Munich Re PCC Limited
Whitehall Mansions, Level 4
Ta' Xbiex Seafront, Ta' Xbiex
Authorised Representatives: Peter Miehle and Birger Schimpf
Malta Financial Services Authority (MFSA)
Notabile Road, BKR3000, Attard
Telephone: +356 2144 1155
Fax: +356 2144 1188
Under the terms of the Insurance Business Act 1998, MFSA has authorised the Company, a protected cell company, to transact long term insurance business in or from Malta.
Registry of Companies of Malta, Company No.: C81097
VAT ID: MT 2439-5005
For product related questions, please contact our customer service:
On Service GmbH
Telephone: +49 40 88 14 12 266
Fax: +49 40 88 14 12 269
We are not prepared or obliged to take part in dispute settlement procedures in front of a consumer arbitration board (Verbraucherschlichtungsstelle, §36 paragraph 1 No. 1 VSBG).
The European Commission is providing a platform for online dispute settlement (OS platform). You can reach them at ec.europa.eu/consumers/odr
General Terms and Conditions for Use of the VestUp Mobile Application and Website
As of June 2018
- Any and all use of the “VestUp” Mobile Application ("Mobile App") and "VestUp" Website (www.vestup.de, "Website") offered by Munich Re PCC Ltd., a cell company formed in accordance with the provisions of the Companies Act (Cell Companies Carrying on Business of Insurance) Regulations (Subsidiary Legislation 386.10 of the Laws of Malta), appearing hereon on our own behalf and in respect of the Savings & Investments Cell (the "Company" or "we") is permitted to our customers (each a "Customer") exclusively in accordance with the present terms and conditions (the "T&C").
The following Company is responsible for the content and services rendered through the Mobile App or Website and is Customer's contractual partner:
Munich Re PCC Ltd., in respect of the Savings & Investments Cell
Address: Level 4, Whitehall Mansions, Ta’ Xbiex Seafront, Ta’ Xbiex, XBX 1026, Malta,
Tel: +356 21344066
VAT-ID: MT 2439-5005
- The services offered in the Mobile App and on the Website are directed exclusively to consumers. For the purpose of these T&C, "Consumer" is any natural person entering into the contract for purposes that are predominantly outside his trade, business, craft or profession (Art. 2 (1) Directive 2011/83/EU, Sec. 13 BGB).
- We reserve the right to unilaterally change these T&C, provided they have become part of the contractual relationship with the Customer, to the extent such changes are necessary, or to bring the T&C in line with new legal or technical requirements. We will inform the Customer about the amended provisions. The changes will become effective and will be part of the contractual relationship with the Customer, unless the Customer has objected to this by giving notice in written or text form within a period of four weeks following the notification about the changes.
- Company is entitled to discontinue operation of the Mobile App and/or the Website, in full or in part, at any time without justification. If so, Customers will be granted an alternative for accessing their accounts, financial status, and insurance contracts.
Registration, User Account
- A Customer can register and create a personal user account ("User Account"). Each Customer shall keep only one User Account at the same time. Registration, activation and use of the User Account are free of charge. Upon registration, the User Account may be used for the Mobile App and the Website.
- We are not obligated to accept a registration by a Customer.
- The Customer may review and change his entry duringt he registration process by using the keyboard of his device. The Customer may at any time access and view these T&C within the Mobile App and on the Website, where they may also be downloaded and printed.
- The User Account will be activated without undue delay after registration. A Customer shall be notified of the activation of his User Account by e-mail. Hereafter, the Customer can log in with his credentials (user name and password). The contractual relationship between the Company and the Customer regarding the use of the Mobile App and the Website is concluded at the time the Customer receives the notification of the activation of its User Account. The languages available for concluding the agreement are: German and English.
- All information and details provided by the Customer must be true, and any future changes must be communicated without undue delay, in particular if the Customer should cease to be a Consumer (as defined inSec.1 (3) above). The Customer is entitled to view, amend or delete his information and his account settings at any time. Provided a legitimate interest can be demonstrated, we reserve the right to postpone the effectiveness of a change until written evidence is supplied by the Customer.
- In the event of a violation of (i) applicable law, (ii) these T&C, or (iii) other applicable contractual terms, we reserve the right to withhold any features of the Mobile App and/or the Website, to temporarily suspend the User Account, to delete the User Account irrevocably or to take any other appropriate measure (virtual domestic authority). We shall decide on any such measure at our own discretion. However, in any case, we will provide the Customer with alternative means for reviewing and accessing Customer’s account, financial status, and insurance contracts.
