Data Privacy Statement – prosperity solutions AG
Your privacy is important to us
Please take a moment to read the privacy statement below, because if you use our service, it means you have confirmed reading this information.
We have to collect data in order to be able to offer our service. We always adhere to the applicable data protection legislation in the process. We need the information that we collect in order to make our products and services better for you, to prevent fraud and to market our products.
To achieve this, we collect data such as location information that has been rendered anonymous, information on the device you are using, how you use our service and the personal data that you enter in the app.
Protecting your personal data is extremely important to us. We make a considerable effort with the technical and organisational measures we take in order to protect your data.
You can find the detailed legal version of our privacy statement below.
Protecting your personal data is a top priority for prosperity solutions AG (hereinafter referred to as “prosperity”, “we”, “us”, “our”). This means that we will only collect the data that we absolutely need. We manage the data we collect with the necessary degree of care and only process it based on the statutory provisions set out in the European General Data Protection Regulation (hereinafter referred to as the “GDPR”) and the data protection provisions that apply in Liechtenstein. Below, we would like to provide you with information on a number of aspects, including what personal data concerning you we collect, for what purpose it is used, with whom it is shared and what your rights of control and rights to information are.
2. Contact details for the controller
The company responsible for the processing of personal data in connection with the website and the app (hereinafter referred to as the “platform”), i.e. the controller within the meaning of the GDPR is:
prosperity solutions AG Industriering 40 9491 Ruggell Principality of Liechtenstein Tel.: +423 265 34 40 E-mail: firstname.lastname@example.org
You can contact our company Data Protection Officer by post by writing to the address above, addressing your letter for the attention of the Data Protection Officer, or by sending an e-mail to email@example.com.
3.1 Personal data
refers to all information relating either directly or indirectly to an identified or identifiable natural person. This includes information such as name, address, e-mail address, telephone number, date of birth, age, gender or tax identification number.
In general, you can use our website without entering any personal data at all. We may, however, have to collect personal data if you want to use particular services that we offer.
refers to any operation which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, disclosure or any other type of use.
4. Purpose of data processing
As a general rule, we only process personal data with your consent, to perform the contract in question or on the basis of our legitimate interests. In general, we process personal data on the basis of an order issued by you and the contractual relationship based on this order, i.e. for the establishment, management and performance of the contractual relationships. Data is also processed to manage and maintain client relationships and for the purposes of self-promotion.
5. Data security
It goes without saying that we only use suitable technical and organisational safeguards to protect your data against accidental or intentional tampering, partial or complete loss, destruction or against access by unauthorised third parties. Our safeguards are also improved continuously in line with technological advancements.
6. Processing of your personal data in connection with use of the app
6.1 Information obtained when you download the app
When you download the app, information is sent to the app store that you use. This information can include, in particular, your Apple or Android ID, the time at which the app was downloaded, payment information and your individual device ID. This data is only processed by the app store that you use and is beyond our control.
6.2 Information collected automatically when you use the app
When you use the app, we automatically collect certain pieces of data that are required in this regard. These include, for example, your device model, system version and the IP address of your mobile device or computer. We process this data automatically in order to
- make the app and the associated functions available to you;
- improve the app’s functions and performance features; and to
- prevent and resolve any misuse or malfunctions.
This processing is justified by the fact that it is necessary for the performance of the contract between you and us in accordance with Article 6(1)(b) of the GDPR.
7. Processing of your personal data in connection with use of the website
7.1 When you visit the website
When our website is accessed by the browser used on your end device, information is automatically sent to our website server. This information is stored temporarily in what is known as a log file. The following information is recorded and stored until it is automatically deleted:
- Visitor (IP addresses are automatically rendered anonymous)
- Time of access, including information on the time zone
- Visitor’s request (HTTP request method, requested file, HTTP protocol version)
- HTTP status code (server response) and size of server response
- Name and URL of the file accessed
- Website from which our website is accessed (referrer URL)
- Browser used and, where appropriate, your computer’s operating system and the name of your access provider
This information is processed to allow you to use our website (e.g. so that our website is adapted to suit the needs of your device). This data is not merged with other data sources. The legal basis for the lawfulness of data processing is Article 6(1)(b) of the GDPR, because we need the data that is collected automatically in the context of the pre-contractual legal relationship in order to ensure the effective provision of our website, and Article 6(1)(f) of the GDPR, because storing the data serves to safeguard our legitimate interest in ensuring the stability and security of the website. You can find further information on the collection of personal data when you visit our website in the section entitled “Cookies” below (see section 9). We will only store the personal data that is collected automatically until the purposes referred to above have been fulfilled, unless we still need it to perform a contract, in the event that the law, articles of association or contract prescribe any retention periods, or if we need to continue to store the data for the establishment, exercise or defence of legal claims.
