Privacy Policy

Version 2.0, as of May 1, 2025

Thank you for your interest in our website. The protection of your personal data is important to us. With our privacy policy we would like to inform you about the type, scope and purpose of the processing of personal data within the framework of our landing page flexopus.com, our help page help.flexopus.com and our customer portal portal.flexopus.com (together "website") as well as via our external internet presences such as clarify our other social media channels. Your data will be processed in accordance with the statutory data protection regulations. Where links are provided to other websites, we have neither influence nor control over the linked content nor the data protection provisions therein. We recommend that you review the privacy policies on the linked websites. In this way, you can determine whether and to what extent personal data is collected, processed, used or made accessible to third parties.

Contact details of the controller and the data protection officer

The person responsible within the meaning of the General Data Protection Regulation (GDPR) is:

Flexopus GmbH
Schlosserstr. 2
70180 Stuttgart
Germany
Phone: +49 711 342 085 05
Email: privacy@flexopus.com

The responsible body decides alone or jointly with others on the purposes and means of processing personal data.

Contact details of the data protection officer:

PROLIANCE GmbH
Datenschutzexperte.de
Leopoldstr. 21
80802 Munich
Germany
Email: datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please mention Flexopus GmbH directly in the subject line. Please refrain from including sensitive information such as attach a copy of your ID.

Data processing through visiting the website

When you visit our website, we may process the following data, depending on the specific use:

  • Master data (e.g. Name),
  • Account details (e.g. username, password),
  • Profile data (e.g. Profile photo, language, favorites, groups, roles),
  • Contact details (e.g. email, telephone number, address),
  • Content data (e.g. text input),
  • Usage data (e.g. websites visited, access times),
  • Payment details (e.g. Invoices, payment method, billing address),
  • Contract data (e.g. completed subscriptions),
  • Device and server-side data (e.g. Device information, IP addresses).

Detailed information on the individual processing purposes and the legal basis for processing can be found below in this data protection declaration.

TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses TLS encryption. This means that data that you transmit via this website cannot be read by third parties during transport. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.

Connection setup and server log files

Each time the website is accessed, the server automatically processes data and information from the accessing device and temporarily stores it in log files. This includes information from the so-called HTTP header, in particular the user agent. The following data is processed:

  • Address of the visited page or name and path of the requested file,
  • Method, date and time of the server request,
  • Information about the web browser and operating system used,
  • previously accessed page/file (referrer URL),
  • Hostname of the accessing device,
  • Version of the transmission protocol, amount of data transferred, message about successful retrieval (HTTP status code),
  • Request information such as language, type of content, content encoding, character sets,
  • cookies stored on the device of the domain accessed,
  • IP address.

The temporary processing of this data by the system is necessary to enable the provision of the website to the user’s device. To ensure functionality, stability and technical security, in particular to prevent attacks on our web server, we store this data for a short time. The website provider automatically collects and stores this information, which your browser automatically transmits to us, in server log files. After 30 days at the latest, the data is anonymized by shortening the IP address at domain level, so that it is no longer possible to establish a reference to the individual user. This data will not be merged with other data sources. 

The basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data to fulfill a contract or pre-contractual measures, as well as Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in ensuring the functionality, stability and security of the website.

Contact us

Data processing when contacting us

If you contact us via contact form, email or via our social media channels (e.g. If you contact us (e.g. posts, comments or private messages), your details and communication content from the inquiry form, your email or direct message, including the contact details you provide there, will be used to process your inquiry. Providing this data is necessary to process and answer your request - without it, we cannot answer your request or can only answer it to a limited extent. The information may be stored in our customer relationship management system (CRM) HubSpot. If you contact us via our social media channels, we would like to point out that the respective social media provider also processes your information as part of its function as a telecommunications and platform service provider (see section “Online presence in social networks”). In this case, the terms and conditions, data protection notices and data processing guidelines of the respective social media platform operator also apply.

