Privacy Policy

Version 2.0, as of May 1, 2025

Thank you for your interest in our website. The protection of your personal data is important to us. With our privacy policy, we would like to inform you about the type, scope and purpose of the processing of personal data within the framework of our landing page flexopus.com, our help page help.flexopus.com and our customer portal portal.flexopus.com (collectively "Website") as well as via our external internet presences such as e.g. our other social media channels to clarify. Your data will be processed in accordance with the legal regulations on data protection. Where links are provided to other websites, we have neither influence nor control over the linked content and the data protection regulations there. We recommend checking the privacy policies on the linked websites. This way you can determine whether and to what extent personal data is collected, processed, used or made accessible to third parties.

Contact details of the controller and the data protection officer

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

Flexopus GmbH
Schlosserstr. 2
70180 Stuttgart
Germany
Phone: +49 711 342 085 05
E-mail: privacy@flexopus.com

The responsible body decides alone or jointly with others on the purposes and means of processing personal data.

PROLIANCE GmbH
Dominik Fünkner
Leopoldstr. 21
80802 Munich
E-mail: datenschutzbeauftragter@datenschutzexperte.de

When contacting the data protection officer, please mention Flexopus GmbH. Please refrain from including sensitive information in your request, such as... Please attach a copy of your identification document.

Data processing through visiting the website

When you visit our website, we may process the following data, depending on your specific use:

  • Master data (e.g. Name),
  • Account details (e.g. Username, password),
  • Profile data (e.g. Profile picture, language, favorites, groups, roles),
  • Contact details (e.g. email, telephone number, address),
  • Content data (e.g. Text inputs),
  • Usage data (e.g. visited websites, access times),
  • Payment details (e.g. Invoices, payment method, billing address),
  • Contract data (e.g. completed subscriptions),
  • Device-side and server-side data (e.g. Device information, IP addresses).

Detailed information on the individual processing purposes and the legal bases for processing can be found below in this privacy policy.

TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses TLS encryption. This means that data you submit via this website cannot be read by third parties during transmission. You can recognize an encrypted connection by the “https://” in your browser's address bar and the padlock icon in the browser bar.

Connection setup and server log files

Each time the website is accessed, the server automatically processes data and information from the accessing device and temporarily stores this data in log files. This includes information from the so-called HTTP header, in particular the user agent. The following data is processed:

  • Address of the visited page or name and path of the requested file,
  • Method, date and time of the server request,
  • Information about the web browser and operating system used,
  • possibly previously accessed page/file (referrer URL),
  • Hostname of the accessing device,
  • Version of the transmission protocol, amount of data transferred, message about successful retrieval (HTTP status code),
  • Request information such as language, content type, content encoding, character sets,
  • Cookies of the accessed domain stored on the device,
  • IP address.

The temporary processing of this data by the system is necessary to enable the provision of the website to the user's terminal device. For reasons of ensuring functionality, stability and technical security, in particular to defend against attacks on our web server, we temporarily store this data. The website provider automatically collects and stores this information, which your browser automatically transmits to us, in server log files. After a maximum of 30 days, the data is anonymized by shortening the IP address to the domain level, so that it is no longer possible to establish a connection to the individual user. This data is not merged with other data sources.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in ensuring the functionality, stability and security of the website.

Contact

Data processing when contacting us

If you contact us via contact form, email or our social media channels (e.g. When you contact us (via posts, comments or private messages), your information and communication content from the inquiry form, your email or direct message, including the contact details you provide there, will be used to process your request. Providing this data is necessary for processing and responding to your request - without it we cannot answer your request or can only do so to a limited extent. The information can be stored in our Customer Relationship Management (CRM) system HubSpot. When contacting us via our social media channels, please note that the respective social media provider also processes your information as part of its function as a telecommunications and platform service provider (see section "Online presence on social networks"). Therefore, the terms and conditions, privacy notices and data processing guidelines of the respective social media platform operator also apply in this case.

