Privacy statement

In the following, you will find information about the processing of your personal data by the Vinlivt application from Vinlivt GmbH, hereinafter referred to as Vinlivt, and the rights and obligations to which you are entitled under data protection law.

You should definitely know that:

At Vinlivt, data protection is a top priority and mindful. We develop the Vinlivt application in accordance with all legal and regulatory requirements and are also constantly testing them in our development process. A trusting relationship with our customers and partners is our highest standard, which we always want to live up to. We promise that we will never sell or share personal information with third parties without your consent.

We work for you on the best financial app/ application and your financial home (retirement home). We use personal data such as: highly sensitive bank details, contract data or even health data exclusively for your benefit and to guarantee your financial security.

Who is a data protection officer:

You can contact our data protection officer at: datenschutz@vinlivt.de‍

Responsible body within the meaning of Article 4 No. 7 of the General Data Protection Regulation GDPR) for data processing is:

Vinlivt GmbH
Rofanstraße 8
81825 Munich
Represented by: Dariusz Borowski & Uwe Laetsch

Data categories used and their origin:

We only use personal data after and with your active consent, as well as through your use of our Vinlivt application. Accomplished with your registration, consent and use of the application. Also downloading our application in connection with the provision of Vinlivt Services.

The scope of the collection, processing and use of this data by us depends on the services provided by Vinlivt Services. This is usually the following data:

• Personal details: title, first and last name, date of birth, email address and postal address
• Bank details including IBANs and BICs
• Account turnover data of the bank accounts connected by you, names of recipient and sender, amount, purpose, etc.
• Personal identification details Customer number, tax number, etc.
• Enriched information from financial analysis, such as recognized contracts, income and expenditure categorizations, and personal retirement and financial tips
• Other information you provide from the pension check, which must be requested as part of the brokerage of contracts or products, for example: employment, marital status, tax bracket, number of children, other financial interests, etc.

As part of processing your personal data, we distinguish between personal data that we collect directly and personal data that we obtain from other sources. We collect the personal data that you give us as part of downloading our Vinlivt application or using the Vinlivt service, as well as data that is transferred via an interface with your bank and data that we request from you with appropriate consent in order to properly carry out the Vinlivt Services and checks. Please refrain from submitting your data if you do not agree to it being processed. In this case, there is no further processing of the data.

The transfer of personal data from other sources, in particular your banking and turnover data, is carried out by means of authentication by you at your selected bank through your login details, such as account login and strong authentication (SCA) by customers. After successful authentication, your account and turnover data will be transferred by your bank and the financial analysis will start.

The personal data, account turnover data and financial analysis data are stored in encrypted form at a data center in Germany/Frankfurt. A contract for order processing was also concluded with the operator of the data center. When it comes to encryption, we use the world's most secure encryption methods combined with a randomly generated key for every customer. All data is transmitted via an encrypted SSL connection.

Access to personal data:

We have built our systems according to the principles of data economy, the need-to-know principle and privacy by design and ensure that our employees only have access to the personal data that is absolutely necessary so that we can provide our services in the best possible way. In principle, our employees have no access to all your personal data that is available in the Vinlivt application, in particular personal data, sales data and financial analysis data. This data is stored in encrypted form in a data center in Frankfurt. Only our technical systems have the appropriate code to be able to decrypt and process it.

Excluded from the principles of data economy and privacy ByDesign, personal data may be viewed by us in the following cases:

• When you contact our support
• If you provide us with personal data within the application with explicit consent, e.g. to optimize contract acceptance or obtain offers
• By submitting documents and photos via the upload function and the contract check
• If you want to take out a product from a financial partner (such as insurance or pension products) via the Vinlivt application and explicitly agree to the data transfer
• If you have agreed to receive advice from a financial expert from our affiliated financial partners via the Vinlivt application, all associated data (in particular personal data and data relating to your insurance and financial contracts) can be viewed via a web UI (VinhubMessenger) by the financial experts and insurance advisors of the financial partners so that they can advise and assist you with questions and problems
• If we have a regulatory obligation to do so, for example to meet regulatory requirements to combat money laundering and terrorist financing
• To ensure proper processing of the brokerage, conclusion and/or administration of term agreements and financial products, employees can access the personal data necessary to carry out the transactions, such as master data, order status or contract number

