Data protection information
Responsible body and data protection officer:
Telefon: +49 7144 828 0
Fax: +49 7144 258 99
Contact data protection: email@example.com
Purpose and legal basis for data processing
When processing your personal data, we comply with the provisions of the EU Data Protection Regulation and all other applicable data protection regulations. In particular, the legal basis for data processing is established under Art. 6 of the EU GDPR. We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising. Your consent to data processing may also constitute a consent requirement under data protection law. Prior to the granting of consent, we clarify with you the purpose of data processing and your right to withdraw. The respective legal basis will be communicated to you again separately in the following paragraphs for the corresponding data processing.
Forwarding to third parties
We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Apart from such instances, data is not forwarded to third parties save for where we are obliged to do so in accordance with mandatory legal provisions (forwarding to external offices such as supervisory authorities or law enforcement agencies).
Data recipient/recipient categories
Within our company, we ensure that only those persons who need it to fulfil contractual and legal obligations will receive your data. In certain cases service providers support our specific departments in the performance of their tasks. The requisite agreements under data protection law are concluded with all service providers.
Transmission to third countries/intention to transmit to third countries
Transmission of data to third countries (outside the European Union or European Economic Area) occurs solely to the extent necessary to perform the contractual obligation or if required by law or where you have granted your consent for this. We will inform you separately in the relevant section about these circumstances within the framework of the respective data processing.
Data retention period
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continues to be stored. In particular, this concerns retention obligations under commercial or tax law (e.g. German Commercial Code (HGB), tax code etc.). Provided no further retention obligations apply, your data will be erased after fulfilment of the respective purpose. In addition, we may retain data if you have given us permission to do so or if there is a legal dispute and we use evidence under statutory limitation periods that can be up to thirty years; the regular limitation period is three years.
Data provision obligation
Various personal data is required for the establishment, performance and expiration of the obligation and fulfilment of associated contractual and statutory duties. The same applies for use of our website and the various functions provided by it. Commensurate details are summarised in the above point. Certain instances also require data to be collected or provided on the basis of statutory provisions. Please note that it is not possible to process your enquiry or perform the underlying contractual obligation without providing this data.
Categories, sources and origin of data
Which data we process depends on the respective context: This depends on whether, for example, you place an order online or enter an enquiry in our contact form, whether you send us an application or submit a complaint. Below we would like to provide the relevant information for the particular processing situations on our website.
Visit our web pages
We do not usually require any personal data when you visit our web pages. The only information we take note of is the name of your internet service provider and the web pages you visit on our site. As such, you remain anonymous as an Internet user given that we only use this information for statistical purposes (e.g. the number of visits to individual pages).
We take the protection of your privacy very seriously. For this reason, we consider it important that you always know when we store your data, which data we store and how we use it. When you visit our web pages, our web servers store the IP address. Your provider can be determined via the IP address. Personal identification is not our intention. For reasons of technical security (particularly to prevent attempted hacks on our web server) these data is stored in accordance with Art. 6 (1) (f) EU-GDPR. After 7 days at the latest, anonymisation is carried out through truncation of the IP address to prevent any reference to the user.
Contact form/contact via email (Art. 6 (1) (a) and (b) EU-GDPR)
There is a contact form on our website that you can use to contact us electronically. If you write to us via the contact form, we process the data provided in the contact form in order to contact you and answer your questions and requests. In doing so, the principle of data economy and data avoidance is observed by only providing the data that we absolutely need in order to contact you.
This is your surname, e-mail address, the associated subject and the message box itself. In addition, your IP address is processed out of technical necessity and for legal protection. All other data is entered in voluntary boxes and is optional (e.g. to enable a more specific individual reply to your questions).
If you contact us by e-mail, we will use the personal data provided in your e-mail solely for the purpose of processing the request.
Download portal registration for FLEX partners
On our web site, we offer FLEX partners the opportunity to register by providing personal data. Image and text data, logos, catalogues, product data etc. can be downloaded here for example. We collect the following data during the registration procedure on our download portal: Country, first name, surname, company, e-mail, password, customer number.
The legal basis for collecting and processing the data is Art. 6 ((b) GDPR.
The user's IP address and the date and time of registration are also stored when the user registers on our web site (technical background data).