The legal basis for the processing of the data is our legitimate interest in answering your request in accordance with Art. 6 (1) lit. f GDPR and, if applicable, Art. 6 (1) lit. b GDPR, if your request aims at concluding a contract or if we have an existing contractual relationship with you and the request serves to fulfill this contract. Your data will be deleted if your inquiry has been conclusively answered and there are no legal retention obligations that prevent deletion, such as in the case of any subsequent contract processing. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time with future effect.

Use of HubSpot

When you use the contact form, the data you submit will be processed by our service provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that we use to cover various aspects of our customer relationship management and online marketing. These include, among others: Email Marketing, Social Media Publishing & Reporting, Reporting, Contact Management (e.g. User Segmentation & CRM), Landing Pages and Contact Forms. Where necessary, we will obtain your consent for data processing via HubSpot.

Due to our choice of data storage location, your data will generally only be stored in the European Union. Nevertheless, it cannot be ruled out that, as part of the processing by HubSpot, data may be transferred from HubSpot Ireland Limited to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

In addition, a link to Google Ads is created to track campaign success (see the section “Linking Google Ads to HubSpot”).

For more information about HubSpot's privacy policy, please visit: https://legal.hubspot.com/privacy-policy.

Use of Cloudflare

When you access the contact form, device and usage data is also collected. This processed personal data serves to prevent misuse of the contact form and to ensure the security of our information technology systems. For this purpose, HubSpot uses Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. This checks whether the call actually comes from a human and prevents abusive activities, such as bots. For this purpose, Cloudflare analyzes in particular the technical specifications of the end device. In addition, Cloudflare stores information on your device (in particular the cookies "__cfuvid" (session) and "__cf_bm" (30 minutes)). 

The legal basis for the use of Cloudflare is the necessity to carry out pre-contractual measures in accordance with Art. 6 (1) (f) GDPR. b GDPR in the context of establishing contact and, in addition, our legitimate interest according to Art. 6 (1) lit. f GDPR, to ensure the security and protection against misuse of the contact form. As part of processing by Cloudflare, data may be transferred to the USA. Cloudflare Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

For more information, please see Cloudflare’s privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

Applications

JOIN application form

There is an application form on our website that can be used for electronic applications. For this purpose, we use the applicant management tool JOIN from JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany.

If an applicant takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The data will be used exclusively to process your application for the possible establishment of an employment relationship in accordance with. Art. 6 para. 1 lit. b GDPR. These data are:

  • E-mail address,
  • First name,
  • Name,
  • CV,
  • Optional: cover letters, references or other files.

Alternatively, you can send us your application by email. In this case, we will collect your email address and the data you provide and send in the email.

Use of Google reCAPTCHA

When you access the application form and during the submission process, device and usage data are also collected. This processed personal data serves to prevent misuse of the application form and to ensure the security of our information technology systems. For this purpose, JOIN uses Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This checks whether the inputs actually come from a human and prevents abusive activities, such as those by bots. To do this, Google reCAPTCHA analyzes the input behavior and the technical specifications of the device. In addition, Google reCAPTCHA uses JavaScript and stores information on your device (in particular the "rc::a" and "rc::c" elements in Web Storage). 

The legal basis for the use of reCAPTCHA is the necessity to carry out pre-contractual measures in accordance with Art. 6 (1) (f) GDPR. b GDPR in the context of the application and, in addition, our legitimate interest according to Art. 6 Para. 1 lit. f GDPR, to ensure the security and protection against misuse of the application form. As part of the processing by Google reCAPTCHA, data may be transmitted from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Storage period

After the application process has been completed, the data will be stored for up to four months. Your data will be deleted after four months at the latest if we have rejected your application. In the event of a legal obligation, the data will be stored in accordance with the applicable provisions. Information on data processing by JOIN can be found here: https://join.com/de/datenschutz/.

Registration and use of the customer portal

At portal.flexopus.com, we offer you the opportunity to register for our customer portal to manage your subscriptions and use a limited-time test environment.

As part of the registration and management of the personal profile, we may process the following data in particular:

  • Name;
  • E-mail address;
  • telephone number;
  • Position;
  • Language;
  • profile photo;
  • Password;
  • Information about two-factor authentication.

