The protection of your personal rights and your informational self-determination
We do not want to process your personal data at all!
Unfortunately, this is necessary for one activity or another, such as making contact, fulfilling contracts or the reliable operation of a website useful to you. And sometimes legislators also force you to collect and store certain data. However, it is important that this data is collected and processed in your interest and that you are not restricted in your personal rights.
What we don't care about:
We are notinterested in who uses our services - or whether you are old, young, male or female, where you live, what your preferences are or who you choose.
We have no interest in automatic decision making or profiling. So when we dutifully clarify this in the subsequent sections, this is due to legal obligations.
What we are interested in:
We are interested in how we can make our websites better for you and whether you found what you were looking for in our search for information.
We are interested in what you are looking for and whether frequently searched information is easily accessible for you.
We are interested in how many requests our server answers in a certain time and whether it is fast enough for this.
We want to make sure that our server is available for you and that there are no attacks on it.
We would like to provide you with interesting content and also link to external sources or embed them in the form of videos.
If you would like to contact us or order something, we would like to make it as easy as possible for you.
To achieve all this, we offer you contact and order forms, generate web server logs and embed evaluation scripts for statistical (anonymized) analyses on our pages. In the following sections, we will inform you which data is collected, processed and transmitted exactly and inform you about your rights.
To cut a long story short:
The data that we collect and process is intended to serve you - on the basis of morality, transparency and responsibility. Our business is to be a good service provider for you. We are not data collectors or data dealers. Simple, isn't it?
What we do:
Trust is important to us! Therefore we attach great importance to the fact that your data is safely stored with us and you trust us in handling it.
We invest a lot in security - if you want to know exactly, you will find the details on the page Technical and organisational measures according to BDSG/GDPR.
- fluxpunkt.de / fluxpunkt.com
In addition to the services we offer ourselves, Fluxpunkt is also present in various social networks. Please refer to the data protection regulations of the respective operator for details on data processing by the respective platform:
Responsible body / data processor
Further details and contact possibilities can be found in the imprint.
Place of data processing
The services provided by us are operated at locations in Germany (our servers) and in other European countries (external data centres).
Collected data is stored locally (at the location of the data processing system) and at backup locations within Germany and Europe.
Transport of your personal data when using our websites
In order to best protect your data during transport, we use the HTTPS protocol with SSL/TLS encryption on all our websites. You can recognize such encrypted connections by the prefix "https://" in the page link in the address bar of your browser. Unencrypted pages are identified by "http://". All data that you transmit to our websites - for example when making enquiries or logging in - cannot be read by third parties thanks to SSL encryption. When you access our pages via the unencrypted HTTP protocol, you are automatically redirected to an encrypted connection.
With regard to the encryption algorithms, guidelines and certificates used, we rely on the highest possible security: https://www.ssllabs.com/ssltest/analyze.html?d=wiki.fluxpunkt.de&latest
Your rights in detail
As a natural person whose personal rights are affected by the processing of your personal data (data subject), you have various rights with regard to your data:
- Right to information (pursuant to Art. 15 GDPR):
You can request information on this,
- the purpose for which your personal data will be processed.
- which categories of personal data are processed.
- to whom your personal data have been or will be transferred and whether they are recipients in third countries or international organisations.
- how long we plan to store your personal data or which criteria determine the retention period .
- whether, in the specific case, you have the right to rectify, delete or limit the processing. These rights may be restricted under certain circumstances.
- whether - in the specific case - you are entitled to appeal to a supervisory authority.
- from where we have your personal data, if it has not been collected from you.
- whether we automatically make decisions or create profiles about you based on your personal data, and if so, how the decision-making process works and what it means for you.
- what measures or guarantees exist to protect your data when transfers are made to recipients in third countries or to international organisations.
- which of your personal data is subject to processing (copy of this data).
- Right of rectification (pursuant to Art. 16 GDPR):
You may request that personal data concerning you and incorrect personal data be completed or rectified - also by means of a supplementary declaration.
