This data protection declaration informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "data") within our online offer and the websites, functions and content associated with it, as well as external online presences, such as our social media profiles. (hereinafter collectively referred to as "online offer"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).
naturAlly AG, Zur Schule 3, 9494 Schaan, Principality of Liechtenstein, Commercial Register No.: FL-0002.185.956-2, Managing Director: Eckhard Noeh, +4237925877, hello@naturAlly.li
Types of data processed:
☒ Inventory data
☒ Contact details
☒ Content data
☒ Contract data
☒ Payment data
☒ Usage data
☒ Meta/communication data
Processing of special categories of data (Art. 9(1) DSGVO):
Special categories of data were processed which were supplied by the users for processing when taking out life insurance policies through insurance intermediaries (health questions) for forwarding to life insurance companies and banks as well as in the context of the legitimation checks required for this purpose (identity document data).
Categories of data subjects concerned by the processing:
☒ Customers / interested parties / suppliers.
Visitors and users of the online offer. In the following, we also refer to the persons concerned collectively as "users".
Purpose of the processing:
☒ Provision of the online offer, its contents and functions.
☒ Provision of contractual services, service and customer care.
☒ Answering contact requests and communicating with users.
☒ Marketing, advertising and market research.☒ Security measures.
Relevant legal bases
In accordance with Art. 13 DSGVO, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection declaration, the following applies:
The legal basis for obtaining consent is Art. 6 para. 1 lit. a and Art. 7 DSGVO, the legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6 para. 1 lit. b DSGVO, the legal basis for processing for the fulfilment of our legal obligations is Art. 6 para. 1 lit. c DSGVO, and the legal basis for processing for the protection of our legitimate interests is Art. 6 para. 1 lit. f DSGVO. In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) (d) DSGVO serves as the legal basis.
We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
In accordance with Article 32 of the GDPR, we take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the varying likelihood and severity of the risk to the rights and freedoms of natural persons; the measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to the data, as well as access to, input, disclosure, ensuring availability and segregation of the data. We also have procedures in place to ensure the exercise of data subject rights, deletion of data and response to data compromise. Furthermore, we already take the protection of personal data into account during the development and selection of hardware, software and procedures, in accordance with the principle of data protection through technology design and through data protection-friendly default settings (Art. 25 DSGVO). The security measures include, in particular, the encrypted transmission of data between your browser and our server.
Cooperation with processors and third parties
If, in the course of our processing, we disclose data to other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, this will only be done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6 (1) lit. b DSGVO), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Art. 28 DSGVO.
Transfers to third countries
If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. DSGVO are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to that of the EU (e.g. for the USA through the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
Rights of the data subjects
You have the right to obtain confirmation as to whether or not data concerning you is being processed and to obtain access to such data, as well as further information and a copy of the data in accordance with Article 15 of the GDPR.You have the right, in accordance with Article 16 of the GDPR, to request the completion of data concerning you or the rectification of inaccurate data. You have the right, in accordance with Article 16 of the GDPR, to request that the data concerning you be completed or that the incorrect data concerning you be corrected. You have the right, in accordance with Article 17 of the GDPR, to request that the data concerned be deleted without delay or, alternatively, to request that the processing of the data be restricted in accordance with Article 18 of the GDPR.You have the right to request that the data concerning you that you have provided to us be received in accordance with Article 20 of the GDPR and to request that it be transferred to other data controllers. You also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 of the GDPR.
Right of withdrawal
You have the right to revoke consent granted in accordance with Art. 7 (3) DSGVO with effect for the future.
Right of objection
You may object to the future processing of data concerning you in accordance with Art. 21 DSGVO at any time. The objection can be made in particular against processing for direct marketing purposes.
Cookies and right to object to direct advertising
The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. According to legal requirements, the following are kept for 10 years: commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, books, records, management reports, accounting vouchers, commercial and business letters according to Art 1059 Para. 1 ,5 PGR.
Provision of contractual services
We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 para. 1 lit b. DSGVO. The entries marked as mandatory in online forms are required for the conclusion of the contract. Users can optionally create a user account, in which they can view their orders in particular. Within the scope of the registration, the required mandatory information is communicated to the users. The user accounts are not public and cannot be indexed by search engines. If users have cancelled their user account, their data with regard to the user account will be deleted, subject to their retention being necessary for reasons of commercial or tax law in accordance with Art. 6 Para. 1 lit. c DSGVO. It is the responsibility of the users to save their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all of the user's data stored during the term of the contract. Within the scope of registration and renewed logins as well as the use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests as well as those of the users in protection against misuse and other unauthorised use. This data is not passed on to third parties unless it is necessary for the pursuit of our claims or there is a legal obligation to do so in accordance with Art. 6 Para. 1 lit. c DSGVO.We process usage data (e.g. the web pages visited on our online offer, interest in our products) and content data (e.g. entries in the contact form or user profile), The deletion takes place after the expiry of legal warranty and comparable obligations, the necessity of the storage of the data is reviewed every three years; in the case of legal archiving obligations, the deletion takes place after their expiry of the 10-year storage obligation; information in the customer account remains until its deletion.
When contacting us (via contact form or e-mail), the user's details are processed for the purpose of handling the contact request and its processing pursuant to Art. 6 (1) lit. b) DSGVO.The user's details may be stored in our customer relationship management system ("CRM system") or comparable request organisation.We use the CRM system Agile. We have entered into a Data Processing Agreement. Agile has applied for inclusion in the Privacy Shield USA.We delete the requests if they are no longer necessary. We review the necessity every two years.We store requests from customers who have a customer account permanently and refer to the customer account details for deletion. In the case of legal archiving obligations, deletion takes place after their expiry (10 years).
