We are dedicated to protecting your privacy and ensuring the security of your personal data. We encourage you to review this policy carefully to make informed decisions about your privacy and the use of our services. Should you have any questions or concerns regarding this policy, please reach out to us on firstname.lastname@example.org.
Data controller details
Data Controller: InvesTRe S.A. (hereafter InvesTRe or Moniflo)
Address: 209 Rue des Romains, Bertrange, L-8041, Luxembourg
Registered Information: InvesTRe S.A. is registered with the commercial register under B249656.
Representative: Georges Bock, CEO
We have appointed a data protection officer who advises and guides us on matters related to the implementation and maintenance of our data protection management system. You can contact our data protection officer at:
Contact email: email@example.com.
As the data controller, we are responsible for the collection, processing, and protection of your personal data within the Moniflo investing app. We strive to adhere to applicable data protection laws and ensure that your privacy rights are respected. If you have any concerns or inquiries regarding the handling of your personal data, please feel free to reach out to us using the contact information provided above.
1 General Information Regarding Data Processing
1.1 Personal Information and GDPR
Personal information refers to any data that can directly or indirectly identify an individual. It includes, but is not limited to, names, contact details, identification numbers, financial information, and other relevant data. At invesTRe and Moniflo, we understand the importance of protecting your personal information and respecting your privacy rights.
The General Data Protection Regulation (GDPR) is a comprehensive data protection regulation that governs the processing of personal data within the European Union (EU) and the European Economic Area (EEA). The GDPR aims to provide individuals with greater control over their personal data and sets out clear guidelines for organizations on how to handle, process, and protect such data. It introduces principles for lawful and fair processing, establishes individuals' rights regarding their personal data, and imposes obligations on data controllers and processors to ensure the security and confidentiality of personal information.
As an organization subject to the GDPR, we are committed to complying with its requirements and ensuring that your personal information is handled in accordance with the regulation's principles. We implement appropriate technical and organizational measures to safeguard your data, protect it from unauthorized access, and prevent any unlawful processing.
1.2 Your Rights
As an individual whose personal information is processed by invesTRe and the Moniflo App, you have certain rights regarding the protection and control of your data. We are committed to upholding these rights and ensuring that you can exercise them effectively:
- the right to access,
- the right to rectification or erasure,
- the right to restriction of processing,
- the right to data portability,
- If you have provided us with your personal data on the basis of a consent, you can withdraw the consent at any time with effect from the future,
- You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes. We will assess your objection and cease processing your data unless we have compelling legitimate grounds to continue or if the processing is necessary for legal claims.
To exercise these rights named above you may contact us at any time via email to firstname.lastname@example.org.
You also have the right to lodge a complaint with a supervisory authority of your choice (for example: CNPD https://cnpd.public.lu/en.html.)
An overview of the Data Protection Authorities may be found here: https://cnpd.public.lu/en/commission-nationale/missions.html.
1.3 Storing and Deleting Data
The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, the retention period ends as soon as the purpose or legal basis for storage ceases to apply.
Upon the closure of your account, withdrawal of consent, or the expiration of the applicable retention period, we take appropriate measures to securely delete or anonymize your personal data to ensure it is no longer identifiable or retained in a form that can be linked to you, unless further retention is required for legal or legitimate purposes.
As a regulated financial institution, we have certain obligations to keep your data, either for five years for anti-money laundering and counter-terrorism requirements; or for ten years for legal reasons for a specific purpose.
This includes: contact information like name and email; technical information like logins and IP address; transaction history like investments and payments; personal data from third parties like fraud prevention agencies; and / or publicly available information used in enhanced due diligence checks like media stories.
2 Types of data processed
To provide you with our investment services, we collect the following types of personal data:
- Identity Information: When you sign up for an account, we may collect personal data such as your full name, date of birth, nationality, and government-issued identification details (e.g., passport or driver's license number).
- Contact Information: We collect your contact details, including your email address, phone number, and residential address, to communicate with you regarding your account, investment opportunities, and related services.
- Financial Information: In order to facilitate investment transactions, we may collect financial data such as your bank account details, credit card information, and transaction history.
- Usage Information: When you interact with our investment app, we automatically collect certain data about your usage patterns, including log-in information, IP address, device information, and browsing activities. This helps us ensure the running of our app, enhance security, and provide a better user experience.
- Communication Data: We may collect and store communication data, including your interactions with our customer support team, feedback, and survey responses, to address your inquiries, improve our services, and ensure customer satisfaction.
- Third-Party Data: In some cases, we may collect personal data from third-party sources, such as identity verification services, credit bureaus, and publicly available databases and websites, to comply with regulatory requirements, prevent fraud, and ensure the accuracy of the information provided.
3 Purposes of processing
Under data protection laws, we are required to notify you of the purposes of processing your Personal Information, as well as the legal basis for such processing.
Unless otherwise permitted by law, we may process your Personal Information:
- If you consent to the processing
- To satisfy our legal obligations
- If it is necessary to carry out our obligations arising from any contracts we entered with you or to take steps at your request prior to entering into a contract with you
- In the public interest
- In your vital interests, or
- For our legitimate interests, such as to protect our property, rights, or the safety of invesTRe, Moniflo, our customers, or others
Notwithstanding the above, invesTRe reserves the right to use aggregated and anonymized data, which does not contain Personal Information, for the purposes of business analytics, research, publication, and potential sale to third parties.
4 Automated Decision Making
On the Moniflo App, we employ automated decision-making processes to streamline our Anti-Money Laundering (AML) and Know Your Customer (KYC) procedures, ensuring the efficient onboarding of our users. These processes analyze and evaluate the data you provide during the registration process to determine the risk profile associated with your account. This enables us to automatically approve standard-risk profiles without the need for human intervention.
