Privacy Policy

Version 2.0, as of 01.03.2026

Thank you for your interest in our website. Protecting your personal data is important to us. With our privacy policy, we would like to inform you about the nature, scope and purpose of the processing of personal data as part of our flexopus.com landing page, our help page help.flexopus.com and our customer portal portal.flexopus.com (together “website”) as well as about our external websites, such as our other social media channels. Your data is processed in accordance with the legal regulations on data protection. Insofar as links are made to other websites, we have no influence or control over the linked content and the data protection regulations there. We recommend that you review the privacy statements on the linked websites. In this way, you can determine whether and to what extent personal data is collected, processed, used or made available to third parties.

Contact details of the person responsible and the data protection officer

Responsible person within the meaning of the General Data Protection Regulation (GDPR) is:
‍
Flexopus GmbH
Schlosserstraße 2
70180 Stuttgart
germany
Telephone: +49 711 342 085 05
email: privacy@flexopus.com

The responsible body alone or together with others decides on the purposes and means of processing personal data.

PROLIANCE GmbH
Dominik Fünkner
Leopoldstraße 21
80802 Munich
email: datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please mention Flexopus GmbH. Please refrain from adding sensitive information, such as a copy of an ID, to your request-sensitive information.

Data processing as a result of visiting the website

When you visit our website, we may process the following data, depending on the specific use:

• master data (e.g. name),
• account details (e.g. username, password),
• profile data (e.g. profile photo, language, favorites, groups, roles)
• contact details (e.g. email, telephone number, address),
• content data (such as text inputs),
• usage data (e.g. websites visited, access times),
• payment data (e.g. invoices, payment method, billing address),
• contract data (e.g. subscriptions completed),
• Device-side and server-side data (e.g. device information, IP addresses).

Detailed information on the individual processing purposes and the legal basis for processing can be found below in this privacy policy.

TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as a site operator, our website uses TLS encryption. This means that data that you submit via this website cannot be read by third parties during transport. You can recognize an encrypted connection by the “https://” address line of your browser and by the lock icon in the browser line.

Establishment of connections and server log files

Each time the website is accessed, the server automatically processes data and information from the calling device and temporarily stores them in log files. This includes information from the so-called HTTP header, in particular the user agent. The following data is processed here:

• address of the page visited or name and path of the requested file,
• method, date and time of the server request,
• information about the web browser and operating system used,
• any previously accessed page/file (referrer URL),
• host name of the accessing device,
• version of the transfer protocol, amount of data transferred, message about successful retrieval (HTTP status code),
• request information such as language, content type, content encoding, character sets,
• cookies stored on the device for the accessed domain,
• IP address.

The temporary processing of this data by the system is necessary to enable the website to be delivered to the user's device. For reasons of ensuring functionality, stability and technical security, in particular to prevent attempts to attack our web server, we store this data for a short time. In server log files, the website provider automatically collects and stores this information, which your browser automatically transmits to us. After 30 days at the latest, the data is anonymized by shortening the IP address at domain level so that it is no longer possible to establish a connection to the individual user. There is no merging of this data with other data sources.

The basis for data processing is Art. 6 para. 1 lit. b DSGVO, which permits the processing of data to fulfill a contract or pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR, where our legitimate interest is to ensure the functionality, stability and security of the website.

contacting

Data processing when you contact us

If you contact us via contact form, e-mail or via our social media channels (e.g. contributions, comments or private messages), your information and communication content from the enquiry form, your e-mail or direct message, including the contact details you provided there, will be used to process your request. It is necessary to provide the data to process and answer your request - without providing it, we cannot answer your request or can only answer it to a limited extent. The information can be stored in our customer relationship management system (CRM) HubSpot. When you contact us via our social media channels, we would like to point out that the respective social media provider also processes your information as part of its function as a telecommunications and platform service provider (see “Online Presences on Social Networks” section). In this case, the terms and conditions, data protection notices and data processing guidelines of the respective social media platform operator therefore also apply.

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f DSGVO and, where applicable, Art. 6 para. 1 lit. b GDPR, if your request is aimed at concluding a contract or we have an existing contractual relationship with you and the request serves to fulfill this contract. Your data will be deleted provided that your request has been finally answered and the deletion does not conflict with any legal storage obligations, such as in the event of any subsequent contract processing. In the case of Article 6 (1) (f) GDPR, you can object to the processing of your personal data at any time with effect for the future.

