Who is responsible for data processing and who can I contact?

Responsible in the sense of data protection law is

Flownative GmbH
Arnimstraße 19c
23566 Lübeck

If you have any questions about data protection, please send an e-mail to team@flownative.com.

Basics

During the development of our website we aimed to collect as little personal data as possible from you. We also do not like it when unnecessarily many of our personal data circulate in databases.

In principle, it is possible to visit our website without entering your data. We use an analytics tool, which we operate ourselves, to see what we can improve on the website - this tool processes information such as IP address and browser used. Wherever possible, we anonymise this data.

Only when you decide to make use of certain services (e.g. by filling out the contact form) will it become necessary to process your data. Here we always make sure that your data is only processed in accordance with a legal basis or with your consent.

We adhere to the regulations of the General Data Protection Regulation (GDPR) and the applicable national regulations, such as the Bundesdatenschutzgesetz, the Telemediengesetz or other more specific laws on data protection.

For what purpose do we process personal data?

We always process your data for a specific purpose. This means that we will only collect and process your data for the purposes stated in this data protection declaration. Any use that goes beyond the purposes indicated requires your express consent or a legal basis that permits a change of purpose. The same also applies to the transfer and transmission of your data to third parties.

In summary, we process your data for the following purposes:

• in order to be able to process your request (e.g. email address, first name, last name) with you in the event of contact enquiries.
• to be able to send you an offer after your offer request
• for the technical realisation of our website and to be able to provide you with our information on this website (e.g. IP address, cookies, browser information)
• to send a newsletter with information about our service offers and news about our services (e.g. name, email address)

We have described the concrete purposes for you at the respective point of concrete processing (e.g. contact form, web analysis, newsletter etc.).

Based on which laws do we process your data?

Data that is required for the establishment, implementation or processing of our services (contract execution) are processed on the legal basis of Art. 6 para. 1 lit. b DSGVO.

Insofar as we obtain your consent to the processing of your data, the consent pursuant to Art. 6 para. 1 lit. a GDPR the legal basis for data processing.

Data processing is also permitted if we process your data to safeguard our legitimate interests and do not outweigh your interests or fundamental rights and freedoms with regard to the processing of personal data.

Insofar as we use external service providers in the context of order data processing, processing is based on the legal basis of Art. 28 GDPR.

What data is processed?

You can tell which data is being processed by the data you have to provide when filling out forms on the website. In addition, we will inform you about the data processed at the respective point of this data protection declaration.

In summary, we collect and process the following data from you via our website:

• Technical data when calling up the website (what exactly we explain below)
• General contact information:
  • name, given name
  • company's name
  • email address
  • message content

What data is processed when you visit our website?

In the case of merely informative use of the website, ie if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website and to ensure the stability and security (legal basis is Art. 6 (1) sentence 1 GDPR ):

• IP address
• date and time of the request
• time zone difference to Greenwich Mean Time (GMT)
• content of the requirement (concrete page)
• access status / HTTP status code
• each transmitted amount of data
• website from which the request comes
• operating system and its interface
• language and version of the browser software

Do we use cookies?

Yes, we also use cookies on our website. However, these are only cookies that we set and evaluate ourselves, not cookies from third parties such as Google Analytics, Facebook & Co.

We currently use cookies for the following purposes:

• in order to track which pages of our website are of particular interest to you and which relevant information you may overlook (i.e. to improve the content of our website)

The information about your visit that we receive with the help of cookies is stored with an anonymous IP address in an analytics tool that we operate ourselves (we use the open source tool Matomo).

What are cookies again?

Cookies are small files that are automatically created by your browser and stored on your device (laptop, tablet, smartphone, etc.) when you visit a website. Cookies do not damage your terminal device, contain no viruses, Trojan horses or other malware.

Information is stored in a cookie, which results in each case in connection with the specifically used terminal device. This does not mean that the operator of a website will immediately become aware of your identity, but depending on what is stored there, your identity can be determined.

On the one hand, the use of cookies can serve to make the use of the offer on the website more pleasant for you. This applies, for example, to so-called session cookies. These make it clear that you have already visited individual pages on a website. These cookies are always deleted automatically after leaving the website. On the other hand, cookies can also be used to statistically record the use of a website and to evaluate it for you for the purpose of optimising the offer on the website. Such cookies are automatically deleted after a defined period of time.

Most browsers automatically accept cookies. However, you can configure your browser so that no cookies are stored on your computer or a message always appears before a new cookie is created. Complete deactivation of cookies may, however, prevent you from using all of the website's functions.

What data do we process, when you contact us?