- The Customer may delete his User Account at any time without stating any reasons. A suspension or deletion of the User Account does not affect previously created mutual rights and obligations.
- The Customer may not transfer the User Account and the rights and obligations resulting therefrom without our prior written consent. The use of the User Account deems the respective user to be authorized to use the User Account. The Customer hereby authorizes the respective user of the User Account to make use of the User Account on behalf and for the account of the Customer.
- The Customer must keep his credentials confidential and limit the access to his User Account. In particular, the Customer must protect his credentials against loss, theft and any other misuse. He must notify us of any loss of credentials in text form without undue delay.
- Any damage caused as the result of unauthorized use of the credentials shall be attributed to the Customer if Customer caused the unauthorized use by means of an intentional or negligent violation of one of his duties set forth in Section 2 (9).
Services, Information on Products
- Company offers a Mobile App and a Website regarding information and use of financial products offered by Company, in particular regarding life insurances. For that purpose, Company keeps certain information available for retrieval or download in the Mobile App and on the Website.
- The financial products offered within the Mobile App and on the Website can be selected by the Customer. Further information will be provided to the Customer in the course of the conclusion of contracts regarding such products. Such insurance contracts, including their conclusion via the Mobile App or Website, will be governed by separate terms and conditions which will be presented to the Customer before the conclusion of the insurance contract.
Rights to Use the Information, Software and Documentation
- Use of the information, software and documentation made available in the Mobile App and on the Website is governed by the present T&C.
- Company grants the Customer a non-exclusive, non-transferable right to use and copy the Mobile App and the information and documentation made available in the Mobile App and the Website for the purposes laid out in these T&C. Company has licensed these rights from Munich Reinsurance Company, Königinstraße107, 80802 Munich, Germany.
- The right to copy is limited to the installing, loading, displaying, running and storing of the Mobile App on a mobile device that is in the Customer’s immediate possession.
- The Mobile App itself as well as the information and documentation provided in the Mobile App and on the Website are protected both by copyright laws and international copyright agreements, and by other laws and agreements pertaining to intellectual property. The Customer shall observe these rights and, in particular, the Customer shall not remove any alphanumeric codes, trademarks, designs or copyright notices either from the Mobile App, the Website information or the documentation, or from copies thereof.
- We shall not be liable for damages towards the Customer with the following exceptions:
a) if a guaranteed quality is not present;
b) for claims regarding damages for injury to life, body or health due to intentional or negligent breach of duty by us or by our legal representative or persons we engage in the performance of our obligations;
c) for claims regarding other damages arising from an intentional or grossly negligent breach of duty by us or by our legal representative or persons we engage in the performance of our obligations;
d) for violation of material contractual obligations whose breach jeopardizes the achievement of the purpose of the contract or whose fulfilmentis a prerequisite for enabling the proper fulfilment of the contract and on the fulfilment of which the customer regularly relies (Kardinalpflichten);
e) for claims under the applicable product liability laws.
- In cases of paragraph (1) d) above, the amount of our liability is limited to the damages which typically occur and are foreseeable at the time of conclusion of the contract.
- We shall be liable for loss of data only up to the amount of typical recovery costs that would have arisen had proper and regular data backup measures been taken.
- In case there is a limitation or exclusion of our liability, such limitations and exclusions shall also apply to the personal liability of our employees, representatives, officers and persons we engage in the performance of our obligations.
- In consideration of the properties of the internet and of computer systems, Company assumes liability neither for the uninterrupted availability of the Mobile App and the Website nor for interoperability with other applications, mobile devices and operation systems.
- We shall not be liable for damages towards the Customer with the following exceptions:
- We collect, process and use Customer's personal data when you use our Mobile App and/or the Website and enter into contractual relationships with us. We do so in compliance with applicable data protection law.
- For further information on the collection, process and use of Customer's data, we refer to our data privacy statement
The contractual relationship between us and the Customer shall be governed and interpreted in accordance with the laws of Germany, excluding its conflict of law provisions. For consumers residing in another member state of the EU, the mandatory consumer protection provisions of the law of such member state will remain unaffected.
Information on Alternative Dispute Resolution (ADR)
We are neither willing nor obliged to participate in consumer ADR-proceedings (Sec. 36 (1) no. 1 German Alternative Dispute Resolution Act in Consumer affairs, "VSBG").
