We are pleased that you have visited our website. We would like to inform you below about how we process your personal data on our website.
Responsible
cflox GmbH
Gaußstraße 190c
22765 Hamburg
Contact:
Phone: +49 40 22869785
Email: info@cflox.com
Data protection officer
René Hoffmann
Gaußstraße 190c
22765 Hamburg
Contact:
Phone: +49 40 22 86 97 85
Email: datenschutz@cflox.com
Terms
The technical terms used in this data protection declaration are to be understood as legally defined in Art. 4 GDPR.
The terms “user” and “website visitor” are used synonymously in our privacy policy.
Recipients of data
Recipients of data are named in our privacy policy under the respective category/heading.
Categories of data subjects
The categories of data subjects are website visitors and other users of online services.
General information on data processing on the
website
Automated data processing (log files, etc.)
Our website can be visited without actively providing personal information. However, each time the website is accessed, we automatically store access data (server log files), such as the name of the Internet service provider, the operating system used, the website from which the user visits us, the date and duration of the visit, or the name of the requested file. For security reasons, e.g., to detect attacks on our website, we also store the IP address of the device used for a period of 7 days. This data is not combined with other data sources. We process and use the data for the following purposes: providing the website, preventing and detecting errors/malfunctions, and misuse of the website.
Data categories: Meta- and communication data (e.g. IP-address, date and time of access, time, type of HTTP request, website from which access is made (referrer-URL), browser used and, if applicable, operation system of the accessing computer (user agent))
Purpose of processing: Prevention and detection of errors/malfunctions, detection of misuse of the website
Legal basis: Legitimate interest pursuant to Art. 6 (1) (f) GDPR
Legitimate interests: Fraud prevention to detect misuse of the website
Required cookies (functionality, opt-out links, etc.)
To enable the use of basic functions on our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard internet technology for storing and retrieving information for website users. Cookies represent information and/or data that can be stored, for example, on the user's device. With classic cookie technology, the user's browser receives instructions to store specific information on the user's device when a specific website is accessed.
Strictly necessary cookies are used to provide a telemedia service expressly requested by the user, e.g.:
- Cookies for error analysis and security purposes
- Cookies for storing logins
- Cookies for storing data in online forms, provided that the form spans several pages
- Cookies for storing (language) settings
- Cookies for storing items that users place in their shopping basket in order to complete the purchase
- Cookies for storing consent or revocation (opt-in, opt-out)
Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e., after the browser is closed.
Cookies can be deleted by users retrospectively to remove data that the website has stored on the user's computer.
The data processing described may also relate to information that is not personal but constitutes information within the meaning of the Telemedia Act (TDDDG). Even in these cases, this information may be required for the use of an expressly requested service and is therefore stored in accordance with Section 25 of the TDDDG.
Opt-Out:
Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
Google Chrome: https://support.google.com/chrome/answer/95647?hl=de
Microsoft Edge: https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2
Opera: https://help.opera.com/en/latest/security-and-privacy/
Safari: https://support.apple.com/de-de/HT201265
Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR in conjunction with Section 25. (2) (2) TDDDG), consent (Art. 6 (1) (a) GDPR in conjunction with Section 25 (1) TDDDG
Legitimate interests: Storing opt-in preferences, ensuring the functionality of the website, preserving user status across the entire website
Storage and processing of non-essential information and data
Beyond the necessary scope, user data may be processed using cookies, similar technologies, or application-specific technologies, e.g., for the purposes of (cross-website) tracking or personalized advertising, etc. Data may be transmitted to third parties in this process. The storage and further processing of user data that is not absolutely necessary to provide the digital service is then based on consent within the meaning of Art. 6 (1) (a) GDPR (if applicable, in conjunction with Section 25 (1) Sentence 2 TDDDG).
Consent management platforms
We use a consent management process on our website to verifiably store and manage the consent granted by website visitors in accordance with data protection requirements.
The consent management platform we use helps us identify all cookies and tracking technologies and manage them based on the consent status. At the same time, visitors to our website can use the consent management service we integrate to manage the consents and preferences granted (optional setting of cookies and other technologies that are not required) or revoke their consent at any time using the button.
The consent status is stored on the server and/or in a cookie (so-called opt-in cookie) or a similar technology in order to be able to assign the consent to a user or their device. In addition, the time of the consent declaration is recorded.