Using HubSpot

When using the contact form, the data you provide will be processed by our service provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that covers various aspects of our customer relationship management and online marketing. These include: email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms. Where necessary, we obtain your consent for data processing via HubSpot.

As a matter of principle, your data is only stored in the European Union due to our selection of the data storage location. Nevertheless, it is not ruled out that data from HubSpot Ireland Limited may be transmitted to HubSpot Inc. in the USA as part of processing by HubSpot. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

There is also a link to Google Ads to track campaign results (see “Linking Google Ads to HubSpot” section).

You can find more information in the HubSpot's Privacy Policy.

Using Cloudflare

Device and usage data is also collected when the contact form is accessed. This processed personal data is used to prevent misuse of the contact form and to ensure the security of our information technology systems. For this purpose, HubSpot uses Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. This checks whether the call actually comes from a person and prevents abusive activity, such as by bots. To this end, Cloudflare particularly analyses the technical specifications of the device. Cloudflare also stores information on your device (in particular the cookies “__cfuvid” (session) and “__cf_bm” (30 minutes)).

The legal basis for using Cloudflare is the need to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b DSGVO when contacting us and otherwise our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure the security and protection against misuse of the contact form. As part of processing by Cloudflare, data may be transmitted to the USA. Cloudflare Inc. is certified according to the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

For more information, see Cloudflare's privacy policy.

applications

JOIN application form

An application form is available on our website, which can be used for electronic applications. For this purpose, we use the JOIN Applicant Management Tool from JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany.

If an applicant makes use of this option, the data entered in the input mask will be sent to us and stored. The data will only be used to process your application for the possible establishment of an employment relationship in accordance with Art. 6 para. 1 lit. b GDPR. This data is:

• email address,
• first name,
• name,
• curriculum vitae,
• Optional: cover letter, work references or other files.

Alternatively, you can send us your application via email. In this case, we collect your email address and the data you provide and send in the email.

Using Google reCAPTCHA

Device and usage data are also collected when the application form is accessed and during the submission process. This processed personal data is used to prevent misuse of the application form and to ensure the security of our information technology systems. For this purpose, JOIN uses Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. This checks whether the entries made actually come from a person and prevents abusive activity, such as by bots. For this purpose, Google reCAPTCHA analyses the input behavior and technical specifications of the device. In addition, Google reCAPTCHA uses JavaScript and stores information on your device (in particular the “rc: :a” and “rc: :c” elements in web storage).

The legal basis for using reCAPTCHA is the need to carry out pre-contractual measures in accordance with Art. 6 para. 1 lit. b DSGVO as part of the application and otherwise our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR to ensure the security and protection against misuse of the application form. As part of processing by Google reCAPTCHA, data may be transmitted from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Article 45 GDPR.

Storage period

After completion of the application process, the data will be stored for up to four months. Your data will be deleted after four months at the latest if we have rejected your application. In the event of a legal obligation, the data will be stored within the framework of the applicable regulations. More information about data processing by JOIN can be found in the JOIN privacy policy.

Registration and use of the customer portal

At portal.flexopus.com, we offer you the opportunity to register for our customer portal in order to manage your subscriptions with us and use a time-limited test environment.

As part of registration and personal profile management, we may process the following data in particular:

• name;
• email address;
• telephone number;
• position;
• language;
• profile photo;
• password;
• Information about two-factor authentication.

As part of managing the company profile, the following data in particular may be processed:

• company name;
• General company information
• website address;
• registration number;
• company headquarters;
• billing account (name, country, zip code, city, street, tax number);
• Payment method (such as SEPA or credit card).

As part of managing subscriptions and instances, the following data in particular may be processed:

• type of subscription;
• additional services booked;
• Number of resources booked/used
• payment address;
• payment method;
• invoices;
• contact persons;
• Hosting settings.

Mandatory information required for registration and continued use of the portal is marked with an asterisk (*). Other details are optional.