The legal basis for processing the data is our legitimate interest in responding to your request in accordance with Art. 6 para. 1 lit. f GDPR and, where applicable, Art. 6 para. 1 lit. b GDPR, if your request aims at concluding a contract or we have an existing contractual relationship with you and the request serves the purpose of fulfilling this contract. Your data will be deleted once your request has been fully answered and there are no legal retention obligations preventing deletion, such as in the case of any subsequent contract processing. In the case of Article 6(1)(a), you may You have the right to object to the processing of your personal data at any time with effect for the future in accordance with the GDPR.

Using HubSpot

When using the contact form, the data you submit will be processed by our service provider HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland. HubSpot is an integrated software solution that allows us to cover various aspects of our customer relationship management and online marketing. & These include: email marketing, social media publishing, reporting, contact management (e.g. User segmentation & CRM), landing pages, and contact forms. Where necessary, we will obtain your consent for data processing via HubSpot.

Due to our choice of data storage location, your data will generally only be stored within the European Union. Nevertheless, it cannot be ruled out that, as part of the processing by HubSpot, data may be transferred from HubSpot Ireland Limited to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Furthermore, a link is established with Google Ads to track campaign success (see section “Linking Google Ads with HubSpot”).

More information about HubSpot's privacy policy can be found at: https://legal.hubspot.com/privacy-policy.

Using Cloudflare

When the contact form is accessed, device and usage data is also collected. This processed personal data serves to prevent misuse of the contact form and to ensure the security of our information technology systems. For this purpose, HubSpot uses Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA. This checks whether the request actually comes from a human and prevents abusive activities, such as those by bots. For this purpose, Cloudflare analyzes in particular the technical specifications of the end device. In addition, Cloudflare stores information on your device (in particular the cookies “__cfuvid” (session) and “__cf_bm” (30 minutes)).

The legal basis for the use of Cloudflare is the necessity for carrying out pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR in the context of contacting us and otherwise our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, to ensure the security and protection against misuse of the contact form. Data may be transferred to the USA as part of the processing by Cloudflare. Cloudflare Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Further information can be found in Cloudflare's privacy policy: https://www.cloudflare.com/de-de/privacypolicy/.

Applications

JOIN application form

An application form is available on our website, which can be used for electronic applications. We use the applicant management tool JOIN from JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany.

If an applicant takes advantage of this option, the data entered in the input form will be transmitted to us and stored. The data will be used exclusively for processing your application for the possible establishment of an employment relationship in accordance with [relevant legal provision]. Article 6 paragraph 1 letter b GDPR used. This data is:

  • E-mail address,
  • First name,
  • Name,
  • CV,
  • Optional: Cover letter, work references or other files.

Alternatively, you can also send us your application by email. In this case, we collect your email address and the data you provide and send in the email.

Use of Google reCAPTCHA

Device and usage data are also collected when the application form is accessed and during the submission process. This processed personal data serves to prevent misuse of the application form and to ensure the security of our information technology systems. JOIN uses Google reCAPTCHA from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for this purpose. This checks whether the input provided actually comes from a human and prevents abusive activities, such as those by bots. For this purpose, Google reCAPTCHA analyzes the input behavior and the technical specifications of the end device. In addition, Google reCAPTCHA uses JavaScript and stores information on your device (especially the elements “rc::a” and “rc::c” in Web Storage).

The legal basis for the use of reCAPTCHA is the necessity for carrying out pre-contractual measures pursuant to Art. 6 para. 1 lit. b GDPR in the context of the application as well as otherwise our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, to ensure the security and protection against misuse of the application form. As part of the processing by Google reCAPTCHA, data may be transferred from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Storage duration

After the application process is completed, the data will be stored for up to four months. Your data will be deleted no later than four months after the application period expires, provided we have rejected your application. In the event of a legal obligation, the data will be stored in accordance with the applicable regulations. Information on data processing by JOIN can be found here: https://join.com/de/datenschutz/.

Registration and use of the customer portal

We offer you the opportunity to register for our customer portal at portal.flexopus.com to manage your subscriptions with us and to use a time-limited test environment.

As part of the registration and management of your personal profile, we may process the following data in particular:

  • Name;
  • E-mail address;
  • Telephone number;
  • Position;
  • Language;
  • Profile picture;
  • Password;
  • Information on two-factor authentication.