Data categories: Consent data (consent ID and number, time of consent, opt-in or opt-out), meta and communication data (e.g. device information, IP addresses)
Purpose of processing: Fulfilling accountability, consent management
Legal basis: Legal obligation (Article 6 (1) (c) GDPR in conjunction with Article 7 GDPR)
Manage consent/Revocation
Borlabs Cookie
Recipient: BORLABS GmbH, Hamburger Str.11 22083 Hamburg, Germany
Third country transfer: Does not take place
Privacy policy: https://de.borlabs.io/datenschutz/
Hosting (incl. Content Delivery Network)
Our website is hosted by an external service provider. Data from visitors to our website, particularly so-called log files, is stored on our service provider's servers. By using a specialized service provider, we can provide our website efficiently. The hosting provider we use does not process the data for its own purposes.
We also use a so-called Content Delivery Network (CDN) to deliver our website content more quickly. When website visitors access graphics, scripts, or other content, for example, these are delivered quickly and in an optimized manner using regionally and internationally distributed servers. When the files are retrieved, a connection is established to the servers of a CDN provider, whereby personal data of visitors to our website is processed, such as the IP address and browser data.
Categories of data: User data (e.g., websites visited, interest in content, access times), meta and communication data (e.g., device information, IP addresses)
Purposes of processing: Proper presentation and optimization of the website, faster and location-independent accessibility of the website,
Legal basis: Consent (Art. 6 (1) (a) GDPR)
Legitimate interests: Avoiding downtime, high scalability, reducing the bounce rate on the website
ALL-INKL.COM - Neue Medien Münnich
Recipient: ALL-INKL.COM - Neue Medien Münnich, Hauptstraße 68, 02742 Friedersdorf
Third country transfer: Does not take place.
Privacy policy: https://all-inkl.com/datenschutzinformationen/
Website support and consulting, media agency
We have commissioned a media agency to provide support and advice for services and applications on our website. This agency supports us with all activities related to the design and functionality of our website (including the content management system). Within this framework, the media agency we select receives the access data for our website to make any necessary adjustments and changes, such as the design of forms or other programming activities.
The media agency also supports us in the management and administration of our social media ad acounts and our accounts with search engine providers. Access to personal data, such as data from forms or website visitors' log data, cannot be ruled out. The media agency therefore acts as a so-called processor for us and acts exclusively on our instructions. Data is not processed for other purposes.
Categories of data: Usage data (e.g., access times), meta and communication data (e.g., device information, IP addresses), contact data (e.g., email address), content data (e.g., text information), evaluation data from social media ad accounts (e.g., statistics)
Purposes of processing: Support with web analysis and optimization, analysis of website usage behavior (website interaction) for web optimization and reach measurement, checking website utilization
Legal basis: Legitimate interests (Art. 6 Abs. 1 lit. f) GDPR)
Legitimate interests: Assistance and support for website maintenance through high technical expertise, efficiency through outsourcing
Sascha Obermüller Design + Development
Recipient: Sascha Obermüller Design + Development, Mühlstr. 10, 88085 Langenargen
Third country transfer: Does not take place.
Privacy policy: https://shapesandsigns.de/datenschutzerklaerung/
JOM Jäschke Operational Media GmbH
Recipient: JOM Jäschke Operational Media GmbH, Am Kaiserkai 10, 20457 Hamburg
Third country transfer: Does not take place.
Privacy policy: https://www.jom-group.com/datenschutz/
Web analysis and optimization
We use processes on our website to analyze user behavior and measure reach. For this purpose, information about visitors' behavior, interests, or demographic information is collected to determine whether and where our website needs optimization or adjustment (e.g., forms on the website, improved placement of buttons or call-to-action buttons, etc.).
We can also measure the clicking and scrolling behavior of website visitors. This helps us, among other things, to determine when our website, its features, or content are most frequently visited.
The collection of this data is made possible through the use of certain technologies (e.g., cookies). These are stored on users' devices as part of client-side tracking when they visit our website.
We take precautions to protect the identity of our website visitors. We do not process any of their personal data for the purposes described. Website visitors are assigned an ID (identification number) upon visit to recognize them upon subsequent visits. The IDs and associated information are stored in user profiles. In addition, the IP addresses of website visitors are anonymized, and the storage period of cookies is reduced.
