The guidelines of the EU General Data Protection Regulation (hereinafter GDPR) are applicable throughout Europe. We would like to inform you of the ways in which our company processes your personal data in accordance with the requirements of this regulation (see Articles 13 and 14 of the GDPR). If you have questions or comments about this data protection declaration, you are welcome to contact the persons listed under items 2 and 3 below via email.

Content overview:

I.    Overview
1.    Scope of application
2.    Responsible party
3.    Data protection officer

II.    Data processing in detail
1.    General information on data processing
2.    Use of our services
3.    Newsletter, studies, white papers
4.    Employment applications
5.    Customer support, contact
6.    accessing iTMS Log-in pages
7.    Tracking

III.    Rights of affected persons
1.    Right to object
2.    Right to information
3.    Right to correction
4.    Right to deletion (“Right to be forgotten”)
5.    Right to restriction of processing
6.    Right to data transferability
7.    Right to withdraw consent
8.    Right to appeal

 

I.    Overview

In this section of the data protection declaration, you will find information regarding the scope of application, the parties responsible for data processing, the data protection officer, and data security.

1.    Scope of application

The data processing activities carried out by 4flow can generally be divided into two categories:

  • For the purposes of contract settlement, all data necessary for the execution of a contract with 4flow shall be processed. For cases in which external service providers are also party to settlement of a contract, your data will be transmitted to those parties to the extent necessary for the execution of their duties.
  • Upon your use of websites or applications belonging to 4flow, various information is exchanged between your end-user device and our serv-ers. This information may also include personal data. The information gathered in this process can be used to, among other things, optimize our website.

This data protection declaration applies to the following offerings:

  • our online offerings available at www.4flow.de; www.4flow.com
  • all other cases in which you are referred to this data protection declaration by one of our offerings (e.g. websites, subdomains, mobile applications, web services or integrations on third party sites), regardless of the way in which you access or use that offering.

These offerings, in aggregate, shall hereinafter be referred to as our “services”.

 

II.   Data processing in detail

In this section of the data protection declaration, we will inform you in detail about how your personal data is processed in the context of our services. For the sake of providing an overview, we have divided the corresponding items according to specific functions of our services. During normal use of our services, it may be the case that various functions – and the corresponding data processing – take place sequentially or simultaneously.

1.    General information on data processing

Unless otherwise noted, the following applies to all forms of processing described hereafter:

a.    No obligation of provision

There is no contractual or legal obligation for the provision of personal data. You are not obligated to provide such data.

b.   Consequences of non-provision

In the case of necessary data (data which is marked as required during the entry phase), non-provision of such data shall preclude the performance and/or availability of the corresponding service to the user. In other cases of non-provision of data, our services may be provided in a non-standard form or quality as a result.

c.    Consent

In various cases, you have the option to grant us your consent to further process your personal data (or parts thereof) in the manners listed below. In such cases, we will in particular inform you – in the context of the corresponding declaration of consent – of the modalities and extent of such consent, as well as of the purposes for which the processing will take place.

d.    Transmission of personal data to third countries

If we transmit data to third countries – that is, countries outside of the European Union – then such transmission shall take place exclusively in ac-cordance with the legally established permissibility requirements.These permissibility requirements are defined in Articles 44 through 49 of the GDPR.

e.    Hosting with external service providers

Our data processing takes place largely in the context of hosting service providers who supply us with storage space and processing capacity in their data centers. These service providers also process personal data on our behalf upon our request to do so. Either these service providers process da-ta exclusively within the EU, or we have guaranteed an appropriate degree of data protection based on the EU standard contractual clauses for the transfer of personal data.

f.    Transmission to government agencies

We transmit personal data to government agencies (including law enforcement agencies) in cases that such transmission is necessary for the fulfillment of our legal obligations [legal basis: Article 6, Section 1, Item c) of the GDPR] or for the assertion, exercise or defense of legal claims [legal basis: Article 6, Section 1, Item f) of the GDPR].

