Prosperity

Data Privacy Statement – prosperity solutions AG

Your privacy is important to us

Please take a moment to read the privacy statement below, because if you use our service, it means you have confirmed reading this information.

We have to collect data in order to be able to offer our service. We always adhere to the applicable data protection legislation in the process. We need the information that we collect in order to make our products and services better for you, to prevent fraud and to market our products.

To achieve this, we collect data such as location information that has been rendered anonymous, information on the device you are using, how you use our service and the personal data that you enter in the app.

Protecting your personal data is extremely important to us. We make a considerable effort with the technical and organisational measures we take in order to protect your data.

You can find the detailed legal version of our privacy statement below.

1. Introduction

Protecting your personal data is a top priority for prosperity solutions AG (hereinafter referred to as “prosperity”, “we”, “us”, “our”). This means that we will only collect the data that we absolutely need. We manage the data we collect with the necessary degree of care and only process it based on the statutory provisions set out in the European General Data Protection Regulation (hereinafter referred to as the “GDPR”) and the data protection provisions that apply in Liechtenstein or Switzerland. Below, we would like to provide you with information on a number of aspects, including what personal data concerning you we collect, for what purpose it is used, with whom it is shared and what your rights of control and rights to information are.

2. Contact details for the controller

The company responsible for the processing of personal data in connection with the website and the app (hereinafter referred to as the “platform”), i.e. the controller is:

prosperity solutions AG Industriering 40 9491 Ruggell Principality of Liechtenstein Tel.: +423 265 34 40 E-mail: hello@prosperity.app

In Switzerland, you can contact our representative appointed in accordance with Art. 14 of the CH DPA at the following address: ME Advocat AG, lic.iur. HSG Ivan Brüschweiler, Hauptstrasse 17, 9422 Staad, Phone: +41 71 855 77 66, e-mail: i.brueschweiler@advocat.ch

You can contact our company Data Protection Officer by post by writing to the address above, addressing your letter for the attention of the Data Protection Officer, or by sending an e-mail to datenschutz@prosperity.app.

3. Definitions

3.1 Personal data

refers to all information relating either directly or indirectly to an identified or identifiable natural person. This includes information such as name, address, e-mail address, telephone number, date of birth, age, gender or tax identification number.

In general, you can use our website without entering any personal data at all. We may, however, have to collect personal data if you want to use particular services that we offer.

3.2 Processing

refers to any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, disclosure or any other type of use.

4. Purpose of data processing

As a general rule, we only process personal data with your consent, to perform the contract in question or on the basis of our legitimate interests. In general, we process personal data on the basis of an order issued by you and the contractual relationship based on this order, i.e. for the establishment, management and performance of the contractual relationships. Data is also processed to manage and maintain client relationships and for the purposes of self-promotion.

5. Data security

It goes without saying that we only use suitable technical and organisational safeguards to protect your data against accidental or intentional tampering, partial or complete loss, destruction or against access by unauthorised third parties. Our safeguards are also improved continuously in line with technological advancements.

6. Processing of your personal data in connection with use of the app

6.1 Information obtained when you download the app

When you download the app, information is sent to the app store that you use. This information can include, in particular, your Apple or Android ID, the time at which the app was downloaded, payment information and your individual device ID. This data is only processed by the app store that you use and is beyond our control.

6.2 Information collected automatically when you use the app

When you use the app, we automatically collect certain pieces of data that are required in this regard. These include, for example, your device model, system version and the IP address of your mobile device or computer. We process this data automatically in order to

  • make the app and the associated functions available to you;
  • improve the app’s functions and performance features; and to
  • prevent and resolve any misuse or malfunctions.

As far as the GDPR applies, this processing is justified by the fact that it is necessary for the performance of the contract between you and us in accordance with Article 6(1)(b) of the GDPR.

