You are here: Start, Data privacy,

Date privacy

FLEXA TAKES THE PROTECTION OF YOUR DATA HIGHLY SERIOUSLY!

Data privacy policy
for website visitors, suppliers, current and prospective customers and other data subjects

We are providing the following information so that you – whether a visitor to our website, a supplier, a current or prospective customer, or another data subject – generally understand how we process your personal data and what rights you have under data protection law. The data we process in each individual case and how we use it will vary depending on the desired or agreed products and services. This means that not all of this information will apply to you.

 

1. Responsible party and contact details of the data protection officer

Responsible within the meaning of GDPR:

FLEXA GmbH & Co Produktion und Vertrieb KG
Darmstädter Straße 184

63456 Hanau-Steinheim
Germany

Phone: +49 6181 677-0
Fax: +49 6181 677-277

Email: flexa@flexa.de

You can contact our external data protection officer at:

FLEXA GmbH & Co Produktion und Vertrieb KG
- Data Protection Officer -

Darmstädter Straße 184
63456 anau-Steinheim
Germany

 

2. Processing of personal data in connection with your use of our websites, applications and online platforms
Categories of data, purpose of the processing and legal basis,
When you use FLEXA websites, applications or online tools (hereinafter “FLEXA Online Offering”), we process the following personal data:

  • Personal data that you voluntarily provide for a FLEXA Online Offering (when you register, ask to be contacted, complete surveys, etc.), such as first and last name, email address, phone number, information included in a support request, comments or forum posts
  • Information that your devices or web browsers send to us automatically, such as your IP address, device type, browser type, referring website, pages accessed during your visit, or date and times of each request

We process your personal data for the following purposes:

  • To enable you to use the services and functions of the FLEXA Online Offerings
  • To respond to your inquiry
  • To identify and authenticate you
  • To send you marketing information or contact you for customer satisfaction surveys as described in Section 4
  • To enforce our terms of use, assert or defend against legal claims, and prevent fraud or similar activities, including attacks on our IT infrastructure

Personal data must be processed in order to achieve the above purposes. Unless explicitly stated otherwise when collecting personal data, the legal basis for processing is:

  • the execution and performance of a contract with you on the basis of GDPR Art. 6(1)(b);
  • compliance with legal obligations to which FLEXA is subject on the basis of GDPR Art. 6(1)(c); or
  • the safeguarding of FLEXA’s legitimate interests on the basis of GDPR Article 6(1)(f). FLEXA’s legitimate interest in processing your personal data is to provide and operate the FLEXA Online Offerings.

In some cases, we may expressly ask that you consent to our processing of personal data. In this case, the legal basis for the processing of personal data will be the consent you have given on the basis of GDPR Article 6(1)(a).

Our online offering uses cookies. Cookies are small text files that are stored on your computer when you visit our website. We use cookies for marketing purposes, to ensure IT security, to make sure our online offering is used and to individually optimize our website.

When you access our website, we show a cookie banner in which you can click a button to consent to the use of cookies on this website and to select the cookies to be used on the website. Your selection is stored for future visits.

If at some point in the future you no longer want cookies to be used, you can always change your selection by updating the cookie management settings in your internet browser. In particular, you can delete all previously set cookies or prevent cookies from being set in the future. Please note that the actual settings vary from one browser to the next. It is therefore not possible to provide one set of instructions that will work for all browser

 [SKWb. Cookies
Our online offering uses cookies. Cookies are small text files that are stored on your computer when you visit our website. We use cookies for marketing purposes, to ensure IT security, to make sure our online offering is used and to individually optimize our website. When you access our website, we show a cookie banner in which you can click a button to consent to the use of cookies on this website and to select the cookies to be used on the website. Your selection is stored for future visits.
If at some point in the future you no longer want cookies to be used, you can always change your selection by updating the cookie management settings in your internet browser. In particular, you can delete all previously set cookies or prevent cookies from being set in the future. Please note that the actual settings vary from one browser to the next. It is therefore not possible to provide one set of instructions that will work for all browsers.

Cookies with certain functions and purposes require the user’s consent before they can be used.
Cookies do not require consent if they are absolutely necessary to use our online offering or ensure IT security. Setting these cookies and the related processing activities are permitted on the basis of GDPR Article 6(1)(f).
On the other hand, your consent is required for cookies used for any other purposes, e.g. individual website optimization, marketing, or statistically analyzing your activities on the website.

c. Google Analytics
This website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA.

