Data protection information for customers / other contractual partners and interested parties

(Information on data protection regarding our processing of customer and prospective customer data in accordance with Articles 13, 14 and 21 of the European General Data Protection Regulation (EU GDPR))

Flexopus GmbH

Schlosserstraße 2

70180 Stuttgart

Dear customers, dear interested parties, dear contractual partners,

 

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (EU GDPR), we hereby inform you about the processing of your personal data and your related data protection rights. Which data is processed in detail and how it is used depends largely on the requested or agreed services. To ensure that you are fully informed about the processing of your personal data in the context of the fulfillment of a contract or the implementation of pre-contractual measures, please take note of the following information.

  1. RESPONSIBLE BODY IN TERMS OF DATA PROTECTION LAW
    Flexopus GmbH
    Schlosserstraße 2
    70180 Stuttgart
    Phone: +4971134208505
    Email: info@flexopus.com
    Website: https://www.flexopus.com/

  2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER
    PROLIANCE GmbH
    Datenschutzexperte.de
    Leopoldstraße 21
    80802 Munich
    E-mail: datenschutzbeauftragter@datenschutzexperte.de
  3. PURPOSES AND LEGAL BASIS OF PROCESSING
    We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, execution and fulfilment of a contract and for the implementation of pre-contractual measures. Insofar as personal data is required for the initiation or execution of a contractual relationship or in the context of carrying out pre-contractual measures, processing is permitted in accordance with Art. 6 (1) (f) GDPR. b GDPR lawful.
    If you give us your express consent to process personal data for specific purposes (e.g. Transfer to third parties, evaluation for marketing purposes or advertising by e-mail), the legality of this processing is based on your consent in accordance with Art. 6 (1) (f) GDPR. a EU GDPR. Consent given can be revoked at any time with future effect (see section 9 of this data protection information).
    If necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 Para. 1 lit. c EU GDPR. In addition, processing may be carried out to protect the legitimate interests of us or third parties and to defend against and assert legal claims in accordance with Art. 6 (1) (f) GDPR. f EU GDPR. If necessary, we will inform you separately, stating the legitimate interest, to the extent required by law.
  4. EXISTING CUSTOMERS
    You are an existing customer of Banauten GmbH if, as an entrepreneur, you have purchased at least one product or service from Flexopus. A contract (e.g. a work or service contract) was concluded between you and Flexopus in the past. We will inform you about new products and services from Flexopus. We make sure that you only receive information that is in your interest. We derive your interest from the following factors:
    - Goods/services of your last purchase(s)
    - Your external perception of our goods/services
    - Your understanding of Flexopus as a full-service partner

    The legal basis for advertising to existing customers is Art. 6 (1) (f) EU GDPR in conjunction with Section 7 (3) UWG. Flexopus can be assumed to have a legitimate interest in this regard. Flexopus has a legitimate interest in ensuring that its existing customers receive optimal, holistic support and advice – not only in the form of information, but also in the form of personal advice. Existing customers can reasonably expect to receive this support from Flexopus. A milder means of addressing customers in the context of existing customer acquisition would be personal contact and support. Although this method is a milder measure, it is impractical and unreasonable to implement when dealing with a large number of customers. No alternative, milder, or equally effective means is available.

    In this sense, advertising to existing customers for their own similar goods or services is permitted with regard to products or services already purchased. Therefore, as part of our personal advertising approach, you can receive recommendations for the same or similar goods you have purchased, for example: Receive promotional emails, newsletters, vouchers, invitations to events, customer reviews, etc.

    When advertising to existing customers, we take care not to circumvent data protection mechanisms. In particular, the protective measures of consent within the meaning of Art. 7 EU GDPR should be mentioned here.
  5. CATEGORIES OF PERSONAL DATA
    We only process data that is related to the establishment of the contract or the pre-contractual measures. This may include general information about you or your company (name, address, contact details, etc.) as well as other data you provide to us as part of the contract.
  6. DATA SOURCES
    We process personal data that we receive from you when contacting us or establishing a contractual relationship or as part of pre-contractual measures, or that you make publicly available on your own company website.
  7. RECIPIENTS OF THE DATA
    We only share your personal data within our company with those departments and individuals who need this data to fulfill contractual and legal obligations or to implement our legitimate interests.