The following data may be processed as part of managing the company profile:

  • Company name;
  • General company information
  • Website address;
  • Registration number;
  • Company headquarters;
  • Billing account (name, country, postal code, city, street, tax number);
  • Payment method (e.g. SEPA or credit card).

The following data may be processed in particular as part of the management of subscriptions and instances:

  • Type of subscription;
  • Additional services booked;
  • Number of booked / used resources
  • Payment address;
  • Payment method;
  • Invoices;
  • Contact persons;
  • Hosting settings.

Required fields for registration and further use of the portal are marked with an asterisk (*). Other information is optional.

In addition to registering via an email address, you also have the optional and voluntary possibility of logging in with your Google or Microsoft account (SSO). In this case, you will be redirected to the provider's registration form. Upon successful registration, your account details there (such as email address, name and profile picture) will be shared with us and used for profile creation. The providers receive information that you accessed SSO from our site. The provider of the SSO functionality is Google Cloud EMEA Limited, 70 Sir John Rogerson's Quay, Dublin 2, Ireland or Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland. Should personal data be transferred from the aforementioned providers to their group companies in the USA, Google LLC and Microsoft Corporation are certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

To provide the portal, the following information in particular is stored and accessed on the end device:

  • "XSRF TOKEN" (1 hour): Defense against XSRF attacks;
  • “flexopus_portal_session” (1 hour): Session maintenance;
  • “flexopus-portal.sidebarShrink”: Menu setting;
  • “dismissedMessages”: Notification settings,
  • “flexopus-portal.tenant.create.form”: Settings for the instances,
  • “inertiaLocationVisit” (session): Invoking a payment method.

If you choose credit card as your payment method, we use the payment service provider Mollie BV, Keizersgracht 126, 1015 CW Amsterdam, Netherlands. This service handles payment processing for us and processes credit card information such as cardholder name, card number, expiry date and CVV, as well as the usual connection data, including the IP address, when the payment page is accessed. After Mollie has reviewed the information, we receive notification as to whether the payment was successful (including the payment amount) or why it failed.

For your security, started sessions are documented and can be ended by you at any time. Your personal account, your company profile and your subscriptions can be deleted at any time by pressing the corresponding button in the settings.

The legal basis for data processing in the portal is Art. 6 para. 1 lit. b GDPR, insofar as the data processing is carried out for the performance of a contract or for the implementation of pre-contractual measures, and otherwise Art. 6 para. 1 lit. f GDPR, whereby our legitimate interest lies in providing users with a portal for setting up and managing profile and company data as well as subscriptions.

Newsletter

If you would like to receive the newsletter offered on the website with regular information about our offers and products, we require your email address as mandatory information. We use the so-called double opt-in procedure for sending the newsletter. This means that we will only send you our newsletter by email after you have expressly confirmed that you consent to receiving our newsletter. You will receive an email with a link to confirm that you, as the owner of the corresponding email address, wish to receive newsletters in the future. By confirming, you give us your consent in accordance with Art. 6 para. 1 lit. a GDPR, that we may use your personal data for the purpose of sending the requested newsletter.

When you subscribe to our newsletter, we store, in addition to the email address required for sending the newsletter, the IP address you used to subscribe, as well as the date and time of your subscription and confirmation. This way we can verify your registration and consent, and trace any potential misuse at a later date.

We use the services of HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland to provide the newsletter. Due to our choice of data storage location, your data will generally only be stored within the European Union. Nevertheless, it cannot be ruled out that, as part of the processing by HubSpot, data may be transferred from HubSpot Ireland Limited to HubSpot Inc. in the USA. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR. More information about HubSpot's privacy policy can be found at: https://legal.hubspot.com/privacy-policy.

In addition, we conduct newsletter tracking to statistically evaluate newsletter usage and better understand what our customers and prospects are actually interested in. This serves to make the content more relevant. For this purpose, we use standard technologies in our newsletters to measure interactions with the newsletters (e.g., email opening, links clicked). This is done on the one hand using small graphics (pixels) embedded in the newsletters, which establish a connection to our email delivery provider, and on the other hand through links that first register the click and then redirect to the desired target page.