- Right to deletion (pursuant to Art. 17 GDPR):
You may request that data relating to your person be deleted immediately unless processing of your data is required or required by law. Processing may be necessary for the exercise of the right to freedom of expression and information, to fulfil legal obligations, to safeguard public interests (including health, archival, research or statistical purposes), to exercise official authority or to enforce, exercise or defend legal rights.
- Right to limitation of processing (pursuant to Art. 18 GDPR):
If you have any doubts as to the accuracy of your personal data processed by us or if you dispute its accuracy, you may demand that the processing of your data be restricted for as long as we need to verify its accuracy. You can also demand a restriction of the processing if we refuse your request for deletion of your personal data in the event of unlawful processing.
A right to limitation also exists if we no longer need your data but you need it to assert, exercise or defend legal claims or if you object to the processing but we have a legitimate interest in the processing and as long as it is not yet clear whose interests prevail.
- Right to data transferability (according to Art. 20 GDPR):
If you provide us with your personal data on the basis of your consent for the purpose of processing it using an automated procedure, you have the right to receive it from us again in a structured, common and machine-readable format.
- Right of objection (pursuant to Art. 21 GDPR):
If we process your personal data on the basis of a justified interest on our part or on the part of third parties or if the processing serves the performance of a public task or the exercise of official authority, you have the right - for reasons arising from your particular situation - at any time to object to the processing of personal data concerning you.
We will then terminate the processing of your data unless there are compelling reasons for the processing worthy of protection which outweigh your rights or if the processing serves the assertion, exercise or defense of legal claims.
You can object to processing for the purpose of direct marketing or profiling at any time for no reason whatsoever. Your data will then no longer be processed for this purpose.
- No automated decision making in individual cases including profiling (according to Art. 22 GDPR):
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - which has legal effect on you or similarly significantly affects you. This does not apply if the automated processing is necessary for the fulfilment of a mutual contract or is permissible on the basis of legal provisions of the Union or the member states or you expressly consent to the automated decision in the individual case.
To exercise your rights, we are available to you under the contact details provided . We kindly ask you to send any requests in writing or text form (letter post or email) to us. Furthermore, we ask for your understanding that we do not provide information on personal data by telephone or accept instructions regarding the exercise of data subjects' rights, as we are unable to carry out the necessary reliable identity verification.
Legal basis for the processing of your data
Your personal data will be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG-neu) and other standards relating to the collection, storage, safekeeping and deletion of data.
We process your personal data
to fulfil a contract existing between you and us or pre-contractual measures (Art. 6 para. 1 lit. b GDPR).
on the basis of a legitimate interest of our company or third parties, weighing the interests of both parties (Art. 6 para. 1 lit. f GDPR)
because we are obliged to do so by law (Art. 6 para. 1 lit. c GDPR)
because it is necessary for an employment relationship (including initiation or termination) (Art. 88 para. 1 GDPR in conjunction with § 26 para. 1 BDSG-neu)
- based on your consent (Art. 6 para. 1 lit. a GDPR)
Tabular overview of the personal data collected by us and third parties
In the following tables you will find a summary of the data collected and processed by us or third parties when using our services. A more detailed description can be found in the following sections.
Direct survey of you as the person concerned
|Reason / Purpose||Services that are used for the survey||Personal data||Legal basis||Storage period||Opt-out/opposition possibilities|
|Analytics / Improvement of our web presences||Google Analytics|
Cookie and usage data
We assume that we have a predominant legitimate interest in the processing of analytical data, which does not require consent. In particular, as the analytical data is anonymized and therefore does not represent personal data.
|Browser add-on (basic opt-out; not limited to our services) or|
opt-in to our services via express statement
|Google Adwords Conversion Tracking|
|Embedding of external content to improve our web presence||Youtube Videos||Cookie, IP address||Refrain from playing the embedded videos|
|Attack protection and fault analysis||Web server logs||IP address|
7 days, in backups up to 21 days
|Establishment of contact||Contact form||Name and email address; content of the message|
Deletion after expiry of statutory retention periods
|Name and email address; content of the email (in particular signature contact information)|
On a case-by-case basis according to legal requirements or as long as necessary.