You can contact us by email. In this case, we will store the personal information you provide to process your request and to contact you to handle your request. All data that you send us by email is voluntarily. We do not require specific mandatory information when you get in touch with us.

Depending on the nature of your request, the legal basis for this processing is Article 6 (1) lit. b GDPR for inquiries that you yourself submit in the context of a pre-contractual measure or Art. 6 para. 1 sentence 1 lit. GDPR if your request is of a different kind. Our justified interest in the data processing follows from the under. 3 a.) and concretized here. If personal data is requested which we do not need for the fulfillment of a contract or for the protection of legitimate interests, the transmission to us is based on a consent given by you in accordance with Art. 6 para. 1 lit. a GDPR.

What rights do you have?

You have the right

• pursuant to Art. 15 GDRP, to request information about your data processed by us. In particular, you may provide information about the purposes of processing, the category of data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a right of appeal require the origin of your data, if not collected from us, as well as the existence of automated decision-making including profiling and, where appropriate, meaningful information about their details;
• according to Art. 16 GDPR, to immediately request the correction of incorrect or complete data stored with us;
• according to Art. 17 GDPR, to require the deletion of your data stored by us, unless the processing is required to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is;
• to demand the restriction of the processing of your data in accordance with Art. 18 GDPR, as far as the correctness of the data is disputed by you, the processing is unlawful, but you reject their deletion and we no longer need the data, but you for the assertion, exercise or Defense of legal claims or you have objected to the processing according to Art. 21 GDPR;
• pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, standard and machine-readable format or to request transmission to another person in charge (data portability);
• pursuant to Art. 7 para. 3 GDPR your once granted consent to revoke against us at any time. As a result, we are not allowed to continue the data processing based on this consent for the future and
• in accordance with Art. 77 GDPR to complain to a supervisory authority. In general, you can contact the supervisory authority of your usual place of residence or work place or our company headquarters.

Right of Revocation

If your data is based on legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR are processed, you have the right to file an objection against the processing of your data in accordance with Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct mail. In the latter case, you have a general right to objection, which is implemented by us without specifying any particular situation.

If you would like to exercise your right of revocation or objection, please send an e-mail to team@flownative.com.

How is data passed on to others?

Your personal data will be passed on as described below:

Our website is hosted by an external service provider within the European Union. Here we make sure that a data processing takes place alone in the E.U.. This is necessary for the operation of the website as well as for the establishment, execution and processing of the existing user contract and is also possible without your consent.

In addition, data will be passed on if we are entitled or obliged to pass on data due to statutory provisions and/or official or court orders. In particular, this may involve providing information for the purposes of criminal prosecution, averting danger or enforcing intellectual property rights.

Insofar as your data is passed on to service providers to the extent necessary, they will only have access to your data to the extent necessary to fulfil their tasks. These service providers are obliged to treat your data in accordance with the applicable data protection laws, in particular the DSGVO.

Beyond the aforementioned circumstances, we do not transfer your data to third parties without your consent. In particular, we do not pass on any data to a body in a third country or an international organisation that is not subject to the GDPR.

What service providers process data on our behalf?

We cooperate with subcontractors who process data on our behalf. Through appropriate agreements, we have also ensured the security of the data in the sense of the GDPR. You can view a list of the subcontractors that we constantly update.

What about data security?

Unfortunately, the transmission of information via the Internet is never 100% secure, which is why we cannot guarantee the security of the data transmitted via the Internet to our website.

However, we use technical and organisational measures to protect our website against the loss, destruction, access, alteration or distribution of your data by unauthorised persons.

In particular, your data will be transmitted encrypted by us. We use the coding system SSL/TLS (Secure Sockets Layer/Transport Layer Security). Our security measures are continuously improved in line with technological developments.

If you wish, you can also send us encrypted emails (GPG Public Keys and S/MIME certificates are available).

How long do we store your data?

We will delete your data as soon as their storage is no longer necessary for the fulfilment of the original purpose and there are no longer any legal retention periods. The legal retention periods are ultimately the criterion for the final duration of the storage of personal data. After expiration of the period, the corresponding data are routinely deleted. If storage periods exist, processing will be restricted by blocking your data.

Can this privacy policy change?

We are constantly developing our website in order to provide you with an ever better service. We will therefore always keep this data protection declaration up to date and adapt it accordingly if and to the extent necessary.

We will, of course, inform you in good time of any changes to this data protection declaration. We will do this, for example, by sending an e-mail to the e-mail address you have given us. If, in addition, further consent from you should become necessary for our handling of your data, we will of course obtain it from you before any corresponding changes take effect.

Regardless of whether or not we inform you, you can access the current version of our data protection policy at any time at https://www.flownative.com/en/privacy-policy.html