7. Processing of your personal data in connection with use of the website

7.1 When you visit the website

When our website is accessed by the browser used on your end device, information is automatically sent to our website server. This information is stored temporarily in what is known as a log file. The following information is recorded and stored until it is automatically deleted:

  • Visitor (IP addresses are automatically rendered anonymous)
  • Time of access, including information on the time zone
  • Visitor’s request (HTTP request method, requested file, HTTP protocol version)
  • HTTP status code (server response) and size of server response
  • Name and URL of the file accessed
  • Website from which our website is accessed (referrer URL)
  • Browser used and, where appropriate, your computer’s operating system and the name of your access provider

This information is processed to allow you to use our website (e.g. so that our website is adapted to suit the needs of your device). This data is not merged with other data sources. As far as the GDPR applies, the legal basis for the lawfulness of data processing is Article 6(1)(b) of the GDPR, because we need the data that is collected automatically in the context of the pre-contractual legal relationship in order to ensure the effective provision of our website, and Article 6(1)(f) of the GDPR, because storing the data serves to safeguard our legitimate interest in ensuring the stability and security of the website. You can find further information on the collection of personal data when you visit our website in the section entitled “Cookies” below (see section 9). We will only store the personal data that is collected automatically until the purposes referred to above have been fulfilled, unless we still need it to perform a contract, in the event that the law, articles of association or contract prescribe any retention periods, or if we need to continue to store the data for the establishment, exercise or defence of legal claims.

7.2 When you use our contact option or apply for a job with us

Our website contains information allowing you to contact our company quickly and electronically and communicate with us directly. If you contact us by e-mail, the personal data that you transmit will be stored by us automatically. In this respect, and as far as the GDPR applies, the data is processed for the purposes of processing and contact in accordance with Article 6(1)(a) of the GDPR on the basis of your voluntary consent. We do not disseminate any of your personal data to third parties without your consent.

The above also applies if, when applying for a job with us, you send us your application documents electronically, for example by e-mail. If you are not hired, we will delete the application documents four months after sending you the rejection notice, unless we have other legitimate interests arguing against such deletion.

8. Processing of your personal data when using our services in the app and on the website

8.1 Using our services

We offer services (e.g. creation of a user account, opportunity to contact us, conclusion and management of contracts) on our platform and ask you to provide personal data when you use them. You can use these services both on our website and via our app. The information required is always marked as a mandatory field. Without this information, we may not be able to provide the desired service or reply to any enquiries you make. We have provided an overview of the data collected within this context below:

  • Gender
  • Surname, first name
  • Date of birth
  • Telephone number
  • Marital status
  • User name
  • E-mail address
  • Login and password details
  • Investment interest

We store the data you enter for the period during which you use your user account, unless you erase it earlier. You can manage and alter all of the information in the protected client area at any time. As far as the GDPR applies, the legal basis for the lawfulness of data processing is Article 6(1)(b) of the GDPR, because it serves to ensure the efficient provision and management of the user account in the context of the contract between you and us. If no exceptions apply within the services specified further below, your personal data will be stored until you erase either the data or delete your user account as a whole. Your personal data will be erased within 90 days of you deleting your account. Legal retention obligations or the need to keep your personal data for legal action due to misconduct relating to the use of the service or payment issues may result in us having to store your personal data for longer.

8.2 Contact

We store and process the personal data that you provide us with when you contact us using the chat function or by e-mail. We only use this data to answer your enquiry or to contact you, and for the related technical administration. As far as the GDPR applies, the legal basis for the lawfulness of this data processing is Article 6(1)(b) of the GDPR, because it serves the performance of the contract between you and us or corresponding pre-contractual measures, and Article 6(1)(f) of the GDPR, because the processing of these enquiries is in both your and our interests.

Once your enquiry has been resolved, we store your personal data for a period of three years starting at the end of the calendar year in which the enquiry is resolved. We will then erase your data and/or will only continue to store it if the law, articles of association or contract prescribe any retention periods, or if we need to continue to store the data for the establishment, exercise or defence of legal claims.

8.3 Conclusion of a contract for the products we offer

If you have created a user account and then opt for one of the products we offer, you have to enter personal data in order to conclude the contract. This data includes your name, date of birth, address, occupation and, where appropriate, your tax information. As far as the GDPR applies, the legal basis for the lawfulness of this data processing is Article 6(1)(b) of the GDPR, because we require this information from you to perform the contract established between you and us or for the purposes of corresponding pre-contractual measures. If you make bank transfers to pay your contractual rates, we will only process this payment data in order to perform the contract There are certain products for which we require further information on your state of health, for example information on certain conditions and, where appropriate, related documents, or information on your financial situation and your knowledge of investment products. As far as the GDPR applies, the legal basis for the lawfulness of this data processing is the consent you granted previously in accordance with Article 6(1)(a) of the GDPR and Article 6(1)(b) of the GDPR, because we require this information from you to perform the contract established between you and us or for the purposes of corresponding pre-contractual measures To verify your identity in order to conclude the contract with you, we need your ID card and image, using the video function, to fulfil our due diligence obligations pursuant to the Liechtenstein Due Diligence Act (Sorgfaltspflichtgesetz). As far as the GDPR applies, we process this data based on our corresponding legal obligation in accordance with Article 6(1)(c) of the GDPR.

