Data protection information
Responsible body and data protection officer:
Telefon: +49 7144 828 0
Fax: +49 7144 258 99
Contact data protection: firstname.lastname@example.org
Purpose and legal basis for data processing
In processing your personal data, compliance with the provisions of the EU-GDPR and all other applicable data protection law provisions is observed. In particular, the legal basis for data processing is established under Art. 6 EU-GDPR. We use your data to initiate business, fulfil contractual and statutory obligations, implement the contractual relationship, offer products and services and also strengthen customer relations, which may involve analysis for marketing purposes and direct advertising. Your consent for data processing may also constitute consent under data protection law. Prior to the granting of consent, we clarify with you the purpose of data processing and your right of withdrawal. The respective legal basis for commensurate data processing is once again provided to you separately in the following paragraphs.
Forwarding to third parties
We will forward your data to third parties solely within the scope of statutory provisions or with commensurate consent. Apart from such instances, data are not forwarded to third parties save for where we are obliged to do so in accordance with mandatory legal provisions (forwarding to external offices such as supervisory authorities or law enforcement agencies).
Data recipient/recipient categories
Within our company we ensure that your data are only disclosed to persons requiring such for the fulfilment of contractual or statutory obligations. In certain cases service providers support our specific departments in the performance of their tasks. The requisite agreements under data protection law are concluded with all service providers.
Transmission to third countries/intention to transmit to third countries
Transmission of data to third countries (outside the European Union or European Economic Area) occurs solely to the extent necessary to fulfil the respective obligation or if required by law or where you have granted your consent for such. Details of such circumstances will be provided to you separately within the scope of the respective data processing in the relevant section.
Data retention period
We store your data for as long as required for the respective processing purpose. Please be aware that various retention periods require the continued (obligatory) retention of data. In particular, this concerns retention obligations under commercial or tax law (e.g. German Commercial Code (HGB), tax code etc.). Provided no further retention obligations apply, your data will be erased after fulfilment of the respective purpose. We may also retain data with your consent or in the event of legal disputes in which we use evidence within the statutory periods of limitation that can extend for up to thirty years; the usual period of limitation is three years.
Data provision obligation
Various personal data are required for the establishment, performance and expiration of the obligation and fulfilment of associated contractual and statutory duties. The same applies for use of our website and the various functions provided by it. Commensurate details are summarised in the above section. Certain instances also require data to be collected or provided on the basis of statutory provisions. Please note that your request cannot be processed or the associated obligation carried out without the provision of such data.
Categories, sources and origin of data
The data we process is determined by the respective context in that it depends, for example, on whether you submit an online order or fill out a request using our contact form, or whether you send us a job application or submit a complaint. In the following we wish to provide you with relevant details regarding the specific instances of processing on our website.
Visit our web pages
As a rule we do not require any personal data from you when you visit our web pages. The only information we request is the name of your Internet Service Provider and the web pages you access on our site. However, you as the Internet user remain anonymous as we use this information for statistical purposes only (e.g. number of requests for the individual web pages).
The protection of your privacy is of great importance to us. Therefore it is important that you always know when we store data and how we use it. When you visit our web pages, our web servers save your IP address. The IP address can be used to identify your provider. It is not our intention to identify individuals. For reasons of technical security (particularly to prevent attempted hacks on our web server) these data are stored in accordance with Art. 6 (1) (f) EU-GDPR. After 7 days at the latest, anonymisation is carried out through truncation of the IP address to prevent any reference to the user.
Contact form/contact via email (Art. 6 (1) (a) and (b) EU-GDPR)
Our website incorporates a contact form which can be used to contact us electronically. If you use the contact form to write to us, we will process the data provided by you within the scope of the contact form for the purpose of communication and to respond to your questions and requests. In doing so, the principles of data economy and data reduction are observed; this means you are only required to provide the data we need to communicate with you.
These data are your surname, email address, the respective subject and the message field itself. In addition, as a technical necessity and for legal security, your IP address is also processed. All other data involve voluntary fields for optional use (e.g. for a more specific response to your questions).
If you contact us by email, we will process the personal data provided in the email solely for the purposes of responding to your request.
Dealer portal registration
On our website, we offer FLEX partners the opportunity to register by providing personal data. For example, image and text data, logos, catalogs, product data, etc. can be downloaded. In the course of registration on our download portal, we collect the following data: Country, first name, last name, company, e-mail, password, customer number.
The legal basis for the collection and processing of the data is thereby Art. 6 para. 1 lit. b) DS-GVO.
By registering on our website, the IP address of the user, the date and time of registration are also stored (technical background data).
Please note: The password you enter is stored by us in encrypted form. Employees of our company cannot read this password. Therefore, they cannot give you any information if you have forgotten your password. In this case, please use the "Forgotten password" function, which will send you an automatically generated new password by e-mail. No employee is authorized to ask you for your password by phone or in writing. Therefore, please never give your password if you receive such requests.
