Privacy Policy
Version 2.1, As of: 28.05.2026
Thank you for your interest in our website. The protection of your personal data is very important to us. With this privacy policy, we aim to inform you about the nature, scope, and purpose of processing personal data within the scope of our landing page flexopus.com, our help page help.flexopus.com, and our customer portal portal.flexopus.com (collectively, the "Website"), as well as our external internet presences, such as our other social media channels. Your data is processed in accordance with statutory data protection regulations. Where links are provided to other websites, we have no influence or control over the linked content or the data protection provisions there. We recommend reviewing the privacy policies on the linked websites. This way, you can determine whether and to what extent personal data is collected, processed, used, or made accessible to third parties.
Contact Details of the Controller and the Data Protection Officer
The controller within the meaning of the General Data Protection Regulation (GDPR) is:
Flexopus GmbH
Schlosserstr. 2
70180 Stuttgart
Germany
Phone: +49 711 342 085 05
Email: privacy@flexopus.com
The controller decides alone or jointly with others on the purposes and means of processing personal data.
PROLIANCE GmbH
Dominik Fünkner
Leopoldstr. 21
80802 München
Email: datenschutzbeauftragter@datenschutzexperte.de
When contacting the Data Protection Officer, please mention Flexopus GmbH. Please refrain from including sensitive information, such as a copy of your ID, in your request.
Data Processing When Visiting the Website
When you visit our website, the following data may be processed by us, depending on the specific use:
- Basic data (e.g., name),
- Account data (e.g., username, password),
- Profile data (e.g., profile photo, language, favorites, groups, roles),
- Contact data (e.g., email, phone number, address),
- Content data (e.g., text entries),
- Usage data (e.g., visited websites, access times),
- Payment data (e.g., invoices, payment method, billing address),
- Contract data (e.g., subscriptions),
- Device and server-side data (e.g., device information, IP addresses).
Detailed information on the individual processing purposes and the legal bases for processing can be found below in this privacy policy.
TLS Encryption
For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses TLS encryption. This means that data you transmit via this website cannot be read by third parties during transmission. You can recognize an encrypted connection by the "https://" address bar of your browser and the padlock symbol in the browser bar.
Connection Setup and Server Log Files
Each time the website is accessed, the server automatically processes data and information from the accessing device and temporarily stores it in log files. This includes information from the so-called HTTP header, especially the user agent. The following data is processed in this context:
- Address of the visited page or name and path of the requested file,
- Method, date, and time of the server request,
- Information about the web browser and operating system used,
- Previously accessed page/file (referrer URL), if applicable,
- Hostname of the accessing device,
- Version of the transmission protocol, amount of data transferred, message about successful retrieval (HTTP status code),
- Request information such as language, content type, content encoding, character sets,
- cookies stored on the end device by the accessed domain,
- IP address.
The temporary processing of this data by the system is necessary to enable the provision of the website to the user's end device. For reasons of ensuring functionality, stability, and technical security, particularly to ward off attempted attacks on our web server, we store this data for a short period. The website provider automatically collects and stores this information, which your browser automatically transmits to us, in server log files. After a maximum of 30 days, the data is anonymized by shortening the IP address at the domain level, making it impossible to link it to an individual user. This data is not merged with other data sources.
The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures, and furthermore Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in ensuring the functionality, stability, and security of the website.
Contacting Us
Data Processing When Contacting Us
If you contact us via a contact form, email, or our social media channels (e.g., posts, comments, or private messages), your information and communication content from the inquiry form, your email, or direct message, including the contact details you provide there, will be used to process your request. Providing this data is necessary to process and respond to your inquiry – without it, we may not be able to respond to your inquiry, or only to a limited extent. The information may be stored in our Customer Relationship Management (CRM) system, HubSpot. If you contact us via our social media channels, please note that the respective social media provider, in its function as a telecommunications and platform service provider, also processes your information (see section "Online Presence on Social Networks"). In this case, the terms and conditions, privacy notices, and data processing guidelines of the respective social media platform operator also apply.
The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR, and possibly Art. 6 para. 1 lit. b GDPR, if your request aims at concluding a contract or if we have an existing contractual relationship with you and the request serves the fulfillment of this contract. Your data will be deleted once your request has been conclusively answered and no legal retention obligations prevent deletion, such as in the case of a subsequent contract execution. In the case of Art. 6 para. 1 lit. f GDPR, you can object to the processing of your personal data at any time with effect for the future.