Please note: The password you give us is stored in encrypted form. Employees of our company cannot read this password. This means that they cannot give you any information if you have forgotten your password. In this case, please use the "Forgotten password" function, which will send you an automatically generated new password by e-mail. No employee is authorised to request your password from you over the phone or in writing. Therefore, please never give your password if you receive such requests.
Once you have completed the registration process, your data is stored with us for when you use the protected download portal. As soon as you register on our web site with your e-mail address as your user name and password, this data is made available for actions you perform on our web site.
When performing registration for the administration of log-ins, we are supported by our service provider Auth0 [Auth0, European HQ, 3rd Floor Union House 182-194 Union Street London, SE1 0LH, UK], with whom we have concluded the contract for the protection of your data required by data protection law.
However, please note that this is a provider from the USA and that consequently, data may be transferred to a country that does not offer an adequate level of data protection (USA). If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. of the EU GDPR to establish the level of data protection in the respective third country.
We will only collect, process or use data for consulting, advertising or market research purposes if you have given us your prior consent to do so. You can of course revoke your consent at any time by sending an e-mail to firstname.lastname@example.org or by post to FLEX-Elektrowerkzeuge GmbH, Bahnhofstr. 15, 71711 Steinheim, Germany
Dealer search (Art. 6 (1) (a), (b) EU-GDPR)
The data you provide will be processed exclusively for the purpose of identifying the relevant specialist dealers. In addition and subject to your consent, we use the interactive map material from Google. The corresponding data protection information for the use of Google Maps can be found in the corresponding notice below.
Newsletter (Art. 6 Para. 1 lit. a) EU GDPR)
You can subscribe to a free newsletter on our web site. The e-mail address provided when registering for the newsletter is used for sending the newsletter or for further advertising measures (such as customer satisfaction surveys etc.). The principle of data economy and data avoidance is observed here, as only the e-mail address is marked as a mandatory field. For technical necessity and for legal protection, your IP address is also processed when you order the newsletter. We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that we should activate the newsletter service. We do this by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at that e-mail address by clicking on a link contained in that e-mail. You can of course unsubscribe at any time using the unsubscribe option at the end of each newsletter, thereby revoking your consent.
Registration for our 3-year warranty (Art. 6 (1) (b) EU-GDPR)
On our website you can register for our 3-year warranty. In the course of registration we collect and process the following data categories: Mandatory fields: First and last name, company (only for business registrations),
telephone/mobile number (only for business registrations), street, house number, postcode, town/city, country, language, e-mail address, password including password confirmation
Optional information: Title, telephone/mobile number (for private registrations)
The data provided are used solely for the purpose of registering for our 3-year warranty and are erased as soon as this purpose has been fulfilled, provided no mandatory retention provisions preventing erasure apply.
Collection orders (Art. 6 (1) (b) EU-GDPR)
You have the option of creating a collection request via our website. To facilitate such orders we collect and process the following personal data: Customer data: FLEX customer number (optional), contact person (optional), telephone number (optional), e-mail address, brief info to FLEX (optional)
Collection address: company, department (optional), street, postcode, town/city, country, brief info to parcel service (optional), Dealer address (all details optional): company, street, postcode, town/city, telephone, fax, email
Customer address: company, street, postcode, town/city, telephone, fax, email
Additional product-related data required to execute the order. Data provided for collection orders is used solely to execute the order and is subsequently erased, provided that no mandatory retention provisions preventing erasure apply. When using a collection order for repairs, your data will be sent to our courier service (DPD) for the machine to be collected.
DPD order with return label
You still have the option of placing an order with us via our web site to create a DPD return label. For this we collect and process the following personal data:
Customer data: FLEX customer number (optional), contact person (optional), telephone number (optional), e-mail address, brief info to FLEX (optional)
Dispatch address: Company or name, department (optional), street, postcode, town/city, country, brief info for courier service (optional).
Dealer's address (if goods should be returned to a dealer: Company, street, postcode, town/city, telephone, fax, e-mail
Additional product-related data required to execute the order. Data provided to create the DPD label is used solely for this order and is subsequently erased, provided that no mandatory retention provisions preventing erasure apply.