9. Cookies

We use cookies on our platform. Cookies are small files that are stored on your end device (laptop, tablet, smartphone, etc.) when you visit our platform. Cookies do not damage your end device and do not contain viruses, Trojan horses or other malware. The cookie stores information that is created in connection with the end device used specifically in each case.

The use of cookies serves, on the one hand, to make the use of our platform more pleasant for you. For example, we use what are known as session cookies to recognise that you have already visited individual pages of our platform. The data is erased as soon as the purpose for which it was collected is fulfilled, unless we still need it to perform a contract, in the event that the law, articles of association or contract prescribe any retention periods, or if we need to continue to store the data for the establishment, exercise or defence of legal claims. In addition, we also use temporary cookies that are stored on your end device for a specific period of time to optimise user-friendliness. If you visit our platform again to use our services, it will automatically detect that you have already visited our platform, and which entries and settings you made/selected so that you do not have to enter them again. We also use cookies to record statistics on the use of our platform and to evaluate them in order to optimise the services we offer you. These cookies allow us to automatically detect that you have already visited our platform when you make a return visit. These cookies are automatically deleted after a defined period of time. The data processed using cookies is required for the aforementioned purposes in order to protect our legitimate interests as set out above and those of third parties, such as advertising partners that receive performance-related remuneration, in accordance with, as far as the GDPR applies, Article 6(1)(f) of the GDPR. Most browsers accept cookies automatically. You can, however, configure your browser in such a way that no cookies are stored on your computer, or that a message always appears before a new cookie is created. If you deactivate cookies completely, however, you may not be able to use all of the functions on our platform.

10. Online advertising and analysis tools

We use the tools set out below for online advertising and analysis. As far as the GDPR applies, the tracking measures we use are performed on the basis of Article 6(1)(f) of the GDPR. We use these tracking measures to ensure that our website is designed to meet the needs of our users and is optimised on an ongoing basis. We also use the tracking measures to record statistics on the use of our website and in order to optimise the services we offer you. Information on the individual data processing purposes and data categories can be found in the information on the corresponding tracking tools.

10.1 Google Analytics

In order to ensure that our platform is designed to meet the needs of our users and is optimised on an ongoing basis, we use Google Analytics, a web analysis service offered by Google Inc. (about.google/intl/en/), 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies (see section 9). The information generated by the cookie about your use of our platform is usually transmitted to a Google server located in the USA, where it is stored. We have activated the IP anonymisation feature on this website. This means that Google will truncate your IP address in member states of the European Union or other signatory states to the Agreement on the European Economic Area before it is transmitted to the USA. Only in exceptional cases will the full IP address be sent to a Google server located in the USA and truncated there. On behalf of the website operator, Google will use this information for the purpose of evaluating the use of our platform, compiling reports on activity and providing us with other services relating to platform activity and Internet usage. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data. We have concluded an agreement on contract data processing with Google in accordance with Art. 28 GDPR (as far as the GDPR applies). The therein agreed so-called standard contractual clauses of the EU Commission enables the transfer of data to third countries.

You can find more information on the handling of user data by Google Analytics in Google’s privacy policy: support.google.com/analytics/answer/6004245?hl=en.

10.2 Facebook pixel

We also use the remarketing pixel from Facebook Inc., 1601 S. California Ave, Palo Alto, CA94304, USA (hereinafter referred to as “Facebook”), as part of our website. This allows us to track the activity of users after they have seen, or clicked on, a Facebook advertisement. We can use this feature to record information on how effective the Facebook advertisements are for statistical and market research purposes. The data recorded within this context is anonymous for us, i.e. we cannot see any personal data concerning individual users. This data is, however, stored and processed by Facebook, which we draw your attention to based on the knowledge available to us. Facebook can link this data with your Facebook account and also use it for its own advertising purposes in line with Facebook’s Data Policy(en-gb.facebook.com/about/privacy/). We also use Facebook’s custom audience function. This allows us to display customised advertisements to visitors to our website based on their interests if they have an account with Facebook or its partners. Facebook uses cookies to analyse the website use. This results in information being collected on visitors to the website, and anonymised data on the use of the website being collected.