Use of HubSpot
When using the contact form, the data you submit is processed by our service provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that we use to cover various aspects of our Customer Relationship Management and online marketing. These include: email marketing, social media publishing & reporting, reporting, contact management (e.g., user segmentation & CRM), landing pages, and contact forms. Where necessary, we obtain your consent for data processing via HubSpot.
Due to our selection of the data storage location, your data is generally stored only within the European Union. Nevertheless, it cannot be ruled out that, during processing by HubSpot, data may be transferred from HubSpot Ireland Limited to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Furthermore, a link to Google Ads is established to track campaign successes (see section "Linking Google Ads with HubSpot").
More information can be found in the HubSpot Privacy Policy.
Use of Cloudflare
When accessing the contact form, device and usage data are also collected. This processed personal data serves to prevent misuse of the contact form and to ensure the security of our information technology systems. For this purpose, HubSpot uses Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. This checks whether the access actually originates from a human and prevents abusive activities, such as those by bots. For this, Cloudflare particularly analyzes the technical specifications of the end device. Furthermore, Cloudflare stores information on your end device (especially the cookies "__cfuvid" (session) and "__cf_bm" (30 minutes)).
The legal basis for the use of Cloudflare is the necessity for carrying out pre-contractual measures according to Art. 6 para. 1 lit. b GDPR in the context of contacting us, and furthermore our legitimate interest according to Art. 6 para. 1 lit. f GDPR, to ensure the security and protection against misuse of the contact form. During processing by Cloudflare, data may be transferred to the USA. Cloudflare Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Further information can be found in the Cloudflare Privacy Policy.
Applications
JOIN Application Form
Our website features an application form that can be used for electronic applications. For this purpose, we use the applicant management tool JOIN from JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany.
If an applicant uses this option, the data entered into the input mask will be transmitted to us and stored. This data will be used exclusively for processing your application for the potential establishment of an employment relationship in accordance with Art. 6 para. 1 lit. b GDPR. This data includes:
- Email address,
- First name,
- Last name,
- Resume,
- Optional: Cover letter, work references, or other files.
Alternatively, you can send us your application via email. In this case, we will collect your email address and the data you provide and transmit in the email.
Use of Google reCAPTCHA
When accessing the application form and during the submission process, device and usage data are also collected. This processed personal data serves to prevent misuse of the application form and to ensure the security of our IT systems. For this purpose, JOIN uses Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This checks whether the entries made actually originate from a human and prevents abusive activities, such as those by bots. To do this, Google reCAPTCHA analyzes input behavior and the technical specifications of the end device. Furthermore, Google reCAPTCHA uses JavaScript and stores information on your end device (in particular the elements "rc::a" and "rc::c" in Web Storage).
The legal basis for the use of reCAPTCHA is the necessity for the performance of pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR in the context of the application, as well as our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR to ensure the security and protection against misuse of the application form. During processing by Google reCAPTCHA, data from Google Ireland Limited may be transferred to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Storage Period
After the application process is completed, the data will be stored for up to four months. Your data will be deleted no later than four months after this period, provided we have rejected your application. In the event of a legal obligation, the data will be stored within the framework of the applicable regulations. More information on data processing by JOIN can be found in the JOIN Privacy Policy.
Registration and Use of the Customer Portal
At portal.flexopus.com, we offer you the opportunity to register for our customer portal to manage your subscriptions with us and use a time-limited test environment.
During registration and personal profile management, we may process the following data in particular:
- Name;
- Email address;
- Phone number;
- Position;
- Language;
- Profile photo;
- Password;
- Two-factor authentication information.
During company profile management, the following data may be processed in particular:
- Company name;
- General company information
- Website address;
- Registration number;
- Company headquarters;
- Billing account (name, country, postal code, city, street, tax ID number);
- Payment method (e.g., SEPA or credit card).
During the management of subscriptions and instances, the following data may be processed in particular:
- Subscription type;
- Booked additional services;
- Number of booked / used resources
- Payment address;
- Payment method;
- Invoices;
- Contact persons;
- Hosting settings.
Mandatory information required for registration and continued use of the portal is marked with an asterisk (*). Other information is optional.
