Data privacy

1. Responsible Person
FWU AG is responsible for the following privacy policy. The FWU Group comprises numerous subsidiaries and branches, whereby the same privacy policy applies to the subsidiaries and branches listed below. If individual points of this privacy policy do not apply to individual subsidiaries and/or branches, this will be indicated at the relevant point. No further data processing takes place beyond the following.
In the following we would like to,

  • FWU AG,

  • FWU Life Insurance Lux S.A. and its branches,

  • FWU Life Insurance Austria AG and

  • FWU Invest S.A.

in accordance with the legal notice, hereinafter also referred to as "FWU", "we", "us", "our" etc., inform you about the processing of your personal data in connection with the use of our following websites:

  • https://www.forwardyou.com

  • https://www.fwuinvest.com

  • https://www.fwu.life

  • https://www.fwulife.de

  • https://www.fwulife.it

  • https://www.fwulife.fr

  • https://www.fwulife.es

  • https://www.fwulife.be

  • https://www.fwulife.at

  • https://fwu.investments

The controller within the meaning of the GDPR for the processing named in this privacy policy is the company named in the website's legal notice.

You can send enquiries regarding the processing of your personal data at any time to the following email address: datenschutz@forwardyou.com.

If you have any further questions regarding data protection in connection with our website or the services offered on the website, you can also contact the responsible data protection officer on site. Simply address your enquiry to:

  • FWU AG: datenschutzbeauftragter@forwardyou.com

  • FWU Life Insurance Lux S.A. (Luxembourg): datenschutzbeauftragter@fwu.life

  • FWU Life Insurance Lux S.A. (Germany): datenschutzbeauftragter@fwulife.de

  • FWU Life Insurance Lux S.A. (Italy): RPD@fwulife.it

  • FWU Life Insurance Lux S.A. (France): DPD@fwulife.fr

  • FWU Life Insurance Lux S.A. (Spain): proteccion-datos@fwulife.es

  • FWU Life Insurance Lux S.A. (Belgium): info@fwulife.be

  • FWU Life Insurance Austria AG: datenschutzbeauftragter@forwardyou.at

  • FWU Invest S.A. (data protection support team): info@fwuinvest.com

2. Scope, purpose and legal basis for the processing of personal data
In the following situations, we collect and use personal data directly from our users or from other sources (as described below):

2.1 Provision of the website and creation of log files Each time a user accesses our website, our system automatically records data and information from the requesting computer system. In this context, the following data ("technical information") is recorded:

  • Information about the type and version of the browser

  • The user's operating system

  • The user's internet service provider

  • The IP address of the user

  • Date and time of access

  • The websites from which the user's system accesses our website

  • Websites that the user's system accesses via our website

The data is stored in the log files of our system. This data is not stored together with other personal data of the user.

In this context, we collect and use the technical information for the purposes of (network) security (e.g. to be able to combat so-called cyberattacks), marketing, gaining a better understanding of our users' needs, continuously improving our website and providing the website to the computer of the user concerned.

The purpose of storing data in log files is to ensure the functionality of the website. In addition, we use the data to optimise the website and ensure the security of our information technology systems. In this context, the log files are not analysed or used for marketing purposes.

The legal basis for the temporary storage of data and log files can be found in Article 6 (1) f GDPR.

With regard to the retention of this data, please refer to section 3 of this privacy policy below. In principle, we only store personal data for as long as it is required for the fulfilment of contractual purposes or in any other way.

2.1.1 Use of cookies
Our website uses cookies. Cookies are text files that are stored in the web browser or by the web browser in the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. These cookies contain a specific string of characters that can be used to uniquely identify the browser when the website is accessed again.

Cookies are stored on the user's computer. From there, they are transmitted to us. As the user, you have full control over the use of cookies. You can activate or restrict the transmission of cookies by changing the settings of your web browser. Cookies saved at an earlier point in time can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all the functions of the website without restriction.

For more information about the cookies we use, their purpose and the legal basis, please refer to our cookie policy.

2.1.2 Tracking tools (tracking tools)
Our website uses so-called tracking tools. Tracking tools are used to significantly increase the efficiency of our website.

For more information about the individual tools, their purpose and legal basis, please refer to our policy on tracking tools.

2.1.3 Plugins for social media
On our website, we use plugins for social media in the form of a "two-click solution". With this "two-click solution", your data is only transferred to the relevant social media.

The use of plugins on our website is based on our legitimate interests in connection with marketing purposes (Article 6 (1) f GDPR).