In the context of managing the company profile, the following data in particular may be processed:

  • Company name;
  • General company information
  • Website address;
  • Registration number;
  • company headquarters;
  • Billing account (name, country, zip code, city, street, tax number);
  • Payment method (e.g. SEPA or credit card).

In the context of managing subscriptions and instances, the following data may be processed:

  • Type of subscription;
  • Additional services booked;
  • Number of booked / used resources
  • Payment address;
  • payment method;
  • invoices;
  • contact persons;
  • Hosting settings.

Mandatory information required for registration and further use of the portal is marked with an asterisk (*). Other information is optional.

In addition to registering with an email address, you also have the optional and voluntary option of logging in with your Google or Microsoft account (SSO). In this case, you will be redirected to the provider’s login screen. If you register successfully, your account details (such as email address, name and profile picture) will be shared with us and used to create your profile. The providers receive the information that you have accessed SSO from our site. The provider of the SSO functionality is Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland or Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland. If personal data is transferred from the aforementioned providers to their group companies in the USA, Google LLC and Microsoft Corporation are certified according to the EU-US Data Privacy Framework, whereby the transfer of personal data to the USA takes place on the basis of the adequacy decision for the USA in accordance with Art. 45 GDPR.

To provide the portal, the following information is stored and accessed on the device: 

  • “XSRF-TOKEN” (1 hour): Defense against XSRF attacks;
  • “flexopus_portal_session” (1 hour): Maintaining the session;
  • “flexopus-portal.sidebarShrink”: setting for the menu;
  • “dismissedMessages”: setting for notifications,
  • “flexopus-portal.tenant.create.form”: setting for the instances,
  • “inertiaLocationVisit” (session): Calling a payment method.

If you choose credit card as your payment method, we use the payment service provider Mollie BV, Keizersgracht 126, 1015 CW Amsterdam, Netherlands. This provider handles payment processing for us and processes credit card information such as cardholder, card number, expiration date and CVV as well as the usual connection data, including the IP address, when accessing the payment page. After Mollie has verified the information, we will receive notification of whether the payment was successful (including the payment amount) or the reason why it failed.

For your security, the sessions you start are documented and you can end them at any time. Your personal account, your company profile and your subscriptions can be deleted at any time by pressing the corresponding button in the settings.

The legal basis for data processing on the portal is Art. 6 Para. 1 lit. b GDPR, insofar as the data processing is carried out to fulfil the contract or to carry out pre-contractual measures, and otherwise Art. 6 Para. 1 lit. f GDPR, whereby our legitimate interest lies in providing users with a portal for setting up and managing profile and company data as well as subscriptions.

Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your e-mail address as mandatory information. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email if you have expressly confirmed that you agree to receive our newsletter. You will receive an email with a link that you can use to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. By confirming, you give us your consent in accordance with Art. 6 (1) lit. a GDPR, that we may use your personal data for the purpose of sending the desired newsletter.

When you register for the newsletter, we save, in addition to the email address required for sending, the IP address you used to register for the newsletter, as well as the date and time of your registration and confirmation for the newsletter. This way we can verify your registration and consent and trace any possible misuse at a later date.

To provide the newsletter, we use the services of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Due to our choice of data storage location, your data will generally only be stored in the European Union. Nevertheless, it cannot be ruled out that, as part of the processing by HubSpot, data may be transferred from HubSpot Ireland Limited to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR. For more information about HubSpot's privacy policy, please visit: https://legal.hubspot.com/privacy-policy.

In addition, we carry out newsletter tracking in order to statistically evaluate newsletter usage and better understand what our customers and prospects are actually interested in. This serves to make the content more relevant. For this purpose, we use standard market technologies in our newsletters that can be used to measure interactions with the newsletters (e.g. opening of the email, links clicked). This is done on the one hand by means of small graphics (pixels) embedded in the newsletters, which establish a connection to our email delivery provider, and on the other hand by links that first register the click and then redirect to the desired target page.

You can unsubscribe from the newsletter at any time using the link included in each newsletter or by email. The legality of the data processing operations already carried out remains unaffected by the revocation. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list unless you have expressly consented to continued use of the collected data or continued processing is otherwise permitted by law.