Once you have completed the registration process, your data is stored with us for use of the protected download portal. As soon as you log in to our website using your e-mail address as your username and password, this data will be made available for actions you perform on our website.
We are assisted by our service provider Auth0 [Auth0, European HQ, 3rd Floor Union House 182-194 Union Street London, SE1 0LH, UK] in carrying out the registration process for the administration of login operations, with whom we have entered into the contract required by data protection law for the protection of your data.
Nevertheless, please note that this is a provider from the USA and may subsequently transfer data to a country that does not offer an adequate level of data protection (USA). There is a risk that your data may be processed by US authorities for control and monitoring purposes, without you possibly having any legal remedies. However, we take the possible and necessary data protection measures in accordance with Art. 44 et seq. EU-DS-GVO to establish the level of data protection in the third country.
We will only collect, process or use data for consulting, advertising or market research purposes if you have given us your prior consent. Of course you can revoke your consent at any time at email@example.com or by post to FLEX-Elektrowerkzeuge GmbH, Bahnhofstr. 15, 71711 Steinheim.
Dealer search (Art. 6 (1) (a), (b) EU-GDPR)
Our website allows you to display our dealers in your area by entering your country and postcode. The data provided by you for this purpose are exclusively used to ascertain the relevant dealers. In addition – subject to your consent – we use interactive map images provided by Google. The commensurate privacy statement regarding the use and application of Google Maps is provided in the respective note below.
Registration for our 3-year warranty (Art. 6 (1) (b) EU-GDPR)
You can register for our 3-year warranty on our website. In the course of registration we collect and process the following data categories:
Mandatory fields: first name, surname, company (only for business registrations), telephone/mobile number (only for business registrations), street, street number, postcode, town/city, country, language, email address, password including password confirmation
Optional information: title, telephone/mobile number (for private registrations)
The data provided are used solely for the purpose of registering for our 3-year warranty and are erased as soon as this purpose has been fulfilled, provided no mandatory retention provisions preventing erasure apply.
Brochure and catalogue requests (Art. 6 (1) (a), (b) EU-GDPR)
You can request via our website that informational material in the form of brochures or catalogues be sent to you. To facilitate such requests we collect and process the following personal data:
Mandatory details: surname, first name, title, street, postcode, town/city, country, email address, your requested order
Optional information: company, telephone number
The data collected are used solely for the purpose of sending the requested informational material and are subsequently erased, provided no mandatory retention provisions preventing erasure apply. Data required to enable dispatch of the informational material are forwarded to the respective dispatch service provider for this purpose. At present, data relating to the request of brochures/catalogues are transmitted without encryption, meaning that the possibility of an unauthorised third-party reading the data during transmission cannot be ruled out. Other alternative methods of communication can also be used (e.g. by post or fax), which offer greater security than unencrypted email.
These cookies enable us to analyse how our web site is used. This in turn allows us to shape our web site content in order to meet the needs of visitors. Cookies also enable us to measure the effectiveness of a particular advert and to place it according to criteria such as the thematic interests of visitors.
Most of the cookies that we use are "session cookies". These are automatically deleted after your visit. Most web browsers accept cookies automatically. However, you can normally also change your browser's settings if you prefer not to send this information. If you do that, the content of our web site will only be usable with restrictions (e.g. download shopping cart for images, documents etc.).
Our website uses the tracking tool Google Analytics provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This tool registers and systematically analyses your interaction as the user with our website.
In doing so the following data relating to you are stored:
- The first three bytes of your IP address
- A Google Analytics ID allocated to you
- The website visited
- The referrer (the website from which you accessed the visited website)
- Additional sub-pages visited
- Length of time spent on the website
- Frequency of website visit
- Browser type used
- Language settings used
- Device and operating system used
The legal basis for processing your personal data is your consent in accordance with Art. 6 (1) (a) EU-GDPR. You may withdraw your consent at any time at the end of this privacy statement.
The purpose for which your personal data are processed using the Google Analytics service is to analyse the interaction of our website visitors with our website. Evaluation of the respectively collected data enables us to optimise our online offer and increase user friendliness. Data collected using Google Analytics are erased or anonymised as soon as such data are longer needed to fulfil our purposes. This is the case after a period of 26 months.
This service may forward the collected data to another country. Please note that this service may transmit data outside the European Union or the European Economic Area and to a country that does not provide an appropriate level of data protection. Where data are transferred to the USA, the risk arises of your data being processed by US authorities for control and monitoring purposes without you having a potential means of redress. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
Usage of Google Remarketing
We use Remarketing Technology from Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).Via this technology, users that have already visited our websites and online services and shown interest in the offering are re-addressed by targeted advertising on the sites of the Google partner network. The advertising is phased in by using cookies, small text files that are stored on the user’s computer. With the aid of these text files, user behaviour when visiting the website can be analysed and then used for targeted product recommendations and interest-based advertising.