For files and emails, we use a system for the implementation of differentiated retention periods and automatic deletion based on the categorization of a file/email.
|Letter post||Contact details provided; content of letter post|
On a case-by-case basis according to legal requirements or as long as necessary.
|Please let us know in your cover letter if you object to electronic document processing.|
|Documentation of support calls outside business hours||Phone||Complete call recording for documentation and billing purposes when using the paid support hotline outside business hours. For the subsequent recording and documentation of the process in our ticket system and the final accounting,||Deletion as soon as the transaction has been closed for accounting purposes.||Refrain from using the fee-based support hotline outside business hours|
|Implementation of application procedures||Letter post / Email||Contact details provided; content and attachments of letter post or email||In the case of a successful application for the duration of the employment relationship and the subsequent expiry of deadlines with which termination becomes definitively effective.|
In case of unsuccessful application for three months from notification and the final coming into effect of the cancellation. At your explicit request -- if you would like to be considered for future jobs -- your application will be stored according to your instructions. In this case, please let us know the desired storage period.
|Customer order||Order form||Name and email address (contact person of ordering party), name of customer, billing address for orders by end customers|
Deletion after expiry of statutory retention periods
|Remote support||TeamViewer||IP address, TeamViewer ID|
You can find further information on data protection in the Google services we use at:
https://privacy.google.com/ We have concluded a contract for order data processing with Google. The personal data collected by Google may be stored and processed outside the European Union.
Survey from other sources
|Reason / Purpose||Trigger for survey / processing||Services that are used for the survey||Personal data||Retention period and legal basis||Opt-out/opposition possibilities|
|Caller recognition, billing of service calls|
Contact by telephone
|Public telephone directories||Phone number and name (by reverse resolution, if available in a public address book/phonebook)||Please let us know during the call if you wish to delete/anonymize your call list entry.|
|Protection from dubious callers||First customer order or if there are doubts about the economic situation at the time of invoice payment||Federal Gazette Publisher||Name and contact details of authorized representatives.|
Tabular overview of the personal data collected by us and third parties
Processing of personal data for purely informational use of our websites
When using our website without registration, use of contact forms and without actively sending us information, we only collect the following data, which your web browser transmits to us, in the form of web server logs:
- Your IP address
- Date/Time and Time Zone
- Requested URL
- Request status code (HTTP status)
- Transferred amount of data
- Referrer (website from which you came to us)
- Web browser used, version and language
- Operating system used
In the following example, our imprint was called from the IP address 220.127.116.11 with Apple Mac OS X and Safari browser (version 9.1), where the visitor was directed to us by www.google.de. Our web server has successfully delivered 218 bytes of data:
Our web server can use this information to generate special formatting instructions in order to display the website in the best possible way for the browser used.
A storage in connection with other personal data does not take place. The web server logs are not used to evaluate behavior or profile generation.
The collection and processing of the data provided is technically necessary in order to display/deliver our websites correctly for your end device, to ensure proper operation, to detect errors or attacks and to optimise our websites. The non-anonymized storage of the requesting IP address is particularly necessary with regard to detection and protection against attacks. This is our legitimate interest in the processing of this data.
The data stored on the web servers in the log files and listed above will be deleted from the server after 7 days. Log files are also included within server backups and are kept for a maximum of 21 days.
Processing of personal data by cookies
If cookies are used for analysis purposes (e.g. by Google Analytics; so-called tracking cookies), they serve to improve the quality and user friendliness of our websites.
Cookies are text files that are administered by your browser and made available to the website when you change pages or later visit it. You can prevent the creation of cookies by making the appropriate settings in your browser. We would like to point out that in this case you will not be able to use all the functions of our websites to their full extent.
Cookies that are valid beyond one session are provided with an expiry date and are automatically deleted from your browser after this date has expired. You can carry out a manual deletion at any time in the settings of your browser.