In addition to registering via an email address, you also have the optional and voluntary possibility to log in with your Google or Microsoft account (SSO). In this case, you will be redirected to the provider's login screen. Upon successful login, your account data (such as email address, name, and profile picture) will be shared with us and used for profile creation. The providers will receive information that you have accessed SSO from our site. The providers of the SSO functionality are Google Cloud EMEA Limited, 70 Sir John Rogerson’s Quay, Dublin 2, Ireland, and Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland, respectively. Should personal data be transferred by the aforementioned providers to their group companies in the USA, Google LLC and Microsoft Corporation are certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
To provide the portal, the following information, in particular, is stored and accessed on the end device:
- “XSRF-TOKEN” (1 hour): Protection against XSRF attacks;
- “flexopus_portal_session” (1 hour): Session maintenance;
- “flexopus-portal.sidebarShrink”: Menu setting;
- “dismissedMessages”: Notification setting,
- “flexopus-portal.tenant.create.form”: Instance setting,
- “inertiaLocationVisit” (Session): Accessing a payment method.
If you choose credit card as your payment method, we use the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, Netherlands. Mollie handles the payment processing for us and processes credit card information such as cardholder, card number, expiry date, and CVV, as well as standard connection data, including the IP address, when the payment page is accessed. After Mollie verifies the information, we receive notification of whether the payment was successful (including the payment amount) or why it failed.
For your security, active sessions are documented and can be terminated by you at any time. Your personal account, company profile, and subscriptions can be deleted at any time by clicking the corresponding button in the settings.
The legal basis for data processing in the portal is Art. 6 para. 1 lit. b GDPR, insofar as the data processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in providing users with a portal for setting up and managing profile and company data as well as subscriptions.
Newsletter
If you wish to receive the newsletter offered on the website with regular information about our offers and products, we require your email address as a mandatory field. For sending the newsletter, we use the so-called double opt-in procedure. This means that we will only send you our newsletter by email once you have explicitly confirmed that you consent to receiving our newsletter. You will receive an email with a link through which you can confirm that you, as the owner of the respective email address, wish to receive newsletters in the future. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR, allowing us to use your personal data for the purpose of sending the desired newsletter.
When you subscribe to the newsletter, in addition to the email address required for sending, we store the IP address you used to subscribe, as well as the date and time of your subscription and confirmation for the newsletter. This allows us to prove your subscription and consent, and to trace any potential misuse at a later date.
For providing the newsletter, we use the services of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. Due to our choice of data storage location, your data is generally stored only within the European Union. Nevertheless, it cannot be ruled out that, during processing by HubSpot, data from HubSpot Ireland Limited may be transferred to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA takes place based on the adequacy decision for the USA in accordance with Art. 45 GDPR. More information can be found in the HubSpot's Privacy Policy.
Furthermore, we conduct newsletter tracking to statistically evaluate newsletter usage and better understand what our customers and interested parties are truly interested in. This helps us to make the content more relevant. For this purpose, we use standard market technologies in our newsletters that can measure interactions with the newsletters (e.g., email opens, clicked links). This is done partly with the help of small graphics (pixels) embedded in the newsletters, which establish a connection to our email service provider, and partly through links that first register the click and then redirect to the desired target page.
You can unsubscribe from the newsletter at any time via the link included in every newsletter or by email. The legality of data processing operations already carried out remains unaffected by the revocation. After unsubscribing, your email address will be immediately deleted from our newsletter distribution list, unless you have expressly consented to continued use of the collected data or continued processing is otherwise legally permissible.
Online presence on social networks
We maintain an online presence on social networks, among other things, to communicate with customers and interested parties and to provide information about our products and services.
Processing for advertising purposes by social network providers
User data is generally processed by the respective social networks for market research and advertising purposes. Usage profiles can thus be created based on user interests. For this purpose, cookies and other identifiers are stored on the end devices of the individuals concerned. Based on these usage profiles, advertisements are then displayed, for example, within social networks as well as on third-party websites.
Please refer to the privacy policies of the respective social network for the legal basis of data processing carried out by the social networks under their own responsibility. You can also find further information on the respective data processing and objection options under the links below.
Processing for statistical purposes
In the course of operating our online presence, we may access information such as usage statistics for our online presence, which are provided by the social networks. These statistics are aggregated and may include demographic information (e.g., age, gender, region, country) as well as data on interactions with our online presence (e.g., likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed through them. This can also provide information about user interests and which content and topics are particularly relevant to them. We may also use this information to adapt the design and our activities and content on the online presence and to optimize them for our audience. Details and links to the social network data that we, as operators of the online presence, can access can be found in the list below. The collection and use of these statistics are generally subject to joint responsibility. Where applicable, the corresponding agreement is listed below.
