Privacy Policy

We operate this website in accordance with the principles described below.

We are committed to complying with statutory data protection provisions and strive to observe the principles of data avoidance and data minimisation at all times.

This privacy policy applies to the Fiori App Catalogue on this domain. The catalogue is a purely informational website without contact forms, newsletters, tracking or user accounts.

INFO

This English version is a convenience translation. The German version is the legally authoritative text.

1. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States of the European Union as well as other data protection provisions is:

Flexus AG, John-Skilton-Straße 2, 97074 Würzburg, Germany datenschutz@flexus.net

2. Definitions

We have designed our privacy policy according to the principles of clarity and transparency. Should there nevertheless be any ambiguity regarding the use of various terms, the corresponding definitions can be viewed in Article 4 GDPR.

3. Legal basis for processing data

a) Processing of personal data under the GDPR

We process your personal data (e.g. your name, e-mail address and IP address) only if there is a legal basis for doing so. Under the GDPR, the following provisions are particularly relevant:

• Art. 6(1)(a) GDPR: the data subject has given consent to the processing of personal data for one or more specific purposes.
• Art. 6(1)(b) GDPR: processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
• Art. 6(1)(c) GDPR: processing is necessary for compliance with a legal obligation to which the controller is subject.
• Art. 6(1)(d) GDPR: processing is necessary in order to protect the vital interests of the data subject or of another natural person.
• Art. 6(1)(e) GDPR: processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Art. 6(1)(f) GDPR: processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

At the relevant points of this privacy policy, we indicate the legal basis on which the processing of your personal data is based.

b) Consent of guardians under Art. 8(1) sentence 2 alternative 2 GDPR

A guardian must consent to any data processing on this website for which the consent of a minor who has not yet reached the age of 16 is required.

4. Disclosure of personal data

Personal data will only be disclosed to third parties where there is a legal basis for the processing. For example, we share personal data with persons or companies who act as processors for us pursuant to Art. 28 GDPR. A processor is any party that processes personal data on our behalf — in particular within a relationship of instruction and control.

In accordance with the GDPR, we conclude a contract with each of our processors in order to commit them to complying with data protection regulations and thereby grant your data comprehensive protection.

5. Storage period and deletion

Your personal data will be deleted by us to the extent that it is no longer necessary for the purposes for which it was collected or otherwise processed, and to the extent that processing is not required to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.

6. SSL / TLS encryption

For security reasons and to protect the transmission of confidential content, this website uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address bar of your browser changes from "http://" to "https://" and by the lock symbol in your browser bar.

When SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

7. Data collected when you visit the website (server log files)

When you access our website, the browser used on your device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is recorded without any action on your part and stored until it is automatically deleted:

• IP address of the requesting computer
• date and time of access
• name and URL of the file retrieved
• website from which access was made (referrer URL)
• browser used and, where applicable, the operating system of your computer as well as the name of your access provider

We process this data for the following purposes:

• ensuring a smooth connection to the website
• ensuring comfortable use of our website
• evaluation of system security and stability
• error analysis
• other administrative purposes

The legal basis for this data processing is Art. 6(1)(f) GDPR. Our legitimate interest follows from the purposes for data collection listed above. Under no circumstances do we use the data collected for the purpose of drawing conclusions about you personally.

8. Hosting by Netlify

This website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, California 94104, USA ("Netlify"). Netlify operates a global content delivery network (CDN) with servers located in the European Union, the United States and other regions.

When you visit this website, Netlify processes the server log data described in section 7 (in particular IP address, time of the request, resource requested, referrer and user agent). The processing serves the secure, stable and performant delivery of the website and the defence against abusive access.

The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in the reliable provision of our website.

We have concluded a data processing agreement with Netlify pursuant to Art. 28 GDPR. For the transfer of personal data to the United States, we rely on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR and, where applicable, on Netlify's self-certification under the EU–US Data Privacy Framework.

