Privacy Policy
1. Data Protection at a Glance
General Information
This section provides a simple overview of what happens to your personal data when you visit our website. Personal data includes all data that can be used to personally identify you. Detailed information on data protection can be found in our full privacy policy below.
Data Collection on This Website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. The operator’s contact details can be found in the “Responsible Party” section of this privacy policy.
How do we collect your data?
Your data is collected in two ways: First, when you actively provide it – for example, by entering information in a contact form.
Second, certain data is collected automatically or with your consent by our IT systems when you visit the website. This includes technical data such as your internet browser, operating system, or the time of the page request. This data is collected automatically as soon as you access our website.
What do we use your data for?
Part of the data is collected to ensure the error-free provision and security of the website. Other data may be used to analyze user behavior in order to optimize the website.
What rights do you have regarding your data?
You have the right to receive information about the origin, recipient, and purpose of your stored personal data at any time and free of charge. You also have the right to request the correction or deletion of this data. If you have given consent to data processing, you may revoke it at any time for the future. In certain circumstances, you have the right to request the restriction of processing of your personal data. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.
If you wish to exercise any of these rights or have further questions about data protection, you can contact us at any time.
Analytics and Third-Party Tools
When visiting this website, your browsing behavior may be statistically analyzed. This is done primarily using analytics programs.
Detailed information on these analytics tools can be found in the privacy policy below.
Note: This English version is for informational purposes only. The legally binding version is the original German version, available at www.flowq.de/de/datenschutz.
2. Hosting and Content Delivery Networks (CDN)
Hosting with netcup
Our website is hosted by netcup.
Provider:
netcup GmbH
Daimlerstraße 25
76185 Karlsruhe
(Germany, hereinafter referred to as "netcup")
Further information can be found in netcup’s privacy policy.
The use of netcup is based on Art. 6(1)(f) GDPR and reflects our legitimate interest in providing a reliable presentation of our website. If consent has been obtained, processing is carried out solely on the basis of Art. 6(1)(a) GDPR. This consent can be withdrawn at any time.
Data Processing Agreement
We have concluded a data processing agreement (DPA) with the provider mentioned above. This agreement ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
Cloudflare
We use the service “Cloudflare”. The provider is Cloudflare Inc., 101 Townsend St., San Francisco, CA 94107, USA (hereinafter referred to as "Cloudflare").
Cloudflare provides a globally distributed content delivery network with DNS. Technically, the information transfer between your browser and our website is routed through Cloudflare’s network. This allows Cloudflare to analyze the traffic between your browser and our website and to serve as a filter between our servers and potentially malicious traffic from the internet. Cloudflare may use cookies or other technologies to recognize internet users, solely for the purpose described here.
The use of Cloudflare is based on our legitimate interest in a technically error-free and secure delivery of our website (Art. 6(1)(f) GDPR).
Data transfer to the USA is based on the European Commission’s Standard Contractual Clauses. Details can be found here: https://www.cloudflare.com/privacypolicy/.
For more information on security and data protection at Cloudflare, please visit: https://www.cloudflare.com/privacypolicy/.
Data Processing Agreement
We have signed a data processing agreement (DPA) with the provider mentioned above. This is a legally required contract under data protection law, ensuring that this provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
3. General Information and Mandatory Disclosures
Data Protection
Protecting your personal data is important to us. We process personal data only in accordance with applicable data protection laws.
Controller:
FlowQ Beratungs- & Servicegesellschaft mbH
Zeppelinstraße 73
81669 Munich
Germany
Phone: +49 (0) 89 2000 0719
Email: [email protected]
Retention
Unless a more specific retention period is stated in this privacy policy, personal data is stored only as long as required for the respective purpose or as required by law.
International Transfers
If services outside the EU/EEA are used, personal data is transferred only where legally permitted and with appropriate safeguards (e.g., standard contractual clauses), where required.
Your Rights
You have, in particular, the right of access, rectification, erasure, restriction of processing, data portability, and objection to certain processing activities. You may withdraw consent at any time with effect for the future.
You also have the right to lodge a complaint with a supervisory authority.
SSL/TLS Encryption
This website uses SSL/TLS encryption to protect transmitted data.