In addition to registering via an email address, you also have the optional and voluntary option of logging in with your Google or Microsoft account (SSO). In this case, you will be redirected to the provider's login screen. If you log in successfully, your account details (such as email address, name and profile picture) will then be shared with us and used to create your profile. The providers receive the information that you have accessed SSO from our site. The provider of the SSO functionality is Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland or Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland. Should personal data be transferred by the named providers to their group companies in the USA, Google LLC or Microsoft Corporation are certified according to the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

In particular, the following information is stored and accessed on the device to provide the portal:

• “XSRF TOKEN” (1 hour): defense against XSRF attacks;
• “flexopus_portal_session” (1 hour): maintaining the session;
• “flexopus-portal.sidebarShrink”: menu setting;
• “dismissedMessages”: notification setting,
• “flexopus-portal.tenant.create.form”: setting for the instances
• “InertiaLocationVisit” (session): Call a payment method.

If you choose a credit card as your payment method, we use the payment service provider Mollie B.V., Keizersgracht 126, 1015 CW Amsterdam, the Netherlands. This takes care of payment processing for us and processes credit card information such as card holder, card number, expiration date and CVV as well as the usual connection data, including the IP address, when the payment page is accessed. After Mollie has checked the information, we receive a message as to whether the payment was successful (including the payment amount) or for what reason it did not work.

For your security, the sessions you have started are documented and can be terminated by you at any time. Your personal account, company profile and subscriptions can be deleted at any time by pressing the appropriate button in the settings.

The legal basis for data processing in the portal is Art. 6 para. 1 lit. b DSGVO, insofar as data processing is carried out to fulfill the contract or to carry out pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR, where our legitimate interest lies in providing users with a portal for setting up and managing profile and company data as well as subscriptions.

newsletters

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we need your e-mail address as a mandatory information. We use the so-called double opt-in procedure to send the newsletter. This means that we will only send you our newsletter by email once you have expressly confirmed to us that you agree to receive our newsletter. In return, you will receive an e-mail with a link which you can use to confirm that you, as the owner of the corresponding e-mail address, would like to receive newsletters in the future. By confirming, you give us your consent in accordance with Article 6 (1) (a) GDPR that we may use your personal data for the purpose of sending you the desired newsletter.

When you register for the newsletter, we save, in addition to the e-mail address required for sending, the IP address through which you signed up for the newsletter, as well as the date and time of your subscription and confirmation for the newsletter. In this way, we can prove your registration and consent and understand possible misuse at a later stage.

To provide the newsletter, we use the services of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. As a matter of principle, your data is only stored in the European Union due to our selection of the data storage location. Nevertheless, it is not ruled out that data from HubSpot Ireland Limited may be transmitted to HubSpot Inc. in the USA as part of processing by HubSpot. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. You can find more information in the HubSpot's Privacy Policy.

In addition, we carry out newsletter tracking in order to statistically evaluate the use of the newsletters and to better understand what our customers and prospects are actually interested in. This serves to make the content more relevant. For this purpose, we use standard market technologies in our newsletters that can be used to measure interactions with the newsletters (e.g. opening the email, links clicked on). This is done on the one hand with the help of small graphics (pixels) embedded in the newsletters, which establish a connection to our email delivery provider, and on the other hand through links that first register the click and then redirect it to the desired target page.

You can unsubscribe from the newsletter at any time via the link included in each newsletter or by e-mail. The legality of the data processing operations that have already taken place remains unaffected by the revocation. After unsubscribing, your email address will be immediately deleted from our newsletter mailing list, unless you have expressly consented to continued use of the collected data or continued processing is otherwise permitted by law.

Online presences in social networks

We maintain online presences on social networks in order, among other things, to communicate with customers and interested parties and to provide information about our products and services.

Processing for advertising purposes by social network providers

User data is usually processed by the relevant social networks for market research and advertising purposes. In this way, user profiles can be created based on the interests of the users. For this purpose, cookies and other identifiers are stored on the end devices of the persons concerned. Based on these user profiles, advertisements are then placed, for example, within social networks but also on third-party websites.

For the legal basis for data processing carried out by social networks on their own responsibility, please refer to the privacy policies of the respective social network. You can also find further information on the respective data processing and the options for objection under the links below.

Processing for statistical purposes

As part of operating our online presences, we may be able to access information, such as statistics on the use of our online presences, which are provided by social networks. These statistics are aggregated and may include in particular demographic information (e.g. age, gender, region, country) as well as data on interaction with our online presences (e.g. likes, subscription, sharing, viewing of images and videos) and the contributions and content disseminated about them. These can also provide information about the interests of users and which content and topics are particularly relevant to them. We can also use this information to adapt the design and our activities and content on the online presence and to optimize them for our audience. For details and links to the social network data that we as operators of the online presences can access, please refer to the list below. The collection and use of these statistics is generally a joint responsibility. To the extent applicable, the relevant contract is set out below.