Brochure and catalogue requests (Art. 6 (1) (a), (b) EU-GDPR)
You have the option of receiving information material in the form of brochures or catalogues via our web site. When an order is placed, we collect and process the following personal data:
Mandatory details: Name and first name, title, street, postcode, town/city, country, e-mail address, your desired order
Optional information: company, telephone number
The data collected are used solely for the purpose of sending the requested informational material and are subsequently erased, provided that no mandatory retention provisions preventing erasure apply. Data required to enable dispatch of the informational material are forwarded to the respective dispatch service provider for this purpose.
At present, data relating to the request of brochures/catalogues are transmitted without encryption, meaning that the possibility of an unauthorised third-party reading the data during transmission cannot be ruled out. Other alternative methods of communication can also be used (e.g. by post or fax), which offer greater security than unencrypted e-mail.
FLEXXPERTS Detailing Academy registration
You have the opportunity to register for our FLEXXPERTS Detailing Academy on our website. For this we collect and process your following personal data:
Desired date, first name, surname, street, postcode, town/city, e-mail, mobile phone number, T-shirt size, information on catering (optional), your message to us (optional).
The data collected is used solely for the purpose of registering for the Academy and is subsequently erased, provided that no mandatory retention provisions preventing erasure apply
Download option for print datasets
On our web site we offer you the Option of downloading print data recors. The following personal data is collected and processed for this:
- E-mail address
- First name
- Last name
As we offer this service at no additional cost to you, in return we would like to use your personal data collected for advertising purposes. The legal basis for processing data is Art. 6 Para. 1 lit. a, b GDPR. You have the right to revoke your consent to approaches from advertisers at any time by visiting email@example.com.
The data collected is stored for as long as is necessary to fulfil the purpose for which it was collected. Please note that numerous retention periods require that data continues to be stored. In particular, this concerns retention obligations under commercial or tax law (e.g. German Commercial Code (HGB), tax code etc.).
If you make use of your right of revocation but we are not yet able to delete your data for the reasons mentioned, we will ensure that your data is no longer used for advertising purposes from this point on.
These cookies enable us to analyse how our web site is used. This in turn allows us to shape our web site content in order to meet the needs of visitors. Cookies also enable us to measure the effectiveness of a particular advert and to place it according to criteria such as the thematic interests of visitors.
Most of the cookies that we use are "session cookies". These are automatically deleted after your visit.
Most web browsers accept cookies automatically. However, you can usually change your browser settings if you prefer not to send the information. The offers on our web site can then only be used to a limited extent (e.g. shop, download shopping cart for pictures, documents, etc.).
Google Analytics including Google Signals
Our website uses the tracking tool Google Analytics provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This registers and systematically analyses your interaction as the user with our website.
The following data is saved for this:
- The first three bytes of your IP address
- A Google Analytics ID allocated to you
- The website visited
- The referrer (the web site from which you accessed the visited web site)
- Additional sub-pages visited
- Length of time spent on the website
- Frequency of website visit
- Browser type used
- Language settings used
- Device and operating system used
The legal basis for processing your personal data is your consent in accordance with Art. 6 Para. 1 Clause 1 lit. a of the EU-GDPR. You can withdraw your consent at any time at the end of this data protection declaration.
The purpose of processing your personal data through the Google Analytics service is to analyse how our web site visitors interact with our web site. Evaluation of the respectively collected data enables us to optimise our online offer and increase user friendliness. Data collected using Google Analytics is erased or anonymised as soon as such data is longer needed to fulfil our purposes. This is the case after a period of 26 months.
The use of Google Signals as an extension is also connected to the use of Google Analytics; your consent to the use of Google Analytics also includes the use of Google Signals.
Google Signals enables us to have Google generate cross-device reports (known as "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyse usage behaviour across devices and create database models based on this if you have given your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) of the GDPR.
The logins and device types of all website users who were logged into a Google account and executed a conversion are recognised. Among other things, the data shows the device on which you clicked on an ad for the first time, and on which device the relevant conversion took place. We only receive statistics generated on the basis of Google Signals, and no personal data of the website user from Google.
You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922
Click on the following link for more information about Google Signals: https://support.google.com/analytics/answer/7532985
This service may forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
Using Google remarketing
Please note that Google has its own data protection policy, which is independent of ours. We accept no responsibility or liability for these policies and procedures. Please read Google's data protection provisions before using our web site at Datenschutzbestimmungen von Google.