    Your personal data will be processed on our behalf based on order processing agreements in accordance with Art. 28 of the EU GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the EU GDPR. The categories of recipients in this case are internet service providers and providers of customer management systems and software.

    Data will otherwise only be passed on to recipients outside of Flexopus GmbH or selected companies of Banauten Group GmbH if permitted or required by law, if the transfer is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if we have your consent, or if we are authorized to provide information. Under these conditions, recipients of personal data may be, for example:
    - External tax consultants and auditors
    - Public bodies and institutions (e.g. public prosecutors, police, supervisory authorities, tax authorities) if there is a legal or official obligation,
    - Recipients to whom the transfer is directly necessary for the establishment or fulfilment of a contract.
  8. TRANSFER TO A THIRD COUNTRY
    In individual cases, data may be transferred to a third country (e.g. USA). Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organization if this is necessary for the processing and thus the fulfillment of the contract or, at your request, for the implementation of pre-contractual measures, if the transfer is required by law or if you have given us your consent. However, a transfer to a third country will only take place if the EU Commission has confirmed an adequacy decision with regard to the third country (Article 45 of the EU GDPR) or if other suitable or appropriate safeguards pursuant to Articles 46 and 47 or a legally permissible exception pursuant to Article 49 (1) of the EU GDPR exist to ensure a level of data protection in the third country that corresponds to the EU GDPR.
  9. DURATION OF DATA STORAGE
    The duration of storage of personal data is determined by the relevant statutory retention periods, e.g. from commercial law and tax law. After the respective period has expired, the corresponding data will be routinely deleted. If data is required to fulfill or initiate a contract, or if we have a legitimate interest in continuing to store it, the data will be deleted when it is no longer required for these purposes or when you exercise your right of revocation or objection.
  10. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected from us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information on its details.

    (2) The right to demand the immediate rectification of incorrect or incomplete personal data stored by us in accordance with Art. 16 EU GDPR.

    (3) The right to demand the erasure of your personal data stored by us in accordance with Art. 17 EU GDPR, unless processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.

    (4) The right to request that your personal data stored by us be erased or deleted immediately in accordance with Art. 18 EU GDPR to demand the restriction of the processing of your personal data if you contest the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 EU GDPR.

    (5) You have the right to information pursuant to Art. 19 EU GDPR if you have asserted the right to rectification, erasure or restriction of processing vis-à-vis the controller. This obliges you to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.

    (6) Right to data portability according to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transmitted to another controller, provided this is technically feasible.

    (7) The right to complain to a supervisory authority in the event of a data protection violation according to Art. 77 EU GDPR. The responsible supervisory authority for data protection issues is the state data protection officer of the federal state in which our company is based. The contact details of the supervisory authority for data protection are:
    The State Commissioner for Data Protection and Freedom of Information
    Lautenschlagerstraße 20
    70173 Stuttgart
    Telephone: +49(0)711 615 541-0
    Fax: +49(0)711 615 541-15
    Email: poststelle@lfdi.bwl.de

    (8) Right to revoke consent given in accordance with Art. 7 (3) EU GDPR. You have the right to revoke your consent to the processing of data at any time with future effect. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent up to the time of revocation.

    Right of objection
    If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, f EU GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 EU GDPR, provided that this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right of objection without the need to state a particular situation.

    If you wish to exercise your right of withdrawal or objection, simply send an email to info@flexopus.com.
  11. NECESSITY OF PROVIDING PERSONAL DATA
    The provision of personal data for the decision to conclude a contract, the fulfilment of a contract or for the implementation of pre-contractual measures is voluntary. However, we can only make a decision within the framework of contractual measures if you provide the personal data necessary for the conclusion or performance of the contract, or for pre-contractual measures.
  12. AUTOMATED DECISION-MAKING
    Automated decision-making or profiling pursuant to Art. 22 EU GDPR does not take place.
  13. CHANGES TO OUR PRIVACY POLICY
    We reserve the right to update this privacy policy if necessary, in compliance with applicable data protection regulations. In this way, we can adapt them to current legal requirements and take into account changes to our services, e.g. when introducing new services. The current version applies to your visit.