g.    Duration of retention

We do not retain or store your data longer than strictly necessary for the relevant processing purposes. In the case that such data is no longer need-ed for the fulfillment of contractual or legal obligations, the data is regularly deleted unless its limited retention is otherwise necessary. Grounds for such retention include:

  • The fulfillment of commercial and tax law-related retention obligations
  • The preservation of evidence for legal disputes in the context of statutes of limitationIt is additionally possible for us to continue to store your data, insofar as you have provided your explicit consent for us to do so.

h.    Data categories

Account data: Login ID/user name and passwordo    Personal master data: Title, salutation, gender, first name, last name, date of birth, company affiliation, positiono    Address data: Street address, address suffix (if applicable), ZIP code, city, country   

Contact data: Telephone number(s), fax number(s), email address(es), participation at events

Registration data: Information about the service for which you have registered; time stamp and technical information relating to your registration, confirmation and deregistration; data you provide during the registration process   

Order data: Products ordered, prices, payment and delivery information   

Payment data: Account data, credit card data, and data corresponding other payment services such as Paypal   

Access data: Date and time of your visit to our service; the website from which the accessing system was referred to our website; accessed pages upon use; data for session identification (session ID); furthermore, the following information corresponding to the computer system accessing the services: internet protocol address used (IP address), browser type and version, type of device, operating system and similar technical information.

Employment application data: Curriculum vitae, degrees, supporting documents, work samples, certificates, pictures, motivation letter, resi-dence permit (if applicable)   

Data according to Article 9 of the GDPR: Data according to Article 9 of the GDPR are not actively collected. An unsolicited receipt of this in-formation cannot be prevented. There is no further processing of this data.

 

2.    Use of our services

This section describes how we process your personal data when you use our services. In particular, we would like to inform you that the transmis-sion of access data to external content providers (see item “b.”) is unavoidable due to technical limitations with regard to information transfer on the internet.

a.                  Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (where applicable)

Duration of retention

Access data

Connection establishment, displaying service content, detection of attacks on our site on the basis of abnormal activity, error diagnosis

Article 6, Section 1, Item f) of the GDPR

Proper functionality of services, security of data and company processes, misuse prevention, prevention of damages caused by incursions or attacks on information systems

7 days

b.                  Recipients of personal data

Recipient category

Affected data

Legal basis for transmission

Legitimate interest (where applicable)

External content providers that make content (e.g. photos, videos, embedded posts on social networks, ad banners, fonts, update information) available which is necessary for displaying the service

Access data

Order processing (Article 28 of the GDPR)

Proper functionality of our services, (accelerated) display of content

IT security service provider

Access data

Order processing (Article 28 of the GDPR)

Prevention of attacks that exploit security holes and weak points

Website development service provider

All categories mentioned under a)

Order processing (Article 28 of the GDPR)

 

Hosting service provider

Access data

Order processing (Article 28 of the GDPR)

 

 

3. Newsletter studies, white papers

We process your personal data in the context of subscription to our newsletter or of request of other documents as follows:

a.                  Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (where applicable)

Duration of retention

Email address

Registration verification (double opt-in process), newsletter distribution

Article 6, Section 1, Item b) of the GDPR

 

Duration of newsletter subscription

Personal master data

Newsletter personalization

Article 6, Section 1, Item b) of the GDPR

 

Duration of newsletter subscription

Registration data

Traceability of successful newsletter registration/confirmation/deregistration

Article 6, Section 1, Items b) and f) of the GDPR

Notification of successful newsletter registration/confirmation/deregistration

Duration of newsletter subscription

Newsletter user profile data

Interest-based formulation of newsletter

Article 6, Section 1, Item f) of the GDPR

Improvements to our service, promotional purposes

Duration of newsletter subscription

Address data

Newsletter distribution

Article 6, Section 1, Item b) of the GDPR

 

Duration of newsletter subscription

b.                  Recipients of personal data

Recipient category

Affected data

Legal basis for transmission

Legitimate interest (where applicable)

Service provider for newsletter distribution

email addresses, personal master data

Order processing (Article 28 of the GDPR)

 

 Here you can find the page where you can unsubscribe.