Online presence in social networks

We maintain online presences in social networks to communicate with customers and interested parties and to provide information about our products and services.

Processing for advertising purposes by the providers of social networks

The users’ data is usually processed by the social networks concerned for market research and advertising purposes. In this way, user profiles can be created based on users’ interests. For this purpose, cookies and other identifiers are stored on the end devices of the data subjects. Based on these usage profiles, for example, Advertisements are placed within social networks but also on third-party websites.

The legal basis for the data processing carried out by the social networks on their own responsibility can be found in the data protection information of the respective social network. The links below also provide you with further information on the respective data processing and the options for objection.

Processing for statistical purposes

As part of the operation of our online presence, we may have access to information such as statistics on the use of our online presence provided by social networks. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with our online presence (e.g., likes, subscriptions, sharing, viewing of images and videos) and the posts and content distributed through them. These can also provide information about the interests of users and which content and topics are particularly relevant to them. We may also use this information to adapt the design and our activities and content on the online presence and to optimize it for our audience. Details and links to the social network data that we, as operators of the online presence, have access to can be found in the list below. The collection and use of these statistics are generally subject to joint responsibility. Where applicable, the relevant contract is listed below.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 Para. 1 lit. b GDPR, in order to stay in contact with our customers and to inform them, as well as to carry out pre-contractual measures with interested parties. If consent has been obtained, the legal basis is Art. 6 para. 1 lit. a GDPR.

Processing for lead generation and qualification (Lead Forms on Google, LinkedIn and Meta)

As part of our online advertising, we use so-called lead forms on various platforms, including Google Ads lead form extensions, LinkedIn Lead Gen Forms and Meta Lead Ads (e.g. via Facebook or Instagram). These forms allow interested parties to contact us quickly and easily or to request information about our products and services.

If you fill out such a lead form on one of the platforms mentioned, the data entered there (e.g. Name, email address, job title, company) are initially processed by the respective platform provider:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
  • Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland

The respective purpose of the data collection and the information contained therein are set out in the specific form and will be clearly presented to you before submission.

Data sharing and lead synchronization with HubSpot

The lead data collected via the Google and LinkedIn platforms is automatically transferred to our CRM system HubSpot using the native lead synchronization function ("Lead Syncing") (provider: HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). Meta lead ads (Facebook/Instagram) may be transferred to HubSpot via interfaces or manually.

The transmitted data will be processed exclusively to process your inquiry, to contact you and to qualify you as part of our sales process. HubSpot acts as a processor in accordance with Art. 28 GDPR. The data is generally stored in data centers within the European Union. Transfer to the USA cannot be ruled out in individual cases. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which permits the transfer of personal data to the USA in accordance with Art. 45 GDPR.

Legal basis for processing

Your data will be processed in accordance with Art. 6 (1) (f) GDPR. b GDPR, provided that it serves to carry out pre-contractual measures (e.g. Request via the form). If consent to be contacted for advertising purposes is given within the framework of the form, Art. 6 Para. 1 lit. a GDPR is decisive.

In all other cases, the processing is based on our legitimate interest in effective and targeted new customer acquisition in accordance with Art. 6 (1) (f) GDPR. f GDPR.

Further information on data protection can be found here:

  • Google: https://policies.google.com/privacy
  • LinkedIn: https://www.linkedin.com/legal/privacy-policy
  • Meta: https://www.facebook.com/privacy/policy/
  • HubSpot: https://legal.hubspot.com/privacy-policy

If you do not wish to submit your inquiry via a lead form, you can alternatively contact us directly by email at any time: mail@flexopus.com

Access to publicly available information

If you have an account with the social network, it is possible that we can see your publicly available information (e.g. your username) and media (e.g. pictures and videos) when we visit your profile. In addition, the social network may enable us to contact you. This can be done, for example, via direct messages or posted posts. The content communication via the social network and the processing of content data are subject to the responsibility of the social network as a messenger and platform service. For this processing, we refer to the data protection information of the respective social network.

