Table of contents
- Objective and responsibility
- Basic information regarding data processing and legal bases
- Safety measures
- Forwarding data to third parties and third-party providers
- Registration and user accounts
- Collection of access data
- Cookies and data analytics
- Google Analytics
- Google re/marketing services
- Facebook social plugins
- Facebook, custom audiences, and Facebook marketing services
- Integration of third-party services and contents
- User rights
- Deletion of data
- Right to opt out
1. Objective and responsibility
1.2. The provider of the Online Offering and thus the party responsible for data protection-law compliance is flexword Germany GmbH, Neckarauer Straße 35-41, 68199 Mannheim, Germany, managing director: Goranka Miš-Čak, email: email@example.com (hereinafter referred to as “we” or “us”). For more information about us and ways to contact us, see Legal Notice: https://www.flexword.de/impressum/.
1.3. The term “user” includes any customer, freelancer, and visitor of our Online Offering. The terms used, e.g., “user”, are to be construed as gender-neutral.
1.4. External Data Protection Officer: Please contact
2. Basic information regarding data processing and legal bases
2.1. The personal information of the users processed within the scope of this Online Offering includes user-related master data (e.g., name and address of customers), contract information (e.g., services used, name of the service representative, payment information), data relating to the use (e.g., webpages of the Online Offering visited), and content information (e.g., entries in the contact form).
2.2. We only process the user’s personal information which can be processed in compliance with the applicable data protection and privacy regulations. Hence, user’s data is not processed unless legally admissible consent has been obtained, i.e., in particular in those cases where data processing is needed or legally required to render our agreed-upon services (e.g., processing of orders) and online services, the user’s consent has been obtained, or if such processing is in our legitimate interest (i.e., in the analysis, optimization, and efficient operation and safety of our Online Offering as set forth in Art. 6 (1) lit. f GDPR [General Data Protection Regulation], in particular for the purpose of reach analytics, the creation of profiles for advertising and marketing purposes, as well as the collection of access data, and use of third-party services).
2.4. With regard to the processing of personal information based on the General Data Protection Regulation (GDPR), please note that the legal basis for consent is Art. 6 (1) lit. a and Art. 7 GDPR, the legal basis for the processing of data for rendering our services and performing agreed-upon measures is Art. 6 (1) lit. b GDPR, the legal basis for the processing of data to meet our legal obligations is Art. 6 (1) lit. c GDPR, and the legal basis for the processing of data to protect our legitimate interests is Art. 6 (1) lit. f GDPR.
3. Safety measures
3.1. We take state-of-the-art organizational, contractual, and technical safety measures to ensure that the provisions of the applicable data protection and privacy laws are complied with and thus protect the data we process against accidental or intentional manipulation, loss, destruction, or unauthorized access.
3.2. The safety measures include in particular encrypted transmission of data between your browser and our server.
4. Forwarding data to third parties and third-party providers
4.1. Data is only forwarded to third parties and third-party providers in accordance with the legal requirements. We only forward user data to third parties if required, for example, for billing purposes or other purposes necessary to meet our contractual obligation vis-à-vis the users.
4.2. If we deploy subcontractors to provide our services, we take appropriate legal steps as well as the corresponding technical and organizational measures to ensure that personal information is protected as required by the applicable legal regulations.
4.3. If content, tools, or other means of third-party providers (hereinafter collectively referred to as “third-party providers”) are used and the designated registered office of the third-party provider is situated in a third country, it may be assumed that data is transferred to the country in which the respective third-party provider’s registered office is situated. Third countries means those countries in which the GDPR is not directly applicable law, i.e., basically those countries outside the EU or the EEA. The data is transmitted to third countries either if an appropriate level of data privacy is ensured, the user consents to this, or any other kind of legal consent is available.
5.1. When contacting us (via the contact form or by email), the user’s data is processed in order to process or resolve the enquiry.
5.2. The information provided by the users may be stored in our customer relationship management (“CRM system”) or comparative enquiry systems.
6. Registration and user accounts
6.1. In our business activities, we offer registration procedures where user accounts for freelancers and our customers are created. The user accounts serve the purpose of exchanging services with the aforementioned parties pursuant to Art. 6 (1) lit. b. GDPR. This includes the processing of data relating to the respective orders, such as content, customer name, deadlines, fees, invoices, and banking and payment information.
6.2. Freelancers are asked to provide the following required information: Title, birth date, first name, last name, street, house number, city/town, postcode, country, phone number, fax number, mobile number, email, qualification, language pairs, prices, specialities.
6.3. When customers register, the following information, if applicable, is required: firm, sector, address, legal form, taxpayer ID, registration number and court, first name and last name of the representative, phone number, email address, position within the company, and password (stored in an encrypted format).
6.4. Apart from this information, each user decides himself/herself which additional information to provide.
6.5. We only use the user profiles for internal purposes; they are not public profiles and cannot be indexed by search engines.