The legal basis for data processing is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, to stay in contact with our customers and inform them, as well as for carrying out pre-contractual measures with interested parties. If consent has been obtained, the legal basis is Art. 6 para. 1 lit. a GDPR.
Processing for Lead Generation and Qualification (Lead Forms on Google, LinkedIn, and Meta)
As part of our online advertising, we use so-called lead forms on various platforms, including Google Ads Lead Form Extensions, LinkedIn Lead Gen Forms, and Meta Lead Ads (e.g., via Facebook or Instagram). These forms allow interested individuals to quickly and easily get in touch with us or request information about our products and services.
If you fill out such a lead form on one of the aforementioned platforms, the data entered there (e.g., name, email address, job title, company) will first be processed by the respective platform provider:
- Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
- LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
- Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland
The specific purpose of data collection and the information contained therein are evident from the specific form and will be clearly presented to you before you submit it.
Data Transfer and Lead Synchronization with HubSpot
Lead data collected via Google and LinkedIn platforms is automatically transferred to our CRM system HubSpot using the native lead synchronization function ("Lead Syncing") (Provider: HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). Meta Lead Ads (Facebook/Instagram) may be transferred to HubSpot via interfaces or manually.
The transmitted data is processed exclusively for handling your inquiry, for contacting you, and for qualification within our sales process. HubSpot acts as a processor in this context, in accordance with Art. 28 GDPR. The data is generally stored in data centers within the European Union. A transfer to the USA cannot be ruled out in individual cases. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which permits the transfer of personal data to the USA in accordance with Art. 45 GDPR.
Legal Bases for Processing
Your data is processed in accordance with Art. 6 para. 1 lit. b GDPR, provided it serves the implementation of pre-contractual measures (e.g., an inquiry via the form). If consent for promotional communication is given within the form, Art. 6 para. 1 lit. a GDPR is applicable.
In all other cases, processing is based on our legitimate interest in effective and targeted new customer acquisition, in accordance with Art. 6 para. 1 lit. f GDPR.
More information on data protection can be found here:
- Google: https://policies.google.com/privacy
- LinkedIn: https://www.linkedin.com/legal/privacy-policy
- Meta: https://www.facebook.com/privacy/policy/
- HubSpot: https://legal.hubspot.com/privacy-policy
If you do not wish to submit your inquiry via a lead form, you can alternatively contact us directly by email at any time: mail@flexopus.com
Access to Publicly Available Information
If you have an account with the social network, we may be able to view your publicly available information (e.g., your username) and media (e.g., images and videos) when we access your profile. Furthermore, the social network may allow us to contact you. This can occur, for example, via direct messages or posted contributions. The communication content via the social network and the processing of content data are subject to the responsibility of the social network as a messenger and platform service. For this processing, we refer to the privacy notices of the respective social network.
Processing of Publicly Available Information
As soon as we transfer or further process your personal data into our own systems, we become independently responsible for it. The processing then takes place for the implementation of pre-contractual measures and for the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b GDPR, or to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, for the purpose of contacting customers.
Privacy Rights
Please note that data protection inquiries can be submitted most efficiently to the respective social network provider, as only these providers have access to the data and can directly take appropriate measures. You can, of course, also contact us with your concern. In this case, we will process your inquiry and forward it to the social network provider.
Online Presences Used
Below is a list of information about the social networks where we maintain an online presence:
- Facebook (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
- Joint Controller Agreement: https://www.facebook.com/legal/terms/page_controller_addendum;
- Information on data processing and contact options: https://www.facebook.com/legal/terms/information_about_page_insights_data;
- Privacy Policy: https://www.facebook.com/privacy/policy/;
- Opt-Out: https://www.facebook.com/settings?tab=ads.
- Instagram (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
- Joint Controller Agreement: https://www.facebook.com/legal/terms/page_controller_addendum;
- Information on data processing and contact options: https://www.facebook.com/legal/terms/information_about_page_insights_data;
- Privacy Policy: https://privacycenter.instagram.com/policy/;
- Opt-Out (Statement): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.
- YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
- Privacy Policy: https://policies.google.com/privacy;
- Opt-Out: https://www.google.com/settings/ads.
- LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
- Joint Controller Agreement: https://legal.linkedin.com/pages-joint-controller-addendum;
- Information on data processing and contact options: https://legal.linkedin.com/pages-joint-controller-addendum;
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy;
- Opt-Out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Access to and Storage of Information on End Devices
Legal Basis
By using this website, information (e.g., IP address, device, browser, and operating system data) may be accessed or stored (e.g., cookies, local storage, session storage) on your end devices. This access or storage may involve further processing of personal data as defined by the GDPR.
In cases where such access to or storage of information is absolutely necessary for the provision of explicitly requested services (hereinafter referred to as "necessary services"), this is carried out on the basis of Section 25 (2) No. 2 TDDDG. In these cases, data processing is performed in accordance with Art. 6 (1) lit. b GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, and otherwise on the basis of Art. 6 (1) lit. f GDPR, whereby we have a legitimate interest in the technically flawless and smooth provision of the basic functions of our services.
In cases where such a process serves other, optional purposes, it is carried out on the basis of Section 25 (1) TDDDG only with your consent in accordance with Art. 6 (1) lit. a GDPR. Your consent can be revoked at any time. The provisions of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.
Use of Cookies and Similar Technologies
Our website uses cookies and similar technologies depending on your decision in the consent banner.
To obtain, manage, and document your consents, as well as to manage any objections to processing based on legitimate interests, we use the Consent Management Platform (CMP) Usercentrics.
We have configured the CMP to participate in the Transparency and Consent Framework (TCF) of IAB Europe (in the version of the TCF we use). The TCF is an industry standard that allows your privacy preferences to be stored in a standardized form as a consent signal (TC String / "Consent String") and – depending on your selection – transmitted to the partners ("Vendors") integrated on our website. The Vendors are registered (if TCF-based) in the IAB Europe Global Vendor List (GVL).
Via the CMP, you can decide for each processing purpose (e.g., storage/retrieval of information on the end device, measurement, personalized advertising) and for each Vendor whether processing may take place based on your consent. If individual Vendors offer processing based on legitimate interests, you can reject these in the CMP interface ("Opt-out"). The current Vendor list, purposes, legal bases used (consent or legitimate interest), and further details are displayed to you in the consent banner or in the privacy settings.
TCF Consent Signal (TC String), Storage and Logging
When you make your selection in the consent banner, a standardized TCF Consent Signal ("TC String") is generated and stored on your end device so that your preferences can be considered on subsequent visits and technically transmitted to integrated Vendors. Storage typically occurs – depending on the browser and implementation – via a cookie (e.g., "euconsent-v2") and/or via web storage entries (e.g., a local storage entry like "IABTCF_TCString"). The preferences remain stored until you adjust them in the consent banner or delete them via your browser/device settings. You can view the storage mechanisms used (e.g., cookie/storage keys) and their durations in the privacy settings (cookie settings).
To document your selection, we also store proof data (e.g., timestamp, banner version, and your selection per purpose/vendor) in a consent log. We store this proof data only for as long as necessary for evidentiary purposes and to defend against or enforce potential claims; particularly relevant are statutory limitation periods and, where applicable, retention obligations. Subsequently, the proof data will be deleted.
Note on responsibility in connection with the TCF
The TC String can – especially when linked with other data (e.g., online identifiers) – constitute a personal characteristic. According to current case law, IAB Europe can be considered a (joint) controller in connection with the creation and use of the TC String (within the framework of the TCF specification). For further processing by individual vendors (e.g., measurement, profiling, delivery of personalized advertising), the respective vendors are responsible under their own data protection law. Please refer to the privacy settings in the consent banner to see which vendors are involved and on what legal basis they process data.
Consideration of Global Privacy Control (GPC)
We respect the "Global Privacy Control" (GPC) signal. If you have activated the GPC function in your browser, our system (Usercentrics in conjunction with Google Tag Manager) automatically interprets this as an objection to the processing of data for marketing and analysis purposes and to the sharing of your data with third parties (opt-out). In this case, no non-essential cookies will be set and no tracking technologies will be activated by default, unless you subsequently give us explicit consent via our consent banner.
General information on the technologies used
Cookies are text files that are stored in your internet browser or by your internet browser on your device. They include a name, a value, the storing domain, and an expiry date. Cookies are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Cookies can also be removed manually. When a user visits a website, a cookie can be stored on the user's operating system. For example, cookies contain a characteristic string of characters that enables unique identification of the browser when the website is revisited and helps us recognize you when you return to our website.