Processing of publicly available information

As soon as we transfer your personal data into our own systems or process it further, we are solely responsible for it. The processing is then carried out to carry out pre-contractual measures and to fulfil a contract in accordance with Art. 6 (1) (f) GDPR. b GDPR or to protect our legitimate interests pursuant to Art. 6 (1) lit. f GDPR to contact customers.

Data protection rights

We would like to point out that data protection inquiries can be most effectively addressed to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your concerns. In this case, we will process your request and forward it to the provider of the social network.

Online presences used

Below is a list of information about the social networks on which we maintain online presences:

Access to and storage of information in terminal equipment

Legal basis

By using this website, information (e.g. IP address, device, browser and operating system data) or information (e.g. cookies, local storage, session storage) may be accessed or stored on your end devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary to provide the expressly requested services (hereinafter "necessary services"), this is done on the basis of Section 25 Paragraph 2 No. 2 TDDDG. In these cases, data processing takes place in accordance with Art. 6 (1) lit. b GDPR, insofar as the processing is necessary to fulfil a contract or to carry out pre-contractual measures, and otherwise on the basis of Art. 6 (1) lit. f GDPR, whereby we have a legitimate interest in the technically error-free and smooth provision of the basic functions of our services.

In cases where such a process serves other, optional purposes, this will only take place on the basis of Section 25 (1) TDDDG with your consent in accordance with Art. 6 (1) lit. a GDPR. Your consent can be revoked at any time. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Use of cookies and similar technologies

Our website uses cookies and similar technologies depending on your choice in the consent banner. 

Cookies are text files that are stored in the Internet browser or by the Internet browser on your device. They include a name, a value, the storing domain and an expiration date. Cookies are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Cookies can also be removed manually.  When a user visits a website, a cookie may be stored on the user's operating system. For example, cookies contain a characteristic string of characters that enables the browser to be uniquely identified when you visit the website again and helps us to recognize you when you return to our website.

We also use entries in Web Storage (Local Storage or Session Storage). They include a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiration date and is generally stored unless a mechanism for deletion has been set up (e.g. storing a local storage with a time entry). Information in local and session storage can also be removed manually.

We also use pixels. They are tiny graphics loaded by a provider which make it possible to recognise visitors through the automatic transmission of connection data and, for example, to determine whether an email has been opened or a website has been visited. The use of pixels can be prevented, for example, by blocking images, for example in emails, although this will severely restrict the display.

In addition, we use programming codes such as JavaScript, which can, for example, set cookies and web storage or actively collect information from the end device. JavaScript can be blocked by setting the browser, but most services will then no longer work.

These technologies can be used to create so-called “fingerprints,” i.e. usage profiles that can recognize visitors without the use of cookies or web storage.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings to refuse all or certain cookies, to delete them after the session, or to block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services are unlikely to function or will not function smoothly.

Essential & Functional

Necessary services are required to provide essential functionality. This includes, in particular, the delivery of content via Content Delivery Networks (CDN), the integration of form fields, fonts, and scripts, the management of embedded content, and the integration of the Consent Management Platform (CMP). 

We use Content Delivery Networks (CDN) to embed content such as videos, images, fonts and programming scripts on our website. For this purpose we involve the following providers:

  • Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA;
  • Cloudfront of Amazon Web Services EMEA SARL, 38 avnue John F. Kennedy, L-1855, Luxembourg;
  • JSDelivr of Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom;
  • Webflow from Webflow Inc., 398 11th St. Fl 2, San Francisco, California, 94103, USA.

In addition, we use Usercentrics, a Consent Management Platform (CMP), from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany. 

To integrate forms, we use HubSpot Forms from HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. 

To detect and block traffic and clicks by bots and to ensure the secure and uninterrupted operation of the website, we use ClickGuard from ClickGuard Inc., 221 W 9th St, Ste 318, Wilmington, DE 19801, USA.