6.6. Upon deletion of the user account, the personal information of the users is deleted to the extent that they relate to the user account and do not have to be stored for other legally permissible or required reasons (e.g., due to retention obligations under the applicable commercial and tax laws, storing of data that can be accessed by the public or as business contacts). If data is not deleted, the further processing is restricted to the aforementioned archiving and retention purposes.
6.7. It is the users’ responsibility to save their data prior to the expiration of the contract once it is terminated. We shall be authorized to irreversibly delete any and all data of the user saved during the term of the contract.
7. Collection of access data
7.1. Based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR, we collect data on any access to the server on which this service is located (so-called server log files). Access data includes: the name of the webpage accessed, file, date and time of access, transmitted data volume, report on successful access, type of browser and version, the user’s operating system, referrer URL (previously visited website), IP address, and enquiring provider.
7.2. For security reasons (e.g., investigation of misuse or fraud), log file information is stored for a duration not exceeding seven days and then deleted. Data which we are required to store for evidence purposes is not deleted until the final resolution of the respective incident.
8. Cookies and data analytics
8.2. If the users decline the storage of cookies on their system, they are asked to deactivate the corresponding option in the system settings of their browser. Saved cookies can be deleted in the browser settings. Deactivating cookies can result in restricted use of the function of this Online Offering.
9. Google Analytics
9.2. Google is certified pursuant to the Privacy Shield Framework Program and thus guarantees compliance with European data protection and privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
9.3. Google uses this information on our behalf to analyse the use of our Online Offering by the users, to generate reports regarding the activities of this Online Offering, and to render other services relating to the use of this Online Offering and the Internet. For this purpose, pseudonymous user profiles can be generated from the processed data.
9.4. We use Google Analytics only with activated IP anonymization. That means that Google abbreviates the users’ IP address within the boundaries of the EU member states or other countries who are members of the EEA Treaty. Only in exceptional cases will the entire IP address be transmitted to a Google server in the United States and abbreviated on said server.
9.5. The IP address transmitted by the user’s browser is not consolidated or merged with other Google data. The users may prevent the storage of cookies via the corresponding settings in their browser software; furthermore, users may prevent transmission of the data generated by the cookies and relating to the use of the Online Offering to Google as well as the processing of such data by Google by downloading and installing the browser plugin available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de.
10. Google Re/Marketing Services
10.1. Based on our legitimate interests (i.e., interest in analytics, optimization and efficient operation of our Online Offering pursuant to Art. 6 (1) lit. f GDPR), we use the marketing and remarketing services (hereinafter referred to as “Google marketing services”) of Google Inc., 1600 Ampitheatre Parkway, Mountain View, CA 94043, United States (“Google”).
10.2. Google is certified pursuant to the Privacy Shield Framework Program and thus guarantees compliance with European data protection and privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
10.3. The Google marketing services enable us to display advertisements for and on our website in a more targeted approach and present users only with those advertisements that are potentially useful for them. If, for example, a user is presented advertisements for products for which he/she showed interest on other websites, this is commonly known as “remarketing.” For this purpose, Google directly executes a code when our or other websites, on which Google marketing services are performed, are accessed and so-called (re)marketing tags (invisible graphics or code, also referred to as “web beacons”) are integrated into the website. By means of these tags, a specific cookie is installed on the user’s device, i.e., a small file (instead of cookies, similar technologies may be used). The cookies can be used by various domains, inter alia, by google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com, or googleadservices.com. This file records which webpages the user accesses, which content he/she was interested in, and which offerings he/she clicked; in addition, technical information regarding the browser and operating system, referring websites, time of the visit, as well as other information regarding the use of the Online Offering is recorded. The users’ IP address is recorded as well; however, within Google Analytics, we advise that Google abbreviates the users’ IP address within the boundaries of the EU member states or other countries who are members of the EEA Treaty and is transmitted to a Google server in the United States and abbreviated there only in exceptional cases. The IP address is not consolidated or merged with the user’s data from other Google services offered. Google may combine the aforementioned information with such information from other sources. If the user then visits other websites, customized ads may be displayed based on the user’s interests.
10.4. The users’ data is processed on a pseudonymous basis within the scope of the Google marketing services. This means that, for example, Google does not process the name or email address of the users, but rather the relevant data on a cookie-related basis in pseudonymous user profiles. This means that, from Google’s perspective, the ads are not administered and displayed in respect to a specific identified person, but rather for the cookie owner irrespective of who the cookie owner is. This does not apply, if a user expressly agrees to data being processed without pseudonymisation. The information collected by Google marketing services is transmitted to Google and stored on Google servers in the United States.
10.5. The Google marketing services we use include the online advertising program “Google AdWords.” When using Google AdWords, each AdWords customer is assigned a different “conversion cookie.” Thus, cookies cannot be traced via the websites of AdWords customers. The information collected by means of the cookie serves the purpose of generating conversion statistics for AdWords customers who opted for conversion tracking. AdWords customers receive information regarding the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive information based on which the respective users can be identified personally.