Comments and contributions
When users leave comments or other contributions, their IP addresses are stored for 7 days on the basis of our legitimate interests as defined in Art. 6 para. 1 lit. f. DSGVO. This is done for our security in case someone leaves unlawful content in comments and posts (insults, prohibited political propaganda, etc.). In this case, we ourselves can be prosecuted for the comment or post and are therefore interested in the identity of the author.
Our web host is CYON GmbH, Basel. The web hoster is used to host the website, to operate the WordPress CMS, to manage the email inboxes and also databases with customer and contract data. All data entered on the website, all electronic correspondence is therefore available there. We have concluded a corresponding order processing contract (or "Data Processing Agreement") with Cyon. This is required by law because the hoster collects personal data of the website visitors.
Collection of access data and log files
We collect data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests within the meaning of Art. 6 Para. 1 lit. f. DSGVO, we collect data about each access to the server on which this service is located (so-called server log files). The access data includes the name of the website accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.Log file information is stored for a maximum of seven days for security reasons (e.g. to clarify acts of abuse or fraud) and then deleted. Data whose further storage is necessary for evidentiary purposes is excluded from deletion until the respective incident has been finally clarified.
Online presence in social media
We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply. Unless otherwise stated in our data protection declaration, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.
Cookies & Reach Measurement
Google Re/Marketing Services
Facebook Social Plugins
Integration of third-party services and content
Within our online offer, we use content or service offers of third-party providers on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO) to integrate content or services offered by third-party providers, such as videos or fonts (hereinafter uniformly referred to as "content"). This always requires that the third-party providers of this content are aware of the IP address of the user, as without the IP address they would not be able to send the content to their browser. The IP address is therefore necessary for the display of this content. We endeavour to use only such content whose respective providers only use the IP address to deliver the content. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information on the browser and operating system, referring websites, time of visit and other information on the use of our online offer, as well as be linked to such information from other sources.The following presentation provides an overview of third-party providers and their content, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, options for objection (so-called opt-out):
If our customers use the payment services of third parties (e.g. PayPal; Mollie or Sofortüberweisung), the terms and conditions and the data protection information of the respective third party providers apply, which can be accessed within the respective websites or transaction applications.
Elgendorfer Str. 57, 56410 Montabaur, Germany and stored for data backup purposes.
Our website and data are hosted by Cyon GmbH, Basel, Switzerland. You can find the data protection regulations at: https://www.cyon.ch/legal/privacy
naturAlly may use Twilio as a provider for authentication purposes. You can find the data protection regulations here. The Data Protection Addendum can be found here https://www.twilio.com/legal/data-protection-addendum.
Extensive information on data handling, in particular also on data handling between Europe and the USA, can be found here: https://www.twilio.com/gdpr
For appointments, this website uses WP Amelia, a service provided by TOUCH ME SOFT D.O.O., located at 11000 Milovana, Marinkovica 3, Serbia. The data submitted for appointments may be forwarded to the latter and possibly accessed by third parties if required. For more information on the data collected and processed in this regard, please visit https://wpamelia.com/privacy-policy/.
MONGODB may be used for data storage in databases. The data protection guidelines can be found here: https://www.mongodb.com/de-de/legal/privacy-policy. Extensive explanations and information, also in German, can be found here: https://www.mongodb.com/de-de/cloud/trust.
Cloud servers from AMAZON Webservices (AWS EC2) may be used. More information on data security can be found here: https://aws.amazon.com/de/blogs/security/the-aws-shared-responsibility-model-and-gdpr/. The AWS GDPR DATA PROCESSING ADDENDUM you will find here:https://d1.awsstatic.com/legal/aws-gdpr/AWS_GDPR_DPA.pdf.
Data exchange with (former) cooperation partners
In the past, and if necessary in the future, insurance contracts and/or securities accounts and/or investment funds have been brokered by affiliated legally regulated cooperation partners. For this purpose and for the purpose of optimised support, an exchange of information has taken place/is taking place with the cooperation partners concerned. If someone believes to be affected by this, the data status can be ascertained at any time by making a legitimate enquiry at our company. Unless otherwise required by law, data will be destroyed or deleted after 10 years, or earlier if permitted by law.
What you should know before spending time with naturAlly:
There is a supply restriction.
The information published on the website does not constitute a solicitation, offer or recommendation to buy or sell any funds. The content on the website is not intended for you if you are subject to a jurisdiction that prohibits the publication of or access to this website, e.g. due to your nationality, your place of residence or for other reasons.
If such restrictions apply, you are not permitted to access this website.
The fund is currently authorised for public distribution in Germany and the Principality of Liechtenstein. If you are a private investor and come from another country, the content of the website is neither intended for you nor authorised.
Please note, there is no guarantee.
Although the present information has been compiled with the greatest care, naturAlly AG can nevertheless accept no liability whatsoever for the correctness, completeness and up-to-dateness of the information contained on the web pages. The content of the web pages can be changed at any time and without prior notice. The information on the web pages does not represent any decision-making aids for you. When making investment decisions, please be sure to seek advice from qualified persons.
We warn you about risks.
Please note that the value of an investment can rise as well as fall. The future performance, i.e. the development, cannot be derived from the past. High price fluctuations can occur. These can equal or even exceed the amount you have invested. The preservation of your invested capital can therefore not be guaranteed. Please also note the risk information in the fund prospectus.
By visiting this website you agree to our terms and conditions.