You can unsubscribe from the newsletter at any time via the link included in every newsletter or by email. The lawfulness of data processing operations already carried out remains unaffected by the revocation. After you unsubscribe, your email address will be immediately deleted from our newsletter mailing list, unless you have expressly consented to the continued use of the collected data or the continued processing is otherwise legally permissible.

Online presence on social networks

We maintain online presences on social networks to communicate with customers and potential customers, among other things, and to provide information about our products and services.

Processing for advertising purposes by the providers of the social networks

The data of users is generally processed by the relevant social networks for market research and advertising purposes. This allows user profiles to be created based on users' interests. For this purpose, cookies and other identifiers are stored on the end devices of the data subjects. Based on these usage profiles, for example, Advertisements are placed within social networks but also on third-party websites.

The legal basis for data processing carried out by the social networks under their own responsibility can be found in the privacy policy of the respective social network. The links below provide further information on the respective data processing activities and the options for objecting.

Processing for statistical purposes

As part of operating our online presence, we may be able to access information such as usage statistics provided by social networks. These statistics are aggregated and may include, in particular, demographic information (e.g., age, gender, region, country) as well as data on interaction with our online presence (e.g., likes, subscriptions, shares, viewing of images and videos) and the posts and content distributed through them. These can also provide information about users' interests and which content and topics are particularly relevant to them. We may also use this information to adapt the design, activities and content of our online presence and to optimize it for our audience. Details and links to the data of the social networks that we, as operators of the online presences, can access can be found in the list below. The collection and use of these statistics are generally subject to joint responsibility. If this applies, the relevant contract is listed below.

The legal basis for data processing is Article 6(1)(a). f GDPR, based on our legitimate interest in effective information and communication with users, or Art. 6 para. 1 lit. b GDPR, in order to stay in contact with our customers and to inform them, as well as to carry out pre-contractual measures with prospective customers. Where consent has been obtained, the legal basis is Article 6(1)(a). a GDPR.

Processing for lead generation and qualification (lead forms on Google, LinkedIn and Meta)

As part of our online advertising, we use so-called lead forms on various platforms, including Google Ads lead form extensions, LinkedIn Lead Gen Forms, and Meta Lead Ads (e.g., LinkedIn Lead Gen Forms). via Facebook or Instagram). These forms allow interested individuals to quickly and easily contact us or request information about our products and services.

If you fill out such a lead form on one of the aforementioned platforms, the data entered there (e.g. Name, email address, job title, company) are initially processed by the respective platform provider:

  • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
  • LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
  • Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland

The specific purpose of the data collection and the information contained therein are explained in the specific form and will be clearly displayed to you before submission.

Data sharing and lead synchronization with HubSpot

Lead data collected via the Google and LinkedIn platforms is automatically transferred to our CRM system HubSpot using the native lead synchronization function ("Lead Syncing") (provider: HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland). Meta Lead Ads (Facebook/Instagram) may be transferred to HubSpot via interfaces or manually.

The data you provide will be processed exclusively for handling your request, contacting you, and for qualification within our sales process. HubSpot acts as a data processor in accordance with Article 28 GDPR. The data is generally stored in data centers within the European Union. A transfer to the USA cannot be ruled out in individual cases. HubSpot Inc. is certified under the EU-US Data Privacy Framework, which permits the transfer of personal data to the USA in accordance with Art. 45 GDPR.

Legal basis for processing

Your data will be processed in accordance with Article 6 Paragraph 1 Letter a. b GDPR, insofar as it serves the purpose of carrying out pre-contractual measures (e.g. (Request via form). If consent to marketing communications is obtained via the form, Article 6(1)(a) applies. a GDPR relevant.

In all other cases, the processing is based on our legitimate interest in effective and targeted acquisition of new customers in accordance with Art. 6 para. 1 lit. f GDPR.

Further information on data protection can be found here:

  • Google: https://policies.google.com/privacy
  • LinkedIn: https://www.linkedin.com/legal/privacy-policy
  • Meta: https://www.facebook.com/privacy/policy/
  • HubSpot: https://legal.hubspot.com/privacy-policy

If you prefer not to submit your inquiry via a lead form, you can alternatively contact us directly by email at any time: mail@flexopus.com

Access to publicly available information

If you have an account with the social network, it is possible that we can see your publicly available information (e.g. your username) and media (e.g. pictures and videos) when we access your profile. Furthermore, the social network may allow us to contact you. This can be done, for example, via direct messages or posted articles. The content-related communication via the social network and the processing of the content data are the responsibility of the social network as a messenger and platform service. For this processing, we refer to the privacy policy of the respective social network.