Purpose for processing personal data:

We collect personal data in order to provide, at your request, our Vinlivt application optimally suited to your needs, with which you can, for example, manage accounts and contracts and receive individualized retirement, insurance or financial tips. Art 6 (1) b) GDPR.

The data is collected:

• For providing a desktop and mobile application with a multi-bank account login (Tink Open Banking Technology)
• To retrieve your current account balances and account turnover data to automatically create a digital contract folder based on account transactions
• For identifying independent recommendations of pension and financial tips as well as contract optimizations and benefit adjustments (pension check)
• For the preparation of financial analyses, pension forecasts and a digital budget book
• To answer inquiries about the provision of the VINLIVT application (precautionary check)
• To manage contracts, for example: insurance contracts, gym contracts, subscriptions and much more
• Implementation of contract optimizations and performance and/or contribution adjustments
• For concluding and managing pension and financial products with our cooperation partners, such as our affiliated financial partners
• To transfer to service providers for the purpose of carrying out an identity verification in accordance with money laundering, where necessary
• To meet regulatory requirements to which we are subject as a payment institution, in particular to combat money laundering and terrorist financing
• We process personal data if this is necessary, at your request, to fulfill and/or terminate the subsequent contract or another contract to which you are a party.
• For the purpose of providing the contractually agreed service, we in particular create a file to identify you when you contact us.
• In order to fulfill the contract, requirements analyses are also prepared, your contract is administered and serviced, or these processes are improved.
• To comply with our legal obligations, art. 6 (1) c) GDPR.
• We may collect and process your personal data to comply with legal obligations to which we are subject. This includes, for example, meeting regulatory control and reporting requirements under the Second Payment Services Directive, to which we are subject as a third-party provider of account information services.
• Also the proper processing of financial products, which we offer you in cooperation with our cooperation partners, such as our financial partners.
• To protect our legitimate interests and the interests of other responsible parties or third parties in data processing, Art. 6 (1) f) GDPR.
• We also collect and process your personal data to protect our legitimate interests or the legitimate interests of third parties, insofar as data processing is necessary to protect these legitimate interests.
• In addition, we have a legitimate interest in informing you about our improved internal processes regarding the execution of the existing contractual relationship and similar products and services.
• In addition, we have a legitimate interest in providing you with promotional information, unless you object to receiving such advertising information as: carrying out campaigns to attract new customers, generate new customers, win back customers.
• In addition, we may process data for the purposes of market or opinion research or needs analyses and provide information on the contractual relationships with our cooperation partners for proper processing.
• Data processing is also carried out to assert legal claims or defend against legal claims.
• To process your data based on your consent, Art. 6 (1) a) GDPR.
• If you have given us your express consent, we will process your data in accordance with the purposes stated there.

These are:

• Transmission of promotional information, such as regular information via email
• Optimizing our financial analyses and tips, such as improved recognition of contracts based on account transactions and user behavior
• Implementation of contract optimization, such as the termination of a contract or the conclusion of a new insurance or financial product

Transfer of data to third parties:

Data will not be passed on to third parties without your explicit permission, unless we have made this clear to us by you beforehand. This may be the case when brokering, concluding and/or managing term contracts and financial products with our cooperation partners. If you commission us to mediate, conclude and/or manage, we will transfer the necessary data to the appropriate provider (s). Only the information that is actually necessary for the execution of the respective order is transmitted. This usually includes name, address, date of birth, account information for direct debit and information about the provider's desired product — but does not include details of sales data. Account and turnover data will only be transmitted to cooperating partners if you personally conclude financial products, provided that this data is necessary as a prerequisite for determining your credit rating and you have agreed to the transfer. When executing the exchange orders, Vinlivt may work with vicarious agents and partners who receive the necessary order data for the purpose of properly executing the exchange order.