Categories of data: Usage data (e.g., websites visited, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g., device information, anonymized IP addresses, location data), contact data (e.g., email address), content data (e.g., text information)
Purposes of processing: Review of the status of goal achievement (success control) of all online activities: Analysis of website usage behavior (website interaction) for web optimization and reach measurement, review of website utilization, lead evaluation, sales increase, budget control
Legal basis: Consent (Art. 6 (1)(a) GDPR)
Google Tag Manager
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://policies.google.com/privacy?hl=en-US
Google Analytics
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://policies.google.com/privacy?hl=en-US
Hubspot
Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Remarketing (advertisements for already known visitors)
We use so-called remarketing methods. With this method we can address website visitors who have visited the homepage of our website or who have already interacted with our products or similar products but have not yet converted (e.g., completed a purchase). Thus, we can create relevant ads for website visitors and place them on websites or other platforms.
We use the methods and technologies of certain providers. Technologies used include, for example, pixels, tags, or cookies. These are installed on our website. When website visitors interact with our site, the interactions are stored using the technologies employed.
To recognize them on subsequent visits to our website and to preserve pseudonymity, a user-specific ID is generated automatically. This allows re-identification. Personal data of users is not stored.
Targeted advertising based on existing customer lists.
To specifically address already known website visitors and/or customers again via certain ads, we create a list of these users that aligns with the goals of our campaign and we want to reach them again. This list is encrypted (hashed) by us before transfer (upload) to the search engine provider. The users’ plain data (e.g., name, email address) is pseudonymized.
The hashed information is incorporated into the advertising lists of the search engine provider, so dynamic ads can be delivered to users based on the data.
Advertising based on similar audiences:
We run ads to users who resemble our defined target group. A target group refers to a category of users with similar interests in our products or services. We create a remarketing list within the account of a search engine provider and mark visitor attributes there (e.g., interest in cfloxpay and similar services).
The identification of this target group is carried out by the chosen search engine provider. When a user searches within the search engine for a specific term, the search engine provider recognizes the user’s intent based on that input and likely interest in this product or service. Searching users are then tagged by the search engine provider and will subsequently be shown relevant ads from us.
Categories of data: User and interaction data (e.g., websites visited, interest in content, access times), meta and communication data (e.g., device information, anonymized IP addresses), location data, contact data (e.g., email addresses)
Purposes of processing: Review of the status of goal achievement (success control) of all online activities: Analysis of website usage behavior (website interaction) for web optimization and reach measurement, review of website utilization, lead evaluation, sales increase, budget control
Legal basis: Consent (Art. 6 (1)(a) GDPR)
Google Ads
Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://policies.google.com/privacy?hl=en-US
Social media presences
We maintain a company profile on social networks and career platforms to increase visibility among potential customers and interested parties and to make our company visible to the public.
Social networks help us increase our reach and actively promote interaction and communication with users. Social media activity and communication play a key role in acquiring new customers and employees. Relevant information about our company can be shared, events published, and important short-term announcements and job postings communicated via social media and the website. They also help us connect with users quickly and easily.
Social media platform operators create so-called user profiles based on user behavior, for example, by specifying interests (likes, shares). These profiles are used to tailor advertisements to the interests of target groups. When users are active on social media channels, cookies or other technologies are regularly stored on their devices, sometimes regardless of whether they are registered users of the social network.
Insights (Statistics)
The data analyzed by social media platform operators is provided to us in the form of anonymized statistics, meaning they no longer contain any personal user data. These statistics allow us to determine, for example, how often and at what time our social media profile was visited. Fan page operators are currently unable to disable this feature. We therefore have no influence over the extent to which the data is processed by social media platforms.
Social Media Messenger
In connection with the use of social media, we may use the associated messengers to communicate easily with users. The security of individual services may depend on the user's account settings. Even with end-to-end encryption, the social media platform operator can draw conclusions about whether and when users communicate with us. Location data may also be collected.
Depending on where the social network is operated, user data may be processed outside the European Union or outside the European Economic Area. This may pose risks for users because it makes it more difficult to enforce their rights.