Further information is available in Netlify's privacy policy at: https://www.netlify.com/privacy/

9. Google Fonts

This website uses Google Fonts to display fonts consistently. Google Fonts is a service provided by Google (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). The web fonts are embedded via a server call, usually to a Google server. The following may be transmitted to the server and stored by Google:

• name and version of the browser used
• the website from which the request was made (referrer URL)
• operating system of your computer
• screen resolution of your computer
• IP address of the requesting computer
• language settings of the browser or operating system

Further information on data protection at Google and in relation to Google Fonts can be found at:

• https://developers.google.com/fonts/faq/privacy
• https://www.google.com/policies/privacy/

The use of Google Fonts is intended to make our website easier to read and more visually appealing, and is therefore based on our legitimate interests pursuant to Art. 6(1)(f) GDPR.

10. Cookies and local storage

This website does not use tracking or marketing cookies. Only technically necessary information is stored in your browser's local storage to ensure basic site functionality — for example, your choice of colour scheme (light/dark mode). This information remains exclusively on your device and is not transmitted to us or to any third party.

The legal basis for this is Art. 6(1)(f) GDPR in conjunction with § 25(2) no. 2 TDDDG (strictly necessary to provide the service explicitly requested by you).

11. Rights of the data subject

You have the following rights:

a) Right of access

Pursuant to Art. 15 GDPR, you have the right to obtain information about the personal data we process about you. This right of access includes information on:

• the processing purposes
• the categories of personal data
• the recipients or categories of recipients to whom your data has been or will be disclosed
• the envisaged storage period or, at least, the criteria used to determine that period
• the existence of a right to rectification, erasure, restriction of processing or to object
• the existence of a right to lodge a complaint with a supervisory authority
• the origin of your personal data, where it has not been collected by us
• the existence of automated decision-making, including profiling, and, where applicable, meaningful information about its logic

b) Right to rectification

Pursuant to Art. 16 GDPR, you have the right to obtain without undue delay the rectification of inaccurate or incomplete personal data stored by us.

c) Right to erasure

Pursuant to Art. 17 GDPR, you have the right to obtain the erasure of your personal data without undue delay, to the extent that further processing is not necessary for one of the following reasons:

• the personal data is still necessary for the purposes for which it was collected or otherwise processed
• for exercising the right of freedom of expression and information
• for compliance with a legal obligation which requires processing under EU or Member State law to which the controller is subject
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR
• for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Art. 89(1) GDPR
• for the establishment, exercise or defence of legal claims

d) Right to restriction of processing

Pursuant to Art. 18 GDPR, you can request the restriction of the processing of your personal data for one of the following reasons:

• you contest the accuracy of your personal data
• the processing is unlawful and you oppose the erasure of the personal data
• we no longer need the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims
• you have objected to processing pursuant to Art. 21(1) GDPR

e) Right to notification

If you have requested rectification or erasure of your personal data or a restriction of processing under Art. 16, 17 or 18 GDPR, we will communicate this to all recipients to whom your personal data has been disclosed, unless this proves impossible or involves disproportionate effort.

f) Right to data portability

You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to request the transmission of this data to a third party, provided that processing was carried out using automated procedures and is based on consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR.

g) Right to withdraw consent

Pursuant to Art. 7(3) GDPR, you have the right to withdraw consent you have granted at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

h) Right to lodge a complaint with a supervisory authority

Pursuant to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR.

i) Right to object

Where your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right to object to the processing of your personal data on grounds relating to your particular situation pursuant to Art. 21 GDPR. To exercise your right of withdrawal or objection, an e-mail to datenschutz@flexus.net is sufficient.

j) No automated decision-making

No automated decision-making in individual cases, including profiling, within the meaning of Art. 22 GDPR takes place on this website.

12. Changes to this privacy policy

Should we amend the privacy policy, this will be indicated on the website.

As of: April 2026