If an identity verification is required by a cooperation partner/financial partner to apply for the conclusion of a contract, we will transfer the data required by you and provided as part of the conclusion process to an external service provider who is responsible for carrying out the identity verification process. Identity verification is carried out using an identification process, such as video identification and/or qualified electronic signature, which fully meets the requirements of the Money Laundering Act, the data protection guidelines and the respective supervisory authority, such as BaFin. The legal basis for transmitting the data in this step is the Money Laundering Act (GwG) and Art. 6 (1) b) GDPR, as your identification in accordance with money laundering is a prerequisite for concluding the respective contract with the cooperation partner.

You will receive an up-to-date overview of the cooperation partners/financial partners, as well as the external service providers used to carry out the identity verification from us via a request to hello@vinlivt.de

Further data collection by Vinlivt:

So that we can further optimize and improve the Vinlivt application for you, we use third-party providers who help us understand which features and areas are being used, or may be faulty. This allows us to plan, develop and optimize better software improvements. This gives you control over what happens with your data and how you help us optimize it. Within the Vinlivt application, you can view and manage all legal information at any time under Privacy and Terms and Conditions. It can transfer your personal data to anyone to whom we assign rights resulting from the contractual relationship with you. Among other things, your data may also be transferred to other third parties for other purposes permitted under the General Data Protection Regulation, such as legal or tax service providers or regulatory authorities.

Third party Vinlivt application providers:

web hosting

External services are used for our web hosting at Vinlivt. These can provide access to personal data that is processed to use our online offering. All encrypted data is stored in a data center in Germany/Frankfurt (AWS).

Web server log files

They also process personal data so that our digital offering is made available reliably and securely. Information such as URLs accessed, operating systems, date, time of your request, browser type and version used, IP address, protocol used, amount of data transferred, user agent, referrer URL, or HTTP status code is stored in log files access log, error log. If your consent has been given, a legal basis for data processing is provided in Art. 6 para. 1 lit. a GDPR. If you have not given your consent, a legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. We are interested in consistently offering digital offerings properly.

Google Tag Manager

We use Google Tag Manager. This is a solution that allows us to manage so-called website tags via an interface and thus integrate Google Analytics and other Google marketing services into our online offering, for example. The tag manager itself, which implements the tags, does not process any user data. With regard to the processing of user data, reference is made to the following information about Google services.

Usage guidelines: https://www.google.com/intl/de/tagmanager/use-policy.html

Google Analytics

We use Google Analytics, a web analysis service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland “Google”. Google uses cookies. The information generated by the cookie about the use of the online offer by users is usually transmitted to a Google server in the USA and stored there. Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offering and to provide us with other services related to the use of this online offer and Internet usage. Pseudonymous user profiles of users can be created from the processed data. We only use Google Analytics with activated IP anonymization. This means that the IP address of users is abbreviated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and abbreviated there. The IP address transmitted by the user's browser is not combined with other data from Google. Users can prevent the storage of cookies by setting their browser software accordingly; users can also prevent Google from collecting the data generated by the cookie and related to their use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

If we ask users for consent, for example as part of a cookie consent), the legal basis for this processing is Article 6 (1) lit. a. GDPR. Otherwise, user data is processed on the basis of our legitimate interests, i.e. the interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR). For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/privacy) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated). User data is deleted or anonymized after 14 months.

Google Universal Analytics

We use Google Analytics in the form of “universal analytics.” “Universal Analytics” means a Google Analytics process in which user analysis is carried out on the basis of a pseudonymous user ID and thus creates a pseudonymous profile of the user with information from the use of various devices, so-called “cross-device tracking”.