The legal basis for data processing is Art. 6 para. 1 lit. f DSGVO, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to remain in contact with our customers and to inform them and to carry out pre-contractual measures with interested parties. Insofar as consent has been obtained, the legal basis is Art. 6 para. 1 lit. a GDPR.

Processing for lead generation and qualification (lead forms on Google, LinkedIn and Meta)

As part of our online advertising, we use so-called lead forms on various platforms, including Google Ads lead form extensions, LinkedIn lead gen forms and meta lead ads (e.g. via Facebook or Instagram). These forms enable interested persons to contact us quickly and easily or request information about our products and services.

If you fill out such a lead form on one of the platforms mentioned, the data entered there (e.g. name, email address, job title, company) will first be processed by the respective platform provider:

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
• LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
• Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland

The respective purpose of the data collection and the information contained is set out in the specific form and will be clearly presented to you before sending it.

Data sharing and lead sync with HubSpot

The lead data collected via the Google and LinkedIn platforms is automatically transferred to our CRM system HubSpot using the native lead synchronization function (“Lead Syncing”) (provider: HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). Meta lead ads (Facebook/Instagram) may be transferred to HubSpot via interfaces or manually.

The submitted data is processed exclusively to process your request, to contact you and to qualify as part of our sales process. HubSpot acts as a contract processor in accordance with Art. 28 GDPR. The data is generally stored in data centers within the European Union. A transfer to the USA cannot be ruled out in individual cases. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which allows the transfer of personal data to the USA in accordance with Art. 45 GDPR.

Legal basis for processing

Your data is processed in accordance with Article 6 (1) (b) GDPR, provided that it serves to carry out pre-contractual measures (e.g. request via the form). If consent to advertising is given as part of the form, Art. 6 para. 1 lit. a GDPR is decisive.

In all other cases, processing is based on our legitimate interest in effective and targeted acquisition of new customers in accordance with Art. 6 para. 1 lit. f GDPR.

Further information on data protection can be found here:

• Google: https://policies.google.com/privacy
• LinkedIn: https://www.linkedin.com/legal/privacy-policy
• Meta: https://www.facebook.com/privacy/policy/
• HubSpot: https://legal.hubspot.com/privacy-policy

If you do not want to submit your request via a lead form, you can alternatively contact us directly at any time via email: mail@flexopus.com

Access to publicly available information

If you have an account with the social network, it is possible that we can see your publicly available information (e.g. your username) and media (e.g. pictures and videos) when we access your profile. In addition, the social network may allow us to get in touch with you. This can be done, for example, via direct messages or via posted contributions. Content communication via the social network and the processing of content data is the responsibility of the social network as a messenger and platform service. For this processing, we refer to the privacy policy of the respective social network.

Processing publicly available information

As soon as we transfer or further process your personal data into our own systems, we are independently responsible for this. Processing is then carried out to carry out pre-contractual measures and to fulfill a contract in accordance with Art. 6 para. 1 lit. b DSGVO or to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR in order to get in touch with customers.

Data protection rights

We would like to point out that data protection inquiries can be made most efficiently with the respective social network provider, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your concerns. In this case, we will process your request and forward it to the social network provider.

Online presences used

The following is a list of information about the social networks on which we operate online presences:

• Facebook (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
  
  • Joint Responsibility Treaty: https://www.facebook.com/legal/terms/page_controller_addendum;
  • Information on data processing and contact options: https://www.facebook.com/legal/terms/information_about_page_insights_data;
  • Privacy statement: https://www.facebook.com/privacy/policy/;
  • Opt-out: https://www.facebook.com/settings?tab=ads.
• Instagram (Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland)
  
  • Joint Responsibility Treaty: https://www.facebook.com/legal/terms/page_controller_addendum;
  • Information on data processing and contact options: https://www.facebook.com/legal/terms/information_about_page_insights_data;
  • Privacy statement: https://privacycenter.instagram.com/policy/;
  • Opt-out (explanation): https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE.
• YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
  