Google Analytics uses cookies, which are small text files that are stored on your computer that make it possible to analyze your use of the website. The information generated by the cookie about your use of the website will generally be transmitted to and stored on a Google server in the United States.

Google Analytics cookies are stored on the basis of GDPR Article 6(1)(a). We obtain the necessary consent from the user as soon as our website is accessed.

  • IP anonymization

We have activated IP anonymization on this website. As a result, Google will truncate your IP address within the Member States of the European Union or other parties to the Agreement on the European Economic Area before it is sent to the United States. Only in exceptional cases will the full IP address be transmitted to a Google server in the United States and truncated there. By request of this website’s operator, Google will use this information for the purposes of evaluating your use of the website, compiling reports on website activity, and providing other services relating to website activity and internet usage for the website operator. Google will not associate the IP address transmitted by your browser as part of Google Analytics with any other data held by Google.

  • Browser plug-in

Your browser software allows you to make a setting to prevent cookies from being stored. Please be advised, however, that you may not be able to make full use of the this website’s features in this case. You can also prevent the data generated by the cookie with regard to your use of the website (including your IP address) from being collected and processed by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout.

  • Objection to data collection

You can prevent the collection of your data by Google Analytics by clicking the following link. An opt-out cookie will be set on the computer, which prevents the collection of your data when visiting this website in future: Disable Google Analytics.
More information on how Google Analytics handles user data can be found in the Google Data Privacy Statement: https://support.google.com/analytics/answer/6004245.

d. Using Google Maps
Some FLEXA Online Offerings use Google Maps in order to provide certain location-based functions (e.g. to show you the route to a FLEXA office or partner). The provider of this service, Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”), processes personal data when you use Google Maps, which may include your device’s IP address and your location. Location data can only be processed if you have configured your device’s settings to share your location. Google is solely responsible under data protection law for processing your personal data in connection with the use of Google Maps; Google’s Privacy Policy is available at https://www.google.com/policies/privacy/.

e. Links to other websites and to our social media paeges
This privacy policy only applies to FLEXA Online Offerings; it does not apply to third-party websites or applications. FLEXA Online Offerings may contain links to third-party websites and applications that may be of interest to you. FLEXA is not responsible for the collection, processing or use of your data by websites or applications not operated by FLEXA, nor is FLEXA responsible for the contents of those websites or applications.
We place links to the social networks
Facebook, LinkedIn, Xing and YouTube on our website in order to publicize FLEXA’s products and services and communicate with you as a visitor and user of those social media sites and our website. Our placement of the links is based on GDPR Art. 6(1)(f). We have no control over the processing of your personal data when you visit social media sites. The social network provider retains the control over the processing of data in connection with the use of the service. This includes, but is not limited to, storing and using cookies on user devices and analyzing your behavior on the social network.
Links can be identified by the logo for the applicable social network. Clicking a logo creates a direct connection between your browser and the social network’s server and directs you to the service provider’s website.

For more information about how the social media pages process data, see the social networks’ privacy policies:

Facebook: https://www.facebook.com/privacy/explanation

Xing: https://privacy.xing.com/en/privacy-policy

LinkedIn: https://www.linkedin.com/legal/privacy-policy

YouTube: https://policies.google.com/privacy?hl=en&gl=de

f. Newsletter
If you want to subscribe to the newsletter offered on our website, we will need you to provide an email address along with information that lets us verify that you own that email address and agree to receive the newsletter (double opt-in). We store personal data such as your first name, last name and company in order to personalize the newsletter. We use this data solely to send out the requested information and to document your consent. You can revoke your consent to having your data and email address stored and used to send out the newsletter at any time. The revocation will be effective for the future. One way to revoke your consent is to click the “Unsubscribe” link in the newsletter. 
We use an external service provider to manage and send out our newsletter. The service provider was, of course, selected with great care and obligated, in keeping with GDPR Article 28, to comply with all data protection laws and regulations.

3. Processing your personal data from partner logins
We provide our exclusive partners access to the FLEXA Partner Portal, an extended online service that offers comprehensive additional information. As a registered partner, you can use the advanced functions in our download section and access technical documents and special information, among other things. We process personal data such as in connection with the registration and use of the Partner Portal. The legal basis for processing your data is GDPR Art. 6(1)(b), (f). We do not share this data with third parties.