Target group building with Google Analytics

We use Google Analytics to display ads placed within Google and its partners within web services only to users who have also shown an interest in our online offering or who have specific characteristics, such as interests in specific topics or products, which are determined on the basis of the websites visited, which we transmit to Google so-called “remarketing” or “Google Analytics audiences.” With the help of Remarketing Audiences, we also want to ensure that our ads meet the potential interest of users.

Google Adsense with personalized ads

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use the AdSense service, which helps display ads on our website and we receive remuneration for their display or other use. Usage data, such as clicking on an ad and the user's IP address, is processed for these purposes, with the IP address being abbreviated by the last two digits. User data is therefore processed pseudonymized. We use Adsense with personalized ads. Google draws conclusions about their interests based on the websites visited by users or the application licationlicationlicationlicationlicationlicationlicationlication lication lication lication created in this way. Advertisers use this information to align their campaigns with these interests, which is beneficial to users and advertisers alike. For Google, ads are personalized when collected or known data determines or influences the ad selection. This includes previous searches, activities, website visits, application use, demographic and location information. In detail, this includes: demographic targeting, interest category targeting, remarketing, as well as targeting customer matching lists and audience lists uploaded to DoubleClick Bid Manager or Campaign Manager.

If we ask users for consent (e.g. as part of a cookie consent), the legal basis for this processing is Article 6 (1) lit. a. GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR). For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google Adsense with non-personalized ads

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland “Google”. We use the AdSense service, which helps display ads on our website and we receive remuneration for their display or other use. Usage data, such as clicking on an ad and the user's IP address, is processed for these purposes, with the IP address being abbreviated by the last two digits. User data is therefore processed pseudonymized.

We use Adsense with non-personalized ads. The ads are not displayed based on user profiles. Non-personalized ads aren't based on previous user behavior. Targeting uses contextual information, including rough (e.g. at location level) geographical targeting based on current location, content on the current website or application, and current search terms. Google prevents any personalized targeting, including demographic targeting and targeting based on user lists. If we ask users for consent (e.g. as part of a cookie consent), the legal basis for this processing is Article 6 (1) lit. a. GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR). For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google AdWords and conversion measurement

We use the Google “AdWords” online marketing process to place ads on the Google advertising network, for example in search results, in videos, on websites, etc., so that they are displayed to users who have a presumed interest in our ads. This allows us to display ads for and within our online offering in a more targeted manner in order to present users only with ads that potentially match their interests. For example, if a user is shown ads for products that they have shown interest in on other online offerings, this is referred to as “remarketing.” For these purposes, when our and other websites on which the Google advertising network is active are accessed, Google directly executes a code from Google and so-called remarketing tags, invisible graphics or code, also known as “web beacons”, are integrated into the website. With their help, an individual cookie, or comparable technologies, is stored on the user's device. This file records which websites the user has visited, which content he is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and further information on the use of the online offer. We also receive an individual “conversion cookie”, which enables Google to create conversion statistics for us. However, we only receive the anonymous total number of users who clicked on our ad and were redirected to a page with a conversion tracking tag. However, we do not receive any information that personally identifies users.

User data is processed pseudonymously as part of the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without such pseudonymization. The information collected about users is transmitted to Google and stored on Google's servers in the USA. If we ask users for consent, for example as part of a cookie consent, the legal basis for our processing is Article 6 (1) lit. a. GDPR. Otherwise, users' personal data is processed on the basis of our legitimate interests, i.e. our interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) lit. f. GDPR. For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google (https://adssettings.google.com/authenticated).

Google DoubleClick

We use the services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). We use the Google “DoubleClick” online marketing process to place ads on the Google advertising network, for example in search results, in videos, on websites, etc. Double Click is characterized by the fact that ads are displayed in real time based on the presumed interests of users. This allows us to display ads for and within our online offering in a more targeted manner in order to only present users with ads that potentially match their interests. For example, if a user is shown ads for products that they have shown interest in on other online offerings, this is referred to as “remarketing.” For these purposes, when our and other websites on which the Google advertising network is active are accessed, Google immediately executes a code from Google and so-called remarketing tags (invisible graphics or web beacons) are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (cookies This file records which websites the user has visited, what content he is interested in and which offers the user has clicked on, as well as technical information about the browser and operating system, referring websites, time of visit and further information on the use of the online offer.