In addition, we use entries in Web Storage (Local Storage or Session Storage). They include a name and a value. Information in Session Storage is deleted after the session, while information in Local Storage has no expiry date and generally remains stored unless a deletion mechanism has been set up (e.g., storing Local Storage with a timestamp). Information in Local and Session Storage can also be removed manually.
We also use pixels. These are tiny graphics loaded by a provider, which enable visitors to be recognized through the automatic transmission of connection data and, for example, to detect the opening of an email or a website visit. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this will severely restrict the display.
Furthermore, we use programming codes such as JavaScript, which can, for example, set cookies and web storage or actively collect information from the device. JavaScript can be blocked by a browser setting, but most services will then no longer function.
With the help of these technologies, so-called "fingerprints" can potentially be created, i.e., usage profiles that can function without the use of cookies or web storage and can recognize visitors.
Most browsers are set by default to accept cookies, the execution of scripts, and the display of graphics. However, you can usually adjust your browser settings to reject all or certain cookies, delete them after the session, or block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services are likely not to function or not to function without disruption.
Essential & Functional
Necessary services are required to provide the absolutely essential functions. This includes, in particular, the delivery of content via Content Delivery Networks (CDN), the integration of form fields, fonts and scripts, the management of integrated content, and the integration of the Consent Management Platform (CMP).
We use Content Delivery Networks (CDN) to integrate content such as videos, images, fonts, and programming scripts on our website. For this purpose, we integrate the following providers:
- Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA;
- Cloudfront from Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg;
- JSDelivr from Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom;
- Webflow from Webflow Inc., 398 11th St. Fl 2, San Francisco, California, 94103, USA.
Furthermore, we use Usercentrics from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany, as our Consent Management Platform (CMP). Usercentrics stores your privacy settings (e.g., in the "euconsent-v2" cookie and/or in web storage) and ensures that your selection for the services integrated on our website is respected. Details on the use of the TCF (TC String, vendor list, purposes, and legal bases) can be found above in the section "Use of cookies and similar technologies" and in the privacy settings in the consent banner.
For embedding forms, we use HubSpot Forms from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
To detect and block traffic and clicks from bots and to ensure secure and uninterrupted website operation, we use the services ClickGuard from ClickGuard Inc., 221 W 9th St, Ste 318, Wilmington, DE 19801, USA, and fraud0 from fraud0 GmbH, Berlin, Germany. Both services are used to detect and prevent click fraud, bot traffic, and other abusive or automated access.
This involves processing technical connection data such as IP address, device and browser information, and usage and session data, in particular, to detect automated access and distinguish it from human use. Cookies or similar technologies may also be used for this purpose.
The legal basis for processing is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. This consists of ensuring the security and stability of our website and protecting against abusive traffic, particularly to prevent (advertising) costs caused by click fraud. Where necessary, cookies or similar technologies are used based on § 25 para. 2 no. 2 TDDDG.
For managing the integrated services, we use Google Tag Manager. For displaying and providing our content, we use Google Fonts and Google APIs. These three services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Should personal data be transferred by the aforementioned providers to their group companies in the USA, Cloudflare Inc., Google LLC, Amazon Web Services Inc., Webflow Inc., and HubSpot Inc. are certified under the EU-US Data Privacy Framework, meaning the transfer of personal data to the USA occurs based on the adequacy decision for the USA pursuant to Art. 45 GDPR. Standard contractual clauses pursuant to Art. 46 para. 2 lit. c GDPR have been concluded with ClickGuard Inc.
Further information can be found in our consent banner, which you can open by clicking the "Privacy Settings" ("Cookie Settings") button in the website footer. There, you can revoke your previously given consent or adjust your preferences at any time.
Statistics & Optimization
Usage analysis services are optional and include analyzing user behavior on our website, recognizing previous visits, and optimizing and improving our website using the statistical reports obtained. This particularly includes common analytics services like Google Analytics or services for A/B testing.
For website analysis, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and HubSpot Analytics from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.
Additionally, for A/B tests and analyses, we use Microsoft Clarity from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.
Should personal data be transferred by the aforementioned providers to their group companies in the USA, Google LLC, HubSpot Inc., and Microsoft Corporation are certified under the EU-US Data Privacy Framework, meaning the transfer of personal data to the USA occurs based on the adequacy decision for the USA pursuant to Art. 45 GDPR.