Our website uses Google Maps (API) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). To guarantee data protection, Google Maps is deactivated when you visit this web site for the first time. A direct connection to the Google servers is not created until you independently activate Google Maps (consent in accordance with Art. 6 Para. 1 Clause 1 lit. a of the EU GDPR, Art. 25 Para. 1 of the TTDPA). You can withdraw your consent at any time at the end of this data protection declaration. This prevents your data from being transferred to Google when you first enter the page. Google Maps will save your IP address following activation. Subsequently, this is generally forwarded to and stored by Google on a server in the USA.
A third country transfer takes place, so that in this case there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. of the EU GDPR to establish the level of data protection in the respective third country. Additional information regarding the handling of user data is provided in the Google data protection declaration at: https://www.google.de/intl/de/policies/privacy/
Google Tag Manager
This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The service allows website tags to be managed via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. This means: As a matter of principle, no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which may in turn collect data. However, Google Tag Manager does not access this data. Deactivation effected at domain or cookie level remains in place for all tracking tags that are implemented with the Google Tag Manager.
More information can be found at http://www.google.com/tagmanager/use-policy.html.
Embeds - YouTube Plattform
Our website applies so-called content embeds, for instance in online offers. These embeds can, for example, derive from the YouTube platform. A conventional embed, for instance, will present a video on the YouTube platform. In all cases this involves a transfer of data to the corresponding platform’s server. YouTube embedding is achieved using the technical process of framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on the third-party site, in turn enabling the video stored on YouTube servers to be played. We use framing codes generated by YouTube in so-called ‘extended data protection mode’. According to information provided by the YouTube platform, cookie activity and the data collection initiated by it are only linked upon use of the playback function of the video itself. As such, collection of data by merely using the website containing framed content is prevented.
We require your consent in order to play the YouTube content (Art. 6 Para. 1 lit. a) of the EU GDPR, Art. 25 Para. 1 of the TTDPA), which you can grant - if you have not already done so as part of your cookie selection - via the button in the respective area of the video. By clicking on the play button, you consent to your IP address being transmitted to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA), and to the provider setting cookies in your browser. For your convenience, we remember your consent for 30 days using what is known as a local storage object that we store in your browser. Granted consent can be withdrawn at any time at the end of this data protection declaration.
Facebook Website Custom Audiences (‘visitor activity pixel’)
This website uses the ‘Facebook pixel’ provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (‘Facebook’), or for users located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
This allows the behaviour of users to be tracked after they have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data remains anonymous for us and, consequently, cannot be used to identify the user. However, the data are stored and processed by Facebook, thus enabling a link to the respective user profile and allowing Facebook to use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
You can allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The Facebook pixel collects user behaviour, the IP address and the geographical location of the respective user from the use of our web site. In addition, Facebook user ID, browser information, usage data, non-sensitive custom data, referrer URL, pixel ID, ads viewed, interactions with ads, services and products, marketing information, content viewed, device information and success of the user's marketing campaigns are collected.
When collecting data, we rely on your consent in accordance with Art. 6 Para. 1 lit. a) of the EU GDPR, and Art. 25 Para. 1 of the TTDPA for the corresponding data processing, which you can of course also revoke at any time at the end of this data protection declaration. If you withdraw your consent, your data will no longer be used for this purpose and will be deleted, provided that there are no legal retention periods preventing this. Where consent is not withdrawn, the data retention period is 720 days. Following this period, your data will be automatically erased.
Please note that when using the service, a third country transfer to Facebook cannot be excluded, so that in this case there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
We have taken appropriate technical and organisational measures in order to protect the data of our employees/customers/suppliers stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The level of security is continuously reviewed in cooperation with security experts and adjusted to conform with new security standards.
Links to other providers
Our web site also contains clearly recognisable links to the web sites of other companies. Insofar as there are links to websites of other providers, we have no influence on their content. Therefore, no warranty can be granted or liability assumed for this content. The relevant providers or operators of these websites are responsible for their content in all cases.