If one or several provisions of these T&C should be or become legally invalid for any reason whatsoever, the validity of the remaining provisions shall not be affected thereby. In such case, the invalid provision shall be replaced by the provision of statutory law. If such statutory law does not exist (loophole) or led to unreasonable results, the parties will enter into negotiations to replace the invalid provision by another provision coming as close as possible to the legal and economic purpose of the invalid provision.
Data Privacy Statement of Munich Re PCC Limited - Savings & Investments Cell
Version: August 2018
We, Munich Re PCC Limited, a cell company formed in accordance with the provisions of the Companies Act (Cell Companies Carrying on Business of Insurance) Regulations (Subsidiary Legislation 386.10 of the Laws of Malta), having Company Registration Number C 81097, appearing hereon on our own behalf and in respect of the Savings & Investments Cell and having its registered office at Level 4, Whitehall Mansions, Ta ́ Xbiex Seafront, Ta ́ Xbiex, Malta, are incorporated and existing under the laws of Malta and under such laws we are licensed to conduct insurance and reinsurance business.
We thank you for your interest in our “VestUp” Mobile Application (hereinafter "Mobile App"). Our Mobile App contains information about, and offers for, our various financial products, in particular life insurances.
This policy explains how, when, for what purposes and for how long we collect, store, process, transfer and use your personal data relating to you and what corresponding rights you have. We are committed to ensuring the protection of all personal data that we hold and to fulfilling our responsibilities and obligations under applicable data protection legislation and regulation, in particular the European General Data Protection Regulation (Regulation (EU) 2016/679, hereinafter "GDPR") and the Data Protection Act (Cap. 586 of the Laws of Malta)as amended.
The Mobile App is not intended for children, and we do not knowingly collect data relating to children.
1. General Information
1.1 Controller and Data Protection Officer
The following entity is the data controller and responsible for your personal data):
Munich Re PCC Ltd.
Level 4, Whitehall Mansions, Ta'Xbiex Seafront, Ta'Xbiex, XBX 1026, Malta
You can contact our data protection officer by using the following contact details:
Münchener Rückversicherungs-Gesellschaft AG
Aktiengesellschaft in München
Königinstr. 107, 80802 Munich
Phone: +49 (89) 38 91-0
Fax: +49 (89) 39/ 90-56
1.2 Your Duty to Inform Us of Changes
It is imperative that the personal data we hold about you is accurate and current at all times. Please keep us informed if your personal data changes during your relationship with us
1.3 Definition of Personal Data
Personal data means any information concerning an identified or identifiable natural person ("data subject"). This includes, for example, information like your name, e-mail address, postal address, telephone number or information that may be used to identify you, such as an online ID or other special features, provided that the information is in each case attributable to you. Other information that is not directly related/linked to you and cannot be related/linked to your identity, such as aggregated data or anonymised data does not fall under this category.
2 What Data are Processed
You are not required to provide personal data when using the Mobile App. There are, however, services with regard to which we need your personal data, for example, in order to conclude a contract with you or to send you information on a contract or other contractually relevant information. Without these data, the desired services cannot be rendered.
Based on information you have provided we render a personalised risk analysis in order to assess which financial products to offer you. For example, certain data you have entered and topics you are most interested in will be analysed by us in order to assess which of our products and services suit you best, now and in the future.
2.1 Personal Data Collected When Using the Mobile App
If you make use of the Mobile App to purchase our insurance products and services, we will ask you for personal data and store and process such data which is necessary for us to be able to provide the services which you request. These data include, for example: your name, e-mail address, mobile telephone number, date of birth, place of birth, gender, postal address, passport information (in accordance with applicable law) and potentially a photograph for verification via video (see Online Identity Verification below), and payment information (such as bank account information). We will protect and store these personal data in accordance with applicable law and prevailing market standards.
2.2 Personal Data Collected during Online Identity Verification
In the course of an online identity verification we collect, process and store the following personal data: your full name, place of birth, date of birth, nationality, gender, registered address and mobile phone number. In order to verify your identity, we are obliged to cross-check the information provided by you with your national ID card or passport.
In accordance with our legal obligations under applicable anti-money laundering legislation and regulations, we are further obliged to collect, process and store the type of document you have used to verify your identity, the national ID/passport number and the issuing authority. For this purpose, we will store a copy (e.g. screenshot) of your national ID card or passport. We are also under a legal obligation to store all data collected within the online identity verification process for at least five years due to statutory retention periods.
2.3 Personal Data and Third Party App Store
3. Legal Basis and Purposes for Which We Process Your Personal Data
We process your personal data in compliance with the provisions of the GDPR and all other applicable data protection laws.