Further information can be found in our consent banner, which you can open by clicking the "Cookie Settings" button in the website footer.
Webflow Analyze
On our website, we use the analytics service Webflow Analyze from Webflow Inc. to statistically evaluate user behavior on our web pages and optimize user-friendliness. For this purpose, Webflow Analyze processes page views, interactions (e.g., click and scroll behavior), visit duration, technical information about the device and browser used, and approximate geolocation.
For these purposes, Webflow Analyze uses analytics cookies that enable cross-session recognition and pseudonymously record user behavior. These cookies are only set after you have given your consent via our consent management tool.
The legal basis for processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Without your consent, Webflow Analyze will not be activated.
During use, a transfer of personal data to the USA cannot be ruled out. Webflow ensures an adequate level of data protection, particularly through the use of appropriate safeguards (e.g., EU standard contractual clauses).
Further information can be found in the Webflow Privacy Policy.
Marketing & Personalization
Since we use the IAB Transparency and Consent Framework (TCF), your preferences for marketing and personalization services are processed as standardized TCF signals (Purposes and, where applicable, special purposes/features). If the providers listed below are integrated as TCF vendors, your consent or objection to processing based on legitimate interests can be technically standardized and transmitted to these vendors. Details (purposes, legal bases used, vendor list) can be found in the privacy settings of our consent banner.
Services for personalized advertising are optional and include, in addition to usage analysis, the collection of conversions, the creation of user profiles based on interests and clicked content and advertising, the assignment of advertising target groups based on the user profile, remarketing and retargeting, and the display of personalized advertising with external advertising partners.
This includes, for example, social networks like Facebook or search engines like Google.
For these purposes, we use the following services:
- Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
- LinkedIn Insight Tag from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland;
- Meta Pixel from Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland;
- Microsoft Advertising from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.
If you have an account with the respective providers, in addition to your consent, you can also adjust privacy settings for the display of personalized advertising:
- Google: https://adssettings.google.com/notarget;
- LinkedIn: https://www.linkedin.com/psettings/enhanced-advertising;
- Meta: https://www.facebook.com/settings/?tab=ads and https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE;
- Microsoft: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen and https://account.microsoft.com/privacy/ad-settings/signedout.
If personal data is transferred by the aforementioned providers to their group companies in the USA, Google LLC, LinkedIn Corporation, Meta Platforms Inc., and Microsoft Corporation are certified under the EU-US Data Privacy Framework. This means that the transfer of personal data to the USA is carried out based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Further information can be found in our consent banner, which you can open by clicking the "Cookie Settings" button in the website's footer.
Integration of Google Ads with HubSpot
For measuring the success of our advertising campaigns and tracking leads, we use a direct integration between Google Ads and our CRM system HubSpot. Information from Google Ads (e.g., ad clicks, search terms, campaign ID) is automatically linked with user data stored in HubSpot (e.g., completed forms, inquiries). This allows us to understand which Google Ads campaign led a user to our website and whether a conversion (e.g., inquiry or purchase) occurred.
This integration serves to optimize our campaigns, monitor their success, and personalize outreach to potential customers. Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, provided you have agreed via our cookie banner. In all other cases, processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR for the analysis and optimization of our marketing activities.
HubSpot and Google may transfer data to the USA as part of this processing. Both providers are certified under the EU-US Data Privacy Framework. The data transfer therefore takes place in accordance with Art. 45 GDPR based on an adequacy decision.
External Services
External services are optional and serve to extend the functionality of our website. This includes, for example, the integration of videos, login services, or the retrieval of metadata from external content.
We integrate NoEmbed to generate metadata for videos.
We use Google Play for logging user authentication. Furthermore, we embed videos from YouTube to make them directly accessible on our website. YouTube and Google Play are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
As part of the processing by YouTube, data may be transferred from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA occurs based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
Our website uses the Storylane service (https://www.storylane.io) for embedding interactive product demos and presentations. The provider is Storylane, Inc., based in San Francisco, USA.
We have deactivated all tracking functions in Storylane and activated the setting "Disable IP tracking on demos", so that no IP addresses or further personal tracking data are collected when using the embedded demos.
Only minimal technical data necessary for the provision of the content is transferred. No further collection of usage or interaction data takes place.
Data processing is based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR, to enable us to present our products to you in an appealing and functional way.