For more information about the individual plugins, please also refer to our policy on cookies/tracking tools.

2.1.4 Marketing automation
FWU AG uses Hubspot as marketing automation software for communication and for recording customer data.

Hubspot's product infrastructure is hosted on Amazon Web Services in the eastern US. In addition, Hubspot uses the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany) to support the processing of local customer data that is critical to Hubspot customers' businesses. This includes leads, email events and analytics. European customer data is processed and secured in the EU before being transferred to and stored in the US. The cloud infrastructure hosted on GCP provides all Hubspot customers with additional redundancy for critical components of the system.

Hubspot is fully committed to protecting customer data, in particular by providing a secure and lawful transfer mechanism for the transfer of data from the EU to the US. Hubspot, Inc. is certified under the EU-U.S. Data Privacy Framework (EU-U.S. DPF) (read here). The EU-U.S. DPF is an adequacy decision by the European Commission for the transfer of personal data from the EU to the USA. For companies that certify to the EU-U.S. DPF and comply with its rules, the European Commission considers that the United States now provides an adequate level of protection for personal data and enables secure and trustworthy data flows between the U.S. and the EU. For more information, please see Hubspot's Data Processing Agreement and Hubspot's Commitment to Protect EU Data Transfers.

Use for web analysis:
For website analysis, data is automatically collected and stored on our websites using Hubspot, Inc. technologies (www.hubspot.com), from which user profiles are created using pseudonyms. In accordance with Art. 6 (1) f GDPR, this serves to safeguard our legitimate interests in an optimised presentation of our offer, which predominate in the context of a balancing of interests. Cookies may be used for this purpose. After the end of the purpose and the end of the use of Hubspot by us, the data collected in this context will be deleted.

Use for user account management and communication:
We also use Hubspot, Inc. technologies on our websites to manage user accounts. If you contact us via a contact form or a chat and enter your e-mail address, a user account is created and the communication content is stored in order to better process this and future enquiries. If you do not enter an email address, no user account will be created and the communication content will not be saved. We also use Hubspot to send emails. The legal basis for data processing in this respect is Art. 6 (1) f GDPR to safeguard our legitimate interests in the secure and efficient processing of your enquiries, which predominate in the context of a balancing of interests.

2.1.5 Use of Mailchimp
We offer you the opportunity to obtain information about our services via our website and the contact forms contained therein.

FWU uses the Internet service "MailChimp", a service of The Rocket Science Group, LLC, 512 Means Street, Suite 404, Atlanta, GA 30318, USA, hereinafter referred to as "The Rocket Science Group", for communication and for the collection of customer data.

The Rocket Science Group guarantees compliance with data protection requirements and is certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) (read here). The EU-U.S. DPF is an adequacy decision of the European Commission for the transfer of personal data from the EU to the USA. For companies that certify to the EU-U.S. DPF and comply with its rules, the European Commission believes that the United States now provides an adequate level of protection for personal data and enables secure and trustworthy data flows between the U.S. and the EU. The Rocket Science Group also offers further data protection information at http://mailchimp.com/legal/privacy/.

If you use our contact forms, the personal data requested during the registration process (e.g. surname, first name, email address and, if applicable, telephone or mobile phone number) will be processed by The Rocket Science Group. In addition, your IP address and the date of your registration are stored. The emails subsequently sent via The Rocket Science Group also contain a tracking pixel, also known as a "web beacon", in order to be able to compile statistics for analysis. The legal basis for data processing in this respect is your consent to data processing in accordance with Art. 6 (1) a GDPR or Art. 6 (1) f GDPR.

You can revoke your consent to the sending of emails in our contact form at any time with effect for the future in accordance with Art. 7 para. 3 GDPR. All you have to do is inform us of your cancellation or click on the unsubscribe link contained in every email. Further information on consent can be found below under point 8.

2.2 Use of the services offered on our website
We offer various services and applications on our website. In order to provide or make these available, we must collect and process personal data of the user or our customer.

2.2.1 Newsletter
You can subscribe to a free newsletter on our website. The data you enter in the input dialogue when subscribing to the newsletter will be sent to us and processed by us:

  • First name, surname

  • Email address

  • Postcode

  • Telephone number (this information is usually voluntary if you wish us to contact you by telephone afterwards)

In addition, the following data is collected during the subscription:

  • IP address of the requesting computer

  • Date and time of registration

During the subscription process, your consent to the processing of your data is obtained and reference is made to this privacy policy.

No data will be passed on to third parties in connection with the transmission of the newsletter. The data is used exclusively for the purpose of sending the newsletter.