  • Privacy statement: https://policies.google.com/privacy;
  • Opt-out: https://www.google.com/settings/ads.
• LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
• Joint Responsibility Treaty: https://legal.linkedin.com/pages-joint-controller-addendum;
• Information on data processing and contact options: https://legal.linkedin.com/pages-joint-controller-addendum;
• Privacy statement: https://www.linkedin.com/legal/privacy-policy;
• Opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Access to and storage of information in terminals

legal basis

By using this website, information (e.g. IP address, device, browser and operating system data) or information (e.g. cookies, local storage, session storage) can be accessed on your terminal equipment. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary to provide the expressly requested services (hereinafter “necessary services”), this is done on the basis of Section 25 (2) No. 2 TDDDG. In these cases, data processing is carried out in accordance with Art. 6 para. 1 lit. b DSGVO, insofar as processing is necessary to fulfill a contract or to carry out pre-contractual measures, and otherwise on the basis of Art. 6 para. 1 lit. f GDPR, where we have a legitimate interest in providing the basic functions of our services without technical errors and without problems.

In cases where such a process serves other, optional purposes, it is carried out on the basis of Section 25 (1) TDDDG only with your consent in accordance with Article 6 (1) lit. a GDPR. Your consent can be withdrawn at any time. The requirements of the GDPR and the Federal Data Protection Act (BDSG) apply to the processing of your personal data.

Use of cookies and similar technologies

Depending on your decision in the consent banner, our website uses cookies and similar technologies.

We use the Usercentrics Consent Management Platform (CMP) to obtain, manage and document your consents and to manage any objections to processing based on legitimate interests.

We have configured the CMP to participate in IAB Europe's Transparency and Consent Framework (TCF) (in the version of TCF we use). The TCF is an industry standard that makes it possible to store your data protection preferences in a standardized way in the form of a consent signal (TC string/“consent string”) and — depending on your selection — to the partners (“vendors”) integrated on our website. Vendors are registered in the IAB Europe Global Vendor List (GVL) (insofar as TCF-based).

With the CMP, you can decide for each processing purpose (e.g. storage/retrieval of information on the device, measurement, personalized advertising) and per vendor whether processing may take place based on your consent. Insofar as individual vendors offer processing based on legitimate interests, you can reject this in the CMP interface (“opt-out”). The current vendor list, purposes, legal bases used (consent or legitimate interest) and further details will be shown to you in the consent banner or in the privacy settings.

TCF consent signal (TC string), storage and logging

When you make your selection in the consent banner, a standardized TCF consent signal (“TC string”) is generated and stored on your device so that your preferences can be taken into account during subsequent visits and technically transmitted to integrated vendors. Depending on browser and implementation, storage is typically done via a cookie (e.g. “euconsent-v2”) and/or via web storage entries (e.g. a local storage entry such as “iabtcf_tcstring”). The preferences are saved until you adjust them in the consent banner or delete them via your browser/device settings. The storage mechanisms used in each case (e.g. cookie/storage keys) and their runtimes can be viewed in the privacy settings (cookie settings).

To document your selection, we also store supporting data (e.g. time stamp, banner version and your selection per purpose/vendor) in a consent log. We only store this documentary data for as long as is necessary to establish evidence and to defend or enforce potential claims; in particular, statutory limitation and, where applicable, storage obligations are decisive. The verification data is then deleted.

Note on responsibility in connection with the TCF

The TC string — especially when linked to other data (such as online identifiers) — can represent a personal characteristic. According to current case law, IAB Europe can be regarded as (co-) responsible for the creation and use of the TC string (within the framework of the TCF specification). The respective vendors are responsible for further processing by individual vendors (e.g. measurement, profiling, display of personalized advertising) under their own data protection responsibility. Please see the privacy settings in the consent banner to see which vendors are involved and on which legal basis they process.

Cookies are text files that are stored in the Internet browser or by the Internet browser on your device. They include a name, a value, the storage domain, and an expiration date. Cookies are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Cookies can also be removed manually. When a user calls up a website, a cookie can be stored on the user's operating system. For example, cookies contain a characteristic string of characters that enables the browser to be uniquely identified when you visit the website again and helps us recognize you when you return to our website.

We also use entries in web storage (local storage or session storage). They include a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiration date and is generally stored unless a deletion mechanism has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be removed manually.

We also use pixels. They are tiny graphics loaded by a provider, which make it possible to recognize visitors through the automatic transmission of connection data and to determine, for example, when an e-mail has been opened or a visit to a website. The use of pixels can be prevented, for example, by blocking images, for example in emails, but the display is then severely restricted.