 

4. Employment applications

During an ongoing application for employment, we process your personal data in the following way:

a.                  Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (where applicable)

Duration of retention

Address data, contact data

Identification, initial contact, communication for contract initiation

Article 6, Section 1, Item b) of the GDPR

 

6 months after termination of the application process; at the explicit and written request of the applicant, data may be stored beyond this deadline

Personal master data

Identification, initial contact, communication for contract initiation, age verification

Article 6, Section 1, Item b) of the GDPR

 

6 months after termination of the application process; at the explicit and written request of the applicant, data may be stored beyond this deadline

Application data

Applicant selection

Article 6, Section 1, Item b) of the GDPR

 

6 months after termination of the application process; at the explicit and written request of the applicant, data may be stored beyond this deadline

Access data

Communication

Article 6, Section 1, Item b) of the GDPR

 

6 months after termination of the application process; at the explicit and written request of the applicant, data may be stored beyond this deadline

Data according to Article 9 of the GDPR (unsolicited receipt)

-

-

-

6 months after termination of the application process; at the explicit and written request of the applicant, data may be stored beyond this deadline

b.                  Recipients of personal data

Recipient category

Affected data

Legal basis for transmission

Legitimate interest (where applicable)

hosting provider of the used recruitment tools

All categories mentioned under a)

Order processing (Article 28 of the GDPR)

 

 

5.  Customer support, contact

We process your personal data for customer service purposes, use of the contact form or other forms of contacts, as follows:

a.                  Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (where applicable)

Duration of retention

Personal master data, contact data, contents of inquiries/complaints

Processing customer inquiries and user complaints

Article 6, Section 1, Items b) and f) of the GDPR

Customer loyalty, improving our services

Duration of inquiry processing; immediate deletion of the personal data after processing of the request

 

6.    Accessing iTMS Log-in pages

The following information describes how your personal data is processed when you access iTMS Log-in pages.

a.                  Information on data processing

Data categories

Purpose

Legal basis

Legitimate interest (where applicable)

Duration of retention

Access data

Establishing a connection, presenting content of the service, detecting attacks on our side due to unusual activities, error diagnosis

Article 6, Section 1, Item f) of the GDPR

Proper functionality of services, security of data and company processes, misuse prevention, prevention of damages caused by incursions or attacks on information systems

As long as necessary for the respective contract fulfillment

Account data

Use of the service

Article 6, Section 1, Item b) of the GDPR

 

As long as agreed in the respective contract

Email address

Password recovery

Article 6, Section 1, Item b) of the GDPR

 

For the documentation of the password recovery as long as agreed in the respective contract

b.                  Recipients of personal data

Recipient category

Affected data

Legal basis for transmission

Legitimate interest (where applicable)

Hosting service provider

All categories mentioned under a)

 Order processing (Article 28 of the GDPR)

 

 

7.    Tracking

In this section, we describe how we use tracking technology to process your personal data for the purposes of analysis and service optimization.

The description of the tracking procedure also contains information about how you can hinder or refuse such data processing. Please note that the so-called “opt-out” (that is, the refusal of such processing) is generally documented using cookies. If you use our services with a new end-user device or browser, or if you have deleted the cookies in your existing browser, you must complete the opt-out process again.

The corresponding tracking procedures process your personal data in a solely pseudonymous form. A connection with a concretely identified natural person – that is, a consolidation of the collected data with information about the person to whom the relevant pseudonym is assigned – does not take place.

a.    Tracking for the purposes of analysis and optimization of our services

(1)    Purposes of processing
The use of tracking to analyze user behavior helps us to verify the effectiveness of our services, optimize those services, accommodate the needs of the user, and rectify errors. Additionally, such analysis serves to establish statistical reference values (coverage, intensity of use, user browsing be-havior) on the basis of uniform standard processes, which in turn yields values that can be applied and compared across the entire market.

(2)    Legal basis for processing
For the creation of user profiles and for services which make the online behavior of the affected person traceable, a declaration of informed consent in accordance with the GDPR is required.

(3)    The tracking procedures in detail

Name of service

Function

Ability to prevent processing (opt-out)

Data transmission to third countries?