Should you nevertheless not require the Remarketing function from Google, you can deactivate it by making the appropriate settings
under http://www.google.com/settings/ads or https://www.google.de/settings/ads/onweb#display_optout Alternatively, you can deactivate the usage of cookies for interest-related advertising via the advertising network initiative by following the instructions under http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing and the data privacy declaration issued by Google can be accessed under: http://www.google.com/privacy/ads/
We would like to point out that Google has its own data privacy guidelines, which are independent of ours. We assume no responsibility or liability for these guidelines and methods. Kindly inform yourself prior to using our website via data privacy provisions of Google.
Our website uses Google Maps (API) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). To preserve data privacy Google Maps is deactivated when you visit this website for the first time. A direct connection to the Google servers is first created where you independently activate Google Maps (consent in accordance with Art. 6 (1) (a) GDPR). You may withdraw your consent at any time at the end of this privacy statement. This process prevents your data being transferred to Google upon accessing the website for the first time. Following activation Google Maps will store your IP address. Subsequently, this is generally forwarded to and stored by Google on a server in the USA.
As such cases involve transmission to a third country, the risk arises of your data being processed by US authorities for control and monitoring purposes without you having a potential means of redress. However, we take the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
Additional information regarding the handling of user data is provided in the Google privacy statement available at: https://www.google.de/intl/de/policies/privacy/
Google Tag Manager
This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The service allows website tags to be managed via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. Essentially, this means that no cookies are used and no personal data are collected. The Google Tag Manager triggers other tags, which may in turn collect data. However, Google Tag Manager does not access this data. Deactivation effected at domain or cookie level remains in place for all tracking tags that are implemented with the Google Tag Manager.
Further information is available at http://www.google.com/tagmanager/use-policy.html.
Embeds - YouTube Plattform
Our website applies so-called content embeds, for instance in online offers. These embeds can, for example, derive from the YouTube platform. A conventional embed, for instance, will present a video on the YouTube platform. In all cases this involves a transfer of data to the corresponding platform’s server. YouTube embedding is achieved using the technical process of framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on the third-party site, in turn enabling the video stored on YouTube servers to be played. We use framing codes generated by YouTube in so-called ‘extended data protection mode’. According to information provided by the YouTube platform, cookie activity and the data collection initiated by it are only linked upon use of the playback function of the video itself. As such, collection of data by merely using the website containing framed content is prevented. To play YouTube content we require your consent (Art. 6 (1) (a) EU-GDPR), which, insofar as not already given through your cookie selection, you can grant using the button on the respective video. By clicking on the play button you consent for your IP address to be transmitted to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA) and for the provider to place cookies on your browser. For your convenience, we remember your consent for 30 days using a so-called local storage object that we store in your browser. Granted consent can be withdrawn at any time at the end of this privacy statement.
Facebook Website Custom Audiences (‘visitor activity pixel’)
This website uses the ‘Facebook pixel’ provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (‘Facebook’), or for users located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
This allows the behaviour of users to be tracked after they have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data remain anonymous for us and, consequently, cannot be used to identify the user. However, the data are stored and processed by Facebook, thus enabling a link to the respective user profile and allowing Facebook to use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
You can allow Facebook and its partners to place ads on and outside of Facebook. In addition, a cookie can also be stored on your computer for this purpose. When using our website, the Facebook pixel collects details of user behaviour, the IP address and the geographical location of the respective user. Additionally collected are details of the Facebook user ID, browser information, usage data, non-sensitive user-defined data, referrer URL, pixel ID, ads viewed, interaction with advertising, services and products, marketing information, content viewed, device information and user-related marketing campaign success.
When collecting data, we rely on your consent in accordance with Art. 6 (1) (a) EU-GDPR for the commensurate data processing, which you may naturally withdraw at any time at the end of this privacy statement. Upon withdrawal of your consent, your data will no longer be used for this purpose and will be erased, provided no statutory retention provisions preventing such apply. Where consent is not withdrawn, the data retention period is 720 days. Following this period, your data will be automatically erased.
Please note that when using this service a third-country transfer to Facebook cannot be precluded, with the result that in any such case, the risk arises of your data being processed by US authorities for control and monitoring purposes without you having a potential means of redress. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
We have taken appropriate technical and organisational measures to protect any data stored with us about our employees/customers/suppliers against accidental or deliberate manipulation, loss, destruction or access by unauthorised persons. The security levels are constantly monitored in collaboration with security experts and adjusted to new security standards.
Links to other providers
This website also contains clearly identifiable links to the websites of other companies. We have no influence over the content of any linked websites of other providers on our website. Accordingly, no responsibility or guarantee is accepted for such content. The respective provider or operator of the website in question is solely responsible for the content of such.
Linked pages are checked for potential infringements and apparent breaches of the law at the time of linking. No unlawful content was apparent at the time of linking. Notwithstanding this, permanent monitoring of the content of linked pages is not feasible without specific indications of an infringement. Upon notification of infringements, the links in question will be removed without delay.
Social media links
Our website includes links to social media services provided by Facebook, YouTube and Instagram. Links to social media service provider websites can be identified by the respective company logo. Following these links will take you to the FLEX Elektrowerkzeuge GmbH company pages with the respective social media provider. Clicking on a link to a social media provider will create a connection to the respective social media provider's servers. This tells the social media provider's server that you have visited our website. In addition, other data are also transmitted to the provider of the social media service. As an example, these include:
- Website address where the activated link is located
- Date and time of website access or activation of the link
- Information about the browser and operating system used
- IP address
If you are currently logged on to the respective social media provider at the time of activating the link, the provider of the social media service may be able to determine your user name and possibly even your real name from the transmitted data and assign this information to your personal user account with the social media provider. You can prevent this potential assignment to your personal user account by logging out of your user account beforehand.
The social media provider servers are located in the USA and other countries outside the European Union. As a result, the data may also be processed by providers of the social media service in countries outside the European Union. Please be aware that companies in such countries are subject to data privacy law that does not generally protect personal data to the same extent as occurs in member states of the European Union. Please note that we have no influence on the extent, nature and purpose of data processing by social media service providers. Further information on the use of your data by social media providers integrated into our website is provided in the data privacy guidelines of the respective social media service.
Our social media presence
We are present on various ‘social media’ for the purpose of communicating with and providing details of our services to registered customers, potential customers and users of the media in question.
Please be advised that you alone are responsible for your use of these platforms and their respective functions. This applies, in particular, with regard to the use of interactive functions (e.g. comments, shares, rating). Please also be aware that your data may be processed outside the area of the European Union.
Moreover, your data may be processed for market research and advertising purposes. Your user behaviour and any resulting interests, for example, may be used to create user profiles, which may in turn potentially allow adverts of supposed interest to you to be placed within and outside the platforms. For this purpose cookies are generally stored on your computer. Notwithstanding the above, data that are not collected directly from your terminal devices may also be stored in the user profiles (particularly if you are a member of and logged on to the respective platform). Beyond this, as the provider of this information service, we do not collect or process any data pertaining to your use of our service.
Processing of personal user data is performed on the basis of our legitimate interest in providing effective user information and communication with the user in accordance with Art. 6 (1) (f) EU-GDPR. Where the respective providers request your consent for data processing (i.e. ask you to declare your consent by checking a check box or confirming a button, for example), the respective legal basis for processing is Art. 6 (1) (a) and Art. 7 EU-GDPR.
If you are a member of a social network and do not want the network to collect data concerning you via our website and link such to your membership data stored on the respective network, you need to
- log out of the respective network before visiting our website,
- delete cookies stored on your device and
- close down and restart your browser.
However, once you log on again you will again be recognisable to the network as a specific user. For a detailed description of the respective processing and opt-out options, please refer to the following linked information pertaining to providers.
In addition, with regard to requests for information and the assertion of user rights, please note that these can be asserted most effectively with the provider in question. Only the providers have commensurate access to user data and can directly undertake corresponding action and provide information. Should you nevertheless require assistance, please don't hesitate to contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Privacy statement: https://www.facebook.com/about/privacy/,
Google / YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland) – Privacy statement: https://policies.google.com/privacy,
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Privacy statement/ Opt-Out: http://instagram.com/about/legal/privacy/.
Google Analytics, an opt-out-cookie is set that will in future prevent your data from being recorded when you visit this web site: deactivate Google Analytics.
Your rights as a data sub
Firstly, we would like to take this opportunity to inform you of your rights as a data subject. These rights are set out in Art. 15–22 EU-GDPR. These encompass:
The right to access (Art. 15 EU-GDPR)
The right to erasure (Art. 17 EU-GDPR)
The right to rectification (Art. 16 EU-GDPR)
The right to data portability (Art. 20 EU-GDPR)
The right to restriction of data processing (Art. 18 EU-GDPR)
The right to object to data processing (Art. 21 EU-GDPR)
To assert these rights please contact: firstname.lastname@example.org. The same applies for any questions you may have regarding data processing in our company. You also have the right to lodge a complaint with a data protection supervisory authority.
ODR platform to resolve out-of-court disputes
In accordance with EU Regulation No. 524/2013, the EU Commission has provided an interactive website for the online dispute resolution platform (ODR platform) to facilitate settlement of out-of-court disputes arising from online legal transactions.
The ODR platform of the EU Commission is available via the following link: https://ec.europa.eu/consumers/odr/