Effective February 1, 2019

View the prior version of our privacy policy here

Birdee respects the privacy rights and data protection rights of our users and recognize the importance of protecting the Personal Information we collect about you.

Imagine, if you like, the health of the human body. The misuse of data is like an illness and data protection/security/privacy on devices are like immune system, fighting back.

At Birdee, we remain pragmatic and realistic, believing prevention is better than cure.

So we protect good health, in 3 essential ways:

• “Privacy by design” principles are embedded in all our technologies

• Personal data is precious. We do not sell our customers’ data. Simple.

• We know that our company is only as strong as the relationship with our customers. We hold our customers’ trust dearly.

This privacy policy is designed to help you understand how we collect, share and use Personal Information, and how you can exercise your privacy rights.

1. Scope of this Privacy Notice

Birdee a société anonyme incorporated under the laws of the Grand Duchy of Luxemburg, having its registered office located at 77-79 Parc d’Activites Capellen, 8308 Mamer, Luxemburg, registered with the Luxemburg trade and companies register under number B213539, and authorised by the Luxemburg supervisory authority of the financial sector (the Commission de surveillance du secteur financier, the CSSF) as a discretionary portfolio manager under article 24-3 of the Luxemburg act of 5 April 1993 on the financial sector, as amended, processes data collected via its website with the URL birdee.co (the Website) and/or the application for mobile devices named “Birdee” which may be downloaded via the App Store or Google Play (the Application).

This Privacy Policy governs the processing of personal data (i.e. data by which an individual may be directly or indirectly identified – the Personal Data) of visitors and users of the Website and/ or the Application (the Users). The Privacy Notice aims at providing all information required in accordance with the EU General Data Protection Regulation (GDPR) as well as, to the extent applicable, with all other legislative acts regarding the processing of personal data, including all acts taken under the authority or for the implementation of such legislative acts.

For information about the processing of personal data when a User is already a client, please refer to Birdee’s specific client privacy policy, which is available on birdee.co.

For any questions or comments or for exercising their rights under the GDPR, Users may contact Birdee via chat in the Application or on the dedicated online platform on the Website. The Users, as well as any individuals related to the Users, may also contact Birdee by sending an email to compliance@birdee or by mail to Birdee’s registered office at 77-79 Parc d’Activites Capellen, 8308 Mamer, Luxemburg.

2. Data that is collected via the Website/ the Application

Birdee receives and collects the Personal Data directly from Users or through the use of automated technology when Users use and interact with the Website and/or the Application.
In particular, the Personal Data Birdee processes about Users may include:

• personal data that Users provide by filling in forms on the Website and/or the Application or by using the contact details (this may include the country of residence, identification data such as the name, email address, telephone number, and information related to the personal situation (employment and occupation);

• if a User contacts Birdee by email or by phone, any records of these exchanges (including telephone recordings); and

• data technically transmitted when Users access or browse the Website or use the Application, such as the IP address and data notably obtained through the use of cookies (including date and time of access, language preferences, operating system used, number of visits, pages of the Website visited, etc.). Further information on cookies is provided in clause 4 “Cookies”.

3. Purposes for which personal data is processed

Birdee processes Personal Data.

For the purposes of taking steps at the request of the User prior to entering into a contract with the User, such as:

• collecting information on the User’s identity;

• collecting User’s preferences, objectives and risk appetite.

For purposes that are in Birdee’s or a third party’s legitimate interest, such as:

• helping Birdee to administer, evaluate and improve its business, products and the services Birdee offers;

• helping Birdee to improve the performance and usability of the Website and/or the Application;

• personalizing the experience on the Website / in the Application so as to assure the best possible user experience;

• sending updates and announcements about Birdee’s products and services;

• the establishment of statistics and the conduct of Website and/or the Application, trends, performance and commercial analysis;

• assuring the safety and continuity of Birdee’s IT services and systems;

• fraud detection;

• the establishment, exercise and defense of legal claims; and

• in connection with any business reorganisation, transfer, disposal, merger or acquisition on the level of Birdee.

With User consent

Insofar as Users have given Birdee their consent for the processing of their Personal Data, such consent will serve as a legal basis for the referred processing.

This includes the consent that a User may have given in relation to the use of cookies or the possibility to be contacted in relation to offers and promotions (e.g. about products and services of Birdee or those of its commercial partners).

Consent can be withdrawn at any moment by contacting Birdee at the contact details indicated above.