Adequacy decision (where applicable; Article 45 of the GDPR)

Appropriate guarantees (where applicable; Article 46 of the GDPR)

Google Analytics

Web analysis

https://tools.google.com/dlpage/gaoptout?hl=en

No

 

 

 

Data protection policy for using Google Analytics

This website uses features of the Google web analytics service, provided by Google Inc., 1600 Amphitheater Parkway Mountain View, CA 94043, USA.Google Analytics uses cookies. These are text files that are stored on your computer and enable analysis of your use of the website. Information regarding your use of the website is generated by the cookie and routinely transferred to a Google server in the USA where it is stored.More information on how user data is used by Google analytics can be found in Google’s privacy policy. 

Browser Plugin

You can prevent cookies from being saved by activating a setting on your browser software; 4flow would like to kindly inform you that if you do this, you might not be able to fully utilize all functions of this website. You can furthermore prevent Google from capturing and processing data related to your use of the website (including your IP address), as well as the processing of this data by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en

Objection to data collection

You can opt out collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set, preventing your data from being collected: Disable Google Analytics

Data processing

4flow has an agreement with Google in regard to data processing and fully implements the strict requirements of the German data protection authorities when using Google Analytics.

Anonymous data collection

4flow uses IP address anonymization on this website. This means that within member states of the European Union and other states belonging to the European Economic Area, your Google IP address is abbreviated. Only in exceptional cases will a full IP address be transferred to a Google server in the USA to be stored. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to perform additional services connected with use of the website and the Internet in respect of the website operator. The IP address provided by your browser as part of Google analytics will not be merged with other Google data.

 In the case that you would like to decline interest-based advertisement, you can also visit the website www.youronlinechoices.com, click on “Your Ad Choices”, and follow the instructions to individually or completely deactivate the use of your data for the purposes interest-based advertising by the service providers listed there. You will continue to receive advertisements, but they will no longer be interest-based.

 

III.    Rights of affected persons

1.    Right to object
In the case that we process your personal data to generate direct advertising, you have the right to assert your objection at any time and with fu-ture effect to such processing of your personal data for the purposes of said advertising;

You also have the right to assert your objection at any time and with future effect, for reasons arising from your particular situation, to the pro-cessing of your personal data which occurs according to Article 6, Section 1, Items e) or f) of the GDPR;

The exercise of your right to objection carries no related monetary costs.

You can reach us using the contact data listed in I.2.

2.    Right to information
You have the right to be informed as to whether we do or have processed your personal data, which data is affected in particular, as well as other in-formation as established in Article 15 of the GDPR.

3.    Right to correction
You have the right to demand that we immediately correct any of your personal data that is inaccurate (Article 16 of the GDPR). Subject to considera-tion of the purposes of the processing, you have the right to demand the completion of any incomplete personal data, including by way of an amendatory declaration.

4.    Right to deletion (“Right to be forgotten”)
You have the right to demand that we immediately delete your personal data, so long as one of the grounds listed in Article 17, Section 1 of the GDPR applies and the processing of such data is not necessary for the purposes enumerated in Article 17, Section 3 of the GDPR.

5.    Right to restriction of processing
You have the right to demand restriction of the processing of your personal data if one of the requirements enumerated in Article 18, Section 1, Item a) through d) of the GDPR is met.

6.    Right to data transferability
You have the right to obtain the personal data you have made available to us in a structured, well-established and machine-readable format. Fur-thermore, you have the right to transfer or otherwise provide such data to another responsible party, with no hindrance from us, such that we will undertake immediate transmission of said data to the party named, insofar as such transmission is technically possible. This provision shall apply in all cases in which the basis for data processing consists in a declaration of consent or contract and in which the data will be processed in an auto-mated way. Accordingly, this provision shall not apply to data available solely in hard copy form.

7.    Right to withdraw consent
Insofar as the processing of your personal data is predicated upon your declaration of consent, you have the right to withdraw that consent at any time. The legal permissibility of processing based upon your declaration of consent prior to such withdrawal shall remain unaffected.

8.    Right to appeal
You have the right to appeal to a regulatory authority.