We process your data in connection with the newsletter in order to send you news about interesting topics from the FWU Group. In addition, we process and use the email address entered to send you personalised offers in connection with the newsletter.

If you are directed to one of our websites via a link in the newsletter, clicking on the link also constitutes your consent for us to process and use your IP address, your geo-data, so-called "web beacons", or comparable technologies to check whether the offers addressed to you match your needs.

The legal basis for the processing of data in connection with the newsletter subscription by a user can be found in Article 6 (1) a GDPR on the basis of the consent given. Further information on consent can be found below under section 8.

The collection of your personal data also takes place for reasons of professional design of our services and to optimise costs (control and minimisation).

2.2.2 Statistical analyses
Your data may be analysed in a database to evaluate the preferences of our users ("statistical analysis") for the purposes of interest-based marketing, an individual approach and ongoing optimisation of our business process. The purpose of this processing is to gain a better understanding of what our customers expect from us. It also enables us to offer you communication that is customised to your needs. These analyses also help us in the areas of fraud detection, auditing and security assurance; we therefore carry out this processing in order to protect our legitimate interests (Article 6 (1) f GDPR).

The collection of your personal data also takes place for reasons of professional design of our services and to optimise costs (control and minimisation).

2.2.3 Customer portal
You can log in to our customer portal on our website. To log in, you must use a user name and password, which you will receive from us. Once you have logged in to the customer portal, you can change your master data, contact details and bank details.

The purpose of this processing is to make it easier for you to view the personal data we have collected from you. We also receive notification of any changes to your data, such as changes of address due to relocation.

As it is only possible to use our customer portal if you have concluded a corresponding insurance contract with one of our insurance companies, the legal basis for the processing of your personal data in connection with the customer portal is Article 6 (1) b GDPR.

The collection of your personal data also takes place for reasons of professional design of our services and to optimise costs (control and minimisation).

For more information on the customer portal, please refer to your insurance contract.

2.2.4 Find your advisor
You can use our "Find your advisor" service on our website so that an advisor in your area can contact you. To do this, you must enter your personal data (name, postcode, telephone number, email) in the contact form and send it off.

We will then pass this data on to a counsellor in your area who will contact you electronically or by post to arrange a consultation appointment with you. The data will not be passed on to any other recipients. The service will be made available to you for a period of 3 months from the date of dispatch, during which time the relevant counsellor may contact you.

We process your data to fulfil this service (Article 6 (1) b GDPR) and to fulfil legal obligations (such as tax obligations) (Article 6 (1) c GDPR).

Your data will be stored for at least 3 months (during which the service is made available to you). Please also refer to section 3 "Duration of data processing" of this privacy policy.

The collection of your personal data also takes place for reasons of professional design of our services and to optimise costs (control and minimisation).

2.2.5 Request for feedback
On our website, you can enter your contact details, such as your name, email address, telephone number and postcode, to ask us to contact you.

We process your data for pre-contractual reasons in order to fulfil your contract (Article 6 (1) b GDPR).

The collection of your personal data also takes place for reasons of professional organisation of our services.

2.2.6 Requesting a brochure
On our website you can provide us with your e-mail address to request a brochure. We will process your email address in order to provide you with the requested brochure. In the course of requesting a brochure, your consent to the processing of the data will be obtained and reference will be made to this privacy policy.

The legal basis for the processing of data based on your consent to receive a brochure can be found in Article 6 (1) a GDPR. Further information on consent can be found below under section 8.

The collection of your personal data also takes place for reasons of professional organisation of our.

2.2.7 "Work with us"
On our website, you can provide us with your contact details, such as your name, email address, telephone number and postcode, to apply to work for us as a consultant. We process your data in order to contact you.

The basis for this type of processing is pre-contractual reasons (Article 6 (1) b GDPR).

2.2.8 Sales information system ("Sales Information System" (SIS))
Brokers can log into the Sales Information System on our website. When logging in, you as a broker must use a user name and password that you have received from us. As soon as you are logged into the sales information system, you will see information about the contracts you have concluded.

The purpose of this processing is to make it easier for you to keep track of your work and the contracts you have concluded.

The legal basis for the processing of your personal data in connection with the sales information system is the fulfilment of the contract (Article 6 (1) b GDPR).

The collection of your personal data also takes place for reasons of professional design of our services and to optimise costs (control and minimisation) and protect the company from material and immaterial damage.