The specific legal basis for the data processing depends on the context within which and the purpose for which we receive your data.
As a rule, your personal data are collected and processed for the purposes of performing the contract concluded with you, which is concluded upon your acceptance of our Terms and Conditions and the use of our services. This also includes communicating with you and sending you the requested information in relation to the services you request.
In particular, we will use the personal data to understand your risk profile and your monetary goals so that we can give you tailored recommendations in order to fulfil our contractual obligations with you and provide the services you request.
As indicated in Section 2.2 above, we may also need to collect personal data in order to comply with our legal obligations. In particular, we are obliged to collect identification verification documentation in compliance with our applicable anti-money-laundering and identification (KYC – Know Your Customer)legal obligations.
In limited circumstances, we shall request your consent in order to be able to process your personal data. In particular, we shall request your consent in order to use your name and contact details in order to send you marketing information.
Any further collection, storage, processing, transfer or use of your personal data is subject to a separate consent (unless it is permitted or required by applicable law). If you have expressly given us your consent to e-mail advertising, its content will correspond with the following declaration of consent:
Permission for E-Mail Advertising
"I agree to receive personalised information about VestUp via e-mail on a regular basis (I can unsubscribe at any time)"
We will record any consent declaration according to the statutory requirements and make them available to you at any time. You may revoke your consent(s) at any time with effect for the future. In such a case, processing that has been carried out before the revocation will, however, remain lawful.
We do not use automated decision-making (Article 22 GDPR).
3.1 Push Notifications/In-App Messages
In order to provide you with the most efficient service in furtherance of our contract with you and with your consent, we might send you push notifications or in-app messages to inform you about our products and services; you may deactivate such notifications or in-app messages in the respective settings of your mobile device at any time.
3.2 Pseudonymised User Profiles, Google Analytics
For the above-defined purposes, we create pseudonymised user profiles by third-party services: Please see below for further information on the transfer of your data. The Mobile App uses Google Analytics, a web analytics service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"), which compiles user profiles by using pseudonyms. These user profiles are used to analyse user behaviour and are employed pursuant to Article 6 (1) sentence 1 f) GDPR in order to improve and personalise the design of our offers. The information generated by the used Tracking-Code about your user behaviour in the Mobile App (including your IP address) is transferred to and stored on a server operated by Google in the USA.
By activating the IP anonymisation function of Google Analytics, the IP address will be abbreviated by Google within the member states of the European Union or in other states that are a party to the Agreement on the EEA. Only in exceptional cases will the entire IP address be transmitted to the Google server in the USA and will be abbreviated there. The IP anonymisation function is active in our Mobile App. On our behalf, Google will use the collected information to analyse user behaviour in the Mobile App, compile reports on user activities and perform other services with regard to the use of the Mobile App and the internet. The IP address submitted by your device to Google Analytics will not be combined with other data by Google. After the processing purpose has ceased to exist and we have stopped using Google Analytics, the data collected in this connection will be deleted. In all other respects, we have pre-set the settings via Google Analytics so that your data will be automatically deleted after 26 months, and we have disabled the option "Reset on new activity".
Opt Out for Mobile App: You may refuse the use of Google Analytics by selecting the appropriate settings within your mobile device. Furthermore, you may prevent the collection of the data related to the use of our Mobile App (including your IP address) by Google as well as the processing of such data by Google by disabling Google Analytics within the settings of the Mobile App. However, please note that if you do this, you may not be able to use the full functionality of the Mobile App.
You can find further information regarding the conditions of use and data protection relating to Google Analytics under http://www.google.com/analytics/terms/de.html or https://www.google.de/intl/de/policies/
4. Transfer of Personal Data to and Processing by Third Parties (including Service Providers)
We may need to share personal data with certain authorities, governmental and regulatory bodies, as well as court and police authorities.
We may need to share your data with local agents or other service suppliers (in their capacity as data processors) which is necessary for us to provide the services you request.
To this end, we may transfer your personal data to third parties involved in the execution of the transaction (e.g., payment service providers). In order to process payments effected over our App we may need to transfer your personal data to credit and financial institutions in order to effect such transactions. Such service providers may also act as data controllers in their own right and to this end, you are encouraged to read their Privacy Policies and similar data protection notices in order to learn more about how such third parties may process your personal data.
If in the course of any commissioned data processing on our behalf, personal data are processed by customer support and IT service providers or other service providers, such service providers will also have to comply with the GDPR, the Data Protection Act (Cap. 586 of the Laws of Malta) and any applicable laws.
