Privacy Policy

May 3, 2018 | 10 minute read
Privacy Policy

Our policy is actually quite simple: You own your data and we basically adhere to that principle in everything we do.


1. wefox

The websites,,,, and wefox APP are services offered by

FinanceApp AG
Stampfenbachstr. 138
8006 Zurich, Switzerland
HR CHE-375.651.476 / Canton Zurich

as the media owner. wefox is a brand of FinanceApp AG, which is utilised to offer the services of its subsidiary companies. By using wefox, you agree to the use of your data as described in the following.

Operatively, the services offered by FinanceApp AG subsidiaries are distributed regionally via the websites and the wefox app:


FinanceApp Switzerland AG
Stampfenbachstr. 138
8006 Zurich, Switzerland
HR CH- / Canton Zurich


wefox Group Services (GER) GmbH
Urbanstrasse 71
10967 Berlin, Germany
HRB 170236 B / Charlottenburg Local Court


wefox Austria GmbH
Tuchlauben 7a
1010 Vienna, Austria
FN 461009f / Vienna Commercial Court

wefox is a customer relationship management platform (CRM system based on Salesforce): EMEA Limited
100 New Bridge Street
London, United Kingdom

Data is processed based on the power of attorney awarded to the broker and the conditions of use of the wefox app and the customer portal. If you have awarded wefox a broker power of attorney, data relevant to insurance matters will be recorded, and your data will be transferred to insurers to collect insurance information and for contract management purposes. Over the course of customer management, our data will be transmitted to Salesforce, external service providers, and stored on various servers.


Amazon S3 – Frankfurt, GER
Amazon SNS – Frankfurt, GER
Heroku – Frankfurt, GER
Lionentry – Lwiw, UKR
Salesforce – Frankfurt, GER
Salesforce – London, UK

Service providers:

FinanceFox Services GmbH
Urbanstrasse 71
10967 Berlin, Germany
HRB 171284 / Charlottenburg Local Court

Service: Creation and maintenance of the homepage, IT services

FinanceFox Services BCN S.L.
Carrer de Vilamarí, 50
08015 Barcelona, Spain
NIF: B66700949

Service: IT support for app/web app

Apella AG
Friedrich-Engels-Ring 50
17033 Neubrandenburg, Germany
HRB 5046 / Neubrandenburg Local Court

Service: Commission and transaction data management (Germany)
Vermittlungsgesellschaft für Verbraucher-verträge AG
Schlesische Strasse 29-30
10997 Berlin, Germany
HRB 122171 B / AG Charlottenburg

Service: Commission and transaction data management (Germany)

Fonds Finanz Maklerservice GmbH
Riesstrasse 25
80992 Munich, Germany
HRB 159670 / Munich Local Court

Service: Commission and transaction data management (Germany)

Mitchell Street 5
UK EH6 7BD Edinburgh, United Kingdom

Service: Data Content Management (UK – Scotland)

2. Who is responsible for the safety of your data at wefoxgroup?
In the following, we will inform you about the treatment of your personal data within the scope of the wefox homepage, the web application (customer portal), and the wefox app. If you use our homepages at

or the wefox app or the wefox service portal, personal data will be recorded and processed by us.

FinanceApp AG is the media owner responsible for the website and use and security of the personal data of the users of this website. Both recording and saving, as well as the use of this information is therefore completed within the scope of applicable legal provisions only and, provided this is required, only following your corresponding consent. This applies in particular is personal data is collected by us and prior to any transfer of your data to third parties (e.g. our broker partners).

If you have questions or comments concerning data protection, you may also contact us via e-mail at [email protected] or via the respective subsidiary company of FinanceApp AG using the address indicated in the legal notice.
3. Which data must be protected?
Because the protection of your privacy is important during use of the app, we wish to inform you via the following information regarding which of your personal data are collected, used, and processed by us. You may access this data protection declaration at any time via the “data protection” section on our webpages:


Please note that the data protection declaration only describes the respective data collection, processing, and use of your personal data that takes places within the scope of use of and the functions connected with this and as listed in the general terms and conditions ( and the broker power of attorney completed with wefox.

The offer provided by may also include links to the pages of other providers. Since wefox does not have any influence on these websites, we recommend the user inform himself regarding the information provided there concerning data protection. wefox cannot accept responsibility for the content of linked pages.

The object of data protection includes all personal data that could be used to make connections with your identity.

In particular, master data like your name, address, e-mail, or IP address, telephone number, or usage data are collected. Usage data includes data that are required to use our websites, e.g. information regarding the start, end, and scope of the use of our websites and registration data. Furthermore, content data may also be affected, for example scanned-in insurance contracts or data that may be derived from this, especially health data specified by you. Health data qualify as sensitive data that are subject to special protection regulations.

Your personal data may also be processed via Internet use, e.g. via data transmission, on servers outside of the EU and the EEC by service providers located there, i.e. outside of the scope of application of guideline 95/46/EC of the European Parliament and the Council dated 24 October, 1995 on the protection of natural persons during processing of personal data and concerning free movement of data (OJ EC No. L 281 P. 31).