In addition, we use programming codes such as JavaScript, which, for example, set cookies and web storage or can actively collect information from the device. A setting in the browser can block JavaScript, but most services will then no longer work.

With the help of these technologies, so-called “fingerprints” can be created, i.e. user profiles that work even without the use of cookies or web storage and can recognize visitors.

By default, most browsers are set to accept cookies, the execution of scripts, and the display of graphics. However, you can usually adjust your browser settings to reject all or specific cookies, delete them after the session, or block scripts and graphics. If you completely block the storage of cookies, the display of graphics, and the execution of scripts, our services will probably not work or will not work without interruption.

Essential & functional

Necessary services are required to provide the essential features. This includes in particular the delivery of content via content delivery networks (CDN), the integration of form fields, fonts and scripts, the management of integrated content and the integration of the Consent Management Platform (CMP).

We use content delivery networks (CDN) to include content such as videos, images, fonts, and programming scripts on our website. For this purpose, we integrate the following providers:

• Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA;
• Amazon Web Services EMEA SARL Cloudfront, 38 Avnue John F. Kennedy, L-1855, Luxembourg;
• jsDelivr from Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom;
• Webflow from Webflow Inc., 398 11th St. Fl 2, San Francisco, California, 94103, USA.

We also use Usercentrics from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany as a consent management platform (CMP). Usercentrics stores your privacy settings (e.g. in the “euconsent-v2” cookie and/or in web storage) and ensures that your choices for the services included on our website are taken into account. Details on the use of TCF (TC string, vendor list, purposes and legal bases) can be found above in the “Use of Cookies and Similar Technologies” section and in the privacy settings in the consent banner.

To integrate forms, we use HubSpot Forms from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

To recognize and block traffic and clicks by bots and to ensure secure and trouble-free operation of the website, we use the ClickGuard services provided by ClickGuard Inc., 221 W 9th St, Ste 318, Wilmington, DE 19801, USA and fraud0 from fraud0 GmbH, Berlin, Germany. Both services are used to detect and prevent click fraud, bot traffic and other abusive or automated access.

In particular, technical connection data such as IP address, device and browser information as well as usage and session data are processed in order to recognize automated access and distinguish it from human use. Cookies or comparable technologies may also be used for this purpose.

The legal basis for processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. This consists of ensuring the security and stability of our website and protecting against abusive traffic, in particular to avoid (advertising) costs caused by click fraud. Where necessary, cookies or comparable technologies are used on the basis of Section 25 (2) (2) TDDDG.

We use Google Tag Manager to manage the integrated services. We use Google Fonts and Google APIs to display and deliver our content. These three services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Should personal data be transferred by the named providers to their group companies in the USA, Cloudflare Inc., Google LLC, Amazon Web Services Inc., Webflow Inc. or HubSpot Inc. are certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Article 45 GDPR. Standard contractual clauses have been concluded with ClickGuard Inc., in accordance with Art. 46 para. 2 lit. c GDPR.

You can find more information in our consent banner, which you can open by clicking on the “Privacy Settings” button (“Cookie Settings”) in the footer of the website. There, you can withdraw your consent at any time or adjust your preferences.

Statistics & optimization

Usage analysis services are optional and include analyzing usage behavior on our website, recognizing previous visits, and optimizing and improving our website using the statistical reports obtained. In particular, this includes standard analysis services such as Google Analytics or services for A/B testing.

For analysis on the website, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and HubSpot Analytics from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

We also use Microsoft Clarity from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland for A/B testing and analysis.

Should personal data be transferred by the named providers to their group companies in the USA, Google LLC, HubSpot Inc. or Microsoft Corporation are certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

You can find more information in our consent banner, which you can open by clicking on the “Cookie settings” button in the footer of the website.

Webflow Analyze

We use the Webflow Analyze analysis service from Webflow Inc. on our website to statistically evaluate usage behavior on our websites and optimize usability. In particular, Webflow Analyze processes page views, interactions (e.g. click and scroll behavior), length of visit, technical information about the device and browser used, and approximate geolocation.

For these purposes, Webflow Analyze uses analysis cookies, which enable cross-session recognition and record usage behavior in pseudonymized form. These cookies are only set after you have given your consent via our consent management tool.

The legal basis for processing is your consent in accordance with Article 6 (1) (a) GDPR. Webflow Analyze will not be activated without your consent.