Categories of data: User names (e.g., last name, first name), contact data (e.g., email address), content data (e.g., text information, photographs, videos), usage and interaction data (e.g., websites visited, interests, likes, shares, access times), meta and communication data (e.g., device information, IP address, location data if applicable)
Purposes of processing: Increase reach, increase awareness, fast networking
Legal basis: Legitimate interests (Art. 6 (1) (f) GDPR), consent (Art. 6 (1) (a) GDPR)
Legitimate interests: Interaction and communication on social media presence, profit increase, insights into target groups, lead generation
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Recipient: New Work SE, Am Strandkai 1, 20457 Hamburg, Germany
Third country transfer: Does not take place.
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Social Media Marketing
We use our social media channels to promote our products and services. Our goal is to reach a broad community that we cannot reach through traditional advertising channels, such as offline marketing (e.g., flyers). Social media advertising is displayed to users in the form of text, display, or video ads on their social media channels.
Targeting
We use so-called targeting processes on our social media channels to track certain user activities (interactions) to ensure that our ads are delivered to specific target groups. We use the processes and technologies of various social media providers for this purpose. A common technology is the so-called pixel.
We install this pixel in the source code of our website. This ensures that user navigation is recorded. When users interact with our website or our ad on social media, the pixel records the people and the actions they perform (e.g., clicks on ads, website bounces) and stores which pages and subpages were accessed.
Products and services from our ads that are viewed but not purchased are analyzed using the technologies used. This serves to display real-time, behavior-based advertising to potential customers on various social media platforms. We can determine the success of our advertisements based on aggregated data made available to us by the social media provider (so-called conversion measurement). This allows us to understand whether a marketing measure has led to an event (e.g., downloading a PDF or playing a video) or a conversion (e.g., purchasing a product or registering on our website). The evaluation is provided to us in the form of statistics via our tracking tool and is used to analyze the success of our online activities (success monitoring).
Categories of data: Usage and interaction data (e.g., websites visited, interests, access times), meta and communication data (e.g., device information, IP address, location data if applicable)
Purposes of processing: Expanding reach, reach analysis and statistical evaluations
Legal basis: Consent (Art. 6(1)(a) GDPR)
LinkedIn Ads
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
LinkedIn Insight Tag
Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy
Plugins and embedded third-party content
Our website incorporates functions and elements that are sourced from third-party providers. These include, for example, videos, images, buttons, map services (maps), or posts (hereinafter referred to as content). When this third-party content is accessed by website visitors (e.g., click, play, etc.), information and data is collected and linked to the website visitor's device in the form of cookies or other technologies (e.g., pixels, JavaScript commands, or Web Assembly) and transferred to the server of the third-party provider used. The third-party provider thereby receives usage and interaction data from the website visitor and makes it available to us in the form of statistics via a dashboard. The statistics we receive do not contain any user data.
Without this processing, the loading and display of this third-party content is not possible.
To protect the personal data of website visitors, we have taken protective measures to prevent the automatic transmission of this data to the third-party provider. This data is only transmitted when users actively use the buttons and click on the third-party content.
Categories of data: Usage data (e.g., websites visited, interests, access time), meta and communication data (e.g., device information, anonymized IP address)
Purposes of processing: Sharing posts and content, interest- and behavior-based marketing, analysis of statistics, cross-device tracking, increasing reach in social media
Legal basis: Consent (Art. 6 (1) (a) GDPR)
Newsletter and broad communication (with tracking)
On our website, users have the option of subscribing to our newsletter or any notifications via various channels (hereinafter referred to as "newsletter"). In accordance with legal regulations, we only send newsletters to recipients who have consented to receiving the newsletter. We use a selected service provider to send our newsletter.
To subscribe to our newsletter, you must provide an email address. We may collect additional data, such as your name, to personalize our newsletters.
Our newsletter will only be sent after the so-called double opt-in process has been completed. If website visitors decide to subscribe to our newsletter, they will receive a confirmation email. This email serves to prevent the misuse of false email addresses and to prevent the newsletter from being sent by a simple, possibly accidental click. Subscription to our newsletter can be canceled at any time with effect for the future. An opt-out link is included at the end of each newsletter.
Furthermore, we are required to provide proof that our subscribers actually wished to receive the newsletter. For this purpose, we collect and store the IP address and the time of subscription and unsubscription.
Newsletter Tracking
Our newsletters are designed to allow us to gain insights into improvements, target groups, or the reading habits of our subscribers. This is made possible by a so-called web beacon or tracking pixel, which reacts to interactions with the newsletter, for example, whether links are clicked, the newsletter is opened at all, or at what time the newsletter is read. For technical reasons, we can assign this infomation to individual subscribers.