The purpose of this automated decision-making is to expedite the user onboarding process while maintaining compliance with applicable legal obligations. By assessing the data you provide, including personal identification details and other relevant information, we can quickly and accurately identify low-risk profiles and proceed with account approval.
If you believe that our automated decision-making has resulted in an incorrect assessment or an adverse outcome, you have the right to request human intervention, provide your perspective, and contest the decision. We are committed to ensuring fairness, accuracy, and transparency in our automated decision-making processes.
To mitigate risks associated with automated decision-making, we have implemented stringent data protection measures. These include regular assessments of our algorithms and data sources, as well as the utilization of up-to-date and reliable information. We prioritize the security and integrity of your personal data throughout the automated decision-making process.
If you have any questions, concerns, or wish to exercise your rights related to our automated decision-making processes, including obtaining human intervention or understanding the logic behind a decision, please contact us at email@example.com.
5 Who We Share Information With
In the course of providing our services and conducting our operations, we may need to share certain aspects of your personal information with trusted third parties. These may include:
- Service Providers: We engage reputable service providers, such as hosting companies, payment processors, and email distribution services, to assist us in delivering our services effectively. These service providers are contractually obligated to handle your personal information solely for the purpose of providing their respective services and are bound by confidentiality obligations.
- Legal and Regulatory Requirements: In some instances, we may be obligated to disclose your personal data in response to lawful requests or court orders from public authorities, including compliance with legal obligations, regulatory requirements, or to investigate and prevent fraudulent activities.
- Business Transfers: If there is a merger, acquisition, or any form of corporate restructuring, your personal information may be transferred to the involved parties as part of the transaction. We ensure that appropriate safeguards and legal requirements are in place to protect your data during such transfers.
- Consent and Sharing Preferences: We may share your information with third-party marketing and advertising networks, subject to your explicit consent. This enables us to effectively promote our products and services on our website and on various platforms. You have the right to manage your sharing preferences and withdraw consent at any time.
- Aggregated and Anonymized Data: We may publish, share and potentially sell generalized and anonymized information that cannot be linked to any individual. Such data may be used for research, statistical analysis, or industry reporting purposes.
We take comprehensive measures to ensure that any sharing of your personal information complies with applicable data protection laws, including the General Data Protection Regulation (GDPR). We carefully select and assess the privacy practices of our third-party partners, and we enter into agreements that include data protection clauses and confidentiality commitments. Rest assured, we prioritize your privacy and work diligently to protect your information throughout any sharing processes.
6 Data Processing outside the EU
In certain circumstances, as part of our operations, we may transfer your personal data to entities located outside the European Economic Area (EEA). These international transfers may occur when we engage third-party service providers or partners located in countries outside the EEA. We want to assure you that we take appropriate measures to ensure the protection of your personal data during these transfers. Such measures may include implementing standard contractual clauses approved by the European Commission, verifying the recipient's adherence to binding corporate rules, or relying on the recipient's Privacy Shield certification (if applicable). By providing your personal data to us, you acknowledge and consent to the transfer of your data to these countries and the necessary safeguards we have in place to protect your privacy and comply with applicable data protection laws, including the General Data Protection Regulation (GDPR). Rest assured that we will always strive to uphold the highest standards of data protection and security, regardless of the location of the data transfer.
A list of the data processors processing data outside the EU and corresponding information is available by request via email to firstname.lastname@example.org.
7 Data Security
At Moniflo, we take the security of your personal data seriously and implement appropriate measures to protect it in accordance with the General Data Protection Regulation (GDPR). We maintain a robust data security framework designed to safeguard your information from unauthorized access, disclosure, alteration, or destruction.
We employ industry-standard security practices to ensure the confidentiality, integrity, and availability of your personal data. These measures include:
- Encryption: We use encryption technologies to secure your personal data during transmission and storage. This helps prevent unauthorized parties from intercepting or accessing your information.
- Access Controls: We implement strict access controls to limit access to your personal data to authorized personnel only. Access privileges are granted based on the principle of least privilege, ensuring that individuals can only access the data necessary to perform their designated tasks.
- Regular Security Assessments: We conduct regular security assessments and audits to identify and address any vulnerabilities or potential threats to the confidentiality and integrity of your personal data. This allows us to proactively improve our security measures and maintain a robust security posture.
- Employee Training: We provide comprehensive data protection and security training to our employees to ensure they understand their responsibilities and obligations when handling personal data. This training includes awareness of data protection laws, security best practices, and the proper handling and processing of personal information.
- Data Minimization: We practice data minimization, ensuring that we only collect and retain personal data that is necessary for the provision of our investment services. We avoid collecting excessive or unnecessary information to minimize potential risks associated with data storage and processing.
- Incident Response: In the event of a data breach or security incident, we have established procedures to respond promptly and effectively. We maintain an incident response plan that includes containment, assessment, notification, and mitigation measures to minimize any potential impact on your personal data.
While we implement robust security measures, it is important to note that no method of transmission or storage is entirely secure. We cannot guarantee absolute security, but we are committed to continuously monitoring and enhancing our security practices to protect your personal data.
If you have any concerns regarding the security of your personal data or if you suspect any unauthorized access or breach, please contact us on email@example.com.
For further information you may contact us any time, for example via email to firstname.lastname@example.org.
Version 1.1.13 (19/08/2021)
Version 1.1.14 (17/06/2022)
Version 1.1.15 (11/07/2022)
Version 1.1.16 (19/10/2022)
Version 1.1.17 (29/06/2023)
Version 2.1.1 (29/07/2023)
Version 2.1.2 (07/09/2023)
Version 2.1.3 (07/09/2023)