may process personal data e.g. in order to comply with retention obligations under commercial or tax law or to meet requirements under security law. For further information on retention periods, please refer to "Duration of the Data Processing".

2.5. Obligation to Specify Personal Data
With respect to mandatory statutory or contractual requirements, we have indicated the mandatory fields that need to be completed in the input dialogues on our website so that we can perform the contract or service you request.
 

3. Duration of the Data Processing
Your personal data will be erased as soon as they are no longer needed for the said purposes. Personal data may be retained for the period during which claims may be asserted against the FWU Group (statute of limitations of three to thirty years). Additionally, the personal data will be stored insofar as and for as long as the FWU Group is required to do so by law. Among other things, the obligations to furnish evidence and the retention obligations are governed by the Commercial and Tax laws and Anti-Money Laundering laws.
 

4. Right to Object (Art. 21 GDPR)
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (e) or (f) of Article 6 (1), including profiling based on those provisions.
The controller will no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
If you object to processing for direct marketing purposes, the personal data will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
 

5. Forwarding of Personal Data to Third Parties
In order to be able to offer you our products and services on the basis of our contractual obligations or under consideration of our legitimate interests, we may need to forward your personal data to third parties in or outside the FWU Group. These recipients can be categorised as follows:

In this context, personal data may be transmitted to third countries or international organisations. For your protection and the protection of your personal data, such data transfers are subject to appropriate safeguards pursuant to and in accordance with the statutory requirements (especially application of EU standard contractual clauses), or the EU Commission has issued an adequacy decision (Art. 45 GDPR).
For information on EU standard contractual clauses, refer to [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF]. The EU Commission makes the information on its adequacy decisions available under [https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu].

If you want to request a copy of the security measures applied, please contact the above listed (1. Controller) data protection officer or the data protection support team.

Moreover, we are under the statutory obligation to provide personal data to national and international authorities ((Art. 6 (1) c GDPR) in conjunction with local and international regulations and treaties).
 

6. Rights of the Data Subject
The FWU Group endeavours to ensure fair and transparent processing. To us, it is important that data subjects can exercise both their right of objection and, if the respective legal conditions are on hand, the following rights:

To exercise your right, you can write an e-mail to the relevant Data Protection Officer or the data protection support team who are outlined under 1. Controller. Please note that we will process your personal data pursuant to Art. 6 (1) c GDPR in order to be able to process your request and for identification purposes.

Furthermore, you may file a complaint with a supervisory authority. Supervisory authority responsible for the FWU Group:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 27
D - 91522 Ansbach
Telephone: +49 (0) 981 53 1300
Fax: +49 (0) 981 53 98 1300
E-mail: poststelle@lda.bayern.de

CNPD (Commission Nationale pour la Protection des Données)
1, Avenue du Rock'n'Roll
L-4361 Esch-sur-Alzette
Web: https://cnpd.public.lu/fr/support/contact.html

Agencia Española de Protección de Datos 
C/ Jorge Juan, 6
28001-Madrid
Tel: 901 100 099 / 91.266.35.17
Web: http://www.agpd.es

GARANTE PER LA PROTEZIONE DEI DATI PERSONALI
Piazza di Monte Citorio n. 121
00186 ROMA (RM)
Fax: (+39) 06.69677.3785
Tel: (+39) 06.696771
E-mail: garante@gpdp.it
Certified E-mail: protocollo@pec.gpdp.it

Österreichische Datenschutzbehörde,
Wickenburggasse 8–10,
A - 1080 Wien
Tel: +43 1 52 152-0
E-mail: dsb@dsb.gv.at

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07, France
Tel: +33 (0)1.53.73.22.22
Fax: +33 (0)1.53.73.22.00
Web: http://www.cnil.fr/

Commission for the Protection of Privacy
Rue de la Presse 35,
1000 Brussels, Belgium
Tel: +32 (0)2 274 48 00
Fax: +32 (0)2 274 48 35
E-mail: commission@privacycommission.be
 

7. AML/KYC
If we are an obligated party within the meaning of the Anti Money Laundering Act (AML) and the corresponding regulations and are required to carry out a money laundering check (KYC) on our customers, business partners and beneficial owners, the collection and processing of personal data is based on Section 11a of the German Money Laundering Act (GwG).

Personal data is only collected and processed to the extent necessary to achieve the purpose of the processing. In particular, the risk-oriented fulfilment of the general due diligence obligations in the form of the identification of the beneficial owner can be regarded as the processing purpose.

§ 11 Abs. 5 S. 2 regulates the following as an exception: Date of birth, place of birth and address of the beneficial owner are to be collected irrespective of the identified risk. This does not constitute a violation of the provisions of data protection law.

We treat all personal data confidentially and with due care. It is not passed on to unauthorised third parties.

8. Consent
If you have given us your consent to the processing of your personal data, we hereby inform you that you can revoke this consent whenever you wish.

If you have given us your consent for the newsletter, you can revoke it by clicking the "Unsubscribe" link directly in the newsletter.

In all other cases or if you have difficulties revoking your consent on this website, please feel free to contact the relevant Data Protection Officer or the data protection support team who are outlined under 1. Controller.

Please note that your revocation of consent will only apply in the future and does not affect the legitimacy of the processing that has taken place in the past. In some case, we may be entitled to continue to process your personal data despite your revocation on a different legal basis, e.g. to fulfil a contract.
 

9. Disclaimer and Limits of the Privacy Policy
This privacy policy merely applies to processing by the following websites:

Other websites are not covered by this privacy policy and provide their own specific privacy policies.