Status: June 2021
Protecting the security and privacy of your personal data is important to us. Therefore, Flender (for further company details, please see the corporate information in “Imprint” below) processes personal data in compliance with applicable laws on data protection and data security.
1. General information on data processing
1.1 Purpose of the processing, categories of personal data processed
When visiting Flender’s websites, applications or online tools (each a “Flender Online Offering”), Flender may process the following personal data about you:
- Personal data that you actively and voluntarily provide via an Flender Online Offering (e.g., when registering, contacting us with your inquiries or participating in surveys or submitting a job application etc.), including name, address, professional career, e-mail address, telephone number, date and place of birth, curriculum vitae, education, job profile/function, information submitted as part of a support request, comments or forum posts, etc.;
- Information that is automatically sent to us by your web browser or device, such as your IP-address, device type, browser type, referring site, sites accessed during your visit, the date and time of each visitor request or your location.
- Payment data, such as data necessary for processing payments and fraud prevention, including credit/debit card numbers, security code numbers and other related billing information;
- Further information necessarily processed in a project or contractual relationship with Flender or voluntarily provided by its business partner, such as personal data relating to orders placed, payments made, requests, and project milestones.
- Information about the company you are working for (e.g. address, field of business)
- Personal data collected from publicly available resources, integrity data bases and credit agencies; and
- If legally required for business partner compliance screenings: date of birth, ID numbers, identity cards and information about relevant and significant litigation or other legal proceedings against business partners.
Please consider that in the event of your revocation, some of the services offered cannot be carried out, such as application procedures, acceptance and execution of orders, handling of pre-contractual measures and others.
We process your personal data for the following purposes:
- To provide the Flender Online Offering‘s services and functions and to administer your use of the Flender Online Offering:
- To verify your identity and enable user authentication:
- To register and further process your application (e.g. conducting interviews and selecting suitable persons).
- To communicate with you as a customer, prospective customer, sales partner and supplier (each a "business partner") regarding products, services and projects, for example to process inquiries or provide technical information about products.
- Planning, performing and managing the (contractual) relationship with business partners; e.g. by performing transactions and orders of products or services, processing payments, performing accounting, auditing, billing and collection activities, arranging shipments and deliveries, facilitating repairs and providing support services.
- To send you marketing information or to contact you in the context of customer satisfaction surveys, marketing campaigns, market analysis, sweepstakes, contests, or other promotional activities or events.
- Maintaining and protecting the security of our products, services and websites, preventing and detecting security threats, fraud or other criminal or malicious activities.
- Ensuring compliance with legal obligations (such as record keeping obligations), export control and customs, business partner compliance screening obligations (to prevent white-collar or money laundering crimes), and Flender policies or industry standards; and
- Solving disputes, enforce our contractual agreements and to establish, exercise or defend legal claims.
1.2 The legal basis of processing data
As a matter of principle, personal data will only be processed to the extent necessary to achieve the aforementioned purposes. With regard to the data protection law of the European Union and the European Economic Area, the legal basis for data processing is the data protection law of the European Union and the European Economic Area, unless expressly stated otherwise when collecting personal data:
- Flender exercising its rights and performing its obligations in connection with any contract we make with you (Article 6 (1) (b) General Data Protection Regulation) This also applies to processing operations necessary to carry out pre-contractual measures, such as an application.
- Compliance with Flender’s legal obligations (Article 6 (1) (c) General Data Protection Regulation); and/or
- Legitimate interests pursued by Flender (Article 6 (1) (f) General Data Protection Regulation). If necessary, we expressly draw your attention to further or deviating legitimate interests before the respective data processing.
- In some cases, we may ask if you consent to the relevant use of your personal data. In such cases, the legal basis for Flender processing that data about you may (in addition or instead) be that you have consented (Article 6 (1) (a) General Data Protection Regulation)
1.3 Retention periods
Unless indicated otherwise at the time of the collection of your personal data (e.g. within a form completed by you), we erase your personal data if the retention of that personal data is no longer necessary (i) for the purposes for which they were collected or otherwise processed, or (ii) to comply with legal obligations (such as retention obligations under tax or commercial laws).