7.2 When you use our contact option or apply for a job with us
Our website contains information allowing you to contact our company quickly and electronically and communicate with us directly. If you contact us by e-mail, the personal data that you transmit will be stored by us automatically. In this respect, the data is processed for the purposes of processing and contact in accordance with Article 6(1)(a) of the GDPR on the basis of your voluntary consent. We do not disseminate any of your personal data to third parties without your consent.
The above also applies if, when applying for a job with us, you send us your application documents electronically, for example by e-mail. If you are not hired, we will delete the application documents four months after sending you the rejection notice, unless we have other legitimate interests arguing against such deletion.
8. Processing of your personal data when using our services in the app and on the website
8.1 Using our services
We offer services (e.g. creation of a user account, opportunity to contact us, conclusion and management of contracts) on our platform and ask you to provide personal data when you use them. You can use these services both on our website and via our app. The information required is always marked as a mandatory field. Without this information, we may not be able to provide the desired service or reply to any enquiries you make. We have provided an overview of the data collected within this context below:
- Surname, first name
- Date of birth
- Telephone number
- Marital status
- User name
- E-mail address
- Login and password details
- Investment interest
We store the data you enter for the period during which you use your user account, unless you erase it earlier. You can manage and alter all of the information in the protected client area at any time. The legal basis for the lawfulness of data processing is Article 6(1)(b) of the GDPR, because it serves to ensure the efficient provision and management of the user account in the context of the contract between you and us. If no exceptions apply within the services specified further below, your personal data will be stored until you erase either the data or delete your user account as a whole. Your personal data will be erased within 90 days of you deleting your account. Legal retention obligations or the need to keep your personal data for legal action due to misconduct relating to the use of the service or payment issues may result in us having to store your personal data for longer.
We store and process the personal data that you provide us with when you contact us using the chat function or by e-mail. We only use this data to answer your enquiry or to contact you, and for the related technical administration. The legal basis for the lawfulness of this data processing is Article 6(1)(b) of the GDPR, because it serves the performance of the contract between you and us or corresponding pre-contractual measures, and Article 6(1)(f) of the GDPR, because the processing of these enquiries is in both your and our interests.
Once your enquiry has been resolved, we store your personal data for a period of three years starting at the end of the calendar year in which the enquiry is resolved. We will then erase your data and/or will only continue to store it if the law, articles of association or contract prescribe any retention periods, or if we need to continue to store the data for the establishment, exercise or defence of legal claims.
8.3 Conclusion of a contract for the products we offer
If you have created a user account and then opt for one of the products we offer, you have to enter personal data in order to conclude the contract. This data includes your name, date of birth, address, occupation and, where appropriate, your tax information. The legal basis for the lawfulness of this data processing is Article 6(1)(b) of the GDPR, because we require this information from you to perform the contract established between you and us or for the purposes of corresponding pre-contractual measures. If you make bank transfers to pay your contractual rates, we will only process this payment data in order to perform the contract There are certain products for which we require further information on your state of health, for example information on certain conditions and, where appropriate, related documents, or information on your financial situation and your knowledge of investment products The legal basis for the lawfulness of this data processing is the consent you granted previously in accordance with Article 6(1)(a) of the GDPR and Article 6(1)(b) of the GDPR, because we require this information from you to perform the contract established between you and us or for the purposes of corresponding pre-contractual measures To verify your identity in order to conclude the contract with you, we need your ID card and image, using the video function, to fulfil our due diligence obligations pursuant to the Liechtenstein Due Diligence Act (Sorgfaltspflichtgesetz). We process this data based on our corresponding legal obligation in accordance with Article 6(1)(c) of the GDPR.
10. Online advertising and analysis tools
We use the tools set out below for online advertising and analysis. The tracking measures we use are performed on the basis of Article 6(1)(f) of the GDPR. We use these tracking measures to ensure that our website is designed to meet the needs of our users and is optimised on an ongoing basis. We also use the tracking measures to record statistics on the use of our website and in order to optimise the services we offer you. Information on the individual data processing purposes and data categories can be found in the information on the corresponding tracking tools.