We hereby indicate that data transmissions on the Internet are generally subject to security gaps. Naturally, we always endeavour to protect your data according to the current technical standards as far as possible for this reason. However, we request your understanding that seamless protection of your data cannot be guaranteed.

4. Use of your personal data
Your data are essentially stored on the servers used by us and utilised for the purposes described in the following in particular.

4.1 Data collection while accessing
During access to wefox websites, your web browser automatically transmits data for technical reasons. The following data are stored separate from other data that you may provide to us under some circumstances:

Date and time of access
Browser type/version
Operating system used
URL of the previously visited website
Quantity of data sent

These data are only saved for technical reasons and shall not be assigned to a certain person at any time.

4.2 Registration and log-in
In order for you to use all of the benefits of wefox, registration and the related input of specific personal data is necessary. The entry of all data is voluntary. This involves the following data categories:

Dane and complete address data
Landline telephone number and/or mobile telephone number
E-mail address
Birth data (date, location, birth name)

4.3 Data utilisation for use by registered users
If you utilised services from wefox as described in the general terms and conditions and in the broker power of attorney that may have been completed with wefox, the personal content data entered by you shall only be used:

to provide the services offered via as they are described in the general terms and conditions and in the client contract that may have been completed with wefox,
if other special types of personal data are used and you have consented to this herein,
for the purpose of sending advertising, if you have provided corresponding consent to this, and
in addition to this, wefox requires this and other data entered by you to document the business relationship and to be able to react to requests, questions, and criticism.

4.4 Transfer to third parties and data protection on third-party websites
Furthermore, transfer of personal data to third parties without your consent shall only occur in the following cases:

If required for legal proceedings, personal data, and especially in case of cases of abuse, may be transferred to prosecuting authorities and damaged third parties.
Provision may also take place if this facilitates assertion of usage conditions or other agreements. wefox shall also be legally obliged to provide information to certain public agencies upon request. This includes requests from supervisory or financial authorities or courts.

Occasionally, we are required to utilise contractually bound external companies and service providers to offer our services, for example to provide our customer service or in case of hosting for In these cases, information shall be provided to these companies or individual persons to enable further processing. All service providers are carefully selected by us, regularly checked, and may only use the data for the purposes specified by us. They are also contractually obligated by us to treat your data according to this data protection declaration and the applicable data protection laws.

4.5. Platform tools
The following web services that are used on the wefox platforms may not be deactivated by the user:

WebApp (wefox customer portal)

Affilinet Tracking
Sale pixel of affiliate tracking network
Data sent: account id/user IP

Collection and evaluation of server log event data, log entries
Data sent: account id/user IP

Monitors the performance of the web applications in real time
Data sent: account id/user IP

Nano conversion
Conversion pixel of traffic network
Data sent: account id/user IP


Google Search Console
Uses Google search data to evaluate results data for the website.
Data sent: sitemap

Creates individual landing pages for marketing campaigns and uses overlays to increase conversions on all webpages.

App/web app and website

Tool for improving data security, distributed domain name server (DNS), content delivery network (CDN), Internet security services

Facebook Pixel
Tool for measuring advertising effectiveness
Data sent: no personalised data

Google Tag Manager
Individualised property assignment to the user, tag management system, integrated third-party services
Data sent: account id/user IP, event tracking

Google AdWords
Tool for personalised control of advertisements
Data sent: Account ID, user IP

Google Analytics
Evaluation/reports on website traffic
Sent data: page views, track goals (internal goal text keys), lead id, account id

Customer communication platform for live chats and on-boarding
Data sent: Account ID/user IP

Tracking tool for analysis of web/app user interactions
Data sent: Account ID/user IP

Product analysis and optimisation
Data sent: no personalised data

Tool for product analysis and optimisation of online marketing
Data sent: no personalised data

APP/iOS and Android

GoogleAnalytics/Firebase (metrics)
Evaluation of customer behaviour via windows/buttons used
Data sent: screen and event tracking

Google Places API
Enables access to HTTP interfaces, provision of geographic data and geocoding, route descriptions, altitude, location, and time zone data.
Data sent: User location

Marketing source tracking
Data sent: Account ID/user IP

Appsee (metrics)
Tool for improving user friendliness, analyses track opened windows, click buttons, heat maps, video screen recording for UI interactions

Sending screen, event tracking, action funnels, video recording
Data sent: no personalised data

Adjust (marketing campaigns)
Evaluation of app installations via external html links, mailing campaign, etc.
Data sent: device identifiers, marketing identifiers

Crashlytics (apps crash analysis)
Tool for improving application stability, crash events, non-fatal errors, performance analysis
Data sent: device identifiers, crash dump information, internal tracking data (e-mail, name, push token, performance app data, non-fatal error data)

Marketing Cloud (push notifications)
Sending push messages
Sent data: device identifiers, push token, Salesforce personal ID, User IP

Newsletter and Mailings

Creation of recipient lists for target group oriented marketing campaigns
Data sent: email address
Miss Moneypenny Technologies UG
SMS Gateway for customer approach
Data sent: Name, phone number, email address, insurance contract data

4.7 Social plug-ins provides recommendation buttons (so-called “social plug-ins/like buttons) that enable users to share content with the social network and its users. The operator of this network is Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (referred to as “Facebook” in the following).