2. Usage of Cookies
3. Links to other Websites and Applications
This Privacy Notice applies only to Flender Online Offerings and not to other websites or applications operated by third parties. We may provide links to other websites and applications which we believe may be of interest to you (e.g. YouTube, Twitter, Facebook or LinkedIn). Links to third party websites or applications are marked as such.
If you click on a link to a digital offer of a third party, you will be forwarded to the website or application of this third party and thus leave the Flender Online Offering.
Flender is not responsible for the collection, processing and use of your data within the websites and applications of third parties. The individual data protection provisions of the respective operators of the websites and applications apply.Google Maps
In order to offer you certain location-related functions, some Flender Online Offerings use the "Google Maps" service (for example to show you the way to a Flender contact person). If you use Google Maps in a country of the European Economic Area or in Switzerland, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, processes your personal data, otherwise Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The data processed may include, inter alia, your device’s IP address and your location. A prerequisite for the processing of your location data is that you have allowed access to your location in the settings of your mobile device or that you actively provide your location data. The data controller responsible for the processing of your personal data in connection with Google Maps is Google; Google’s privacy notice can be found at https://www.google.com/policies/privacy
4. Push notifications
The activation of push notification services allows Flender to provide you with certain information. In the course of using this function and after activation of the push-notification permission, a connection with the push notification service of your operating system provider is established and your device receives notifications over this connection. For this purpose, information on your device identifier is transferred to your operating system provider. Your operating system provider is the responsible operator for push notification services.
5. Mobile Apps
Where and as permitted under applicable law, Flender may process your contact information for direct marketing purposes (e.g. trade show invitations, newsletters) and to carry out customer satisfactions surveys, in each case also by e-mail. In addition, the data may be used by Flender sales employees to submit offers to you and to be able to provide you or your company with the best service.
Flender also uses Marketing Automation Systems for purposes of advertising, market research, sales and for the demand-oriented design of products, services and websites.
The information that you yourself have entered on the Flender Online Offering, for example via a contact form, or that may already be registered in Flender Customer Relationship Management systems, for example because Flender already has a business relationship with you, can be added to the profile.
You may object to the processing of your contact data for these purposes at any time by writing to email@example.com or by using the objection option in the respective message you received.
Your data will be deleted from the Marketing Automation Systems of Flender if they are no longer required for the above-mentioned purposes or if you have withdrawn your consent.
7. Jobs and career
Some Flender Online Offerings provide the possibility to search for and apply for open job opportunities (if available: online). In order to submit an online application, the applicant must enter personal data. In addition, the applicant can, on a voluntary basis, upload detailed application documents as well as further information rounding off the user's personal profile in file form and send them to Flender together with its personal data.
In some cases, an online test is also used in connection with an job application as a personnel selection or potential analysis procedure. In the event of this, individual data protection declarations and regulations may apply, to which applicants will be informed separately.
If applicable, the application of underage persons for an education at Flender is subject to individual data protection regulations, which are separately referred to on the relevant Flender Online Offering.
Flender uses external IT service providers for the provision of job portals and the related collection of personal data. These service providers collect and process personal data on behalf of Flender. A corresponding commissioned data processing contract was concluded in accordance with Article 28 of the General Data Protection Regulation (GDPR).
8. Transfer and disclosure of personal data
8.1 Transfer and disclosure of your personal data from Flender to external parties including security measures
Flender may transfer your persona data to:
- third parties which provide IT services to us and which process such data only for the purpose of such services (e.g., hosting or IT maintenance and support services, receivables management, for payment processing or also for the collection of applicant data via a Flender Online Offering.); and
- third parties in connection with complying with legal obligations or establishing, exercising or defending rights or claims (e.g., for court and arbitration proceedings, to law enforcement authorities and regulators, to attorneys and consultants).
- Other third parties, such as sales partners and suppliers, if this is necessary in connection with offer and operation of the Flender Online Offering or the initiation, implementation or settlement of the business relationship.
- The provider of Flender‘s marketing automation platform also has the technical ability to access your data.
Sometimes the recipients to whom Flender transfers your personal data are located in countries in which applicable laws do not offer the same level of data protection as the laws of your home country. In such cases, if required by applicable law, Flender takes measures to implement appropriate and suitable safeguards for the protection of your personal data.