Since cookies are stored on your end device and transmitted to us by your browser, you can configure and determine the processing yourself.
Processing of personal data by Google Analytics with anonymization function
We use Google Analytics only with IP anonymization enabled. This will cause Google to shorten your IP address within the European Union or in other contracting states across the European Economic Area prior to further processing. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. A personal reference can thus be excluded.
Google will use the information collected during the analysis to evaluate your use of our website on our behalf, compile reports on website usage and provide us with other services relating to website usage and internet usage. Pseudonymous usage profiles can be created from the processed data. The IP address transmitted when Google Analytics is used is not combined with other data from Google.
We use Google Analytics for the purpose of analysing the use of our website and continuously improving individual functions and offers as well as the user experience. Through the statistical evaluation of user behaviour, we can improve our offer and make it more interesting for you as a user.
In order to oblige Google to process orders for the data transmitted only in accordance with our instructions and to comply with the applicable data protection regulations, we have concluded an order processing contract with Google. In the exceptional cases where personal information is transferred to the United States, Google has agreed to and is certified under the Privacy Shield Agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Further information on the use of data by Google, on setting and objection possibilities and on data protection can be found on the following Google websites:
- Overview of data protection: http://www.google.com/intl/en/analytics/learn/privacy.html
- Google's use of data when you use the websites or apps of our partners: https://www.google.com/intl/en/policies/privacy/partners
- Use of data for advertising purposes: http://www.google.com/policies/technologies/ads
- Settings for personalized advertising by Google: http://www.google.de/settings/ads
Processing personal data through the embedding of Youtube videos
We use "Google Analytics", a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter referred to as "Google"), on most of our websites. We use Youtube to be able to display and offer you contents and functions of the social platform Youtube on our Internet presence and thereby to improve our offer as well as the user experience and to make it more interesting, in particular to provide you with instruction videos in the area of free support. Only when the videos are played will Youtube content be downloaded and the personal data described in more detail in the table above be transferred from your Internet browser to Youtube. By clicking on the play button, you consent to this transmission.
Google has signed and certified a privacy shield agreement between the European Union and the United States. By doing so, Google is committed to complying with the standards and regulations of European data protection law. Further information can be found in the following linked entry: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Third Party Information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland
Further information on data protection and the use of data by Google can be found on the following Google website: http://www.google.de/intl/en/policies/privacy
Processing of personal data for the purpose of establishing contact
If you contact us via email or contact form, the personal data you provide will be stored exclusively for the purpose of establishing contact:
- Name (first name, surname, possibly salutation and title)
- Email address
- Contact information in your email signature
- Content of the email
- Processing mail servers and email headers
- possible email attachments
Forwarding of this data takes place only on your explicit desire. A comparison of the data collected here with data that may be collected by other components of our site does not take place. Contact form data is encrypted and securely transmitted to us.
For files and emails, we use a system for the implementation of differentiated retention periods and automatic deletion based on the categorization of a file/email. Emails for which retention or deletion obligations exist are classified accordingly and automatically deleted at the end of the retention period. If no storage obligation exists, emails will be deleted after final processing or the end of an expected response period.
You may request the deletion of your email/contact form data sent to us at any time, provided that there are no compelling reasons for further processing that are worthy of protection and that the interests of the parties have been weighed against each other, provided that no legal storage or storage obligations have arisen, and provided that the processing of the data does not serve the purpose of asserting, exercising or defending legal claims.
Processing of personal data when contacting us by telephone
For incoming calls we use reverse number resolving from internal and external data sources. Telephone numbers of a private individual are personal data. Although we only serve corporate customers, it cannot be ruled out that we may be called from a private landline or mobile phone connection. Unfortunately a distinction is not possible at the time of a call.
Internal data sources are our customer directories (CRM database, exchange contacts, accounting system contact directory and workplace Outlook contacts).
External data sources are online telephone directories such as GoYellow, klicktel, tel.search.ch or Whitepages.com.
