Data protection information for customers / other contractual partners and interested parties

(Information on data protection regarding our processing of customer and prospect data in accordance with Articles 13, 14 and 21 of the European General Data Protection Regulation (EU GDPR))

Flexopus GmbH

Schlosserstraße 2

70180 Stuttgart

Dear customers, dear prospective customers, dear contractual partners,

In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (EU GDPR), we hereby inform you about the processing of your personal data and your related data protection rights. The specific data processed and how it is used depends primarily on the services requested or agreed upon. To ensure that you are fully informed about the processing of your personal data in the context of fulfilling a contract or carrying out pre-contractual measures, please take note of the following information.

1. RESPONSIBLE PARTY WITHIN THE MEANING OF DATA PROTECTION LAW
   Flexopus GmbH
   Schlosserstraße 2
   70180 Stuttgart
   Telephone: +4971134208505
   E-Mail: info@flexopus.com
   Website: https://www.flexopus.com/
   ‍
2. CONTACT DETAILS OF OUR DATA PROTECTION OFFICER
   PROLIANCE GmbH
   Dominik Fünkner
   Leopoldstr. 21
   80802 Munich
   E-mail: datenschutzbeauftragter@datenschutzexperte.de
   
   When contacting the data protection officer, please mention Flexopus GmbH. Please refrain from including sensitive information in your request, such as... Please attach a copy of your ID.‍
   ‍
3. PURPOSES AND LEGAL BASIS OF PROCESSING
   We process your personal data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR) and the Federal Data Protection Act (BDSG), insofar as this is necessary for the establishment, execution, and fulfillment of a contract, as well as for carrying out pre-contractual measures. Insofar as personal data are required for the initiation or execution of a contractual relationship or in the context of carrying out pre-contractual measures, processing is permitted in accordance with Art. 6 para. 1 lit. b GDPR lawful.
   Give us your explicit consent to process your personal data for specific purposes (e.g. Disclosure to third parties, evaluation for marketing purposes or advertising via email), is the lawfulness of this processing based on your consent pursuant to Art. 6 para. 1 lit. a EU GDPR given. Consent that has been given can be revoked at any time with effect for the future (see section 9 of this privacy policy).
   Where necessary and legally permissible, we process your data beyond the actual contractual purposes to fulfill legal obligations in accordance with Art. 6 para. 1 lit. c EU GDPR. Furthermore, processing may also take place to protect our legitimate interests or those of third parties, as well as to defend and assert legal claims in accordance with Art. 6 para. 1 lit. f EU GDPR. If necessary, we will inform you separately, stating the legitimate interest, insofar as this is required by law.
   ‍
4. ‍EXISTING CUSTOMERS
   You are an existing customer of Flexopus GmbH if you, as an entrepreneur, have purchased at least one product or service from Flexopus. A contract (e.g., a contract for work or services) was concluded between you and Flexopus in the past. We will inform you about new products and services from Flexopus. We make sure that you only receive information that is in your interest. We derive your interest from the following factors:
   - Goods/services of your last purchase(s)
   - Your external perception of our goods/services
   - Your understanding of Flexopus as a full-service partner
   
   The legal basis for marketing to existing customers is Art. 6 para. 1 sentence 1 f) GDPR in conjunction with § 7 para. 3 UWG. Flexopus can be assumed to have a legitimate interest in this matter. Flexopus has a legitimate interest in ensuring that its existing customers receive optimal, holistic support and advice – not only in the form of information, but also in the form of personal consultation. Existing customers can reasonably expect to receive this level of support from Flexopus. A less aggressive method of customer approach within the framework of existing customer acquisition would be personal contact and support. While this method is a milder approach, it is impractical and unreasonable to implement when dealing with a large number of customers. There is no alternative, milder, equally effective remedy available.
   
   In this sense, advertising to existing customers for one's own similar goods or services is permitted with regard to products or services already purchased. Therefore, as part of our personalized advertising approach, you may receive recommendations for similar or identical goods you have purchased, as well as, for example, Receive promotional emails, newsletters, coupons, event invitations, customer reviews, etc.
   ‍
   Release Notes and Guides for Administrators
   ‍As part of using our software, administrators regularly receive release notes, guides, surveys, or review requests that contain information on features, updates, and changes to the software, as well as requests for product feedback. These communications are necessary to support the administration, use, and further development of the application and to ensure that administrators are informed of all relevant changes and can make optimal use of the software.
   
   The processing of the personal data of the administrators is based on our legitimate interest pursuant to Art. 6 para. 1 lit. In accordance with the GDPR, to inform administrators about technical and content-related innovations and changes to the software and to receive their feedback in order to further develop the application and improve the user experience. These messages pertain exclusively to functional and product-related content and ensure that administrators are up to date.
   
   Administrators have the option to revoke the receipt of notifications at any time. An unsubscribe option is clearly indicated in every message
   
   When acquiring existing customers, we take care not to circumvent data protection mechanisms. In particular, the protective measures of consent within the meaning of Article 7 of the EU GDPR should be mentioned here.
   ‍
5. CATEGORIES OF PERSONAL DATA
   We only process data that is related to the establishment of the contract or pre-contractual measures. This may include general data about you or persons in your company (name, address, contact details, etc.) as well as any other data that you provide to us in connection with the conclusion of the contract.
   ‍
6. SOURCES OF DATA
   We process personal data that we receive from you in the context of contact initiation or the establishment of a contractual relationship or as part of pre-contractual measures, or which you make publicly available on your own company website.
   ‍
7. RECIPIENTS OF THE DATA
   We only share your personal data within our company with those departments and individuals who need this data to fulfill contractual and legal obligations or to pursue our legitimate interests.
   