Processing of publicly available information

As soon as we transfer or further process your personal data into our own systems, we are independently responsible for it. The processing then takes place for the implementation of pre-contractual measures and for the fulfillment of a contract in accordance with Art. 6 para. 1 lit. b GDPR or to protect our legitimate interests pursuant to Art. 6 para. 1 lit. GDPR, in order to contact customers.

Data protection rights

We would like to point out that data protection requests can be most efficiently made to the respective provider of the social network, as only these providers have access to the data and can take appropriate measures directly. Of course, you can also contact us with your request. In this case, we will process your request and forward it to the provider of the social network.

Used online platforms

Below is a list with information about the social networks on which we maintain an online presence:

Access to and storage of information in terminal equipment

Legal basis

By using this website, information (e.g., IP address, device, browser and operating system data) may be accessed or stored (e.g., cookies, local storage, session storage) on your devices. This access or storage may involve further processing of personal data within the meaning of the GDPR.

In cases where such access to information or such storage of information is absolutely necessary for the provision of the expressly requested services (hereinafter referred to as "necessary services"), this is done on the basis of Section 25 Paragraph 2 No. 2 TDDDG. In these cases, data processing is carried out in accordance with Article 6 paragraph 1 letter. b GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures, and otherwise on the basis of Art. 6 para. 1 lit. f GDPR, whereby we have a legitimate interest in the technically flawless and smooth provision of the basic functions of our services.

In cases where such a process serves other, optional purposes, it will only take place with your consent pursuant to Art. 6 para. 1 lit. a. in accordance with Section 25 para. 1 TDDDG. a GDPR. You can withdraw your consent at any time. The processing of your personal data is subject to the provisions of the GDPR and the Federal Data Protection Act (BDSG).

Use of cookies and similar technologies

Depending on your choice in the consent banner, our website uses cookies and similar technologies.

Cookies are text files that are stored in or by the internet browser on your device. They include a name, a value, the storing domain, and an expiration date. Cookies are stored on your device either temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Cookies can also be removed manually.  When a user visits a website, a cookie can be stored on the user's operating system. Cookies contain, for example, a characteristic string that allows the browser to be uniquely identified when the website is visited again and helps us to recognize you when you return to our website.

In addition, we use entries in Web Storage (Local Storage or Session Storage). They include a name and a value. Information in Session Storage is deleted after the session, while information in Local Storage has no expiration date and is generally stored unless a deletion mechanism has been set up (e.g., storing Local Storage with a time entry). Information in Local and Session Storage can also be removed manually.

We also use pixels. They are tiny graphics loaded by a provider, which make it possible to recognize visitors through the automatic transmission of connection data and, for example, to determine whether an email has been opened or a website has been visited. The use of pixels can be prevented, for example, by blocking images, such as in emails, although this severely restricts the display.

In addition, we use programming code such as JavaScript, which can, for example, set cookies and web storage or actively collect information from the end device. JavaScript can be blocked through a browser setting, but most services will then no longer function.

These technologies can potentially be used to create so-called "fingerprints", i.e., usage profiles that can recognize visitors even without the use of cookies or web storage.

Most browsers are set by default to accept cookies, the execution of scripts, and the display of graphics. However, you can usually adjust your browser settings to reject all or certain cookies, delete them after the session, or block scripts and graphics. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services are likely to not work or not function smoothly.

Essential & Functional

Necessary services are required to provide the absolutely essential functions. This includes in particular the delivery of content via Content Delivery Networks (CDN), the integration of form fields, fonts and scripts, the management of integrated content and the integration of the Consent Management Platform (CMP).