10.1 Google Analytics
10.2 Facebook pixel
10.3 Google Optimize
We use the tool Google Optimize to understand which of the various versions of our website are more helpful for users and which are not. You can find information on data protection within this context here: www.policies.google.com/?hl=en and www.support.google.com/optimize/answer/6292487?hl=en.
We also use Segment.io, a service offered by Segment.io, Inc., 100 California Street, Suite 700, San Francisco, CA 94111, USA (hereinafter referred to as “Segment”) for data analysis, allowing us to collect and analyse the technical usage data that arises when our website is used and evaluate it, with the help of the other third-party provider tools described in this statement, to analyse the use of, and optimise, our website. The usage data collected is pseudonymised before it is processed. This means that IP addresses are truncated after they are collected and that the data is not used to merge usage profiles with your personal data. The information about the use of our website is usually transmitted to a Segment server located in the USA, where it is stored. Segment has made an explicit contractual commitment to adhere to the European data protection law requirements. You can object to the collection of data for these purposes by configuring your browser settings so that cookies are not stored.
We also use Amplitude, an analysis service offered by Amplitude Inc., 501 2nd Street, Suite 100, San Francisco, CA 94107, USA (hereinafter referred to as “Amplitude”). The information about the use of the app by users is usually transmitted to an Amplitude server located in the USA, where it is stored.
Amplitude allows us to better understand and optimise the usage behaviour of app users.
Amplitude has acceded to the EU-US Privacy Shield, meaning that it has guaranteed that the European data protection legislation will be adhered to.
prosperity uses the AppsFlyer tracking software provided by AppsFlyer Inc., 111 New Montgomery Street, San Francisco, CA 94105, USA (hereinafter referred to as “AppsFlyer”). AppsFlyer collects and stores various pieces of session and interaction data. We need this information to improve the content and user-friendliness of our app and to make it easier for you to use. The session and interaction data is collected after being rendered anonymous and is only evaluated in anonymised, summarised form and for statistical purposes only.
The legal basis for the use of this data is Article 6(1)(f) of the GDPR. You can object to tracking via AppsFlyer at any time with effect for the future here: www.appsflyer.com/optout.
AppsFly has acceded to the EU-US Privacy Shield, meaning that it has guaranteed that the European data protection legislation will be adhered to.
You can find further information at www.appsflyer.com/privacy-policy/.
10.7 Google Firebase
prosperity uses the Google Firebase technology provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as “Google Firebase”). Google Firebase uses tracking technologies that allow the use of our app to be analysed, for example, to monitor performance and to keep error logs, and to analyse user behaviour. The purpose of using Google Firebase is to analyse, and make regular improvements to, the use of our app, allowing us to operate it in a more cost-effective manner.
The legal basis for this data processing is Article 6(1)(f) of the GDPR, because we have a legitimate interest in the analysis, optimisation and cost-effective operation of our app, and the data processing is required to safeguard this interest.
Google Firebase results in information on the use of our app being collected and transmitted to Google in Ireland or the USA, where it is stored. The data is collected and transmitted to Google Firebase on an anonymised basis. It is not linked to other user data.
Google Firebase will use the information you provide to analyse your use of our app and to provide us with further services relating to the use of the app.
With regard to the personal data that is transmitted to the USA, Google Firebase has acceded to the EU-US Privacy Shield.
10.8 Google Tag Manager
prosperity uses Google Tag Manager. This service provides an interface for managing website tags. Google Tag Manager only implements tags. This means that no cookies are used and no personal data is recorded. Google Tag Manager results in other tags being deployed which may, in turn, collect data. Google Tag Manager does not, however, access this data. If recording has been deactivated at domain or cookie level, this setting will remain in place for all tracking tags implemented using Google Tag Manager.
prosperity uses Intercom, provided by Intercom, Inc., 98 Battery Street, Suite 402, San Francisco, CA94111, USA (hereinafter referred to as “Intercom”), as soon as you have logged in to your user account.
Intercom can also be used as a communication medium, for (push) notifications within the user area (after users log in) or e-mails. You can find further information on data protection at Intercom at www.www.intercom.com/legal/privacy
The legal basis for this data processing is Article 6(1)(f) of the GDPR, because we have a legitimate interest in the analysis, optimisation and cost-effective operation of our website, and the data processing is required to safeguard this interest.
prosperity uses ActiveCampaign, provided by ActiveCampaign LLC, 1 N Dearborn St., 5th Floor, Chicago, Illinois 60602, USA, for e-mail marketing, specifically for sending out newsletters. In order to be able to send you targeted information, we use click tracking in our e-mails and disseminate tracking data from Google Tag Manager and Segment to ActiveCampaign. We use the double opt-in procedure when we send out our newsletters: when you sign up for our newsletter, you receive a confirmation e-mail containing a link. When you click on this confirmation link, we save your successful registration in our system and report this to ActiveCampaign.