If a phone number can be resolved from internal data sources, the caller number is not transmitted to external data sources. Only if resolving from internal data sources was unsuccessful, a reverse lookup will be tried via publicly accessible address directories. For this purpose, the caller number is transmitted to one of the following services to determine the name/company and location of the caller:
- GoYellow (for callers from Germany)
- Search.ch (for callers from Switzerland)
- Whitepages.com (for callers from the USA)
Resolving of names usually take place only once and with the resolved information stored temporarily within the telephone system in an area protected against external access for future enquiries. Only a hash value of the telephone number is linked to the received and publicly accessible data from the online telephone directories. Reasons for the storage are an accelerated number resolution for subsequent calls, less requests to external services and in order not to give the external services the possibility to deduce the number and timing of calls.
The purpose of number resolution is to identify the calling company and possibly a contact person before accepting a call and to determine whether the customer is an existing customer with service contracts and/or open processes. If several calls are received simultaneously, service contract customers are given priority and identified by their phone number.
You have the option of objecting to the inclusion of your personal data or your telephone number in telephone directories. If you have agreed to the recording of your data and the transmission for the purpose of caller identification, the data published by you will be transmitted to us, stored in the call list entry and shown in the display of called telephones and on the screen of called workstations. The basis for this is § 105 TKG.
During a conversation you can inform us that you object to the storage of your data. In this case, the data associated with your call (call list entries) is anonymized.
Processing of personal data from applications
We use the application documents sent to us exclusively for the execution of the application procedure on the basis of Art. 88 Para. 1 GDPR in conjunction with § 26 Para. 1 BDSG-neu. We do not pass on your data to third parties. Within our company, access is only granted to persons who are involved in decision-making.
Please let us know in your application whether it should also be considered for future job offers and - if so - how long we should keep your application for this purpose (your right to request the deletion of your personal data at any time remains unaffected). Without such notification, we assume that you are only interested in current vacancies and, in the event of unsuccessful applications, will delete your application within three months of notification of the negative recruitment decision.
In the event of a successful application, we process your data for the purpose of establishing and exercising your employment relationship and for the duration of your employment relationship, as well as for the subsequent expiration of deadlines upon which termination finally takes effect.
Processing of personal data that you voluntarily transmit to us
In particular in contact forms, but also when contacting us via other channels, you have the opportunity to voluntarily provide us with personal data. When transferring personal data from third parties, please make sure that you only transfer them with the consent of the person concerned.
Please note that personal data (from you or also third parties), which are transmitted in connection with other data, may be subject to a storage obligation which prevents a future deletion claim.
You may request the deletion of personal data at any time, provided that there are no compelling reasons for further processing that are worthy of protection after weighing the interests of the parties, no legal storage or storage obligations have arisen or the processing of the data does not serve to assert, exercise or defend legal claims.
If you have transmitted personal data from third parties to us, we assume that you were entitled to do so. If a claim for cancellation is made against you with regard to this data, please remember to also inform us.
Scope of processing and consequences of not providing your data
We limit ourselves, with the personal data collected by us, to the minimum necessary for the stated purpose. We collect and process data insofar as it is absolutely necessary for the achievement of this purpose or serves to improve the service provided to the person concerned. This is based on the presumed will of the person concerned, taking into account the interests of both parties.
The data collected in the form of mandatory data in the ordering process are mandatory for the conclusion of a contract and the granting of rights of use, as well as for establishing contact or the transmission of declarations. Without their indication the possibility of the conclusion of a contract with us is void.
For remote support we use the software TeamViewer of the German manufacturer TeamViewer GmbH from Göppingen. Traffic data is generated by this provider. Without a consent for data processing, which the person concerned in this case gives to TeamViewer, no remote support by us is possible. Fluxpunkt GmbH does not transmit any personal data to TeamViewer GmbH on its own initiative.