10.3 Google Optimize

We use the tool Google Optimize to understand which of the various versions of our website are more helpful for users and which are not. You can find information on data protection within this context here: policies.google.com/?hl=en and support.google.com/optimize/answer/6292487?hl=en.

10.4 Segment.io

We also use Segment.io, a service offered by Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA (hereinafter referred to as “Segment”) for data analysis, allowing us to collect and analyse the technical usage data that arises when our website is used and evaluate it, with the help of the other third-party provider tools described in this statement, to analyse the use of, and optimise, our website. The usage data collected is pseudonymised before it is processed. This means that IP addresses are truncated after they are collected and that the data is not used to merge usage profiles with your personal data. The information about the use of our website is usually transmitted to a Segment server located in the USA, where it is stored. Segment has made an explicit contractual commitment to adhere to the European data protection law requirements. You can object to the collection of data for these purposes by configuring your browser settings so that cookies are not stored.

10.5 Amplitude

We also use Amplitude, an analysis service offered by Amplitude Inc., 501 2nd Street, Suite 100, San Francisco, CA 94107, USA (hereinafter referred to as “Amplitude”). The information about the use of the app by users is usually transmitted to an Amplitude server located in the USA, where it is stored.

Amplitude allows us to better understand and optimise the usage behaviour of app users.

You can find further information in Amplitude’s Privacy Policy at amplitude.com/privacy.

10.6 AppsFlyer

prosperity uses the AppsFlyer tracking software provided by AppsFlyer Inc., 111 New Montgomery Street, San Francisco, CA 94105, USA (hereinafter referred to as “AppsFlyer”). AppsFlyer collects and stores various pieces of session and interaction data. We need this information to improve the content and user-friendliness of our app and to make it easier for you to use. The session and interaction data is collected after being rendered anonymous and is only evaluated in anonymised, summarised form and for statistical purposes only.

As far as the GDPR applies, the legal basis for the use of this data is Article 6(1)(f) of the GDPR. You can object to tracking via AppsFlyer at any time with effect for the future here: appsflyer.com/optout.

You can find further information at appsflyer.com/privacy-policy/.

10.7 Google Firebase

prosperity uses the Google Firebase technology provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google Firebase”). Google Firebase uses tracking technologies that allow the use of our app to be analysed, for example, to monitor performance and to keep error logs, and to analyse user behaviour. The purpose of using Google Firebase is to analyse, and make regular improvements to, the use of our app, allowing us to operate it in a more cost-effective manner.

As far as the GDPR applies, the legal basis for this data processing is Article 6(1)(f) of the GDPR, because we have a legitimate interest in the analysis, optimisation and cost-effective operation of our app, and the data processing is required to safeguard this interest.

Google Firebase results in information on the use of our app being collected and transmitted to Google in Ireland or the USA, where it is stored. The data is collected and transmitted to Google Firebase on an anonymised basis. It is not linked to other user data.

Google Firebase will use the information you provide to analyse your use of our app and to provide us with further services relating to the use of the app.

Further information on Google Firebase and data protection can be found at policies.google.com/privacy?hl=en-GB and firebase.google.com/.

10.8 Google Tag Manager

prosperity uses Google Tag Manager. This service provides an interface for managing website tags. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is recorded. Google Tag Manager results in other tags being deployed which may, in turn, collect data. Google Tag Manager does not, however, access this data. If recording has been deactivated at domain or cookie level, this setting will remain in place for all tracking tags implemented using Google Tag Manager.

10.9 Intercom

prosperity uses Intercom, provided by Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA94111, USA (hereinafter referred to as “Intercom”), as soon as you have logged in to your user account.

Intercom uses cookies to allow the use of our website to be analysed. The information generated by the cookies about the use of our website and your IP address is transmitted to an Intercom server located in the USA, where it is stored. We use this information to analyse the use of our platform and optimise our products based on this information.

Intercom can also be used as a communication medium, for (push) notifications within the user area (after users log in) or e-mails. You can find further information on data protection at Intercom at {{intercom}}

As far as the GDPR applies, the legal basis for this data processing is Article 6(1)(f) of the GDPR, because we have a legitimate interest in the analysis, optimisation and cost-effective operation of our website, and the data processing is required to safeguard this interest.