2.3 Further processing obligations
If we are legally obliged to do so, we may process personal data, for example to fulfil retention obligations such as under commercial or tax law. For more information on retention periods, please refer to the section "Duration of data processing".

2.4 Obligation to provide a precise description of personal data
For legally prescribed or contractual requirements, we have marked the respective input fields in the input masks on our website, which must be completed by you so that we can provide the contract or service you require.

3. Duration of data processing
Your personal data will be deleted as soon as it is no longer required for the stated purposes. Personal data may be retained for the period during which claims can be asserted against the FWU Group (limitation period of three to thirty years). In addition, personal data will be stored for as long as the FWU Group is legally obliged to do so. In particular, there are obligations to provide evidence and retain data arising from commercial and tax law as well as laws on money laundering.

4. Disclosure of personal data to third parties
In order for us to be able to offer you our products and services on the basis of our contractual obligations or against the background of our legitimate interests, we may have to pass on your personal data to third parties within or outside the FWU Group. The recipients can be assigned to the following categories:

  • Service provider

  • Marketing

  • IT

Personal data may be transferred to third countries or international organisations. For your protection and the protection of your personal data, suitable guarantees are provided for such data transfers in accordance with and in compliance with the legal requirements (in particular the application of EU standard contractual clauses) or there is an adequacy decision issued by the EU Commission (Art. 45 GDPR).

Information on the standard EU contractual clauses can be found at [http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2010:039:0005:0018:EN:PDF]. Information on the adequacy decisions taken by the EU Commission can be found at [https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en#dataprotectionincountriesoutsidetheeu].

If you would like to request a copy of the security measures applied, please contact the controller or data protection officer listed under 1.

In addition, we are under a legal obligation to provide personal data to state and international authorities (Article 6 (1) c GDPR) in connection with local and international regulations and treaties).

5. Rights of the data subject
The FWU Group endeavours to ensure fair and transparent processing. It is important to us that the data subjects can exercise their right to object on the one hand and the following rights on the other, if the relevant legal conditions are met:

  • Right of access (Article 15 GDPR)

  • Right to rectification (Article 16 GDPR)

  • Right to erasure ("right to be forgotten") (Article 17 GDPR)

  • Right to restriction of processing (Article 18 GDPR)

  • Right to data portability (Article 20 GDPR)

  • Right to object (Article 21 GDPR)

To exercise your right, you can send an email to the respective data protection officer of the respective controller (see section 1). Please note that in this case we will process your personal data in accordance with Article 6(1) c GDPR, on the one hand to be able to process your request and on the other hand for identification purposes.

We support you with all questions relating to data protection. In addition to contacting us, you also have the option of lodging a complaint with a data protection supervisory authority. You can find an overview of the data protection authorities at https://ec.europa.eu/newsroom/article29/items/612080.

6. AML/KYC
If we are an obliged party within the meaning of the Anti Money Laundering Act (AML) and the corresponding regulations and our customers, business partners and beneficial owners have to undergo a money laundering check (KYC), the collection and processing of personal data is based on Section 11a of the German Money Laundering Act (GwG).

Personal data is only collected and processed to the extent necessary to fulfil the purpose of processing. In particular, the risk-oriented fulfilment of general due diligence obligations in the form of identifying the beneficial owner can be regarded as a processing purpose.

§ Section 11 para. 5 sentence 2 regulates the following as an exception: The date of birth, place of birth and address of the beneficial owner shall be collected irrespective of the risk identified. This does not constitute a breach of the provisions of data protection law. We treat all personal data confidentially and with due care. They will not be passed on to unauthorised third parties.

7. Consent
If you have given us your consent to process your personal data, we would like to inform you that you can revoke this consent at any time if you wish.

If you have given us your consent for the newsletter, you can revoke this consent by clicking on the "Unsubscribe" link directly in the newsletter.

In other cases, you can contact the data protection officer of the respective controller named in section 1 if you have difficulties withdrawing your consent.

We ask for your understanding that your withdrawal of consent is only valid for the future and does not affect the lawfulness of processing carried out in the past. In some cases, we may be entitled to continue processing your personal data on another legal basis despite your withdrawal, for example to fulfil a contract.

8. Scope of the privacy policy
The above privacy policy applies exclusively to processing by the following websites:

  • https://www.forwardyou.com

  • https://www.fwuinvest.com

  • https://www.fwu.life

  • https://www.fwulife.de

  • https://www.fwulife.it

  • https://www.fwulife.fr

  • https://www.fwulife.es

  • https://www.fwulife.be

  • https://www.fwulife.at

  • https://fwu.investments