Privacy policy and consent
1. Purpose of processing and responsible body
This data protection declaration clarifies the type, scope and purpose of the processing (including collection, processing and use as well as obtaining consent) of personal data within the scope of our online offering and related websites, functions and content (hereinafter jointly referred to as "online offering" or "website"). This privacy policy applies irrespectively of the domains, systems, platforms, and devices (e.g. desktop computer or cell phone) on which the online offer is executed.
The provider of the online offer and the responsible body for data protection is finpension AG, Hirschmattstrasse 36, 6003 Lucerne (hereinafter referred to as "provider", "we" or "us"). For contact details, please see the contact information on our website.
The term "user" includes all customers and visitors to our online offering. Terms such as "user" are to be understood in a gender-neutral manner.
2. Basic information on data processing
We only process users' personal data in compliance with the applicable data protection provisions, in accordance with the principles of data minimization and data avoidance. Users' personal data will therefore only be processed if we are legally authorized to do so, in particular if the personal data is required or prescribed by law for the performance of our contractual and online services, or if consent has been given.
We take state-of-the-art organizational, contractual, and technical security measures to ensure compliance with the provisions of the applicable data protection laws and therefore protect the personal data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.
If, within the scope of this privacy policy on data protection, content, tools or other means are used by other providers (hereinafter jointly referred to as "third-party providers") and their registered offices are abroad, it must be assumed that a transfer of data to the countries where the third-party providers are based takes place. The transfer of data to third countries is based either on a legal authorization, on user consent, or on special contractual clauses guaranteeing the data security required by law.
3. Personal data processing
Personal data, with the exception of the usage expressly mentioned in this privacy policy, will be processed only for purposes based on the authorization or legal consent of users.
We only pass on users' personal data to third parties if this is necessary to fulfil our contractual obligations to users. When you contact us (via the contact form or by e-mail), the user's data is stored for the purpose of processing the request and in the event that follow-up questions arise.
4. Data collection on access
We collect data on each access to the server on which this service is processed (so-called server log files). Access data includes the name of the website accessed, the file, the date and time of access, the amount of data transferred, notification of successful access, browser type and version, the user's operating system, the referring URL (the website previously visited), the IP address and the requesting provider.
We use data log, without personal assignment to the user or any other profile creation, and in accordance with the statutory provisions, solely for statistical evaluations for the purpose of operating, securing and optimizing our online offering. However, we reserve the right to check protocol data at a later date if there is a justified suspicion of illegal use on the basis of concrete evidence.
5. Cookies and measurement reach
Cookies are pieces of information that are transferred from our web server or third-party web servers to users' web browsers and stored there for later retrieval. Users are informed of the use of cookies for pseudonymous range measurement in this data protection declaration.
In principle, no personal data is collected and processed during your visit to our website, unless you voluntarily provide your personal data for a product or service. This online offer can also be used without cookies. If users do not wish to have cookies stored on their computer, they are invited to deactivate the corresponding option in their browser's system settings. Stored cookies can be deleted in the browser's system settings. Excluding cookies may restrict the functionality of this online offering.
It is possible to manage many online advertising cookies from companies via the US site http://www.aboutads.info/choices or the EU site http://www.youronlinechoices.com/uk/your-ad-choices/.
By using this website, users agree to our use of cookies and similar technologies and to the resulting processing of their personal data.
6. Google Analytics
We use Google Analytics, a web analysis service provided by Google Inc, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). Google uses cookies. The information generated by these cookies about the use of the finpension online offer by users is generally transmitted to a Google server in the USA and stored there.
Google will use this information on our behalf to evaluate the use of our online offer by users, to compile reports on activities within this online offer and to provide us with other services related to the use of this online offer and the Internet. In this context, pseudonymous user profiles may be created from the personal data processed.
The IP address transmitted by the user's browser is not combined with other personal data by Google. Users may prevent the storage of cookies by adjusting their browser settings accordingly; in addition, users may prevent the capture by Google of personal data generated by cookies and relating to their use of the online offering, as well as the processing of such personal data by Google, by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=fr.
For more information on how Google uses data for advertising purposes and on how you can set up and object to this, please visit the Google websites: https://www.google.com/intl/de/policies/privacy/partners ("How Google uses data when you use our partners' websites or applications"), http://www.google.com/policies/technologies/ads ("How Google uses data for advertising purposes"), http://www.google.fr/settings/ads ("Managing the information Google uses to show you ads") and http://www.google.com/ads/preferences ("Determining which ads Google shows you").
7. Google-Re/Marketing-Services
We use Google's marketing and remarketing services (abbreviated to "Google Marketing Services").