Processing of the personal data of business partners. Categories of data, purpose of the processing and legal basis
FLEXA processes the following personal data of contacts at suppliers, sales partners, cooperation partners and current and prospective customers (“Business Partners”) in the course of collaborating with those Business Partners:

  • Contact details such as first and last names, business addresses, business phone numbers, business mobile phone numbers, business fax numbers and business email addresses
  • Payment details and information required to settle payments or prevent fraud, including credit card information and card verification codes
  • Other information that has to be processed for a project or to perform a contract with FLEXA and is voluntarily disclosed by Business Partners, e.g. in purchase orders, inquiries or details of projects
  • Personal information collected from publicly available sources, information databases or credit agencies

Wherever legally required for compliance screenings: date of birth, ID and ID numbers, information on relevant court proceedings or other legal disputes that the Business Partners are involved in FLEXA processes the personal data for the following purposes:

FLEXA processes the personal data for the following purposes:

  • communicating with Business Partners regarding products, services and projects for purposes such as responding to the Business Partner’s inquiries or providing technical information on products
  • planning, executing and managing the contractual business relationship between FLEXA and the Business Partner for activities such as filling product and service orders, collecting payments, keeping the books, settling accounts and carrying out deliveries, maintenance or repairs
  • conducting customer surveys, marketing campaigns, market analyses, sweepstakes, competitions and similar campaigns and events
  • conducting customer satisfaction surveys and direct marketing as more narrowly defined in Section 4 below
  • maintaining and ensure the safety and security of FLEXA products and services and of our websites, and to prevent and detect security or safety risks, fraud and other illegal acts or activities intended to cause damage
  • complying with (i) legal requirements (e.g. retention obligations under tax and commercial law), (ii) obligations to conduct compliance screenings (to prevent white-collar crime or money laundering) and (iii) FLEXA policies and industry standards
  • settling legal disputes, enforce existing contracts and to establish, exercise and defend legal claims

Personal data must be processed in order to achieve the above purposes. Unless explicitly stated otherwise when collecting personal data, the legal basis for processing is:

  • the execution and performance of a contract with you on the basis of GDPR Art. 6(1)(b);
  • compliance with legal obligations to which FLEXA is subject on the basis of GDPR Art. 6(1)(c); or
  • the safeguarding of FLEXA’s legitimate interests on the basis of GDPR Article 6(1)(f). FLEXA’s legitimate interest is to initiate, execute and settle the business relationship.

If you have expressly consented to the processing of your personal data in an individual case, that consent will be the legal basis for processing on the basis of GDPR Article 6(1)(a).

 

4. Processing personal data for customer satisfaction surveys and direct marketing
Under the current laws, FLEXA can use your contact details for direct marketing (e.g. newsletters, trade show invitations) or to conduct customer satisfaction surveys by email or otherwise. You may object to the use of your contact details for such purposes at any time by email to contact@FLEXA.de or by using the objection mechanism embedded in the message that you received.
 

5. Data privacy and online applications
Please only use our online application portal if you wish to apply for a job with us electronically. See the privacy policy for online applications for additional information on how we handle the data provided for this purpose. We ask that you do not apply by email since email provides no secure way for you to share your data.
 

6. Recipients and recipient categories
At our company, your data is accessed by those units and individuals who need it to satisfy our contractual and legal obligations. Agents for whom we are vicariously liable and service providers that we employ may also receive data for those purposes if they meet certain requirements, including ensuring the confidentiality and integrity of the data. These agents and service providers are companies in the following categories: IT services, logistics, printing services, telecommunications, collections, consulting, sales, distribution and marketing.

Regarding the disclosure of data to recipients outside our company, please be advised that we only disclose required personal data in compliance with all applicable data protection laws and regulations. We are generally only allowed to disclose information about you if we are required by law to do so, you have provided your consent for us to do so, or we are authorized to provide information. Having said that, personal data may be disclosed to:

  • public agencies and institutions (e.g. tax authorities, law enforcement agencies, family courts, deed registries) if there is a statutory or regulatory obligation to share the data;
  • lending and financial service institutions or comparable organizations with whom we share personal data for the purpose of carrying on a business relationship (banks, credit agencies, etc.);
  • other affiliated companies in our group for risk management purposes by reason of a statutory or regulatory obligation,
  • creditors or bankruptcy trustees who request the data in connection with debt enforcement or foreclosure;
  • auditors;
  • service providers whom we have retained as processors; or
  • commercial agents of the company.

 

7. Sending data to third countrie
Data is sent to parties located in countries outside the European Union (“third countries”) wherever:

  • it is necessary to fill your orders (e.g. delivery orders);
  • it is required by law (e.g. reporting duties under tax law); or
  • you have given us your consent.