4. Data Collection on This Website
Cookies
Our website uses cookies. Technically necessary cookies are processed on the basis of Art. 6(1)(f) GDPR. Non-essential cookies are processed on the basis of your consent (Art. 6(1)(a) GDPR), where required.
Consent Management (Borlabs Cookie)
We use Borlabs Cookie (Borlabs – Benjamin A. Bornschein, Hamburg) to collect and document consent preferences. Legal basis: Art. 6(1)(c) GDPR and, where applicable, Art. 6(1)(a) GDPR.
Server Log Files
When visiting the website, technically required connection data (e.g., IP address, timestamp, browser information) is processed in server log files. Legal basis: Art. 6(1)(f) GDPR.
Contact Requests
If you contact us by email or phone, we process your data to handle your request. Legal basis: Art. 6(1)(b) GDPR (contract/pre-contract) and/or Art. 6(1)(f) GDPR.
Appointment Booking with Cal.com
We use Cal.com (Cal.com, Inc., USA) for appointment booking. Data entered by you is processed for scheduling and communication purposes.
Legal basis: Art. 6(1)(b) GDPR and/or Art. 6(1)(f) GDPR; where consent is requested, Art. 6(1)(a) GDPR.
More information: https://cal.com/privacy
6. Analytics Tools and Advertising
Google Tag Manager
We use Google Tag Manager. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager itself does not create user profiles and does not set cookies on its own. It is used to manage and deploy tags technically.
Legal basis is Art. 6(1)(f) GDPR (legitimate interest in efficient tag management). Where consent is required, processing is based on Art. 6(1)(a) GDPR.
Google Analytics
This website uses Google Analytics. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics helps us evaluate website usage statistically and improve our services. Processing is limited to the scope permitted by the selected consent settings.
Legal basis is Art. 6(1)(a) GDPR (consent) where non-essential analytics functions are used.
Where required, international transfers rely on appropriate safeguards, in particular standard contractual clauses.
More information: https://support.google.com/analytics/answer/6004245?hl=en
5. Social Media
We maintain a company profile on LinkedIn. Provider: LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
When visiting our LinkedIn profile, personal data may be processed by LinkedIn. Our influence on that processing is limited.
Legal basis for our profile presence is Art. 6(1)(f) GDPR (legitimate interest in professional communication and visibility).
Further information: https://www.linkedin.com/legal/privacy-policy.
7. Newsletter and Direct Communication
Newsletter
If you subscribe to our newsletter, we process the required data (in particular your email address) based on your consent under Art. 6(1)(a) GDPR.
You may withdraw your consent at any time with future effect (e.g., via the unsubscribe link in each newsletter).
Delivery Provider Encharge
We use Encharge (Smel Nov Svyat EOOD, Sofia, Bulgaria) to send newsletters. Processing is covered by a data processing agreement.
More information: https://encharge.io/privacy-policy/
Retention
Newsletter data is stored until you unsubscribe or the purpose no longer applies. Statutory retention obligations remain unaffected.
8. Plugins and Tools
In addition to the services already listed in this privacy policy, we currently do not use further tools in website operation that trigger separate personal data processing not already described above.
9. Online Marketing and Affiliate Programs
We currently do not participate in affiliate programs on this website.
10. eCommerce and Payment Providers
At present, this website does not process online shop transactions and does not process payment data through eCommerce checkout flows.
11. Audio and Video Conferencing
This website itself does not process personal data through its own built-in audio or video conferencing features.
If appointments are booked via external services, the corresponding data protection information in this policy applies (e.g., data collection/contact sections).
12. Our Own Services
We process personal data in the context of our own services only to the extent necessary for service delivery, communication, and contract performance.
Depending on context, legal bases are primarily Art. 6(1)(b) GDPR (contract/pre-contract), Art. 6(1)(f) GDPR (legitimate interest), and Art. 6(1)(a) GDPR (consent where required).
13. Video Hosting Services
YouTube
Our website uses YouTube content. Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
When loading such content, a connection to YouTube servers may be established. In this context, personal data (e.g., IP address, usage data) may be processed.
Legal basis is Art. 6(1)(a) GDPR where embedding is not technically necessary and consent is requested.
More information: https://policies.google.com/privacy?hl=en.
This privacy policy was created based on the e-recht24.de privacy policy and has been adapted accordingly.