We transfer personal data to external recipients in such countries only if the recipient has entered into EU Standard Contractual Clauses with Flender and where applicable provides additional appropriate safeguards according to Art. 46 GDPR.
8.2 Transfer and disclosure of your personal data within Flender-Group including security measures
We share your personal data with Flender companies in such countries only if it is necessary in connection with the business transaction or with your application and if they have agreed to the Flender Intercompany Agreement on the processing of personal date, which includes the EU model clauses as amended from time to time, and have implemented the internal guidelines on the protection of personal Data. The Intercompany Agreement and internal guidelines contain rules that define Flender’s global data privacy strategy with regard to international transfers of personal data between Flender group companies.
9. Your rights, withdrawal of consent
In case you declared your consent for the processing of certain personal data by Flender, you have the right to withdraw the consent at any time with future effect, i.e. the withdrawal of the consent does not affect the lawfulness of processing based on the consent before its withdrawal. If the consent is withdrawn, Flender may only further process the personal data where there is another legal ground for the processing.
Please note that in the event of your withdrawal, some of the services offered cannot be carried out, such as application procedures, receipt and execution of orders, etc.
Subject to the statutory requirements, you are entitled to:
- Obtain from Flender confirmation as to whether or not personal data concerning you are being processed, and where that is the case, access to the personal data;
- Obtain from Flender the rectification of inaccurate personal data concerning you;
- Obtain from Flender the erasure of your personal data;
- Obtain from Flender restriction of processing regarding your personal data;
- Data portability concerning personal data, which you actively provide; and to
- object, on grounds relating to your particular situation, to processing of personal data concerning you.
Once consent to the processing of personal data has been granted, it can be revoked at any time. If your data is required for the fulfilment of a contract or for the implementation of pre-contractual measures, an early deletion of your data is only possible, unless contractual or legal obligations prevent a deletion.
Further information regarding aforementioned rights can be found on the website „Rights for citizens” of the European Commission.
10. Data Privacy Contact
The Flender Data Privacy Organization provides support with any data privacy related questions, comments, concerns or complaints or in case you wish to exercise any of your data privacy related rights. The Flender Data Privacy Organization may be contacted at: firstname.lastname@example.org.
The Flender Data Privacy Organization will always use best efforts to address and settle any requests or complaints you bring to its attention. Besides contacting the Flender Data Privacy Organization, you always have the right to approach the competent data protection authority with your request or complaint.
A list and contact details of local data protection authorities is available HERE.
11. Further information for US residents
If you are a U.S. resident, then please take note of the following:
Do Not Track
At this time our Flender Online Offerings do not recognize or respond to “Do Not Track” browser signals. For more information on “Do Not Track”, please visit your browser’s support page.
Usage by Children
This Flender Online Offering is not directed to children under the age of thirteen. We will not knowingly collect personal data from children under the age of thirteen without insisting that they seek prior parental consent if required by applicable law. We will only use or disclose personal data about a child to the extent permitted by law, to seek parental consent, pursuant to local law and regulations or to protect a child.
Depending on the US state in which you reside, you may have special rights with respect to your personal data. For information regarding any of those rights, please click HERE
12. Further information for South Africa residents
In terms of Section 1 of the Protection of Personal Information Act, 2013 (“POPI”), “personal information” includes information relating to an identifiable, living, natural person and where it is applicable, an identifiable, existing, “juristic person”.
The corresponding legal grounds and condition for lawful processing of personal data in South Africa are contained in Section 8 to 25 of POPI and relate to “Accountability”; “Processing limitation”; “Purpose specification”; “Further processing limitation”; “Information Quality”; “Openness”; “Security Safeguards” and “Data subject participation”.
In terms of Section 69 of POPI, the processing of personal information of a data subject for the purposes of direct marketing by means of any form of electronic communication, including automatic calling machines, facsimile machines, SMS or E-mail is prohibited unless the data subject has provided consent to the processing, or is, subject to further conditions, an existing customer of the responsible party.
For purposes of a Data Subject exercising its rights further enquiries and the exercise of its rights in relation to access, objection to, and complaints in respect of the processing of personal data, the contact particulars of the information Regulator of South Africa, are as follows:
JD House, 27 Stiemens Street
PO Box 31533