10.10 ActiveCampaign

prosperity uses ActiveCampaign, provided by ActiveCampaign LLC, 1 N Dearborn St., 5th Floor, Chicago, Illinois 60602, USA, for e-mail marketing, specifically for sending out newsletters. In order to be able to send you targeted information, we use click tracking in our e-mails and disseminate tracking data from Google Tag Manager and Segment to ActiveCampaign. We use the double opt-in procedure when we send out our newsletters: when you sign up for our newsletter, you receive a confirmation e-mail containing a link. When you click on this confirmation link, we save your successful registration in our system and report this to ActiveCampaign.

You can find further information on data protection at Active Campaign at activecampaign.com/legal/privacy-policy.

11. Advertising information by e-mail or chat

If you have agreed to receive news on products or services that we offer by e-mail, we process your e-mail address and, where appropriate, the information stored in your account on the basis of your corresponding consent in order to send you information on our services, products and special offers in the areas of life insurance and retirement provision. You can unsubscribe from any e-mails that are not essential at any time. We can also evaluate the data generated when our e-mails are delivered and accessed for analysis purposes and to improve our communications. Your personal data is not disseminated to third parties in connection with an e-mail subscription, with the exception of technical service providers that allow us to send out communications and analyse the results of these communications. We only process your data in order to select customised content and to send out news on products and services based on the consent you have granted. As far as the GDPR applies, the legal basis is Article 6(1)(a) of the GDPR.

12. Dissemination of personal data to third parties

Personal data can be disseminated to third parties that act on our behalf so that the personal data can be processed in line with its underlying purpose, for example the performance of the services offered, the analysis of user behaviour on our website or technical support. We subject these third parties to a contractual obligation, based on agreements provided for by law, only to use personal data for the agreed purpose or not to disseminate your personal data to other parties without your consent, unless such consent is not required by law. If you want to receive further information on our contract data processors, feel free to contact us at the address set out in section 2. If other categories of recipients of personal data arise in connection with the collection of data in the future, we will inform you when this data is collected for this purpose.

prosperity is part of the group known as the prosperity company AG. We can also use your personal data within our partner companies prosperity brokershome AG, cashyou AG and Liechtenstein LifeAssurance AG, which have their registered offices in Ruggell/Principality of Liechtenstein, for the individual purposes of these companies: contract management, development and offering of products, provision of services to third parties.

Some of the recipients are located outside of the European Union and the European Economic Area (EEA). You can find further information on cross-border transmission in general and on transmission outside of the EEA in section 13.

We can disclose your personal data if we are entitled or obliged to do so by law (e.g. based on applicable law or a court order).

13. Transmission of personal data to third countries

In some cases, it may be necessary to transmit the personal data concerning you as referred to above to countries outside of the EU and the EEA (hereinafter referred to as “third countries”). Specifically, we transmit personal data to the USA. Please note that third countries may not offer a level of data protection that is equivalent to the level that applies in the EU. When transmitting your personal data to third countries, we will, however, take suitable safeguards to protect your data appropriately. An appropriate safeguard would be an adequacy decision made by the EU. If this safeguard does not apply, we will conclude standard contractual clauses as drafted by the EU commission with the company concerned. You can find these at eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF. We would be more than happy to send you further details on the individual safeguards by e-mail on request.

14. Storage periods

We aim to keep any processing of your personal data to a minimum. If this statement does not specify any specific storage periods, we will only store your personal data for as long as is required in order to fulfil the purpose for which it was originally collected and– where appropriate– for as long as is required by law.

15. Your rights

You have the right to request information about the personal data concerning you that we process. On request, we will provide you with information, in particular, on the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it was not collected by us, and the existence of automated decision-making including profiling. You have the right to rectification, to erasure, to restriction of processing, to data portability– unless, in the case of data portability, this involves disproportionate effort– and to object.

You also have the right to withdraw any consent you have granted to the use of your personal data at any time.

If you believe that the processing of your personal data by us contravenes applicable data protection provisions, you have the option of contacting the Liechtenstein Data Protection Office: (Datenschutzstelle Liechtenstein, Städtle 38, Postfach 684, 9490 Vaduz, Liechtenstein, phone: +4232366090, e-mail: info@dss.llv.li) and for Switzerland the Federal Data Protection and Information Commissioner, Feldeggweg 1, CH-3003 Bern.

16. Validity of, and amendments to, this privacy statement

This privacy statement is currently valid and is the version dated 1st September 2023. We reserve the right to amend this privacy statement to reflect new circumstances at any time. You can access the current valid privacy statement on the website at prosperity.app/en/data-privacy/.