In addition, data is sent to parties in third countries in the following cases:

  • Your personal data may be sent to an IT service provider in a third state in full compliance with European data protection standards if and as needed in individual cases to maintain the company's IT operations.
  • Personal data (e.g. authentication data) is sent to third countries in individual cases in full conformity with the data protection standards of the European Union when balancing interests and complying with laws on combating money laundering, terrorism financing and other illegal activities.

 

8. Storage period
We process and store your personal data for as long as needed to satisfy our contractual obligations and exercise our rights.The data is regularly deleted if it is no longer needed to satisfy contractual or legal obligations unless it has to be processed for a limited period of time for the following purposes:

  • Satisfying retention obligations under the German Commercial Code (Handelsgesetzbuch – HGB), the German Fiscal Code (Abgabenordnung – AO) and the German Anti-Money Laundering Act (Geldwäschegesetz – GwG). The retention and documentation periods specified in those laws generally run from two to ten years.
  • Retaining evidence in accordance with the legal provisions on limitation periods. According to German Civil Code (BGB) Sections 195 et seq., those limitation periods may run as long as 30 years but usually run 3 years.

 

9.  Data security
Our employees and the service companies that we engage are required to maintain secrecy and comply with applicable data protection laws. The company enacts reasonable technical and organizational security measures to protect personal data from loss, alteration, destruction, unauthorized access or unauthorized disclosure. Our security measures are constantly being improved in keeping with technological progress.

 

10. Rights of data subjects
Every data subject has the right of access under GDPR Art. 15, the right to rectification under GDPR Art. 16, the right to erasure under GDPR Art. 17, the right to restriction of processing under Art. 18 GDPR and the right to data portability under Art. 20 GDPR.

The right of access and the right to erasure are subject to the limitations set out in German Data Protection Act (Bundesdatenschutzgesetz – BDSG) Sections 34 and 35. Furthermore, every data subject has the right to lodge a complaint with a competent supervisory authority (GDPR Art. 77 in conjunction with BDSG Section 19).

You may withdraw your consent to the processing of your data at any time by notice to us. You may also withdraw any consent you granted to us before the GDPR went into effect, i.e. before May 25, 2018. Please note that a withdrawal of consent only has an effect for the future. It does not affect any processing that occurred before consent was withdrawn.

You also have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you which is based on GDPR Art. 6(1)(e) (data processing in the public interest) and GDPR Art. 6(1)(f) (data processing for legitimate interests), including profiling as defined by GDPR Art. 4(4) and based on those provisions. If you object, we will stop processing your personal data unless we can demonstrate compelling legitimate reasons for the processing that override your interests, rights and freedoms. This includes, without limitation, where the processing is necessary for asserting, exercising or defending of legal claims.

You also have the right under GDPR Art. 22 not to be subject to fully automated decision-making. We generally do not use fully automated decision-making to establish, carry out and terminate the business relationship. If we do use these procedures in individual circumstances (e.g. to improve our products and services), we will specifically notify you and inform you of your rights in this regard to the extent this is legally required.

 

11. Obligation to provide data

In our business relationship, you have to provide the personal contract data we are required by law to collect or that is necessary to initiate, carry out and terminate a business relationship and to satisfy all contractual obligations associated with that relationship. Without that data, we will generally not be able to enter into a contract with you, execute it and terminate it.

The foregoing shall correspondingly apply to your visiting our online offering and our collecting usage data. If we do not collect usage data, we and our service providers will be unable to provide our online offering to you.

 

12. Profiling
There are instances in which we automatically process your data to a certain extent in order to evaluate certain personal aspects (“profiling”). We use profiling in situations such as the following:

  • We use evaluation tools in order to inform and educate you about products and services in a targeted manner. Those tools enable needs-based communication and advertising, including market and opinion research.
  • We use scoring to evaluate your creditworthiness. Scoring calculates the probability that a customer will properly discharge his or her payment obligations as laid out in the contract. Scoring is based on a mathematically and statistically accepted and proven procedure. The calculated scores help us make decisions related to product sales and are used in our ongoing risk management activities.

 

13. Up-to-dateness and changes to this privacy policy
This privacy policy is currently valid and was last issued or updated in July 2019.

 

 

Kontakt

This website uses cookies to give you the best possible service. By continuing to use our website, you agree to the use of cookies. Further information on cookies can be found in our privacy policy.

I have understood