PRIVACY POLICY

 
The following Privacy Policy will inform you how we handle and process your personal data when using our website. Personal data is defined as any data enabling the identification of a particular person. Your data will be protected according to statutory provisions, in particular the General Data Protection Regulation (GDPR) and the Federal Data Privacy Act (Bundesdatenschutzgesetz; BDSG). Below, you will find information on which data will be collected during your visit to our page and how it is processed:

 

1. INFORMATION ON COLLECTION OF PERSONAL DATA AND CONTACT DETAILS OF THE CONTROLLER

1.1 Responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

          Flexoptix GmbH
          Mühltalstr. 153
          64297 Darmstadt,
          Phone: 06151 62904-0, telefax: 06151 62904-99, email: info@flexoptix.net

       The complete imprint is available at https://www.flexoptix.net/en/legal/imprint/

1.2 We have appointed a data protection officer (DPO) for our company:
      Marc Oliver Giel, Lagerstraße 11 A, 64807 Dieburg, email: datenschutz@flexoptix.net.

1.3 We use SSL or TLS encryption on our website to ensure the secure transmission of personal data and other confidential contents (e.g. contact information, orders or inquiries). You can recognize an encrypted connection by the character sequence "https://" and the lock icon in your browser’s address bar.

 

2. DATA COLLECTION WHEN YOU VISIT OUR WEBSITE

If you visit our website without registering or otherwise conveying information to us, we will only store such data that your browser transmits to our server ("server log files"). When accessing our website, the following non-personal data will be transmitted to us:

 

  • The individual pages of our website (URL)
  • Date and time at the time of the access
  • Amount of data in bytes
  • Source/link from which you reached the page
  • Browser used
  • Operating system used
  • IP address used (generally anonymized)

Collection and storage shall take place according to sect. 6 para. 1 lit. f GDPR based on our legitimate interest in improving stability and function of our website. However, we reserve the right to subsequently review the log files if any specific indications suggest illegal use. Non-anonymized server log files (error log) will be deleted automatically after 14 days.

Our website is hosted by a service provider supplying infrastructure and platform services, computing capacity, storage capacity and database, security and technical maintenance services to us. We have concluded a data processing agreement (DPA) with them. Data processing shall take place for the purpose of ensuring readiness for operation of our website in which we have a legitimate interest, sect. 6 para. 1 lit. f GDPR.

 

3. COOKIES

3.1 General

(aa) Definitions

Below, we will provide you with comprehensive information concerning so-called “cookies” and other storage technologies (“web storage”). This is information that is frequently placed on your end device in databases. Any type of “cookie” or “web storage” can contain personal data. However in many cases, the data is pseudonymized. The following terms are used below:

  • First-party cookie: This cookie is saved or altered by the website which you are currently surfing.
  • Third-party cookie: This cookie is saved or altered by the third-party with which the website operator is associated (for example an advertising network, a social media platform etc).
  • Session cookie: This cookie is deleted by your end device when you close the browser. Frequently, a session cookie only saves a session ID in order to allocate multiple requests of a user on a page with that user's session.
  • Permanent cookie: This cookie is saved on your end device until its validity expires or until you delete it in the browser manually or automatically.
  • Mandatory: Without this cookie and web storage, it is not possible to provide the service you are requesting.
  • Optional: This cookie and web storage enables us to use additional functions and is only used if you issue your consent in this respect.
  • Local storage: Belongs to the so-called “web storage”. This information is also saved in your web browser until it is deleted manually.
  • Session storage: Belongs to the so-called “web storage”. This information is also saved in your web browser until you close the browser window.

(bb) Legal basis

  • Mandatory cookies and web storage: The saving of information and access to this is founded on the legal basis of § 25 (2) Number 2 of the German Telecommunications-Telemedia-Data Protection Act (TTDSG).
  • Optional cookies and web storage: The saving of information and access to this is founded on the legal basis of your individual, personal and voluntary consent in accordance with § 25 (1) TTDSG and Article 6 Paragraph 1 Letter a) GDPR. You can revoke your consent at any time with effect for the future. The data processing prior to the time of revocation remains lawful. Please bear in mind that should you not accept optional cookies, certain functions of our Internet presence may be restricted

(cc) Data recipients / possible access

  • First-party cookies: Only ourselves as the data processing controller and site operator have access to these.
  • Third-party cookies: Only the third-party that has set these cookies itself can access these. For example, only Google can access a cookie set by Google and only Google can read or alter these.
  • Web storage: Only ourselves as the data processing controller and site operator have access to this.

(dd) Saving duration

  • Session cookies: These only remain saved in your browser temporarily until the end of the browser session or these can be deleted by you beforehand.
    Permanent cookies: These remain saved on your end device for as long as specified by the respective cookie or these can be deleted by you beforehand.
  • Local storage: This remains saved until deleted manually.
  • Session storage: This remains saved until the browser window is closed.

The precise saving duration is stated under “cookies and web storage used”.

(ee) Deletion facility / objection

Please bear in mind that you can set your browser in such a way that you are informed of the setting of cookies. You can decide whether to accept individual cookies or exclude the acceptance of cookies for specific cases or generally. The manner in which cookie settings are administered varies between browsers. This is described in the help menu of each browser, which explains how you can alter your cookie settings. This information can be found via the following links for the respective browsers:

A general objection to the use of cookies that are used for online marketing purposes can be declared via the American site https://www.aboutads.info/choices/ or the EU site https://www.youronlinechoices.com/ for a large number of services, especially in the case of tracking.

3.2 Cookies used and web storage

In the following overview, we list the technically necessary first-party cookies used on our website and the purpose of the data processing:

Name Expiration Policy Description
 form_key 1 Year Stores randomly generated key used to prevent forged requests.
A security measure that appends a random string to all form submissions to protect the data from Cross-Site Request Forgery (CSRF).
last_visited_store 1 Year The store view or language you have selected.
login_redirect Session Preserves the destination page that was loading before the customer was directed to log in
mage-cache-sessid 1 Year Facilitates caching of content on the browser to make pages load faster.
mage-cache-storage 1 Year Facilitates caching of content on the browser to make pages load faster.
mage-cache-storage-section-invalidation 1 Year Facilitates caching of content on the browser to make pages load faster.
mage-messages 1 Year Tracks error messages and other notifications that are shown to the user, such as the cookie consent message, and various error messages. The message is deleted from the cookie after it is shown to the shopper.
PHPSESSID 1 Year Your session ID on the server.
private_content_version 10 Years Facilitates caching of content on the browser to make pages load faster.
section-data-ids 1 Year Facilitates caching of content on the browser to make pages load faster.
store 1 Year The store view or language you have selected.
USER_ALLOWED_SAVE_COOKIE 1 Year Indicates whether a customer allowed to use cookies.
X-Magento-Vary 1 Year Facilitates caching of content on the server to make pages load faster. /
Configuration setting that improves performance when using Varnish static content caching.

 

In the following overview, we list the technically necessary local storage used on our website and the purpose of the data processing:

Name Expiration Policy Description
jajuma-matomo Per local storage rules Matomo Analytics
mage-banners-cache-storage Per local storage rules Local storage for Banner functionality.
mage-banners-cache-timeout Per local storage rules Local storage for Banner functionality.
mage-banners-cartDataId Per local storage rules Local storage for Banner functionality.
mage-banners-storeId Per local storage rules Local storage for Banner functionality.
mage-cache-storage Per local storage rules Facilitates caching of content on the browser to make pages load faster.
mage-cache-storage-section-invalidation Per local storage rules Forces local storage of specific content sections that should be invalidated.
mage-cache-timeout Per local storage rules Facilitates caching of content on the browser to make pages load faster.
private_content_version Per local storage rules Facilitates caching of content on the browser to make pages load faster.
product_data_storage Per local storage rules Stores configuration for product data related to Recently Viewed / Compared Products.
recently_compared_product Per local storage rules Stores product IDs of recently compared products.
recently_compared_product_previous Per local storage rules Stores product IDs of previously compared products for easy navigation.
recently_viewed_product Per local storage rules Stores product IDs of recently viewed products for easy navigation.
recently_viewed_product_previous Per local storage rules Stores product IDs of recently previously viewed products for easy navigation.

 

4. ELECTRONIC CONTACT

To execute our e-mail communication we have commissioned a service provider which supplies infrastructure, platform, security and technical maintenance services to us.
We have concluded a data processing agreement (DPA) with them. Data processing shall take place for the purpose of ensuring readiness for operation of our email communication in which we have a legitimate interest, sect. 6 para. 1 lit. f GDPR.

 

CONTACT FORM / EMAIL

Personal data will be collected if you contact us electronically by contact form or email. Your name and email address must be entered in the contact form to enable us to address you individually. This data will only be stored and used for the purpose of answering your request or contacting you and for the required technical administration. We cannot process your query without this mandatory information. Any further information is voluntary.
The legal basis for processing this data is our legitimate interest in answering your query in accordance with sect. 6 para. 1 lit. f GDPR. If your inquiry is targeted at a conclusion of a contract, sect. 6 para. 1 lit. b GDPR shall be an additional legal basis for processing. The legal basis for your voluntary information is sect. 6 para. 1 lit. a GDPR.

Your data will be deleted after final processing of your query. This is also the case if the circumstances show that the affected subject matter has been finally clarified and that there are no statutory archiving obligations in this respect.

 

COMPATIBILITY REQUEST

If you submit a compatibility request, personal data will be collected. Your name and email address must be entered when you use our form to enable us to address and advise you individually. This data will only be stored and used for the purpose of answering your compatibility request or contacting you and for the required technical administration. We cannot process your query without this mandatory information. Any further information is voluntary.
The legal basis for processing of the data is our legitimate interest in answering your request in accordance with sect. 6 para. 1 lit. f GDPR. If your inquiry is targeted at conclusion of a contract, sect. 6 para. 1 lit. b GDPR shall be an additional legal basis for processing. The legal basis for your voluntary information is sect. 6 para. 1 lit. a GDPR.
Your data will be deleted after final processing of your query. This is also the case if the circumstances show that the affected subject matter has been finally clarified and that there are no statutory archiving obligations in this respect.

 

SUPPORT REQUEST

If you submit a support request, personal data will be collected. Your name and email address must be entered to enable us to address and advise you individually. This data will only be stored and used for the purpose of your support request or execution of the support contract concluded with you and the required technical administration. This contract is concluded when you submit a support request. We cannot process your support request without this mandatory information. Any further information is voluntary.
The legal basis for processing of the data is sect. 6 para. 1 lit. a GDPR. Your data will be stored for as long as we have a support contract with you. In case of termination of the support contract, your data will be erased if this is not prevented by any statutory archiving obligations.

 

FEEDBACK AFTER CHECKOUT
If you provide feedback to us after checkout, the content of the text field will be submitted to us.
Together with your order data, this information will only be stored and used for responding to your feedback by unencrypted email and the required technical administration.

The legal basis for processing of the data is your voluntary consent in accordance with sect. 6 para. 1 lit. a GDPR. Your personal data will be deleted after final processing of your feedback. This is also the case if the circumstances show that the affected subject matter has been finally clarified and that there are no statutory archiving obligations in this respect.

 

5. DATA COLLECTION UPON POSTING BLOG COMMENTS

If you use the comment function, we will collect and process your personal data based on your voluntary consent in accordance with sect. 6 para. 1 lit. a GDPR. Your data will be stored permanently. You can withdraw your consent at any time by emailing us effective for the future. We will then erase your comments.

 

6. DATA PROCESSING WHEN OPENING AND USING THE CUSTOMER PLATFORM

If you create a personal customer account on our customer platform, we will collect and process your personal data. It must include the company name, complete postal address, VAT ID if present, as well as the name, phone number and email address of your contact. Without this mandatory information, we will be unable to provide you with access to our customer platform. Any further information is voluntary.
Data processing will take place to perform the contract with you in accordance with sect. 6 para. 1 lit. b GDPR. Your data will remain stored for as long as the contract for the customer account with us exists. Erasure of the customer account is possible at any time. The legal basis for your voluntary information is sect. 6 para. 1 lit. a GDPR.

If you use your personal customer account to submit any quote requests, we will collect and process your personal data. Beyond the data named, we also need the contract data in order to make a personalized offer to you.

 

7. DATA PROCESSING DURING ORDERS

7.1 General

Should you order goods or services from us, we gather and process your personal data in order to carry out and perform the contract with you.

  • Purpose of the processing: Performance of your order
  • Legal basis: For the mandatory information referred to in the order form: Contract in accordance with Article 6 Paragraph 1 Letter b) GDPR. For all other optional information: In this respect, any consent issued by you in accordance with Article 6 Paragraph 1 Letter a) GDPR applies.
  • Data recipients: Shipping and payment service providers.  Sales partners, lawyers, tax advisers, data protection officer, collection companies, corporate consultants, IT service providers, web hoster of the shop system (see below).

Our shop system is hosted by our order processor:

  • Data recipient: Magento Commerce International Ltd., 25-28 North Wall Quay, Dublin, Ireland (hereinafter referred to as Magento)
    Parent company: X-commerce, Inc. dba Magento, Inc, 3640 Holdrege Ave Los Angeles, CA 90016, USA (hereinafter referred to as X-commerce)
  • Transfer to third countries: We have agreed with our order processor that the personal data will only be saved in a computer center within a Member State of the European Union.
  • Suitable guarantees: We have concluded an order processing contract with Magento in accordance with Article 28 GDPR in order to protect your personal data. We have also concluded the EU standard contractual clauses with the parent company X-commerce, which should be considered to be suitable guarantees in accordance with Article 46 Paragraph 2 Letter c) GDPR. In order to comply with the requirements of the European Court of Justice stated in its judgment (C-311/18), additional measures have been agreed with Magento and these are also included in the contract referred to above.

7.2 Payment processing, creditworthiness check

The payment data that is necessary for processing the payment is passed on to the engaged payment service provider and the banks by us.

  • Purpose of the processing: Performance of the order Processing the payment
  • Legal basis: Contract in accordance with Article 6 Paragraph 1 Letter b) GDPR.
  • Provision obligation: Depending on the selected payment method, you are required to provide us and/or the payment service provider with the necessary payment data.
  • Data recipient in case of payments by PayPal or credit card: 
    Nexi Germany GmbH, Helfmann-Park 7, 65760 Eschborn, Germany
    In case of payment by PayPal, Nexi Germany GmbH then passes the data on to PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg, https://www.paypal.com/de
  • Data recipient in case of payment on account: Euler Hermes Forderungsmanagement Deutschland GmbH, Friedensallee 254, 22763 Hamburg, Germany

Should we provide preliminary performance (for example delivery on account), we reserve the right to carry out a creditworthiness check in order to safeguard our legitimate interest in determining the payment capability of our customers. In accordance with Article 6 Paragraph 1 Letter f) GDPR, we pass on the personal data that is necessary for the creditworthiness check to the service provider referred to above.

The creditworthiness information may include likelihood values (so-called score values). The score values include, but are not limited to, address data. The result of the creditworthiness check in relation to the statistical likelihood of payment not being made is used by us when taking a decision concerning the entering into, performance or termination of a contractual relationship.
You can object to this processing of your data at any time by sending a message to the data processing controller or to Euler Hermes. However, we may remain entitled to process your personal data, should this be necessary for processing payments in accordance with the contract.

7.3 Shipping handling

  • Purpose of the processing: Performance of the order. Delivery of the goods. Notification of delivery. Consignment tracking.
  • Legal basis: Name, address (and if applicable) telephone number: Contract in accordance with Article 6 Paragraph 1 Letter b) GDPR Disclosure of the email address to the shipping company: Consent in accordance with Article 6 Paragraph 1 Letter a) GDPR
  • Provision obligation: Without your name, address (and if applicable) telephone number, the respective shipping company cannot deliver the goods to you.
  • Data recipients: The shipping companies whom we regularly use are listed below:
    • DHL EXPRESS: DHL Express Germany GmbH, Heinrich-Brüning-Str. 5, 53113 Bonn, Germany
    • FedEx: FedEx Express Deutschland GmbH, Am Forsthaus Gravenbruch 9-11, 63263 Neu-Isenburg, Germany
    • UPS: United Parcel Service Deutschland S.à r.l. & Co. OHG, Görlitzer Straße 1, 41460 Neuss, Germany

7.4 Direct advertising

  • Purpose of the processing: Direct advertising, sales promotion
  • Legal basis: Our overriding legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR
  • Legitimate interests: Direct advertising, sales promotion
  • Data recipients: Agency, letter shop, sales partners

7.5 Legal obligation

  • Purpose of the processing: Fulfillment of legal obligations (for example information, notification, disclosure and retention obligations, payment of taxes and duties)
  • Legal basis: The respective legal regulation applies together with Article 6 Paragraph 1 Letter c) GDPR.
  • Data recipients: Authorities, state institutions, tax advisers, data protection officer

8. FREE FLEXBOX CAMPAIGN

If you participate in our FREE FLEXBOX campaign, we will collect and process your personal data to perform and process the contract with you in accordance with sect. 6 para. 1 lit. b GDPR. The mandatory information is evident from the order form. Additionally, your feedback and a digital portrait of you can be published on our website. Without your information, you cannot participate in the campaign.

Regarding the engagemant of shipping service provider we refer to item 7 "Shipping Service Provider".
After the end of the contract we will delete your personal data if there is no right for further processing. Apart from that, we refer to item 13.

 

9. MATOMO

Our website uses Matomo, a web analysis service of https://matomo.org. The software does not use cookies. We use Matomo "on-premise", i.e. only the responsible and the data processor have access to the data.

Our website uses Matomo only with IP-masking which ensures anonymization of the IP address by abbreviation and excludes direct personal references.

  • Purposes of the processing: Tracking (e.g. interest-based/behavioural profiling), evaluation of user actions, interest-based and behavioural marketing, profiling (compilation of user profiles), conversion rate measurement (measure the effectiveness of marketing activities), reach measurement (e.g. access statitics, recognition of recurring visitors).
  • Legal basis and legitimate interests: For the usage of Matomo we refer to our predominantly legitimate interest in accordance to sect. 6 para. 1 lit. b GDPR for the statistical evaluation of user actions on our website, conversion rate measurement and improvement od usability.
  • Storage period: The determined anonymized data will be stored for up to 36 months. The data will be erased automatically after this.
  • Opt-Out / Objection: You can exercise your rights of objection by clicking on the following link. When clicking on this link, a technically required cookie is set that will prevent recording within this website by Matomo in the future.
  • Data receiver: Web hoster, see above

10. YOUR RIGHTS

As an affected person, you have the following rights:

Confirmation of data processing: You have the right to demand our confirmation of whether we process any personal data concerning you. The prerequisites for this can be found in sect. 15 GDPR.

  • Information: You have the right to demand information on your personal data processed by us. The prerequisites for this can be found in sect. 15 GDPR.
  • Rectification: You have the right to demand rectification of inaccurate personal data concerning you without undue delay at any time. The prerequisites for this can be found in sect. 16 GDPR.
  • Erasure: You have the right to demand erasure of personal data concerning you without undue delay at any time. The prerequisites for this can be found in sect. 17 GDPR.
  • Restriction of processing: You have the right to demand restriction of processing of your personal data. The prerequisites for this can be found in sect. 18 GDPR.
  • Data portability: You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. You further have the right to have these data transmitted to another controller by us. The prerequisites for this can be found in sect. 20 GDPR.
  • Withdrawal of consent: You have the right to withdraw your given consent at any time if processing is based on sect. 6 (1) lit. a or sect. 9 (2) lit. a GDPR. Data processing until your withdrawal remains legal. The revocation shall only apply for the future. The prerequisites for this can be found in sect. 7 (3) GDPR.
  • Complaint: You have the right, notwithstanding any other legal remedy under administrative law or in court, to complain to a supervisory authority if you believe that processing of the personal data concerning you violates the GDPR. The prerequisites for this can be found in sect. 77 GDPR.
     

10.2 RIGHT TO OBJECT

YOU HAVE THE RIGHT TO OBJECT TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR REASONS RESULTING FROM YOUR SPECIFIC SITUATION THAT WE PROCESS DUE TO OUR OVERRULING LEGITIMATE INTEREST AT ANY TIME (SECT. 6 (1) LIT. E OR F GDPR), EFFECTIVE FOR THE FUTURE. FOR THE PREREQUISITES, SEE SECT. 21 GDPR.

 

11. CATEGORIES OF RECIPIENTS OF PERSONAL DATA

If required, we can provide personal data in compliance to privacy policy requirements to the following recipient categories: credit agencies, banks, financial service and payment transaction providers, federal departments (e.g. tax authority, data privacy surveillance authority), IT providers, our trade and sales partners as well as other faciliators, postal services, insurances, business consultants, marketing agencies, attorneys, tax advisors, and data protections officers. In case the recipient of personal data is considered a data processor, we have concluded a data processing agreement (DPA) according to sect. 28 GDPR with them.

 

12. SOURCES OF PERSONAL DATA

We process personal data, that was either provided by our customers themselves or by one of the recipient categories listed under item 11. Additionally we process personal data rightfully acquired from reliable open sources, other companies, or other third parties (e.g. credit agencies).

 

13. STORAGE PERIOD OF PERSONAL DATA AND ERASURE

If no deviating storage period is stated otherwise, we will store the data for as long as this is required for their purpose and statutory archiving obligations apply. According to the legal specifications, storage shall continue for 6 years (§ 257 para. 1 German Commercial Code - trade logs, inventory, opening balance sheets, annual statements, commercial letters, booking evidence, etc.) and for 10 years ( § 147 para. 1 AO - accounts, records, management reports, booking evidence, commercial and business letters, documents relevant for taxation, etc.).
After the end of the archiving period, the corresponding data will be routinely deleted if they are no longer required for performing the contract or preparing the contract and/or we do not have any legitimate interest in further storage anymore.

 

14. CHANGES TO THIS PRIVACY POLICY

This privacy policy is currently valid as of June 2019.
Further development of our website and offers through it or changed statutory or authority specifications may require changes to this privacy policy. You may access the current privacy policy at any time on the website at https://www.flexoptix.net/en/legal/data-protection/.