We use Google Tag Manager to manage the integrated services. We use Google Fonts and Google APIs to display and deliver our content. These three services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Should personal data be transferred from the aforementioned providers to their group companies in the USA, Cloudflare Inc., Google LLC, Amazon Web Services Inc., Webflow Inc. and HubSpot Inc. are certified according to the EU-US Data Privacy Framework, whereby the transfer of personal data to the USA takes place on the basis of the adequacy decision for the USA in accordance with Art. 45 GDPR. Standard contractual clauses in accordance with Art. 46 (2) lit. c GDPR.

Further information can be found in our consent banner, which you can open by clicking on the “Cookie Settings” button in the footer of the website.

Statistics & Optimization

Usage analysis services are optional and include the analysis of usage behavior on our website, the recognition of previous visits and the optimization and improvement of our website using the statistical reports obtained. These include, in particular, common analytics services such as Google Analytics or A/B testing services. 

For website analytics, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and HubSpot Analytics from HubSpot Ireland Limited, 2nd Floor, 30 North Wall Quay, Dublin 1, Ireland. 

In addition, we use Microsoft Clarity from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland for A/B testing and analysis.

Should personal data be transferred from the aforementioned providers to their affiliates in the USA, Google LLC, HubSpot Inc., and Microsoft Corporation are certified under the EU-US Data Privacy Framework, whereby the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR. 

Further information can be found in our consent banner, which you can open by clicking on the “Cookie Settings” button in the footer of the website.

Marketing & Personalization

Services for personalized advertising are optional and include, in addition to usage analysis, the recording of conversions, the creation of usage profiles based on interests and clicked content and advertising, the allocation of advertising target groups based on the usage profile, remarketing and retargeting, as well as the display of personalized advertising with external advertising partners. These include, for example, social networks like Facebook or search engines like Google. 

For these purposes we use the following services:

  • Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
  • LinkedIn Insight Day of the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland;
  • Meta Pixel from Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland;
  • Microsoft Advertising of Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.

If you have an account with the relevant providers, you can, in addition to your consent, also set privacy settings for the display of personalized advertising:

Should personal data be transferred from the aforementioned providers to their group companies in the USA, Google LLC, LinkedIn Corporation, Meta Platforms Inc. and Microsoft Corporation are certified according to the EU-US Data Privacy Framework, whereby the transfer of personal data to the USA takes place on the basis of the adequacy decision for the USA in accordance with Art. 45 GDPR.

Further information can be found in our consent banner, which you can open by clicking on the “Cookie Settings” button in the footer of the website.

Linking Google Ads with HubSpot

To measure the success of our advertising efforts and track leads, we use a direct integration between Google Ads and our CRM system HubSpot. Information from Google Ads (e.g. Ad clicks, search terms, campaign ID) with user data stored in HubSpot (e.g. completed forms, inquiries) are automatically linked. This allows us to understand which Google Ads campaign a user used to reach our website and whether there was a conversion (e.g. inquiry or purchase).

This link serves to optimize our campaigns, monitor success, and personally address potential customers. The processing is based on your consent in accordance with Art. 6 (1) lit. a GDPR, provided you have consented via our cookie banner. In all other cases, processing is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in the analysis and optimization of our marketing measures.

HubSpot and Google may transfer data to the USA as part of this processing. Both providers are certified according to the EU-US Data Privacy Framework. The data transfer is therefore carried out in accordance with Art. 45 GDPR on the basis of an adequacy decision.

External services

External services are optional and serve to extend the functionality of our website. This includes, for example, the integration of videos, login services, or the query of metadata from external content. 

We integrate NoEmbed to generate metadata for videos. 

We use Google Play to log user authentication. We also embed videos from YouTube to make them directly accessible on our website. YouTube and Google Play are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

As part of processing by YouTube, data may be transferred from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Our website uses the Storylane service (https://www.storylane.io) to embed interactive product demos and presentations. The provider is Storylane, Inc., based in San Francisco, USA.

We have deactivated all tracking functions on Storylane and activated the setting “Disable IP tracking on demos” so that no IP addresses or other personal tracking data are collected when using the embedded demos.

Only minimal technical data necessary to provide the content is transmitted. No further collection of usage or interaction data takes place.