The linked websites were checked for any potential legal violations and recognisable legal infringements at the time of the links being placed. No illegal content was identified at the time of the links being placed. However, ongoing content monitoring of the linked websites cannot be reasonably expected without a concrete indication of a legal violation. Such links are removed immediately upon legal violations becoming known.
Social media links
On our web site you will find links to the social media services of LinkedIn, Facebook, YouTube, Instagram and TikTok. You can recognise links to the web sites of social media services by the respective company logo. Following these links takes you to the FLEX Elektrowerkzeuge GmbH company pages with the respective social media provider. Clicking on a link to a social media provider will create a connection to the respective social media provider's servers. This transfers to the servers of the social media service that you have visited our web site. In addition, other data is also transmitted to the provider of the social media service. As an example, these include:
• Web site address where the activated link is located
• Date and time of web site access or activation of the link
• Information about the browser and operating system used
• IP address
If you are already logged in to the corresponding social media service at the time of activating the link, the provider of the social media service may be able to determine your user name and possibly even your real name from the transferred data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand. The social media provider servers are located in the USA and other countries outside the European Union. As a result, the data may also be processed by providers of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as they do in the member states of the European Union.
Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on how the social media services integrated on our web site use your data, please refer to the data protection policy of the respective social media service.
Presence in Our social media
We are present on various ‘social media’ for the purpose of communicating with and providing details of our services to registered customers, potential customers and users of the media in question. We would like to point out that you are yourself responsible for using these platforms and their functions. This applies, in particular, with regard to the use of interactive functions (e.g. comments, shares, rating). We also point out that your data might be processed outside the European Union.
Your data might also be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This means for example that advertisements can be placed inside and outside the platforms that presumably correspond to your interest. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not directly collected from your terminal devices may also be stored in the usage profiles (especially if you are a member of the respective platforms and are logged in to them).
As the provider of this information service, we do not collect or process any other data from your use of our service. Personal user data is processed on the basis of our legitimate interest in providing effective user information and communication with the user in accordance with Art. 6 (1) (f) EU-GDPR. Where the respective providers request your consent for data processing (i.e. ask you to declare your consent by checking a checkbox or clicking on a button, for example), the respective legal basis for processing is Art. 6 Para. 1 Clause 1 lit a, and Art. 7 EU-GDPR
If you are a member of a social network and do not want the network to collect data about you via our web site and link it to your stored membership data with the respective network, you must
• log out of the respective network before visiting our web site.
• delete cookies stored on your device and
• close and restart your browser
After logging in again however, you will once more be identifiable to the network as a specific user. For a detailed description of the respective processing and opt-out options, please refer to the following linked information pertaining to providers. In addition, with regard to requests for information and the assertion of user rights, please note that these can be asserted most effectively with the provider in question. Only the providers have commensurate access to user data and can directly undertake corresponding action and provide information. If you still need help, you can contact us at.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – Data protection declaration: https://www.facebook.com/about/privacy/
Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – data protection declaration: https://policies.google.com/privacy
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – data protection declaration / opt-out: http://instagram.com/about/legal/privacy/
Google Analytics, opt-out cookie, which prevents the future collection of your data when visiting this web site: Deactivating Google Analytics
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Data protection declaration: https://www.linkedin.com/legal/privacy-policy
TikTok (musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA)
Data protection declaration: https://www.tiktok.com/de/privacy-policy
Your rights as a data sub
First of all, we would like to inform you about your rights as a data subject. These rights are standardised in Art. 15 - 22 EU GDPR. This covers:
The right to information (Art. 15 EU GDPR)
The right to erasure (Art. 17 EU GDPR)
The right to rectification (Art. 16 EU GDPR)
The right to data portability (Art. 20 EU GDPR)
The right to restriction of data processing (Art. 18 EU GDPR)
The right to object to data processing (Art. 21 GDPR)
To assert these rights, please contact: firstname.lastname@example.org. The same applies if you have questions about data processing in our company. You also have a right of appeal to a data protection supervisory authority.
ODR platform to resolve out-of-court disputes
In accordance with EU Regulation No. 524/2013, the EU Commission has provided an interactive website for the online dispute resolution platform (ODR platform) to facilitate settlement of out-of-court disputes arising from online legal transactions.
The ODR platform of the EU Commission is available via the following link: https://ec.europa.eu/consumers/odr/