4. Communication of User data to third parties

To the extent permitted by the User or required or authorised by applicable law and regulations, the User’s Personal Data may be communicated to third parties (such as other entities belonging to the same group of companies as Birdee, service providers or business partners to the extent necessary for the purposes referred to above) as well as to local supervisory or enforcement authorities in compliance with applicable laws. The service providers are obliged to process these data in a confidential way and to use them only for the purpose for which they were requested. These data recipients may be located outside of the European Economic Area, in countries which may not provide for a similar level of protection for personal data as is available within the EEA. To the extent that such data transfers are not covered by an adequacy decision of the European Commission or fall within one of the exceptions under article 49 of the GDPR, the Personal Data transferred to countries outside of the EEA will be protected by appropriate safeguards such as standard contractual clauses approved by the European Commission. Users may obtain a copy of such safeguards by contacting Birdee.

In particular, Personal Data may be transferred to the United States of America.

It shall be noted that when downloading the Application, the relevant application store will not act as a service provider (so-called processor) to Birdee, but will act as independent data controller. The User shall thus carefully read the privacy policy of such application store, which will govern the collection by the application store of User data. Birdee shall not be responsible for the processing of personal data by the application store.

5. User rights

The User is granted, under certain circumstances, with the following rights in relation to his or her Personal Data:

• the right to access to his or her Personal Data, to obtain information about the processing thereof and request Birdee to rectify the Personal Data that are inaccurate (article 15 and 16 of the GDPR);

• the right to object at any time to the processing of the Personal Data, on grounds relating to his or her particular situation. In this case, Birdee shall no longer process the Personal Data, except if the Birdee has compelling legitimate grounds for the processing which override the User’s interests, rights and freedoms or Birdee needs them for the establishment, exercise or defence of legal claims (article 21 of the GDPR);

• to request the deletion of Personal Data held about him or her, without undue delay when the use or other processing of such personal data is no longer necessary for the purposes described above, and notably when consent relating to a specific processing has been withdrawn or where the processing is not or no longer lawful for other reasons (article 17 of the GDPR);

• the right to restriction of processing (i) if the User contests the accuracy of his or her Personal Data, for a period enabling Birdee to verify the accuracy of the Personal Data, (ii) if the processing is unlawful and the User rejects the erasure of Personal Data and requests the restriction of their use instead, (iii) if Birdee intends to delete the User’s Personal Data, but he or she needs them for the establishment, exercise or defence of legal claims, or (iv) if the User has objected to the processing of his or her Personal Data, pending the verification whether Birdee’s legitimate grounds override his or hers (article 18 of the GDPR).

• to ask Birdee not to process his or her Personal Data for marketing purposes (article 21 of the GDPR); and

• where processing is based on consent, the right to withdraw his or her consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

The User can exercise their right at any time by contacting Birdee through the abovementioned contact details.

In the event that the User wishes to make a complaint about how Birdee processes their Personal Data, such User should contact Birdee in the first instance. Birdee will endeavour to deal with this request as soon as possible. This is without prejudice to the right of the User to file a complaint with the Luxembourg data protection authority, the Commission nationale pour la protection des données, or any other data protection authority of the EU, in the event the User have concerns about the processing of their Personal Data.

6. Data retention

The data will be kept for the duration necessary for the achievement of the purposes referred above and in any case no longer than permitted by applicable law.

The retention periods for your Personal Data are based on Birdee’s business needs and legal requirements.

Birdee may notably retain:

• Personal Data you have submitted to Birdee through a specific request until Birdee has responded to such request or until the end of the exchange relating thereto, plus ten (10) years as of the end of such communication; and

• Cookies up to 13 months and IP addresses up to six (6) months after your last use of the Website/ the Application.

Birdee may also retain Personal Data other than related to cookies for up to two (2) years for statistics, business analysis and marketing purposes.

7. Cookies

Birdee may place cookies on the User’s computing devices which a User uses to access the Application Site for the following purposes:

• To identify a User who signs in to the Website/ the Application and ensuring that the User sees the information relating to his/her assets;

• To keep track of User specified preferences;

• To conduct research and diagnostics to improve the Birdee’s content, products and services;

• To prevent fraudulent activity and improve security.

Should the User not wish to have cookies placed on his computing devices, (s)he should adjust the browser settings accordingly. Most browsers will provide information on how to prevent the browser from accepting new cookies, how to be notified when a new cookie is placed and how to disable cookies altogether. Additionally, similar data used by browser add-ons, such as Flash cookies may be disabled or deleted, by changing the add-on’s settings or visiting the website of its manufacturer.

8. Amendment of the Privacy Policy

Birdee may amend this Privacy Notice from time to time to ensure that the User is fully informed about all processing activities and to ensure Birdee’s compliance with the applicable legislation regarding data protection. Changes to this Privacy Notice will be brought to the User’s knowledge by appropriate means.