Categories of data: Master data (e.g. name, address), contact data (e.g. email address, telephone number), meta and communication data (e.g. device information, IP address), usage data (e.g. interests, access times)
Purposes of processing: Marketing, customer loyalty and new customer acquisition, analysis and evaluation of the campaign's success
Legal basis: Consent (Art. 6 (1) (a) GDPR)
Hubspot
Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Advertising communication
We also use data provided to us, e.g. in the context of an order or commissioning of a service, etc, for advertising purposes, in particular to provide information about news from us or from our product portfolio via various channels. We send advertising communications in accordance with legal requirements and – where required – after obtaining your consent. If the recipients of our advertising do not wish to receive they, they can notify us at any time and object or revoke their consent. The unsubscribe button in our email can be used for this purpose. Only those users who have not already objected to receiving our advertising communications will receive them.
We have commissioned a service provider to send you advertising. This service provider acts exclusively on our instructions. The data will not be processed for any purposes other than sending out the advertising.
Categories of data: Master data (e.g. name, address), contact details (e.g. email address, telephone number if applicable)
Purposes of processing: Direct marketing
Legal basis: Consent (Art. 6 (1) (a) GDPR), Legitimate interests (Art. 6 (1) (f) GDPR)
Legitimate interests: Retaining existing and acquiring new contacts or contractual partners, information about similar goods and services
Prize draws and competitions
From time to time, we conduct competitions at trade fairs or other events. We process the data of the participants required to carry out the respective promotion. This also includes data we need to inform the winner and distribute the prize. Depending on the type of promotion, contributions from or about the participants may be published, for example, in reports on the respective promotion. The participant's name will also be published.
Which data we process in each individual case depends on the specific promotion and the data we receive from the participant.
Categories of data: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photos, videos)
Purposes of processing: Conducting competitions including prize distribution and announcement of the winner in various media
Legal basis: Consent (Art. 6 (1) (a) GDPR),
Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Recipient: Pipedrive OÜ, Mustamäe tee 3a, 10615 Tallin, Estland
Third country transfer: Based on the standard contractual clauses including additional measures and risk analysis for third country transfers
Privacy policy: https://www.pipedrive.com/en/privacy
https://www.pipedrive.com/en/privacy#international-data-transfers
Contact
We offer website visitors the opportunity to contact us directly or obtain information via various contact options. To maintain an overview of contacts with us, we use a management tool to process corresponding inquiries. If contact is made, we process the data of the person making the contact to the extent necessary to answer or process the inquiry. Depending on the method used to contact us, the data processed may vary.
Categories of data: Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address).
Purposes of processing: Processing of enquiries
Legal basis: Consent (Art. 6 (1) (a) GDPR), performance or initiation of a contract (Art. 6 (1) (b) GDPR)
Hubspot
Recipient: HubSpot, Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://legal.hubspot.com/de/privacy-policy
Online meetings, webinars, online events
We make use of the option to hold online meetings and/or webinars, as well as events. For this purpose, we utilize the services of other providers that we have carefully selected. When actively using such services, data from the communication participants is processed and stored on the servers of the third-party providers used, provided that this data is necessary for the communication process. When selecting providers, we ensure that communication via the selected services is end-to-end encrypted.
Categories of data: Master data (e.g., last name, first name), contact data (e.g., email address), content data (e.g., text entries), meta and communication data (e.g., device information, IP addresses)
Purposes of processing: Processing inquiries, increasing efficiency, promoting cross-company or cross-location collaboration
Legal basis: Consent (Art. 6 (1) (a) GDPR)
Microsoft Teams
Recipient: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Third country transfer: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement
Vimeo
Recipient: Vimeo.com Inc., 555 West 18th Street New York, New York 10011, USA
Drittlandsübermittlung: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://vimeo.com/privacy
Zoom
Recipient: Zoom Video Communications, Inc., 55 Almaden Blvd. Suite 600, San Jose, CA 95113, USA
Drittlandsübermittlung: Based on the European Commission’s adequacy decision for the United States
Privacy policy: https://www.zoom.com/en/trust/privacy/privacy-statement/
Further mandatory information on data processing
Data transfer
We transmit the personal data of website visitors for internal purposes (e.g., for internal administration or to the human resources department to comply with legal or contractual obligations). Internal data transmission or disclosure takes place to the extent necessary and in compliance with the relevant data protection regulations.