We use Content Delivery Networks (CDN) to integrate content such as videos, images, fonts and programming scripts into our website. For this purpose, we involve the following providers:

  • Cloudflare from Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA;
  • Cloudfront of Amazon Web Services EMEA SARL, 38 avnue John F. Kennedy, L-1855, Luxembourg;
  • JSDelivr der Volentio JSD Limited, Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB, United Kingdom;
  • Webflow from Webflow Inc., 398 11th St. Fl 2, San Francisco, California, 94103, USA.

Furthermore, we use Usercentrics as our Consent Management Platform (CMP) from Usercentrics GmbH, Sendlinger Str. 7, 80331 Munich, Germany.

For the integration of forms, we use HubSpot Forms from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

To detect and block traffic and clicks by bots, and to ensure the secure and trouble-free operation of the website, we use ClickGuard from ClickGuard Inc., 221 W 9th St, Ste 318, Wilmington, DE 19801, USA.

We use Google Tag Manager to manage the integrated services. We use Google Fonts and Google APIs to display and provide our content. These three services are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Should personal data be transferred from the aforementioned providers to their group companies in the USA, Cloudflare Inc., Google LLC, Amazon Web Services Inc., Webflow Inc. and HubSpot Inc. are certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR. Standard contractual clauses pursuant to Art. 46 para. 2 lit. were agreed upon with ClickGuard Inc. c GDPR completed.

Further information can be found in our consent banner, which you can open by clicking on the "Cookie settings" button in the footer of the website.

Statistics & Optimization

Usage analysis services are optional and include the analysis of user behavior on our website, the recognition of previous visits, and the optimization and improvement of our website using the statistical reports obtained. This includes, in particular, common analytics services such as Google Analytics or services for A/B testing.

For website analysis, we use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and HubSpot Analytics from HubSpot Ireland Limited, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland.

In addition, we use Microsoft Clarity from Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland for A/B testing and analysis.

Should personal data be transferred from the aforementioned providers to their group companies in the USA, Google LLC, HubSpot Inc. and Microsoft Corporation are certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Further information can be found in our consent banner, which you can open by clicking on the "Cookie settings" button in the footer of the website.

Webflow Analyze

We use the Webflow Analyze analytics service from Webflow Inc. on our website to statistically evaluate user behavior on our web pages and to optimize user-friendliness. Webflow Analyze processes, in particular, page views and interactions (e.g., Click and scroll behavior), visit duration, technical information about the device and browser used, and an approximate geolocation.

Webflow Analyze uses analytics cookies for these purposes, which enable cross-session recognition and pseudonymously record user behavior. These cookies will only be set after you have given your consent via our consent management tool.

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Webflow Analyze will not be activated without your consent.

As part of its use, the transfer of personal data to the USA cannot be ruled out. Webflow ensures an appropriate level of data protection, in particular through the use of suitable safeguards (e.g. EU Standard Contractual Clauses).

For more information, please see Webflow's privacy policy:
https://webflow.com/legal/privacy

Marketing & Personalization

Services for personalized advertising are optional and include, in addition to usage analysis, the recording of conversions, the creation of user profiles based on interests and clicked content and advertising, the assignment of advertising target groups based on the usage profile, remarketing and retargeting, as well as the delivery of personalized advertising by external advertising partners. This includes, for example, social networks like Facebook or search engines like Google.

For these purposes, we use the following services:

  • Google Ads from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
  • LinkedIn Insight Day of the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland;
  • Meta Pixel from Meta Platforms Ireland Ltd., Serpentine Avenue, Block J, Dublin 4, Ireland;
  • Microsoft Advertising of Microsoft Ireland Operations Limited, One Microsoft Court, South County Business Park, Leopardstown, Dublin 18, D18 DH6k, Ireland.

If you have an account with the relevant providers, you can, in addition to giving your consent, also adjust privacy settings for the display of personalized advertising:

Should personal data be transferred from the aforementioned providers to their group companies in the USA, Google LLC, LinkedIn Corporation, Meta Platforms Inc. and Microsoft Corporation are certified under the EU-US Data Privacy Framework, meaning that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Further information can be found in our consent banner, which you can open by clicking on the "Cookie settings" button in the footer of the website.