Google's marketing services enable us to display ads for and on our website in a more targeted way, so that users only see ads that potentially match their interests. For example, if users receive ads for products that interest them on other websites, this is known as "remarketing". To this end, when users call up our website and other websites on which Google's marketing services are active, code is run directly by Google and (re)marketing tags (invisible graphics or codes, also known as "web beacons") are integrated into the website. With their help, an individual cookie, i.e. a small file, is stored on the user's device (instead of cookies, comparable technologies may also be used). Cookies may be set by various domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records the websites visited by the user, the content of interest and the offers clicked on, as well as technical information on the browser and operating system, referring websites, visiting time and other information on the use of the online offer. The user's IP address is also recorded. Within the scope of Google Analytics, we inform you that the IP address is shortened in the member states of the European Union or in other states party to the Agreement on the European Economic Area and, in exceptional cases, is transmitted in its entirety to a Google server in the USA and shortened there. The IP address is not merged with user data for the purposes of other Google offers. The above-mentioned information may also be combined with such information from other sources. If the user subsequently visits other websites, ads tailored to his/her interests may be displayed.
Users' personal data is processed in a pseudonymous form as part of Google's marketing services. This means, for example, that Google does not store or process the user's name or e-mail address, but processes the relevant data in the form of cookies as part of pseudonymous user profiles. This means that, from Google's point of view, ads are not managed and displayed for a specifically identified person, but for the holder of the cookie, irrespective of who the latter is. This does not apply if a user has expressly authorized Google to process data without this pseudonymization. The information collected by "DoubleClick" about users is transmitted to Google and stored on Google servers in the USA.
The Google marketing services we use include the "Google AdWords" online advertising program. In the case of Google AdWords, each AdWords customer receives a different "conversion cookie". Cookies can therefore not be tracked via AdWords customer websites. The information gathered via the cookie is used to compile conversion statistics for AdWords customers who have opted for conversion tracking. AdWords customers are informed of the total number of users who clicked on their ad and were redirected to a page featuring a conversion tracking tag. However, they receive no information that can be used to identify users personally.
We include third-party ads based on Google's "DoubleClick" marketing service. DoubleClick uses cookies to enable Google and its partner sites to serve ads based on users' visits to this or other websites.
We also include third-party ads based on Google's "AdSense" marketing service. AdSense uses cookies to enable Google and its partner sites to serve ads based on users' visits to this or other websites.
8. Google Tag Manager
We also use "Google Tag Manager", which can be used to integrate other Google analytics and marketing services into our website (e.g. "AdWords", "DoubleClick" or "Google Analytics").
Further information on Google's use of data for marketing purposes can be found on the overview page: https://www.google.com/policies/technologies/ads . Google's data protection declaration can be found at https://www.google.com/policies/privacy.
If you wish to object to the collection of data by Google's marketing services, you can use the settings and opt-out options provided by Google: http://www.google.com/ads/preferences.
9. Cloudflare
We use the "Cloudflare" service. The provider is Cloudflare Inc, 101 Townsend St, San Francisco, CA 94107, USA (hereinafter "Cloudflare").
Cloudflare offers a globally distributed content delivery network with DNS. This technique routes the transfer of information between your browser and our website via Cloudflare's network. This enables Cloudflare to analyze the traffic between your browser and our website and to act as a filter between our servers and potentially malicious Internet traffic. In doing so, Cloudflare may also use cookies or other technologies to recognize web users, but these are only used for the purpose described here.
Cloudflare is a certified participant of the "EU-US Privacy Shield Framework". Cloudflare is committed to processing all personal data received from European Union (EU) member states in accordance with the "Privacy Shield Framework".
The use of Cloudflare is based on our legitimate interest in providing our online offering as error-free and secure as possible (art. 6 para. 1 lit. f DSGVO).
You can find out more about Cloudflare's security and data protection at https://www.cloudflare.com/privacypolicy/.
10. Datadog
Datadog service functions are integrated into our platform. Datadog is a monitoring system from the American company Datadog, Inc. 620 8th Ave, 45th Floor, New York, NY 10018 USA. The system alerts our development team to any errors in the application. Log data is transmitted to Datadog, Inc. for this purpose.
For more information on security and privacy at Datadog, Inc. please visit www.datadoghq.com/legal/privacy/.
11. Social Plugins
Our online service uses social plugins from social networks. These plugins can be recognized by the logos of the social network providers.
When a user calls up a function of this online offering that contains such a plugin, his or her device establishes a direct connection with the servers of this social network. The content of the plugin is transmitted directly to the user's device by the social network provider and integrated by the user into the online offering. User profiles can be created from the processed data. We therefore have no influence on the extent of personal data collected by social network providers using plug-ins, and therefore inform users to the best of our knowledge.