Tabular overview of the personal data transfered by us
As far as legally permissible or prescribed (see section "Legal basis for the processing of your data"), we transmit personal data to third parties or external service providers:
|Receivers||Reason / Purpose||Legal basis|
|ITC distributors and dispatch logisticians:||Goods dispatch with direct delivery: Depending on the availability of goods, we make use of the distributions listed on the right. Your contact data (e.g. name of the consignee) will be transmitted within the scope of the delivery address.|
Deliveries from our own warehouse are made exclusively via UPS (United Parcel Service, Inc.).
|Manufacturer of ITC products, distributions, Internet and telecommunications providers||2nd level support, project protection and enquiries, contract brokerage (update/service / Internet/telephony contracts), use of managed services to carry out and maintain business operations|
|Sales partners||Mediation, conclusion, execution and termination of contracts|
|Public authorities (police, public prosecutor's office, supervisory authorities, etc.)||Legal protection in justified cases|
The transmitted data are those which are absolutely necessary for the fulfillment of the purpose under observance of the principle of data minimization (e.g. contact data for queries in a support case, customer data for the mediation of a contract with a manufacturer or provider).
Fluxpunkt as data processor
Fluxpunkt provides customers with various types of services in which the transfer of personal data to us takes place or cannot be avoided. We may also simply have the ability to access or exercise personal information. Examples of this are:
- Hosting of customer websites and email services
- Management and administration of SaaS contracts (e.g. Office 365)
- Administration/monitoring/monitoring of customer systems (server, TC, network infrastructure, databases, websites, etc.)
- Service on the customer's ITC systems (installation of software, error analysis, training, etc.)
- Remote support (e.g. via TeamViewer) on a customer workstation
- Log analyses to check the proper functioning of ITC systems
- Processing of service requests with attached log files
In all these cases it is necessary to conclude a data processing contract with us or to obtain the express consent of each person concerned (including those of your customers and suppliers).
We conclude a data processing contract with all hosting and service contract customers.
Since data processing contracts also involve extensive obligations (e.g. information obligations vis-à-vis the client), restrictions (e.g. through rights of objection in the choice of subcontractors), expenses (e.g. through the exercise of control rights by the client) and liability risks, we do not conclude them lightly, but as the result of a mutual examination weighing costs, benefits and risks. In particular, it is based on a long-term service relationship.
Limited support without data processing contract!
Without data processing contract, our services and support is unfortunately only provided to you to a limited extent. We do not analyze log files, provide remote support through TeamViewer (or other programs that potentially allow you to view or access personal information), install software or updates on your workstations, or monitor your systems.
Our support will be limited to advice, tips and explanations on self-help.
Your duties as a responsible party
- When selecting your service providers, you must make sure that they offer sufficient guarantees to comply with the GDPR regulations (also with regard to subcontractors).
- You yourself need permission to process certain data so that we can process them within the framework of a data processing contract.
If we have any doubts about the lawfulness of the processing during the processing of an order, we will refuse the processing (and terminate any support activities) until you have sufficiently convinced us of the lawfulness. This procedure is necessary for the protection of those affected and also to protect you and us from liability situations according to Art. 82 GDPR.
Our technical and organisational measures
We make our technical and organisational measures available to data processing contract partners as an integral part of the contract in a continuously updated version.
Our directory of subcontractors
Our Directory of subcontractors (pursuant to Art. 28 GDPR) we make available to our data processing contractual partners as an integral part of the contract in a continuously updated version.
Our list of processing activities
Our list of processing activities (according to Art. 30 GDPR) is made available to authorized supervisory authorities upon request.
Information for our webhosting customers
The traffic data stored in the logs on our web servers and defined in more detail in our data protection declaration will be deleted from the server after 7 days. Log files are also included within server backups and are kept for a maximum of 21 days. Our web server logs are not used to evaluate behavior or profile generation.
The collection and processing of this data is technically necessary in order to correctly display/deliver customer websites for a specific end device, to ensure proper operation, to detect errors or attacks and to optimise our web hosting platform. The non-anonymized storage of the requesting IP address is particularly necessary with regard to detection and protection against attacks. This is our legitimate interest in the processing of this data.