The IP address of users is also collected, which is abbreviated within member states of the European Union or in other states party to the Agreement on the European Economic Area and only in exceptional cases transmitted entirely to a Google server in the USA and abbreviated there. Google may also combine the above information with such information from other sources. If the user then visits other websites, ads tailored to him may be shown in accordance with his presumed interests on the basis of his user profile. User data is processed pseudonymously as part of the Google advertising network. This means that Google does not store and process the user's name or email address, for example, but processes the relevant data on a cookie-related basis within pseudonymous user profiles. In other words, from Google's point of view, the ads are not managed and displayed for a specifically identified person, but for the cookie owner, regardless of who that cookie owner is. This does not apply if a user has expressly allowed Google to process the data without this pseudonymization. The information collected about users by Google marketing services is transmitted to Google and stored on Google's servers in the USA.

If we ask users for consent, for example as part of a cookie consent, the legal basis for this processing is Article 6 (1) lit. a. GDPR. Otherwise, user data is processed on the basis of our legitimate interests, i.e. the interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR. For more information on Google's use of data, settings and objection options, please see Google's privacy policy (https://policies.google.com/technologies/ads) and in the settings for displaying advertisements by Google https://adssettings.google.com/authenticated.

Google Firebase

We use the “Google Firebase” developer platform and the associated functions and services offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Firebase is a platform for developers of applications (“applications” for short) for mobile devices and websites. Google Firebase offers a variety of features, which are presented on the following overview page: https://firebase.google.com/products/. The functions include the storage of applications including personal data of application users, such as content created by them or information regarding their interaction with the application (so-called “cloud computing”). Google Firebase also offers interfaces that allow interaction between users of the application and other services, e.g. authentication using third-party services such as Facebook, Twitter or using an email password combination.

User interactions can be evaluated using the “Firebase Analytics” analysis service. Firebase Analytics is aimed at recording how users interact with an application. Events (so-called “events”) are recorded, such as the initial opening of the application, uninstallation, update, crash or frequency of use of the application. The events can also be used to record other user interests, e.g. for specific functions of the applications or specific subject areas. As a result, user profiles can also be created, which can be used, for example, as a basis for presenting advertising information tailored to users. Google Firebase and users' personal data processed using Google Firebase can also be used together with other Google services, such as Google Analytics and Google Marketing Services and Google Analytics (in this case, device-related information, such as “Android Advertising ID” and “Advertising Identifier for iOS”, is also processed to identify users' mobile devices).

If we ask users for consent, for example as part of a cookie consent, the legal basis for this processing is Article 6 (1) lit. a. GDPR. Otherwise, user data is processed on the basis of our legitimate interests, i.e. the interest in the analysis, optimization and economic operation of our online offering within the meaning of Article 6 (1) (f) GDPR. Google's privacy policy is available at https://policies.google.com/privacy. Users can find out more about Google's use of data for marketing purposes on the overview page: https://policies.google.com/technologies/ads?hl=de

If users wish to object to interest-based advertising through Google marketing services, users can use the settings and opt-out options provided by Google: https://adssettings.google.com/

Data in third countries:

Data is transferred to third countries for the following purposes:

Notifications, specifically so-called push notifications. To help you manage your accounts and contracts in the best possible way, we send you helpful push notifications to your smartphone, such as a cancellation reminder when contracts expire. To provide this feature, we use technology from Amazon Simple Notification Service (Amazon SNS), P.O. Box 81226, Seattle, WA 98108, U.S.A. The push notifications are provided by Application Inc. (“Application”), One Infinite Loop, Cupertino, California 95014, USA or Google Firebase (“Google”), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA sent to your smartphone.