You can find further information on data protection at Active Campaign at www.activecampaign.com/legal/privacy-policy.
11. Advertising information by e-mail or chat
If you have agreed to receive news on products or services that we offer by e-mail, we process your e-mail address and, where appropriate, the information stored in your account on the basis of your corresponding consent in order to send you information on our services, products and special offers in the areas of life insurance and retirement provision. You can unsubscribe from any e-mails that are not essential at any time. We can also evaluate the data generated when our e-mails are delivered and accessed for analysis purposes and to improve our communications. Your personal data is not disseminated to third parties in connection with an e-mail subscription, with the exception of technical service providers that allow us to send out communications and analyse the results of these communications. We only process your data in order to select customised content and to send out news on products and services based on the consent you have granted. The legal basis is Article 6(1)(a) of the GDPR.
12. Dissemination of personal data to third parties
Personal data can be disseminated to third parties that act on our behalf so that the personal data can be processed in line with its underlying purpose, for example the performance of the services offered, the analysis of user behaviour on our website or technical support. We subject these third parties to a contractual obligation, based on agreements provided for by law, only to use personal data for the agreed purpose or not to disseminate your personal data to other parties without your consent, unless such consent is not required by law. If you want to receive further information on our contract data processors, feel free to contact us at the address set out in section 2. If other categories of recipients of personal data arise in connection with the collection of data in the future, we will inform you when this data is collected for this purpose.
prosperity is part of the group known as the prosperity company AG. We can also use your personal data within our partner companies prosperity brokershome AG, cashyou AG and Liechtenstein LifeAssurance AG, which have their registered offices in Ruggell/Principality of Liechtenstein, for the individual purposes of these companies: contract management, development and offering of products, provision of services to third parties.
Some of the recipients are located outside of the European Union and the European Economic Area (EEA). You can find further information on cross-border transmission in general and on transmission outside of the EEA in section 13.
We can disclose your personal data if we are entitled or obliged to do so by law (e.g. based on applicable law or a court order).
13. Transmission of personal data to third countries
In some cases, it may be necessary to transmit the personal data concerning you as referred to above to countries outside of the EU and the EEA (hereinafter referred to as “third countries”). Specifically, we transmit personal data to the USA. Please note that third countries may not offer a level of data protection that is equivalent to the level that applies in the EU. When transmitting your personal data to third countries, we will, however, take suitable safeguards to protect your data appropriately. Appropriate safeguards include, for example, an adequacy decision made by the EU or a scenario in which the company has acceded to the Privacy Shield. If neither of these safeguards applies, we will conclude standard contractual clauses with the company concerned. You can find these at www.eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF. We would be more than happy to send you further details on the individual safeguards by e-mail on request.
14. Storage periods
We aim to keep any processing of your personal data to a minimum. If this statement does not specify any specific storage periods, we will only store your personal data for as long as is required in order to fulfil the purpose for which it was originally collected and– where appropriate– for as long as is required by law.
15. Your rights
You have the right to request information about the personal data concerning you that we process. On request, we will provide you with information, in particular, on the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the source of your data if it was not collected by us, and the existence of automated decision-making including profiling. Subject to the requirements set out in the GDPR, you have the right to rectification, to erasure, to restriction of processing, to data portability– unless, in the case of data portability, this involves disproportionate effort– and to object.
You also have the right to withdraw any consent you have granted to the use of your personal data at any time.
If you believe that the processing of your personal data by us contravenes applicable data protection provisions, you have the option of contacting the Liechtenstein Data Protection Office: (Datenschutzstelle Liechtenstein, Städtle 38, Postfach 684, 9490 Vaduz, Liechtenstein, phone: +4232366090, e-mail: firstname.lastname@example.org).
16. Validity of, and amendments to, this privacy statement
This privacy statement is currently valid and is the version dated 2nd December 2019. We reserve the right to amend this privacy statement to reflect new circumstances at any time. You can access the current valid privacy statement on the website at www.prosperity.app/en/data-privacy/.