   Your personal data will be processed on our behalf on the basis of data processing agreements pursuant to Art. 28 EU GDPR. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the EU GDPR. In this case, the categories of recipients are Internet service providers and providers of customer management systems and software.
   ‍
   Otherwise, data will only be transferred to recipients outside Flexopus GmbH if legal provisions permit or require it, if the transfer is necessary for processing and thus fulfilling the contract or, upon your request, for carrying out pre-contractual measures, if we have your consent, or if we are authorized to provide information. Under these conditions, recipients of personal data can include, for example: be:
   - External tax advisors and auditors
   - Public authorities and institutions (e.g.,  public prosecutor's office, police, regulatory authorities, tax office) if there is a legal or official obligation,
   - Recipients to whom disclosure is directly necessary for the establishment or performance of the contract.
   ‍
8. TRANSFER TO A THIRD COUNTRY
   In individual cases, data may be transferred to a third country (e.g. USA). Personal data will only be transferred to countries outside the EEA (European Economic Area) or to an international organization if this is necessary for processing and thus fulfilling the contract or, at your request, for carrying out pre-contractual measures, if the transfer is required by law or if you have given us your consent. However, data will only be transferred to a third country if the EU Commission has confirmed an adequacy decision with regard to the third country (Art. 45 EU GDPR) or if other suitable or appropriate safeguards pursuant to Art. 46, 47, or a legally permissible exception pursuant to Art. 49(1) EU GDPR, in order to ensure a level of data protection in the third country that complies with the EU GDPR.
   ‍
9. DURATION OF DATA STORAGE
   The duration of the storage of personal data is determined by the relevant statutory retention obligations, e.g. from commercial law and tax law. After the respective deadline has expired, the corresponding data is routinely deleted. If data is required for the fulfillment or initiation of a contract, or if we have a legitimate interest in further storage, the data will be deleted when it is no longer required for these purposes or when you exercise your right of revocation or objection.
   ‍
10. YOUR RIGHTS
    The following is a list of the rights of data subjects that the data subject has against the controller with regard to the processing of their personal data:
    ‍
    (1) The right, pursuant to Article 15 of the EU GDPR, to request information about your personal data processed by us. In particular, you can obtain information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing, or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, if applicable, meaningful information about its details.
    
    (2) The right to request the immediate correction of inaccurate personal data or the completion of incomplete personal data stored by us in accordance with Art. 16 EU GDPR.
    
    (3) The right to request the erasure of your personal data stored by us in accordance with Art. 17 EU GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims.
    
    (4) The right to request the restriction of the processing of your personal data in accordance with Art. 18 EU GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing pursuant to Art. 21 EU GDPR.
    
    (5) You have the right to information pursuant to Article 19 of the EU GDPR if you have asserted your right to rectification, erasure or restriction of processing against the controller. This obligates you to inform all recipients to whom your personal data has been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
    
    (6) Right to data portability pursuant to Art. 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request that it be transferred to another controller, insofar as this is technically feasible.
    
    (7) The right to lodge a complaint with a supervisory authority in accordance with Article 77 of the GDPR in the event of a data protection breach. The competent supervisory authority regarding data protection issues is the State Data Protection Commissioner of the federal state in which our company is based. The contact details of the supervisory authority for data protection are:
    The State Commissioner for Data Protection and Freedom of Information
    Lautenschlagerstraße 20
    70173 Stuttgart
    Telephone: +49(0)711 615 541-0
    Fax: +49(0)711 615 541-15
    E-mail: poststelle@lfdi.bwl.de
    
    (8) Right to withdraw consent pursuant to Art. 7 para. 3 GDPR. You have the right to withdraw your consent to the processing of your data at any time with effect for the future. In the event of a revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    
    Right to object
    If we process your personal data on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. If your personal data is processed in accordance with the EU GDPR, you have the right, pursuant to Article 21 of the EU GDPR, to object to the processing of your personal data on grounds relating to your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without the need to specify a particular situation.
    
    If you wish to exercise your right of withdrawal or objection, simply send an email to info@flexopus.com.
    ‍‍
11. NECESSITY OF PROVIDING PERSONAL DATA
    The provision of personal data for the decision on entering into a contract, the performance of the contract or for carrying out pre-contractual measures is voluntary. However, we can only make a decision within the scope of contractual measures if you provide personal data that is necessary for the conclusion of the contract, the fulfillment of the contract, or pre-contractual measures.
    ‍
12. ‍AUTOMATED DECISION-MAKING
    Automated decision-making or profiling as defined in Article 22 of the EU GDPR does not take place.
    ‍
13. CHANGES TO OUR PRIVACY POLICY
    We reserve the right to update this privacy policy as necessary, in compliance with applicable data protection regulations. This way we can adapt them to current legal requirements and take into account changes to our services, e.g. during the introduction of new services. The current version applies to your visit.