By integrating plugins, social network providers receive the information that a user has called up on the corresponding page of the online offering. If the user is logged in to the social network provider, the latter can allocate the visit to the user's account. The purpose and scope of the collection, further processing, and use of personal data by social network providers, as well as the rights and setting options relevant to the protection of user privacy, can be found directly in the data protection information of the social network providers.
Further settings and objections to the use of personal data for advertising purposes are possible in the profile settings of social networks or via the US site http://www.aboutads.info/choices/ or the European site http://www.youronlinechoices.com/.The settings are platform-independent, i.e. they apply to all devices, such as desktops or mobile devices.
12. Newsletter
With the following information, we would like to inform you about the content of our newsletter, as well as about the registration, dispatch, and statistical evaluation procedure, and about your right of objection. By subscribing to our newsletter, you agree to receive it and to comply with the procedures described.
We collect personal data that you have voluntarily communicated to us, for example when you communicate with us via e-mail or other communication channels, or when you ask us to send you notifications, newsletters (customer information) or other (marketing) information. In some cases, we supplement your personal data with information we have found through other sources, such as publicly available data search engines, industry newsletters, social media platforms and via your employer's website, in order to determine/confirm your current role.
Newsletter content: We send out newsletters, e-mails and other electronic notifications containing up-to-date information on pension and retirement savings or other financial topics. We base this on our legitimate interest in keeping in touch and communicating with you as a business partner or customer in order to keep you informed of finpension's activities and to share other news. We assume that our legitimate interests are consistent with the regulatory framework and your rights.
Newsletter dispatch: Newsletters are sent via Mailchimp (hereinafter referred to as the "sending service provider"). The mailing service provider's data protection rules can be consulted here: https://mailchimp.com/legal/privacy/.
The e-mail addresses of our newsletter recipients, together with their other personal data described in this notice, are stored on the servers of the mailing service provider. The latter uses this information to send and evaluate the newsletter on our behalf. In addition, the mailing service provider may use this personal data according to its own information to optimize or improve its own services, e.g. for technical optimization of newsletter dispatch and presentation, or for economic purposes to determine the countries from which recipients originate. However, the sending service provider does not use the personal data of our newsletter recipients to write to them or pass them on to third parties.
Registration data: To subscribe to our newsletter, simply enter your e-mail address.
Cancellation/revocation: You may cancel receipt of our newsletter at any time, i.e. revoke your consent. Your consent to the dispatch of the newsletter by the dispatch service provider and to statistical analyses will then expire at the same time. Unfortunately, it is not possible to cancel the newsletter or the statistical analysis separately. You will find a link to cancel the newsletter at the end of each newsletter.
13. Open AI
We use APIs from OpenAI OpCo, LLC, 3180 18th Street, San Francisco, CA, United States (abbreviated as "OpenAI") to provide automated answers and summaries to user questions in chats on our website or in our app.
OpenAI does not use the personal data transmitted by customers via our API to train or improve their models.
All personal data sent via the API is retained by OpenAI for a maximum period of 30 days for abuse monitoring purposes, and then deleted (unless otherwise required by law).
API Privacy Policy: https://openai.com/policies/api-data-usage-policies
Conditions of use: https://openai.com/policies
14. Integration of third-party services and content
As part of our online offering, content, or services from third-party providers, such as city maps or fonts from other websites, may be integrated. The integration of third-party content always assumes that the third-party provider knows the user's IP address, as without this address they would not be able to send the content to the user's browser. The IP address is therefore necessary for the presentation of this content. Third-party content providers may set their own cookies and process user data for their own purposes. In this context, user usage profiles may be created from the personal data processed. We will use such content in a data-saving and data-avoiding manner wherever possible, and will select third-party suppliers who are reliable with regard to data security.
15. Rights of users and deletion of data
Users have the right to obtain, on request and free of charge, information about the personal data we have stored about them.
In addition, users have the right to rectify inaccurate data, revoke consents, block and delete their personal data, and lodge a complaint with the competent supervisory authority in the event of suspected unlawful data processing.
Personal data stored by us is deleted as soon as it is no longer required for its intended purposes and there is no legal obligation to retain it.
16. Changes to the privacy policy
We reserve the right to modify the privacy policy at any time. If necessary, changes will only be made with the consent of the user affected by the change.
The version published on this website is the current version.
- Purpose of processing and responsible body
- Basic information on data processing
- Personal data processing
- Data collection on access
- Cookies and measurement reach
- Google Analytics
- Google-Re/Marketing-Services
- Google Tag Manager
- Cloudflare
- Datadog
- Social Plugins
- Newsletter
- Open AI
- Integration of third-party services and content
- Rights of users and deletion of data
- Changes to the privacy policy