Online offers on social media

We maintain online offers within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services there. We would like to point out that user data may be processed outside the European Union. This may result in risks for users because, for example, it could make it more difficult to enforce users' rights. Furthermore, user data is usually processed for market research and advertising purposes. For example, user profiles can be created from user behavior and the resulting interests of users. The user profiles can in turn be used, for example, to place advertisements within and outside the platforms that presumably match the interests of users. For these purposes, cookies are usually stored on users' computers, in which user behavior and interests are stored. In addition, data can also be stored in the user profiles regardless of the devices used by the users (in particular if the users are members of the respective platforms and are logged in to them).

User data is processed on the basis of our legitimate interests in effectively informing users and communicating with users in accordance with Article 6 (1) (f) GDPR. If users are asked for consent to data processing by the respective platform providers, the legal basis for processing is Article 6 (1) lit. a., Article 7 GDPR. For a detailed description of the respective processing and opt-out options, we refer to the information provided by the providers linked below. Even in the case of requests for information and the assertion of user rights, we would like to point out that these can be asserted most effectively with the providers. Only the providers have access to user data and can directly take appropriate measures and provide information. Should you still need help, feel free to contact us at any time.

• Facebook, pages, groups, (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) based on an agreement on joint processing of personal data — privacy policy: https://www.facebook.com/about/privacy/, especially for pages: https://www.facebook.com/legal/terms/information_about_page_insights_data , Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
• Google/ YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, IR-Land) — Privacy Policy: https://policies.google.com/privacy, Opt-out: https://adssettings.google.com/authenticated, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.
• ngress (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) — Privacy Statement/ Opt-Out: http://instagram.com/about/legal/privacy/.
• Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) — Privacy Policy: https://twitter.com/de/privacy, Opt-out: https://twitter.com/personalization, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active.
• Pinterest (Pinterest Inc., 635 High Street, Palo Alto, CA, 94301, USA) — Privacy Statement/ Opt-Out: https://about.pinterest.com/de/privacy-policy.
• LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) — Privacy Policy https://www.linkedin.com/legal/privacy-policy , Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active.
• Xing (XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) — Privacy Statement/ Opt-Out: https://privacy.xing.com/de/datenschutzerklaerung.
• Wakalet (Wakelet Limited, 76 Quay Street, Manchester, M3 4PR, United Kingdom) — Privacy Statement/ Opt-Out: https://wakelet.com/privacy.html.
• Soundcloud (SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany) — Privacy Statement/ Opt-Out: https://soundcloud.com/pages/privacy.

Customer Support:

As a customer, you have the option to contact us via various channels, such as: email, Instagram, YouTube, Facebook, LinkedIn, contact form. We only process personal data for as long as is necessary to fulfill our contractual and legal obligations. Among other things, data processing is necessary for contract execution and execution, including the defense and enforcement of civil claims within the relevant limitation periods. The limitation periods may be up to thirty years under Sections 195 et seq. of the German Civil Code; the regular limitation period is three years. In addition, tax, commercial, tax and other legal storage obligations must be observed. The storage and documentation periods provided for there are six to ten years plus the statute of limitations of a further four years. In order not to violate legal regulations or to lose the opportunity to assert a claim or defend ourselves against such a claim, we reserve the right to delete the data only after the last period that legitimizes data storage has elapsed.

User rights:

You have the right to:

• To request information about whether and, if so, which personal data concerning you is being processed, Art. 15 GDPR; you can download information about all your processed data at any time in the “More” -> “Legal Information” -> “GDPR Information” tab.
• to request the correction of incorrect or the completion of incomplete personal data, Art. 16 GDPR;
• to demand from us that personal data concerning you be deleted immediately, provided that the conditions set out in Article 17 GDPR are met;
• to request the restriction of the processing of your personal data, insofar as Article 18 GDPR provides for this;
• to receive the personal data concerning you in a format that meets the requirements of Article 20 (1) GDPR;
• on data portability under the conditions set out in Art. 20 (1) a), b) GDPR;
• not to be subject to a decision based exclusively on automated processing — including profiling — if a decision was only made in an automated process and that decision significantly affects you.
• In the event of a rejection, we will manually review the decision once again after you have informed us of your considerations and objections to the decision made in the automated process and requested the manual review, Art. 22 (1), (3) GDPR. In addition, you are entitled to view the criteria for the decision.