Linking Google Ads with HubSpot

To measure the success of our advertising campaigns and to track leads, we use a direct integration between Google Ads and our CRM system HubSpot. This involves using information from Google Ads (e.g. Clicks on ads, search terms, campaign ID) with user data stored in HubSpot (e.g. (Completed forms, inquiries) are automatically linked. This way we can track which Google Ads campaign a user came through to reach our website and whether it led to a conversion (e.g. has come up with an inquiry or purchase.

This link serves to optimize our campaigns, monitor success, and personalize communication with potential customers. The processing is based on your consent in accordance with Art. 6 para. 1 lit. a GDPR, insofar as you have consented via our cookie banner. In all other cases, processing is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR on the analysis and optimization of our marketing measures.

HubSpot and Google may transfer data to the USA as part of this processing. Both providers are certified under the EU-US Data Privacy Framework. The data transfer therefore takes place in accordance with Art. 45 GDPR on the basis of an adequacy decision.

Webflow Analyze

We use the Webflow Analyze analytics service from Webflow Inc. on our website to statistically evaluate user behavior on our web pages and to optimize user-friendliness. Webflow Analyze processes, in particular, page views and interactions (e.g., Click and scroll behavior), visit duration, technical information about the device and browser used, and an approximate geolocation.

Webflow Analyze uses analytics cookies for these purposes, which enable cross-session recognition and pseudonymously record user behavior. These cookies will only be set after you have given your consent via our consent management tool.

The legal basis for the processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR. Webflow Analyze will not be activated without your consent.

As part of its use, the transfer of personal data to the USA cannot be ruled out. Webflow ensures an appropriate level of data protection, in particular through the use of suitable safeguards (e.g. EU Standard Contractual Clauses).

For more information, please see Webflow's privacy policy:
https://webflow.com/legal/privacy

External services

External services are optional and serve to extend the functionality of our website. This includes, for example, the integration of videos, login services, or the querying of metadata from external content.

We use NoEmbed to generate metadata for videos.

We use Google Play to log user authentication. In addition, we embed videos from YouTube to make them directly accessible on our website. YouTube and Google Play are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

As part of the processing by YouTube, data may be transferred from Google Ireland Limited to Google LLC in the USA. Google LLC is certified under the EU-US Data Privacy Framework, which means that the transfer of personal data to the USA is based on the adequacy decision for the USA pursuant to Art. 45 GDPR.

Our website uses the Storylane service (https://www.storylane.io) to embed interactive product demos and presentations. The provider is Storylane, Inc., based in San Francisco, USA.

We have deactivated all tracking functions at Storylane and activated the setting "Disable IP tracking on demos" so that no IP addresses or other personal tracking data are collected when using the embedded demos.

Only minimal technical data, necessary for providing the content, will be transmitted. No further collection of usage or interaction data takes place.

Data processing is carried out on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, in order to provide you with an appealing and functional presentation of our products.

Further information on Storylane's privacy policy can be found at:

Further information can be found in our consent banner, which you can open by clicking on the "Cookie settings" button in the footer of the website.

Data sharing and recipients

The transfer of your personal data to third parties by the controller in connection with the use of this website only takes place if there is a legal basis for this under data protection law in the specific case, in particular in the following cases:

  • if you have given your explicit consent in accordance with Art. 6 para. 1 lit. have given their consent in accordance with the GDPR.
  • the transfer pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the establishment, exercise or defense of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
  • in the event that the transfer is necessary pursuant to Article 6(1)(a). c GDPR where there is a legal obligation, in particular where this is necessary for the prosecution or enforcement of legal claims due to binding requirements (e.g. in the context of tax audits by the tax authorities), official inquiries, court orders and legal proceedings, and
  • insofar as this is permitted under Article 6(1)(a). b GDPR is necessary for the processing of contractual relationships with you or for the implementation of pre-contractual measures taken at your request.

Furthermore, your personal data may be processed on our behalf by external service providers (in particular the recipients mentioned in this privacy policy) on the basis of data processing agreements pursuant to Art. 28 GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the General Data Protection Regulation and strictly according to our instructions. This includes in particular data centers, software providers and IT service providers.

Furthermore, we may transfer your personal data to other recipients who process your personal data under their own responsibility. This includes, for example, payment service providers, tax advisors and public authorities.