The data processing is based on our legitimate interest in accordance with Art. 6 (1) lit. f GDPR in order to provide you with an appealing and functional presentation of our products.

For more information about Storylane’s privacy practices, please visit:

Further information can be found in our consent banner, which you can open by clicking on the “Cookie Settings” button in the footer of the website.

Data transfer and recipients

As a general rule, your personal data will only be transferred to third parties by the controller when you use this website if there is a legal basis for doing so under data protection law in the specific case, in particular in the following cases:

  • if you have given your express consent in accordance with Art. 6 (1) lit. a GDPR,
  • the transfer according to Art. 6 para. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that the transfer is necessary in accordance with Art. 6 (1) lit. c GDPR, there is a legal obligation, in particular if this is necessary due to binding requirements (e.g. in the context of tax audits by the tax authorities), official inquiries, court orders and legal proceedings for the purpose of pursuing or enforcing legal rights, and
  • insofar as this is permitted under Article 6 (1) (f). b GDPR is necessary for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

In addition, your personal data may be processed on our behalf by external service providers (in particular the recipients named in this privacy policy) on the basis of order processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that personal data is processed in accordance with the General Data Protection Regulation and strictly in accordance with our instructions. These include, in particular, data centers, software providers and IT service providers.

In addition, we may transfer your personal data to other recipients who process your personal data under their own responsibility. These include, for example, payment service providers, tax advisors and public bodies.

Transfer to a third country

We may use services whose providers are located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e. countries whose data protection standards do not correspond to those of the European Union. 

If there is an adequacy decision by the European Commission (Article 45 GDPR) for these countries, we base the data transfer on this. This applies, for example, to transmission to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself for the EU-US Data Privacy Framework.

To the extent that no adequacy decision has been issued for the relevant country, we have taken appropriate measures to ensure an appropriate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection rules (Art. 46 GDPR).

Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of the contract or for the implementation of pre-contractual measures.

If a transfer to a third country is envisaged and no adequacy decision or appropriate safeguards are in place, it is possible and there is a risk that authorities in the third country in question (e.g. Secret services) can gain access to the transmitted data in order to record and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. If your express consent is obtained, you will also be informed of this.

Duration of storage of personal data

The personal data will be deleted or blocked as soon as the purpose for which we collected the data no longer applies. Storage may also take place if there is a legal basis for doing so, for example if this is necessary for the purposes of proof for civil law claims arising from the contractual relationship or if it has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The duration of storage of personal data is determined by the relevant statutory retention periods, e.g. from commercial law and tax law. After the respective deadline has expired, the corresponding data will be routinely deleted. 

In addition, the data will be deleted if you have exercised your right to deletion and the legal requirements for deletion are met.

Your rights

Below you will find information about the rights of data subjects that you have vis-à-vis the controller with regard to the processing of your personal data:

(1) The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

(2) The right to request the immediate rectification of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR.

(3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR if the legal requirements are met, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

(4) The right to demand the restriction of the processing of your personal data in accordance with Art. 18 GDPR if the legal requirements are met, insofar as the accuracy of the data is contested by you, the processing is unlawful but you refuse to delete it and instead request the restriction of use, we no longer need the data but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR.

(5) The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller if the legal requirements are met.

(6) The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR if you believe that the data processing violates the GDPR. For example, you can contact the supervisory authority of the federal state in which we are headquartered, or the supervisory authority of your usual place of residence or work. The contact details of the supervisory authority responsible for data protection are:

The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart
Telephone: +49 (0) 711 615 541-0
Fax: +49 (0) 711 615 541-15
Email: poststelle@lfdi.bwl.de

(7) Right to revoke consent given in accordance with Art. 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Right of objection

If your personal data is processed by us on the basis of legitimate interests in accordance with Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. 

If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to state a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to privacy@flexopus.com.

Automated decision-making

Automated decision-making or profiling pursuant to Art. 22 GDPR does not take place.

Changes to our privacy policy

We reserve the right to adapt or update this privacy policy if necessary, in compliance with applicable data protection regulations. In this way, we can adapt them to current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.