In order to execute contracts or fulfill a legal obligation, it may be necessary for us to transmit personal data. If the necessary data is not provided to us, it may be that the contract with the data subject cannot be concluded.
If your data is processed outside the EU/EEA, in so-called third countries (e.g., the USA), we ensure that this is done in accordance with the requirements of Art. 44 et seq. GDPR. In this case, we take additional measures to ensure the highest possible level of protection for the personal data of data subjects. The guarantee applicable to the third-country transfer is specified in our privacy policy for the respective recipient.
Legal basis: Legitimate interests (Art. 6.(1)( f) GDPR)
Legitimate interests: Centralized management and administration within the company to utilize synergy effects, save costs, and increase effectiveness
Order processing
Recipients we use may act for us as so-called data processors. We have concluded so-called "data processing agreements" with them in accordance with Art. 28 (3) GDPR. This means that the data processors may only process your personal data in a manner that we have explicitly instructed them to do. Data processors take appropriate technical and organizational measures to process your data securely and in accordance with our instructions.
Storage period
We store visitor data for as long as necessary to provide our services, or as provided for by the European directives and regulations or other legislators in laws or regulations to which we are subject. In all other cases, we delete the personal data after the purpose has been fulfilled, with the exception of data that we must continue to store to fulfill legal obligations (e.g., we are obligated to retain documents such as contracts and invoices for a certain period due to retention periods under tax and commercial law).
Automated decision-making (including profiling)
We do not use automated decision-making or profiling in accordance with Art. 22 GDPR.
Legal basis
The relevant legal bases primarily arise from the GDPR. These are supplemented by the national laws of the Member States and may be applicable jointly with or in addition to the GDPR.
Consent: Art. 6 (1) (a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.
Contract fulfilment: Art. 6 (1) (b) GDPR serves as the legal basis for processing necessary for the performance of a contract to which the data subject is party or for the implementation of pre-contractual measures taken at the request of the data subject.
Legal obligation: Art. 6 (1) (c) GDPR serves as the legal basis for processing that is necessary to fulfill a legal obligation.
Vital interests: Art. 6 (1) (d) GDPR serves as the legal basis if processing is necessary to protect the vital interests of the data subject or of another natural person.
Public interest: Art. 6 (1) (e) GDPR serves as the legal basis for processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Legitimate interest: Art. 6 (1) (f) GDPR serves as the legal basis for processing necessary to protect the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data prevail, in particular if the data subject is a child.
Rights of data subjects
Right of access: According to Art. 15 GDPR, data subjects have the right to request confirmation as to whether we process data concerning them. They can request information about this data, as well as the additional information listed in Art. 15 (1) GDPR, and a copy of their data.
Right to rectification: According to Art. 16 GDPR, data subjects have the right to request the rectification or completion of data concerning them that we process.
Right to erasure: Data subjects have the right, pursuant to Art. 17 GDPR, to request the immediate erasure of data concerning them. Alternatively, they can request that we restrict the processing of their data, pursuant to Art. 18 GDPR.
Right to data portability: According to Art. 20 GDPR, data subjects have the right to request the provision of the data they have made available to us and to request that it be transmitted to another controller.
Right to lodge a complaint: Data subjects also have the right to lodge a complaint with the supervisory authority responsible for them in accordance with Art. 77 GDPR.
Right to object: If personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, data subjects have the right to object to the processing of their personal data pursuant to Art. 21 GDPR, provided there are reasons for doing so that arise from their particular situation or the objection is directed against direct marketing. In the latter case, data subjects have a general right of objection, which we will implement without specifying a particular situation.
Revocation
Some data processing operations are only possible with the express consent of the data subjects. You have the option of revoking your previously granted consent at any time without giving reasons. To do so, simply send an informal email to: daten-schutz@cflox.com. Consent for data processing operations on our website can be modified and revoked directly in our Consent Manager. The legality of the data processing carried out up to the time of revocation remains unaffected by the revocation.
External links
Our website may contain links to the online services of other providers. We point out that we have no influence on the content of the linked websites or their providers' compliance with data protection regulations.
Changes
We reserve the right to adapt the data protection information on our website at any time in the event of changes and in compliance with applicable data protection regulations so that it complies with data protection requirements.
This privacy policy was created by
DDSK GmbH
www.ddsk.de