In the context of use, the transfer of personal data to the USA cannot be ruled out. Webflow ensures an appropriate level of data protection, in particular through the use of appropriate guarantees (e.g. EU standard contractual clauses).

For more information, see the Webflow privacy policy.

Marketing & personalization

Since we use the IAB Transparency and Consent Framework (TCF), your preferences for marketing and personalization services are processed as standardized TCF signals (purposes and, if applicable, special purposes/features). Insofar as the providers mentioned below are integrated as TCF vendors, your consent or objection to processing may be transmitted to these vendors in a technically standardized manner on the basis of legitimate interests. The details (purposes, legal bases used, vendor list) can be found in the privacy settings of our consent banner.

Services for personalized advertising are optional and include, in addition to usage analysis, recording conversions, creating user profiles about interests and clicked content and advertising, assigning advertising target groups based on the user profile, remarketing and retargeting, and playing out personalized advertising with external advertising partners.

These include, for example, social networks such as Facebook or search engines such as Google.

For these purposes, we use the following services:

• Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
• LinkedIn Insight Day from LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland;
• Meta Pixel from Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland;
• Microsoft Advertising from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.

If you have an account with the providers concerned, in addition to your consent, you can also make privacy settings to display personalized advertising:

• Google: https://adssettings.google.com/notarget;
• LinkedIn: https://www.linkedin.com/psettings/enhanced-advertising;
• Meta: https://www.facebook.com/settings/?tab=ads and https://de-de.facebook.com/help/instagram/2885653514995517?locale=de_DE;
• Microsoft: https://about.ads.microsoft.com/de-de/ressourcen/richtlinien/personalisierte-anzeigen and https://account.microsoft.com/privacy/ad-settings/signedout.

Should personal data be transferred by the named providers to their group companies in the USA, Google LLC, LinkedIn Corporation, Meta Platforms Inc. or Microsoft Corporation are certified in accordance with the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Article 45 GDPR.

You can find more information in our consent banner, which you can open by clicking on the “Cookie settings” button in the footer of the website.

Linking Google Ads to HubSpot

To measure the success of our advertising efforts and to track leads, we use direct integration between Google Ads and our CRM system HubSpot. This automatically links information from Google Ads (e.g. clicks on ads, search terms, campaign ID) with user data stored in HubSpot (e.g. completed forms, inquiries). In this way, we can understand which Google Ads campaign brought a user to our website and whether there was a conversion (e.g. request or purchase).

This link is used to optimize our campaigns, to monitor success and to address potential customers in a personalized way. Processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as you have given your consent via our cookie banner. In all other cases, processing is based on our legitimate interest in analysing and optimising our marketing measures in accordance with Article 6 (1) (f) GDPR.

HubSpot and Google may transfer data to the USA as part of this processing. Both providers are certified according to the EU-US Data Privacy Framework. The transfer of data is therefore carried out in accordance with Article 45 GDPR on the basis of an adequacy decision.

external services

External services are optional and serve to extend the functionality of our website. This includes, for example, the integration of videos, login services or the retrieval of metadata from external content.

We integrate NoEmbed to generate metadata for videos.

We use Google Play to log user authentication. In addition, we include videos from YouTube to make them directly available on our website. YouTube and Google Play are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

As part of processing by YouTube, data may be transmitted from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.

Our website uses the Storylane service (https://www.storylane.io) to embed interactive product demos and presentations. The provider is Storylane, Inc., based in San Francisco, USA.

We have disabled all tracking features on Storylane and activated the “Disable IP tracking on demos” setting so that no IP addresses or other personal tracking data are collected when using the embedded demos.

Only minimal technical data is transmitted, which is necessary to provide the content. There is no further collection of usage or interaction data.

Data processing is carried out on the basis of our legitimate interest in accordance with Article 6 (1) (f) GDPR in order to provide you with an appealing and functional presentation of our products.

For more information about Storylane's privacy policy, please visit:

https://www.storylane.io/privacy-policy

You can find more information in our consent banner, which you can open by clicking on the “Cookie settings” button in the footer of the website.

Data transfer and recipients

As part of the use of this website, the person responsible will only transfer your personal data to third parties if there is a legal basis for this under data protection law in a specific case, in particular in the following cases:

• if you have given your express consent in accordance with Article 6 (1) (a) GDPR,
• the transfer in accordance with Article 6 (1) (f) GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation to transfer data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for prosecution or enforcement due to binding requirements (e.g. as part of tax audit by tax authorities), official inquiries, court orders and legal proceedings, and
• insofar as this is necessary in accordance with Article 6 (1) (b) GDPR to process contractual relationships with you or to carry out pre-contractual measures taken at your request.