Objection to processing of personal data:

If we process your data to protect legitimate interests, you can object to this processing for reasons arising from your particular situation. You have the right to object to the processing of your personal data for direct marketing purposes without giving reasons; this also applies to profiling insofar as it is associated with such direct marketing. We will then no longer process your personal data unless we can prove compelling legitimate grounds for processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. To object to the processing of your data, you can permanently and irrevocably delete your account within the Vinlivt application at any time.

Where can you complain?

If you believe that the processing of your personal data by us is unlawful or that we may violate data protection law for other reasons, you can complain to the supervisory authority BFDI responsible for us:

https://www.bfdi.bund.de/DE/

Are you required to provide your data?

When downloading our application and using our services, you must provide the personal data that is necessary to establish, carry out and fulfill the associated obligations or which we are legally obliged to collect. Without this data, we will not be able to provide you with our service.

Does automated individual case decision based processing or profiling measures take place?

Vinlivt is your personal financial assistant and automatically checks whether there are optimization options for your pension, pension and finances as well as contracts. Just like a real financial advisor, he needs as good a picture of you as possible in order to be able to give you recommendations tailored to your personal situation. For this purpose, pseudonymized user profiles are created based on your general profile and enriched financial analysis data, including year of birth, zip code, contracts, turnover categorizations and personal retirement and financial tips. These user profiles cannot be linked to a person. Personal data, such as IBANs or contract numbers, is made unrecognizable before user profiles are created. For example, IBAN DE30 5007 0010 0123 4567 89 becomes IBAN XX00 0000 0000 0000 0000 00. These user profiles are used to provide you with retirement and financial tips that are individually tailored to you.

Vinlivt Newsletter (Vinletter)

We only send newsletters, emails and other electronic notifications with promotional information with the consent of the recipients or legal permission. If the content of the newsletter is specifically described as part of a subscription to the newsletter, they are decisive for the consent of the users. In addition, our newsletters contain information about our services and us. Signing up for our newsletter is a double opt-in process. After registration, users receive an email asking them to confirm their registration. This confirmation is necessary so that no one can log in with foreign e-mail addresses. Subscriptions to the newsletter are logged in order to be able to prove the registration process in accordance with the necessary requirements. This includes saving the time of registration and confirmation, as well as the IP address. Changes to your data stored with the shipping service provider are also logged. To sign up for the newsletter, it is sufficient to provide an email address and your name.

The newsletter and the associated performance measurement are based on the consent of the recipients in accordance with Article 6 (1) (a), Article 7 GDPR in conjunction with Section 7 (2) No. 3 UWG or, if consent is not required, on the basis of our legitimate interests in direct marketing in accordance with Article 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG. The registration process is logged on the basis of our legitimate interests in accordance with Article 6 (1) (f) GDPR. We are interested in using a user-friendly and secure newsletter system (Mailerlite) that both serves our business interests and meets user expectations and also allows us to prove consent. Users can unsubscribe from our newsletter at any time, i.e. withdraw their consent. A link to unsubscribe from the newsletter can be found at the end of each newsletter. Based on our legitimate interests, we store the unsubscribed email addresses in the form of a blacklist for up to three years before we delete them in order to be able to prove a previously given consent. The processing of this data is limited to the purpose of possible defense against claims. An individual request for deletion is possible at any time, provided that the former existence of consent is confirmed at the same time.

https://www.mailerlite.com/legal/privacy-policy