Further information on Storylane's privacy can be found at:
https://www.storylane.io/privacy-policy
More detailed information can be found in our consent banner, which you can open by clicking the "Cookie Settings" button in the website's footer.
Data Disclosure and Recipients
A transfer of your personal data to third parties by the controller in connection with the use of this website generally only takes place if there is a legal basis under data protection law in the specific case, particularly in the following cases:
- if you have given your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR,
- the disclosure is necessary in accordance with Art. 6 para. 1 lit. f GDPR for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not having your data disclosed,
- in cases where there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 lit. c GDPR, particularly if this is necessary for legal prosecution or enforcement due to binding requirements (e.g., in the context of tax audits by financial authorities), official requests, court orders, and legal proceedings, and
- insofar as this is necessary in accordance with Art. 6 para. 1 lit. b GDPR for the performance of contractual relationships with you or for carrying out pre-contractual measures taken at your request.
Furthermore, your personal data may be processed on our behalf by external service providers (especially the recipients mentioned in this privacy policy) based on data processing agreements in accordance with Art. 28 GDPR. In these cases, we ensure that the processing of personal data complies with the General Data Protection Regulation and strictly follows our instructions. This includes, in particular, data centers, software providers, and IT service providers.
In addition, we may transfer your personal data to other recipients who process your personal data under their own responsibility. These include, for example, payment service providers, tax advisors, and public authorities.
Transfer to a Third Country
We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data there, i.e., countries whose data protection level does not correspond to that of the European Union.
If an adequacy decision by the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on it. This applies, for example, to transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay, or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified under the EU-US Data Privacy Framework.
If no adequacy decision has been issued for the respective country, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding corporate rules (Art. 46 GDPR).
Where this is not possible, we base the data transfer on exceptions under Art. 49 GDPR, in particular your explicit consent or the necessity of the transfer for the performance of a contract or for the implementation of pre-contractual measures.
If a third-country transfer is intended and no adequacy decision or suitable safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence services) may gain access to the transferred data to collect and analyze it, and that the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed about this.
Duration of Storage of Personal Data
Personal data will be deleted or blocked as soon as the purpose for which we collected the data ceases to apply. Furthermore, data may be stored if there is a legal basis for it, for example, if this is necessary for evidentiary purposes for civil law claims arising from the contractual relationship or if it has been provided for by the European or national legislator in Union law regulations, laws, or other provisions to which the controller is subject. The duration of the storage of personal data is determined by the relevant statutory retention obligations, e.g., from commercial law and tax law. After the respective period has expired, the corresponding data will be routinely deleted.
Furthermore, the data will be deleted if you have exercised your right to erasure and the legal requirements for deletion are met.
Your Rights
Below you will find information about the rights of data subjects that you have vis-à-vis the controller regarding the processing of your personal data:
(1) The right, pursuant to Art. 15 GDPR, to obtain information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
(2) The right, pursuant to Art. 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data stored by us or the completion of incomplete personal data stored by us.
(3) The right, pursuant to Art. 17 GDPR, to demand the erasure of your personal data stored by us if the legal requirements are met, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(4) The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the legal requirements are met, if the accuracy of the data is contested by you, the processing is unlawful, but you oppose its erasure and instead request the restriction of its use, we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.
(5) The right, pursuant to Art. 20 GDPR, if the legal requirements are met, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller.
(6) The right, pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority if you consider that the data processing infringes the GDPR. For example, you may contact the supervisory authority of the federal state of our registered office mentioned above, or that of your habitual residence or place of work. The contact details of the supervisory authority responsible for data protection for us are:
The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart
Phone: +49 (0) 711 615 541-0
Fax: +49 (0) 711 615 541-15
Email: poststelle@lfdi.bwl.de
(7) Right to withdraw consent given pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw consent to the processing of data at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Right to Object
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data, on grounds relating to your particular situation.
If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right to object without the need to state a particular situation.
If you wish to exercise your right of withdrawal or objection, simply send an email to privacy@flexopus.com.
Automated Decision-Making
Automated decision-making or profiling pursuant to Art. 22 GDPR is not carried out.
Changes to Our Privacy Policy
We reserve the right to amend or update this Privacy Policy where necessary, in compliance with applicable data protection regulations. This allows us to adapt it to current legal requirements and take into account changes to our services, for example, when introducing new services. The current version applies to your visit.