Your personal data may also be processed on our behalf by external service providers (in particular the recipients named in this privacy policy) on the basis of order processing contracts in accordance with Article 28 GDPR. In these cases, we ensure that personal data is processed in accordance with the General Data Protection Regulation and strictly in accordance with our instructions. In particular, this includes data centers, software providers and IT service providers.

In addition, we may transfer your personal data to other recipients who process your personal data on their own responsibility. These include payment service providers, tax advisors and public authorities.

Transfer to a third country

We may use services whose providers are located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data to them, i.e. countries whose level of data protection does not correspond to that of the European Union.

If there is an adequacy decision by the European Commission (Art. 45 GDPR) for these countries, we base the transfer of data on this. This includes transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified himself for the EU-US Data Privacy Framework.

Unless an adequacy decision has been issued for the relevant country, we have taken appropriate precautions to ensure an appropriate level of data protection for any data transfers. These include the European Union's standard contractual clauses or binding internal data protection regulations (Art. 46 GDPR).

Where this is not possible, we base the transfer of data on exceptions under Article 49 GDPR, in particular your express consent or the need for transmission to fulfill the contract or to carry out pre-contractual measures.

If a transfer to a third country is envisaged and there is no adequacy decision or appropriate guarantees, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) can gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. If you obtain your express consent, you will also be informed of this.

Duration of storage of personal data

The personal data will be deleted or blocked as soon as the purpose of storage for which we collected the data no longer applies. Storage may also take place insofar as there is a legal basis for this, for example if this is necessary for evidentiary purposes for civil claims arising from the contractual relationship or has been provided for by the European or national legislator in EU regulations, laws or other regulations to which the person responsible is subject. The duration of storage of personal data is based on the relevant legal storage obligations, e.g. from commercial law and tax law. After the respective period has elapsed, the corresponding data is routinely deleted.

In addition, the data will be deleted if you have exercised your right to deletion and the legal requirements for deletion are met.

Your rights

The following is a list of information about the rights of data subjects that you have vis-à-vis the person responsible with regard to the processing of your personal data:

(1) The right to request information about your personal data processed by us in accordance with Article 15 GDPR. In particular, you can provide information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of correction, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of their data, unless they have been collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about their details, request.

(2) The right, in accordance with Article 16 GDPR, to immediately request the correction of incorrect or completed personal data stored by us.

(3) The right, in accordance with Article 17 GDPR, to request the deletion of your personal data stored by us if the legal requirements are met, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

(4) The right, in accordance with Article 18 GDPR, to request the restriction of the processing of your personal data if the legal requirements are met, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and instead request the restriction of use, we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to processing in accordance with Article 21 GDPR.

(5) The right, in accordance with Article 20 GDPR, if the legal requirements are met, to receive your personal data, which you have provided to us, in a structured, common and machine-readable format or to request transmission to another person responsible.

(6) The right to complain to a supervisory authority in accordance with Article 77 GDPR if you believe that data processing violates the GDPR. For example, you can contact the supervisory authority of the federal state of our registered office specified above or that of your usual place of residence or place of work. The contact details of the supervisory authority responsible for us for data protection are:
‍
The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstrasse 20
70173 Stuttgart
Telephone: +49 (0) 711 615 541-0
Fax: +49 (0) 711 615 541-15
email: poststelle@lfdi.bwl.de

(7) Right to withdraw consent given in accordance with Article 7 (3) GDPR: You have the right to withdraw consent given to the processing of data at any time with effect for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the withdrawal.

Right to object

If your personal data is processed by us on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right to object to the processing of your personal data in accordance with Article 21 GDPR, insofar as this is due to reasons arising from your particular situation.

Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the need to state a particular situation.

If you would like to exercise your right of revocation or objection, simply send an e-mail to privacy@flexopus.com.

Automated decision making

Automated decision-making or profiling in accordance with Article 22 GDPR does not take place.

Changes to our privacy policy

We reserve the right to adapt or update this privacy policy as necessary, in compliance with applicable data protection regulations. In this way, we can adapt them to current legal requirements and take into account changes to our services, e.g. when introducing new services. The latest version applies to your visit.