In this case, uses the data protection-friendly “Shariff” technology:

This causes usage information (the content recommended by the user including the data and time and the IP address of the user) only to be transferred to Facebook after pressing the recommendation button in individual cases. Facebook itself, and not wefox, shall be responsible for further treatment of this information. The purpose and scope of any possible use of information by Facebook and the rights and setting options concerning this and protection of the user’s privacy are indicated in Facebook’s data protection guidelines:

If usage information should not be transferred to Facebook, the user should refrain from pressing the recommendation button.

4.8. Data transfer to non-EU countries
Lionentry/Ukraine: In order to offer wefox without additional costs, one-time data processing within the scope of our data content management partner in Ukraine via Lionentry UKR is required following provision of your data via the wefox app or the wefox service portal. The data provided to Lionentry shall be irrevocably deleted by Lionentry following expiry of the legal storage periods.

Naturally, we shall also endeavour to ensure an appropriate level of data protection to you by obligating our service providers to a suitable level of data protection. Upon request, you may receive information about the data provided to Lionentry and the contractually ensured data protection level.

Questions/right of objection
In case of questions about data processing in non-EU countries, please contact:

[email protected]
If you do not consent to processing your data in the non-EU countries listed, please make use of your right of objection.

5. Profiling
The term “profiling” refers to a type of automated personal data processing that consists of using personal data to evaluate specific personal aspects that relate to natural persons.

Within the scope of the “Foxcheck”, your insurance data are compared automatically to enable an initial evaluation of your insurance situation and to supply your with information about suitable insurance products.
If you have awarded a support agreement, an automation-supported comparison of your data will be completed at regular intervals to enable a continuous check of the suitability of your insurance protection.

6. Data security
We secure our website, the wefox app, and other systems with technical and organisational measures against loss, destruction, access, and alteration or distribution of your data by unauthorised persons.

Confidentiality during electronic transfer of health data is also ensured by implementation of the electronic transfer of health data via networks that are secured according to state of the art technology in the area of network security to guard against unauthorised access, i.e. by securing data transmission using cryptographic or structural design measures that specify network access exclusively for a closed or limited user/user group and that include user authentication measures and only use those protocols and processes that result in complete encryption of health data. In particular, storage of health data on requirement-oriented storage media (cloud computing) only takes place in an encrypted form.

In order to transfer personal data or to store sensitive health data as securely as possible, wefox uses encryption with TLS 1.2 (Transport Layer Security – 128 bit GCM SHA256). Data are transferred exclusively via HTTPS. This type of encrypted data transfer is used for all personal data.

7. Right of cancellation
You may delete your user account at any time, free of charge, without indication of any reason or object to further use of data by wefox in writing or by e-mail. Your data shall no longer be available for further use, shall be blocked until expiry of the legal storage period or until expiry of the specified limitation period, and shall then be irrevocably deleted. The legally specified periods may amount to up to 10 years, depending on the application case. We are happy to provide specific information about individual cases upon request.

8. Storage, information, and correction
Your insurance-relevant data shall be stored for the complete duration of your contractual relationship until expiry of the legal storage periods. Legal storage periods may vary according to the object of data processing and amount to up to ten years.
FinanceFox Germany GmbH only stores the data provided by you yourself during use of the wefox app or entered into the wefox service portal or by third parties on your behalf. Provided nothing else has been agreed to, all data collected shall be used exclusively for fulfilment of the broker agreement.

You are entitled at all times to free information about the data stored by us, processing locations, and storage locations. In this case, simply contact us by mail (for the address, see page 1), or write a brief e-mail to:

[email protected]

9. Changes to the data protection declaration
wefox reserves the right to change this data protection declaration. The current version of the data protection declaration is always available at our homepage. If this data protection declaration is changed in the future, you shall be informed about the changes by e-mail.
10. Data protection officer
If you have any questions or concerns about privacy, please contact our data protection officer:

Ernst & Young Law GmbH Rechtsanwaltsgesellschaft Steuerberatungsgesellschaft (EY Law)
[email protected]
11. Complaints offices
In case of complaints, please contact our data protection officer and any legally specified complaints offices. In particular, the following complaints offices are available to you:


Eidgenössischer Datenschutz- und
Öffentlichkeitsbeauftragter EDÖB
Feldeggweg 1
3003 Bern, Switzerland


Bundesbeauftragte für den
Datenschutz und die Informationsfreiheit
Husarenstrasse 30
53117 Bonn, Germany


Österreichische Datenschutzbehörde
Hohenstaufengasse 3
1010 Vienna, Austria