Transfer to a third country

We may use services whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or transfer personal data to them, i.e. countries whose level of data protection does not correspond to that of the European Union.

If an adequacy decision by the European Commission (Art. 45 GDPR) exists for these countries, we base the data transfer on this. This includes, for example, transfers to Argentina, Israel, Japan, Canada, the Republic of Korea, New Zealand, Switzerland, Uruguay or the United Kingdom. In the case of the USA, this only applies if the US recipient has certified itself under the EU-US Data Privacy Framework.

Where no adequacy decision has been issued for the country in question, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. This includes, among other things, the standard contractual clauses of the European Union or binding corporate rules on data protection (Art. 46 GDPR).

Where this is not possible, we base the data transfer on exceptions under Article 49 GDPR, in particular your express consent or the necessity of the transfer for the performance of a contract or for the implementation of pre-contractual measures.

If a transfer to a third country is planned and no adequacy decision or suitable safeguards are in place, it is possible and there is a risk that authorities in the respective third country (e.g. Intelligence services may gain access to the transmitted data in order to collect and analyze it, and the enforceability of your data subject rights cannot be guaranteed. If your explicit consent is obtained, you will also be informed about this.

Duration of storage of personal data

The personal data will be deleted or blocked as soon as the purpose for which we collected the data no longer applies. Storage may also take place if there is a legal basis for doing so, for example if this is necessary for evidentiary purposes for civil claims arising from the contractual relationship or if it has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. The duration of the storage of personal data is determined by the relevant statutory retention obligations, e.g. from commercial law and tax law. After the respective deadline has expired, the corresponding data is routinely deleted.

Furthermore, the data will be deleted if you have exercised your right to erasure and the legal requirements for erasure are met.

Your rights

Below you will find information about the rights of data subjects that you have against the controller regarding the processing of your personal data:

(1) The right, pursuant to Article 15 GDPR, to request information about your personal data processed by us. In particular, you can request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if they were not collected from us, and the existence of automated decision-making, including profiling, and, where applicable, meaningful information about the logic involved.

(2) The right, pursuant to Article 16 GDPR, to request the immediate rectification of inaccurate personal data concerning you or the completion of incomplete personal data concerning you which is stored by us.

(3) The right, pursuant to Article 17 GDPR, to request the erasure of your personal data stored by us if the legal requirements are met, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.

(4) The right, pursuant to Article 18 GDPR, to request the restriction of the processing of your personal data if the legal requirements are met, insofar as the accuracy of the data is contested by you, the processing is unlawful, but you object to its erasure and request the restriction of its use instead, we no longer need the data, but you require it for the establishment, exercise or defence of legal claims, or you have objected to the processing pursuant to Article 21 GDPR.

(5) The right, pursuant to Article 20 GDPR, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format or to request its transmission to another controller, provided the legal requirements are met.

(6) The right to lodge a complaint with a supervisory authority pursuant to Article 77 GDPR if you believe that the processing of your personal data infringes the GDPR. For example, you can contact the supervisory authority of the federal state where our headquarters are located, as stated above, or the supervisory authority of your usual place of residence or work. The contact details of our responsible data protection supervisory authority are:

The State Commissioner for Data Protection and Freedom of Information
Lautenschlagerstraße 20
70173 Stuttgart
Telephone: +49 (0) 711 615 541-0
Fax: +49 (0) 711 615 541-15
E-mail: poststelle@lfdi.bwl.de

(7) Right to withdraw consent pursuant to Art. 7 para. 3 GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If we process your personal data on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. If your personal data is processed in accordance with the GDPR, you have the right to object to the processing of your personal data pursuant to Article 21 GDPR, insofar as this is done for reasons arising from your particular situation.

Insofar as the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the need to specify a particular situation.

If you wish to exercise your right of withdrawal or objection, simply send an email to privacy@flexopus.com.

Automated decision-making

Automated decision-making or profiling as defined in Article 22 GDPR does not take place.

Changes to our privacy policy

We reserve the right to amend or update this privacy policy as necessary, in compliance with applicable data protection regulations. This way we can adapt them to current legal requirements and take into account changes to our services, e.g. during the introduction of new services. The current version applies to your visit.