We transfer personal data to Münchener Rückversicherungs-Gesellschaft AG, Königinstraße 107, 80802 Munich, which processes the data on our behalf for the purposes of implementing and administering policies and transfers the data to the following service providers (as sub-contractors) for the following purposes:
- Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States, for the purpose of storing personal data on servers in Europe;
- Auth0 Inc., 10 authzeros, Siena Court, The Broadway, Maidenhead SL6 1NJ, United Kingdom, for the purpose of storing your log-in e-mail address and encrypted passwords in Europe to ensure the integrity and reliability of the systems and services;
- OnService GmbH, Stresemannstraße 23, 22769 Hamburg, as service provider for our customer support for the purpose of providing policy administration and customer support services on our behalf;
- Mongo DBInc, Potsdamer Platz, Stresemannstraße 123, 10963 Berlin, for the purpose of providing database services and the encryption of data;
- Beltios GmbH, Sonnenstraße 27, 80331 Munich, for the purpose of administering policies;
- Thetaris GmbH, Leopoldstraße 244, 80807 Munich, for the purpose of providing technical support for the Mobile App and the policy administration system.
Furthermore, we transfer personal data to Willis Towers Watson Management (Malta) Limited, Development House, St. Anne Street, Floriana, FRN 9010, Malta, which assists us in managing the company in Malta in terms of accounting, supervisory and other issues.
Any data transfer to and data access/processing by such service providers is covered by data processing agreements pursuant to Article 28 GDPR that ensure processing on our behalf in compliance with applicable data protection law.
In the event personal data are transferred to service providers or group companies outside the European Economic Area (EEA), this transfer is subject to the third country having been confirmed as having an adequate level of data protection by the EU Commission or having other adequate data protection guarantees (e.g., agreement of EU standard contractual clauses, privacy shield). Should you have any queries as to how your personal data may be shared you can send an email to email@example.com or contact us under the above mentioned contact details.
5. Data Security
During transmission your personal data are encrypted by means of SSL. We protect our data received via the Mobile App and other systems by technical and organisational means against loss, destruction, unauthorised access, modification and distribution of your personal data. We store personal data collected for different purposes separately.
6. Information You Provide About Other Parties
Where you submit personal data to us and any additional information relating to other parties, we rely on you to have first obtained appropriate consents for the transfer and processing of such data and information to or by us and third parties acting on our behalf.
You must not submit such data and information to us unless you have obtained the appropriate permissions and consents.
7. How Long We Store Your Data
We delete your personal data as soon as they are no longer required for the above-mentioned purposes and legal duties regarding evidence and retention. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By and large, retention of most data shall not exceed the period of six (6) years from the date of termination or completion of the Services. This period of retention enables us to use the data for the defence of possible future legal claims (taking into account the applicable prescriptive period at law, plus a slight grace period past the expiry of prescription). In certain cases, we may retain your data for a period which will not exceed eleven (11) years from the date of termination or completion of the Services.
This will be retained in order to comply with applicable accounting and tax laws and to be able to fulfil the corresponding conditions.
If you disable your user account, your personal data will be blocked and can no longer be used; after expiry of the retention periods applicable under tax and commercial laws, your personal data will be deleted unless you have explicitly consented to continued use of your personal data or continued storage is required or permitted by law.
8. Your Rights
You have the right to:
Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
You may send an email to firstname.lastname@example.org requesting information as the personal data we process. You shall receive a copy free of charge via email of the personal data, which is undergoing processing.
Request correction or rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected and/or updated, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where:
- there is no good reason for us continuing to process it;
- you have successfully exercised your right to object to processing (see below);
- we may have processed your information unlawfully; or
- we are required to erase your personal data to comply with local law
Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes
In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data's accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer (data portability) of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
Withdrawal of consent may, however, affect or impair the possibility of us providing you with the Services. We will advise you if this is the case at the time you withdraw your consent.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
You have the right to lodge a complaint at any time to the competent supervisory authority in your jurisdiction on data protection matters. You can find the contact details of the European supervisory authorities on the following link: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Please contact us at any time using the contact details stated at the beginning of this data privacy statement should you have any questions regarding the collection, processing or use of your data or any queries regarding further information and the exercise of your rights.
Key Information Documents
KIDs provide clear information on investment products. They are provided due to a new EU regulation on packaged retail and insurance-based investment products (PRIIPs).
Please find below the key information documents for the different investment strategies of VestUp: