Data protection
Data protection information
Responsible body and data protection officer:
FLEX-Elektrowerkzeuge GmbH
Bahnhofstraße 15
71711 Steinheim
Telefon: +49 7144 828 0
Fax: +49 7144 258 99
E-mail: info@flex-tools.com
Internet: www.flex-tools.com
Contact data protection: datenschutz@flex-tools.com
Your rights as a data subject
First of all, we would like to inform you of your rights as a data subject. These rights are standardised in Articles 15-22 EU GDPR. This comprises:
The right to information (Article 15 GDPR)
The right to erasure (Article 17 GDPR)
The right to rectification (Article 16 GDPR)
The right to data portability (Article 20 GDPR)
The right to restriction of data processing (Article 18 GDPR)
The right to object to data processing (Article 21 GDPR)
To exercise these rights, please contact: datenschutz@flex-tools.com. The same applies if you have any questions concerning data processing in our company. You also have a right of appeal to a data protection supervisory authority.
Rights of objection
Please note the following in connection with rights of objection:
If we process your personal data for the purpose of direct marketing, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling, provided that it is related to direct marketing.
If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes. Objection is free of charge and can be made informally, if possible to: datenschutz@flex-tools.com
In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.
We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves the assertion, exercise or defence of legal claims.
Purpose and legal basis for data processing
When processing your personal data, we comply with the provisions of the EU Data Protection Regulation and all other applicable data protection regulations. In particular, the legal basis for data processing is established under Art. 6 of the EU GDPR. We use your data to initiate business, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising. Your consent to data processing may also constitute a consent requirement under data protection law. Prior to the granting of consent, we clarify with you the purpose of data processing and your right to withdraw. The respective legal basis will be communicated to you again separately in the following paragraphs for the corresponding data processing.
Forwarding to third parties
We will only pass on your data to third parties within the framework of the legal provisions or with the corresponding consent. Apart from such instances, data is not forwarded to third parties save for where we are obliged to do so in accordance with mandatory legal provisions (forwarding to external offices such as supervisory authorities or law enforcement agencies).
Data recipient/recipient categories
Within our company, we ensure that only those persons who need it to fulfil contractual and legal obligations will receive your data. In certain cases service providers support our specific departments in the performance of their tasks. The requisite agreements under data protection law are concluded with all service providers.
Transmission to third countries/intention to transmit to third countries
Transmission of data to third countries (outside the European Union or European Economic Area) occurs solely to the extent necessary to perform the contractual obligation or if required by law or where you have granted your consent for this. We will inform you separately in the relevant section about these circumstances within the framework of the respective data processing.
Data retention period
We store your data as long as it is needed for the respective processing purpose. Please note that numerous retention periods require that data continues to be stored. In particular, this concerns retention obligations under commercial or tax law (e.g. German Commercial Code (HGB), tax code etc.). Provided no further retention obligations apply, your data will be erased after fulfilment of the respective purpose. In addition, we may retain data if you have given us permission to do so or if there is a legal dispute and we use evidence under statutory limitation periods that can be up to thirty years; the regular limitation period is three years.
Data provision obligation
Various personal data is required for the establishment, performance and expiration of the obligation and fulfilment of associated contractual and statutory duties. The same applies for use of our website and the various functions provided by it. Commensurate details are summarised in the above point. Certain instances also require data to be collected or provided on the basis of statutory provisions. Please note that it is not possible to process your enquiry or perform the underlying contractual obligation without providing this data.
Categories, sources and origin of data
Which data we process depends on the particular context. It depends, for instance, on whether you are placing an order online or entering an enquiry in our contact form, sending us an application or submitting a complaint. The following contains the relevant information for the particular processing situations on our website.
When you visit our website, we collect and process the following data:
Information on the browser and operating system used
The IP address assigned by your Internet service provider
Information on the pages you visit on our site, including the date and time
For reasons of technical security (especially to prevent attempted hacks on our web server), this data is stored in accordance with Article 6 (1) (f) GDPR. After 7 days at the latest, anonymisation is carried out through truncation of the IP address to prevent any reference to the user.
With regard to contact enquiries, we collect and process the following data:
Title
Company
First name
Last name*
Address details
Country*
Email*
Telephone number
Area in which the concern falls*
Brief description*
Personal message*
Boxes marked with an asterisk (*) are mandatory.
When registering download portals for FLEX partners, we collect and process the following data:
Email address
First name
Last name
Company
Customer number
Password
When registering for our 3-year warranty, we collect and process the following data:
Type of registration (private/business)
Company* (only for commercial registration)
Title
First name*
Last name*
Telephone/mobile number* (mandatory only for commercial registration)
Address*
Language*
Email address*
Password*
For newsletters we collect and process the following data:
Last name, first name
Email address*
Title
Visit our web pages
We do not usually require any personal data when you visit our web pages. The only information we take note of is the name of your internet service provider and the web pages you visit on our site. As such, you remain anonymous as an Internet user given that we only use this information for statistical purposes (e.g. the number of visits to individual pages).
We take the protection of your privacy very seriously. For this reason, we consider it important that you always know when we store your data, which data we store and how we use it. When you visit our web pages, our web servers store the IP address. Your provider can be determined via the IP address. Personal identification is not our intention. For reasons of technical security (particularly to prevent attempted hacks on our web server) these data is stored in accordance with Art. 6 (1) (f) EU-GDPR. After 7 days at the latest, anonymisation is carried out through truncation of the IP address to prevent any reference to the user.
Contact form/contact via email (Art. 6 (1) (a) and (b) EU-GDPR)
There is a contact form on our website that you can use to contact us electronically. If you write to us via the contact form, we will process the data provided in it in order to contact you and to answer your questions and requests. We observe the principle of data economy and data avoidance by only providing the data that we absolutely need in order to contact you.
This is your last name, country, e-mail address, the associated subject, a brief description, and the message box itself. In addition, your IP address is processed out of technical necessity and for legal protection. All other data is entered in voluntary boxes and is optional (e.g. to enable a more specific individual reply to your questions).
If you contact us by e-mail, we will use the personal data provided in your e-mail solely for the purpose of processing the request.
Registration download portal for FLEX Partner (Article 6 (1) (a, b) GDPR)
On our website, we offer FLEX partners the opportunity to register by providing personal data. Items such as image and text data, logos, catalogues, product data etc. can be downloaded here. We collect the following data during the registration procedure on our download portal: Country, first name, last name, company, email, password, customer number.
The legal basis for collecting and processing the data is Article 6 (1) (a, b) GDPR.
The user's IP address and the date and time of registration are also stored when the user registers on our website (technical background data). By clicking the "Register now" button, you consent to the processing of your data.
Please note: The password you give us is stored in encrypted form. Our employees cannot read this password. This means that they cannot give you any information if you forget your password. If this happens, please use the "Forgotten password" function, which will email you an automatically generated new password. No employee is authorised to request your password from you over the phone or in writing. So please never share your password if you are asked to.
Once you have completed the registration process, your data will be stored with us for when you use the protected download portal. Once you register on our website with your email address as your user name and password, this data will be made available for actions you perform on our website.
When registering for the administration of logins, we are supported by our service provider Auth0 [Auth0, European HQ, 3rd Floor Union House 182-194 Union Street London, SE1 0LH, UK], with whom we have concluded the contract for the protection of your data required by data protection law.
However, please note that this is a provider from the USA and that consequently, data may be transferred to a country that does not offer an adequate level of data protection (USA). If the data is transferred to the US, there is a risk that it may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Article 44 et seq. of the GDPR to establish the level of data protection in the respective third country.
We will only collect, process or use data for consulting, advertising or market research purposes if you have given us your prior consent to do so. You can, of course, revoke your consent at any time by sending an email to datenschutz@flex-tools.com or by post to FLEX-Elektrowerkzeuge GmbH, Bahnhofstr. 15, 71711 Steinheim, Germany.
Retailer search (Article 6 (1) (a) GDPR)
The data you provide will be processed exclusively for the purpose of identifying the relevant specialist retailers. In addition and subject to your consent, we will use Google’s interactive map material. The corresponding data protection information for the use of Google Maps can be found in the corresponding notice below.
Newsletter (Art. 6 Para. 1 lit. a) EU GDPR)
You can subscribe to a free newsletter on our web site. The e-mail address provided when registering for the newsletter is used for sending the newsletter or for further advertising measures (such as customer satisfaction surveys etc.). The principle of data economy and data avoidance is observed here, as only the e-mail address is marked as a mandatory field. For technical necessity and for legal protection, your IP address is also processed when you order the newsletter. We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have previously expressly confirmed that we should activate the newsletter service. We do this by sending you a notification e-mail and asking you to confirm that you would like to receive our newsletter at that e-mail address by clicking on a link contained in that e-mail. You can of course unsubscribe at any time using the unsubscribe option at the end of each newsletter, thereby revoking your consent.
Registration for our 3-year warranty (Article 6 (1) (a, b) GDPR)
You can register for our 3-year warranty on our website. In the course of registration we will collect and process the following data categories: Mandatory fields: First name, last name, company (only for business registrations), telephone/mobile number (only for business registrations), street, street number, postcode, town/city, country, language, email address, password including password confirmation.
Optional information: Title, telephone/mobile number (for private registrations)
The data provided is used solely for the purpose of registering for our 3-year warranty, and is erased as soon as this purpose has been fulfilled provided no mandatory retention provisions preventing erasure apply.
We observe the principle of data economy and data avoidance here, as only the data required for registration is marked with an asterisk (*) as mandatory. This includes, for example, the e-mail address and password including password repetition.
The user's IP address and the date and time of registration are also stored when the user registers on our website (technical background data). By clicking the "Register now" button, you consent to the processing of your data.
Please note: The password you give us is stored in encrypted form. Our employees cannot read this password. This means that they cannot give you any information if you forget your password.
If this happens, please use the "Forgotten password" function, which will email you an automatically generated new password. No employee is authorised to request your password from you over the phone or in writing. So please never share your password if you are asked to.
Once you have completed the registration process, your data will be stored with us for when you use the protected download portal. Once you register on our website with your email address as your user name and password, this data will be made available for actions you perform on our website.
Registered persons are free to make changes / corrections to the billing or delivery address in the order history independently. Our customer services will also be happy to make changes / corrections if you contact them. Of course, you can also cancel or delete your registration or customer account.
FLEXXPERTS Detailing Academy registration
You have the opportunity to register for our FLEXXPERTS Detailing Academy on our website. For this we collect and process your following personal data:
Desired date, first name, last name, street, postcode, town/city, email, mobile phone number, T-shirt size, catering information (optional), your message to us (optional).
The data collected is used solely for the purpose of registering for the Academy and is subsequently erased, provided that no mandatory retention provisions preventing erasure apply.
Download option for print datasets
On our website we offer you the option of downloading print data records. The following personal data is collected and processed for this:
Email address
Country
First name
Last name
Company
Address
Postcode
Town/city
As we offer this service at no additional cost to you, in return we would like to use your personal data collected for advertising purposes in return. The legal basis for processing data is Article 6 (1) (a, b) GDPR. You have the right to revoke your consent to approaches from advertisers at any time by visiting datenschutz@flex-tools.com.
The data collected is stored for as long as is necessary to fulfil the purpose for which it was collected. Please note that numerous retention periods require that data continues to be stored. In particular, this concerns retention obligations under commercial or tax law (e.g. German Commercial Code (HGB), tax code etc.).
If you make use of your right of revocation but we are not yet able to delete your data for the reasons mentioned, we will ensure that your data is no longer used for advertising purposes from this point on.
Cookies (Article 6 (1) (1) (a, f) GDPR, Section 25 (1, 2) TTDPA).
Cookies are used in many parts of our website. They help to make our site easier to use, more effective and more secure. Cookies are small text files that are placed on your computer and saved by your browser (locally on your hard drive). Cookies only contain pseudonymised, usually even anonymous data. Some cookies remain in place for the duration of a browser session (known as session cookies), others are stored for longer periods (known as persistent cookies, e.g. consent settings). The latter are automatically deleted after the specified period (usually 6 months). In addition to our own cookies, we also use cookies that are controlled by third-party providers. They use the information contained in the cookies to show you content, for example, or to record the pages you have visited.
Technically necessary cookies (Article 6 (1) (1) (f) GDPR, Section 25 (2) TTDPA)
Due to our legitimate interest (Article 6 (1) (1) (f) GDPR), we set technically necessary cookies, which are absolutely necessary for the operation of the website and to ensure its functionality. Furthermore, we will use cookies without your consent if their sole purpose is to store or access information stored in the terminal device for the transmission of messages or if they are absolutely necessary in order to provide the service you have expressly requested, Section 25 (2) TDDDG.
We use the following technically necessary cookies:
gstatic.com
Function: This is a domain used by Google to off-load static content to a different domain name in an effort to reduce bandwidth usage and increase network performance for the end user.
Rentention period: Requests for CSS assets are cached for 1 day, font files are cached for one year. Some information retained until removed by the user, some expires after a specific period of time, some is retained until the user's Google Account is deleted.
Sentry
Function: This is an error tracking and performance monitoring platform for Web apps, mobile apps and games. It is used to monitor and fix crashes in real time.
Rentention period: The data will be deleted as soon as they are no longer needed for the processing purposes.
Usercentrics Consent Management Plattform
Function: This is a consent management service. Usercentrics GmbH is used on websites and apps as a processor for the purpose of consent management.
Rentention period: The consent data (given consent and revocation of consent) are stored for one year. The data will then be deleted immediately.
Cookies that require consent (Article 6 (1) (1) (a) GDPR, Section 25 (1) TTDPA).
Subject to your consent, other cookies are used to enable us or third parties to analyse how our services are used, for example. This in turn allows us to shape our website content in order to meet the needs of visitors. Cookies also enable us to measure the effectiveness of a particular advert and to place it according to criteria such as the thematic interests of visitors. The legal basis for this is your express consent (Article 6 (1) (1) (a) GDPR, Section 25 (1) TTDPA).
You can revoke your consent via our consent banner at any time with effect for the future and change the cookie settings. Please note that changes must be made separately for each end device.
If you have accounts with the third-party providers we use and are logged in there, your data may be linked to the respective account. You can avoid such a combination by not giving or revoking your consent to the relevant cookies or by logging out of the respective third-party providers in advance.
Most web browsers accept cookies automatically. You can also deactivate, restrict or delete cookies on your end device manually via your browser settings or with the help of software. If you deactivate the setting of cookies, you will not be able to use our website, or only use it to a limited extent.
Google Analytics including Google Signals
Our website uses the tracking tool Google Analytics provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This registers and systematically analyses your interaction as the user with our website.
The following data is saved for this:
The first three bytes of your IP address
A Google Analytics ID allocated to you
The website visited
The referrer (the web site from which you accessed the visited web site)
Additional sub-pages visited
Length of time spent on the website
Frequency of website visit
Browser type used
Language settings used
Device and operating system used
The legal basis for processing your personal data is your consent in accordance with Art. 6 Para. 1 Clause 1 lit. a of the EU-GDPR. You can withdraw your consent at any time at the end of this data protection declaration.
The purpose of processing your personal data through the Google Analytics service is to analyse how our web site visitors interact with our web site. Evaluation of the respectively collected data enables us to optimise our online offer and increase user friendliness. Data collected using Google Analytics is erased or anonymised as soon as such data is longer needed to fulfil our purposes. This is the case after a period of 26 months.
The use of Google Signals as an extension is also connected to the use of Google Analytics; your consent to the use of Google Analytics also includes the use of Google Signals.
Google Signals enables us to have Google generate cross-device reports (known as "cross-device tracking"). If you have activated "personalised ads" in your Google account settings and linked your internet-enabled devices to your Google account, Google can analyse usage behaviour across devices and create database models based on this if you have given your consent to the use of Google Analytics in accordance with Art. 6 (1) (a) of the GDPR.
The logins and device types of all website users who were logged into a Google account and executed a conversion are recognised. Among other things, the data shows the device on which you clicked on an ad for the first time, and on which device the relevant conversion took place. We only receive statistics generated on the basis of Google Signals, and no personal data of the website user from Google.
You have the option of deactivating the "personalised ads" function in the settings of your Google account and thus turning off the cross-device analysis in connection with Google Signals. To do this, follow the instructions on this page: https://support.google.com/ads/answer/2662922
Click on the following link for more information about Google Signals: https://support.google.com/analytics/answer/7532985
This service may forward the collected data to another country. Please note that this service may transfer data outside the European Union and the European Economic Area and to a country that does not provide an adequate level of data protection. If the data is transferred to the US, there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
Microsoft Ads
We use the Microsoft Advertising service of the provider Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, (formerly Bing Ads) on our website. Microsoft Advertising is an online marketing service that uses the Universal Event Tracking (UET) tool to help us display targeted adverts via the Microsoft Bing search engine. Microsoft Advertising uses cookies for this purpose. This involves processing personal data in the form of online identifiers (including cookie identifiers), IP addresses, device identifiers and information about device and browser settings.
Microsoft Advertising is used for the purpose of optimising the display of advertisements. Further information on these processing activities, the technologies used, stored data and the storage period can be found in the settings of our Consent Management Tool. Processing only takes place with your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent via our Consent Management Tool.
It cannot be ruled out that the information collected by Microsoft services will also be transmitted to a server in a third country, in particular to a server in the USA, and further processed there.
Further information on data protection at Microsoft can be found in Microsoft's privacy policy at https://www.microsoft.com/en-us/privacy/privacystatement.
Use of Google Remarketing
We use the remarketing technology of Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). Through this technology, users who have already visited our website and online services and have shown an interest in what we have to offer are addressed again through targeted advertising on the pages of the Google Partner Network. Advertising is displayed through the use of cookies, which are small text files that are stored on the user's computer. Text files can be used to analyse user behaviour when visiting the website and subsequently use it for targeted product recommendations and interest-based advertising.
If you still do not wish to use the Google remarketing function, you can always deactivate it by changing the corresponding settings at http://www.google.com/settings/ads or https://adssettings.google.com/anonymous?hl=en#display_optout. Alternatively, you can disable the use of cookies for interest-based advertising via the ad network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp. Further information on Google Remarketing and the Google data protection declaration can be found at: http://www.google.com/privacy/ads/
Please note that Google has its own data protection policy, which is independent of ours. We accept no responsibility or liability for these policies and procedures. Please read Google's data protection provisions before using our web site at Privacy policy of Google.
Google Maps
Our website uses Google Maps (API) provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (‘Google’). To guarantee data protection, Google Maps is deactivated when you visit this web site for the first time. A direct connection to the Google servers is not created until you independently activate Google Maps (consent in accordance with Art. 6 Para. 1 Clause 1 lit. a of the EU GDPR, Art. 25 Para. 1 of the TTDPA). You can withdraw your consent at any time at the end of this data protection declaration. This prevents your data from being transferred to Google when you first enter the page. Google Maps will save your IP address following activation. Subsequently, this is generally forwarded to and stored by Google on a server in the USA.
A third country transfer takes place, so that in this case there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. of the EU GDPR to establish the level of data protection in the respective third country. Additional information regarding the handling of user data is provided in the Google data protection declaration at: https://policies.google.com/privacy?hl=en
Google Tag Manager
This website uses Google Tag Manager provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. The service allows website tags to be managed via an interface. The Tag Manager tool itself (which implements the tags) is a cookie-free domain. This means: As a matter of principle, no cookies are used and no personal data is collected. The Google Tag Manager triggers other tags, which may in turn collect data. However, Google Tag Manager does not access this data. Deactivation effected at domain or cookie level remains in place for all tracking tags that are implemented with the Google Tag Manager.
More information can be found at http://www.google.com/tagmanager/use-policy.html.
Embeds - YouTube Plattform
Our website applies so-called content embeds, for instance in online offers. These embeds can, for example, derive from the YouTube platform. A conventional embed, for instance, will present a video on the YouTube platform. In all cases this involves a transfer of data to the corresponding platform’s server. YouTube embedding is achieved using the technical process of framing. Framing is the process of simply inserting an HTML link provided by YouTube into the code of a website to create a playback frame on the third-party site, in turn enabling the video stored on YouTube servers to be played. We use framing codes generated by YouTube in so-called ‘extended data protection mode’. According to information provided by the YouTube platform, cookie activity and the data collection initiated by it are only linked upon use of the playback function of the video itself. As such, collection of data by merely using the website containing framed content is prevented.
We require your consent in order to play the YouTube content (Art. 6 Para. 1 lit. a) of the EU GDPR, Art. 25 Para. 1 of the TTDPA), which you can grant - if you have not already done so as part of your cookie selection - via the button in the respective area of the video. By clicking on the play button, you consent to your IP address being transmitted to YouTube (YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA), and to the provider setting cookies in your browser. For your convenience, we remember your consent for 30 days using what is known as a local storage object that we store in your browser. Granted consent can be withdrawn at any time at the end of this data protection declaration.
Facebook Website Custom Audiences (‘visitor activity pixel’)
This website uses the ‘Facebook pixel’ provided by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA (‘Facebook’), or for users located in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
This allows the behaviour of users to be tracked after they have viewed or clicked on a Facebook ad. This process is used to evaluate the effectiveness of Facebook ads for statistical and market research purposes and can help to optimise future advertising measures. The collected data remains anonymous for us and, consequently, cannot be used to identify the user. However, the data are stored and processed by Facebook, thus enabling a link to the respective user profile and allowing Facebook to use the data for its own advertising purposes in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/).
You can allow Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes. The Facebook pixel collects user behaviour, the IP address and the geographical location of the respective user from the use of our web site. In addition, Facebook user ID, browser information, usage data, non-sensitive custom data, referrer URL, pixel ID, ads viewed, interactions with ads, services and products, marketing information, content viewed, device information and success of the user's marketing campaigns are collected.
When collecting data, we rely on your consent in accordance with Art. 6 Para. 1 lit. a) of the EU GDPR, and Art. 25 Para. 1 of the TTDPA for the corresponding data processing, which you can of course also revoke at any time at the end of this data protection declaration. If you withdraw your consent, your data will no longer be used for this purpose and will be deleted, provided that there are no legal retention periods preventing this. Where consent is not withdrawn, the data retention period is 720 days. Following this period, your data will be automatically erased.
Please note that when using the service, a third country transfer to Facebook cannot be excluded, so that in this case there is a risk that your data may be processed by US authorities for control and monitoring purposes without you possibly having any legal recourse. However, we apply the possible and requisite measures under data protection law as per Art. 44 et seq. EU-GDPR to establish the level of data protection in the respective third country.
Integration of social media content via Flowbox
We use the Flowbox service of Flowbox AB (Riddargatan 17D, 114 57 Stockholm, Sweden) for the social media stream and to display social media content on our website.
For the purpose of presenting relevant social media content on our products and business areas, we process social media content from users that relates to our products or business areas. AI-supported social media platforms are analysed for links/tags/representations of our products or our company and identified contributions and postings are filtered out. The following personal data is processed:
Account data (user name, profile picture)
Content of the post (text, links, image, sound)
The users/account holders concerned will then be contacted via the comment function and asked for their consent. As the result of your express consent as per Article 6 (1) (1) (a) GDPR, the content will then be published on our website (www.flex-tools.com). Your consent is voluntary, and you can object to the processing of your photos and videos at any time with effect for the future by emailing us at socialmediateam@flex-tools.com. The contributions will be displayed on the website for an indefinite period of time and will only be permanently deleted after cancellation.
The display of the social media content on our website is based on your express consent as per Article 6 (1) (1) (a) GDPR, and serves to present and inform on social media events on our website. For this purpose, traffic and connection data (including IP address) are transmitted to the respective social media platforms. Please also note that the loading of external content may also result in memory access and that cookies may also be set by the social media platforms. Data recipients are:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – privacy policy / opt-out: http://instagram.com/about/legal/privacy/
The storage period of the data by the social media platforms is beyond our knowledge or influence, and can be viewed under the aforementioned links to the individual privacy policies.
By accessing our website, the social media platforms and Flowbox will be informed that you have accessed the corresponding page of our website after you have given your consent. Data is transferred regardless of whether you have a user account with the social media platforms via which you are logged in. If you have an account and are logged in, your data will be assigned directly to your account. If you do not wish to be associated with your profile, you must log out of your social media accounts before activating the Flowbox service. The platforms store your data as usage profiles and use them for the purposes of advertising, market research and/or customising the design of their websites and platforms. Such an analysis is carried out in particular (even for users who are not logged in) to provide customised advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, although you would have to contact the individual social media platform operators to exercise this right. We have no influence on any of these data processing operations.
We also have no influence on any additional data transfers (e.g. to any existing social media profiles). By embedding the content, data processing requiring consent is activated that can then be used to record user behaviour. The reloading of further third-party content, font transfer and possible links to your user account on social media platforms cannot be ruled out.
We obtain your express consent to the transmission of the data both via our consent banner and at the point of integration of the external social media content, Article 6 (1) (1) (a) GDPR.
Some of the data processing takes place outside the European Union and the European Economic Area. With regard to social media platforms, data is generally transferred to the USA and processed there. Contractual regulations and certification under the US-EU Data Privacy Framework ensure compliance with the European level of data protection for data transfer and processing in third countries. Data processing or storage in third countries may also take place on the basis of your consent (Article 49 (1) (1) (a) GDPR), in which case you will be informed separately of existing risks (including the processing of data by authorities for control and monitoring purposes, lack of legal remedies or limited possibilities for asserting rights) and the possibility of revocation when obtaining your consent.
You can revoke your consent at any time with effect for the future. To do this, simply call up our consent banner and change the settings accordingly. Please note that the change in the content banner settings must be made individually for each end device.
Further information on the Flowbox privacy policy is available at https://getflowbox.com/privacy-policy/.
Security policy
We have taken appropriate technical and organisational measures in order to protect the data of our employees/customers/suppliers stored by us against accidental or intentional manipulation, loss, destruction or access by unauthorised persons. The level of security is continuously reviewed in cooperation with security experts and adjusted to conform with new security standards.
Links to other providers
Our web site also contains clearly recognisable links to the web sites of other companies. Insofar as there are links to websites of other providers, we have no influence on their content. Therefore, no warranty can be granted or liability assumed for this content. The relevant providers or operators of these websites are responsible for their content in all cases.
The linked websites were checked for any potential legal violations and recognisable legal infringements at the time of the links being placed. No illegal content was identified at the time of the links being placed. However, ongoing content monitoring of the linked websites cannot be reasonably expected without a concrete indication of a legal violation. Such links are removed immediately upon legal violations becoming known.
Social media links
On our web site you will find links to the social media services of LinkedIn, Facebook, YouTube, Instagram and TikTok. You can recognise links to the web sites of social media services by the respective company logo. Following these links takes you to the FLEX Elektrowerkzeuge GmbH company pages with the respective social media provider. Clicking on a link to a social media provider will create a connection to the respective social media provider's servers. This transfers to the servers of the social media service that you have visited our web site. In addition, other data is also transmitted to the provider of the social media service. As an example, these include:
Web site address where the activated link is located
Date and time of web site access or activation of the link
Information about the browser and operating system used
IP address
If you are already logged in to the corresponding social media service at the time of activating the link, the provider of the social media service may be able to determine your user name and possibly even your real name from the transferred data and assign this information to your personal user account with the social media service. You can exclude this possibility of assignment to your personal user account if you log out of your user account beforehand. The social media provider servers are located in the USA and other countries outside the European Union. As a result, the data may also be processed by providers of the social media service in countries outside the European Union. Please note that companies in these countries are subject to data protection laws that generally do not protect personal data to the same extent as they do in the member states of the European Union.
Please note that we have no influence on the scope, type and purpose of the data processing by the provider of the social media service. For more information on how the social media services integrated on our web site use your data, please refer to the data protection policy of the respective social media service.
Information on data privacy in our social media
We are present on various “social media”, primarily LinkedIn, Facebook, YouTube, Instagram and TikTok, for the purpose of communicating with and providing details of our services to registered customers, potential customers and users of the media in question. Insofar as we have control over the processing of your data, we ensure that the applicable data protection regulations are complied with.
Below you will find the most important information on data protection law in relation to our websites.
Name and address of the person responsible for operation
In addition to FLEX-Elektrowerkzeuge GmbH, the following company is responsible for the company websites within the meaning of the EU General Data Protection Regulation (GDPR) and other data protection regulations:
Facebook (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
Instagram (Meta Platforms Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland)
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
TikTok (musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA)
YouTube (Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Please note that you are yourself responsible for using these platforms and their functions. This applies in particular with regard to the use of interactive functions (e.g. comments, shares, rating). Please also note that your data might be processed outside the European Union.
Purpose and legal basis
We maintain the fan pages ourselves in order to communicate with visitors to these pages and to inform them of our offers in this way.
We also collect data for statistical purposes in order to further develop and optimise the content and to make our offer more attractive. The data required for this (e.g. total number of page views, page activities and data provided by visitors, interactions) are processed by the social networks and made available to us. We have no influence on the generation and presentation.
Your data might also be processed for market research and advertising purposes. For example, usage profiles can be created from your usage behaviour and the resulting interests. This means, for example, that advertisements can be placed inside and outside the platforms that presumably correspond to your interest. Cookies are usually stored on your computer for this purpose. Irrespective of this, data that is not directly collected from your terminal devices may also be stored in the usage profiles.
As the provider of this information service, we do not collect or process any other data from your use of our service. Personal user data is processed on the basis of our legitimate interest in providing effective user information and communication with the user in accordance with Article 6 (1) (1) (f) GDPR. If the respective providers request your consent for data processing (i.e. ask you to declare your consent by checking a checkbox or clicking on a button, for example), the respective legal basis for processing is Article 6 (1) (1) (a), and Article 7 GDPR.
Your rights/Possibility of objection
If you are a member of a social network and do not want the network to collect data about you via our website and link it to your stored membership data with the respective network, you must
log out of the respective network before visiting our website
delete any cookies stored on your device, and
close and restart your browser.
After logging in again, however, you will once more be identifiable to the network as a specific user. For a detailed description of the respective processing and opt-out options, please refer to the following linked information pertaining to providers. In addition, with regard to requests for information and the assertion of user rights, please note that these can be asserted most effectively with the providers in question. Only the providers have commensurate access to user data and can directly undertake corresponding action and provide information. If you still need help, you can contact us.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) – privacy policy: https://www.facebook.com/about/privacy/
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) – privacy policy https://policies.google.com/privacy
Opt-out: https://adssettings.google.com/authenticated
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – privacy policy / opt-out: http://instagram.com/about/legal/privacy/
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy
Opt-out: https://www.linkedin.com/legal/cookie-policy and http://www.youronlinechoices.com
TikTok (musical.ly Inc., 10351 Santa Monica Blvd #310, Los Angeles, CA 90025 USA)
Privacy policy: https://www.tiktok.com/de/privacy-policy
Opt-out: http://www.youronlinechoices.com
You have the following rights with regard to the processing of your personal data:
Right of access; right to rectification; right to erasure; right to restriction of processing; right to object; right to data portability; right to lodge a complaint about unlawful processing of your personal data with the competent data protection authority.
However, since FLEX-Elektrowerkzeuge GmbH does not have complete access to your personal data, you should contact the social media providers directly if you wish to make a claim, as they have access to the personal data of their users and can take appropriate measures and provide information.
If you still need help, we will of course try to support you. Please contact datenschutz@flex-tools.com.
Notes on copyright and art copyright
If you wish to publish images, texts, plans, videos, music, etc. on our website, you should be aware that you may be transferring all rights of use to the network, which could ultimately have legal consequences for you if you are not the author or creator.
ODR platform to resolve out-of-court disputes
In accordance with EU Regulation No. 524/2013, the EU Commission has provided an interactive website for the online dispute resolution platform (ODR platform) to facilitate settlement of out-of-court disputes arising from online legal transactions.
The ODR platform of the EU Commission is available via the following link: https://ec.europa.eu/consumers/odr/