10.7. We can also use the “Google Optimizer” service. Google Optimizer allows us to trace based on so-called “A/B testing” how various changes affect a website (e.g., changes in input fields, the layout, etc.). For these testing purposes, cookies are installed on the users’ devices. Only pseudonymous user data is processed.
10.8. Furthermore, we may also use “Google Tag Manager” to integrate and administer the Google analytics and marketing services on our website.
10.10. If you do not wish for Google marketing services to present interest-based advertisement, you may use the Google preferences and opt-out options: http://www.google.com/ads/preferences.
11. Facebook social plugins
11.1. Based on our legitimate interests (i.e., interest in analytics, optimization and efficient operation of our Online Offering pursuant to Art. 6 (1) lit. f GDPR), we use social plugins (“plugins”) of the social network facebook.com, operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plugins can display interactive elements or contents (e.g., videos, images, or text) and can be identified based on one of the Facebook logos (white “f” on a blue tile, the terms “Like,” “Gefällt mir,” or a “thumbs up” icon) or are marked by the tag “Facebook Social plugin.” For a list and the design of the Facebook Social plugins see: https://developers.facebook.com/docs/plugins/.
11.2. Facebook is certified pursuant to the Privacy Shield Framework Program and thus guarantees compliance with European data protection and privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
11.3. If a user accesses a function of this Online Offering with such a plugin, the user’s device runs a direct link to the Facebook servers. The content of the plugin is transmitted by Facebook directly to the user’s device and integrated into the Online Offering. For this purpose, user profiles can be generated from the processed data. Thus, we have no influence on the scope of the data collected by Facebook via this plugin and therefore notify the user based on what we know.
11.4. As a result of the integration of the plugin, Facebook receives the information that a user has accessed the corresponding page of the Online Offering. If the user is logged into Facebook, Facebook can attribute the visit to the user’s Facebook account. If the user interacts with the plugin, e.g., uses the ‘like’ button or leaves a comment, the corresponding information is transmitted directly from the device to Facebook and stored there. If a user does not have a Facebook account, it is still possible for Facebook to identify and store the user’s IP address. According to Facebook, IP addresses are stored in Germany only on an anonymous basis.
11.5. For information regarding the purpose and scope of the data collected and the processing and use of the data by Facebook, as well as the corresponding rights and preference settings to protect the users’ privacy see Facebook’s data privacy policies: https://www.facebook.com/about/privacy/.
11.6. If a user has a Facebook account but does not wish for Facebook to collect data via this Online Offering and links them to his/her user data stored in the Facebook account, the user must log out of Facebook and delete his/her cookies before accessing our Online Offering. Additional settings and opt-outs for the use of data for advertising are available in the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the U.S. page http://www.aboutads.info/choices/ or the European page http://www.youronlinechoices.com/. The settings are not platform-based, i.e., they are applied across all devices, such as desktop computers or mobile devices.
12. Facebook, custom audiences, and Facebook marketing services
12.1. Due to our legitimate interests in data analysis, optimization, and efficient operation of our Online Offers and for these purposes, “Facebook Pixel” of the social network Facebook operated by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, United States or, if you reside in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”) is used.
12.2. Facebook is certified pursuant to the Privacy Shield Framework Program and thus guarantees compliance with European data protection and privacy laws (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
12.3. On the one hand, Facebook Pixel enables Facebook to identify the visitors of our Online Offering as the target group for the presentation of advertisement (so-called “Facebook ads”). Hence, we use Facebook Pixel to display our Facebook ad only for those Facebook users that showed interest in our Online Offering or show specific characteristics (e.g., interest in specific topics or products identified based on the websites visited) which we transmit to Facebook (so-called “custom audiences“). Facebook Pixel also enables us to ensure that our Facebook ads meet the potential interest of the user and is not deemed harassment. Furthermore, Facebook Pixel helps us verify the efficiency of the Facebook ads for statistical and market research purposes since we know whether users were redirected to our website after clicking on a Facebook ad (so-called “conversion“).
12.4. Facebook Pixel is directly integrated by Facebook upon accessing our webpages and can store a so-called cookie on your device, i.e., a small file. Once you log into Facebook or visit our page while logged into Facebook, the visit of our Online Offering is recorded in your profile. Your data is collected for us on an anonymous basis; i.e., we cannot identify the users. However, the data is stored and processed by Facebook, so that it can be associated with the respective user profile and used by Facebook or for their own market research and advertising purposes. In the event that we transmit data to Facebook for verification purposes, such data is encrypted locally on the browser before being transmitted to Facebook via a secured https connection. The sole purpose is to verify such data based on the data encrypted by Facebook.
12.5. Furthermore, we also use the Facebook Pixel extension “advanced matching” for the (encrypted) transmission of data (such as phone numbers, email addresses, or Facebook IDs of the users) to create target groups (“custom audiences” or “look alike audiences”) to Facebook. For more information regarding “advanced matching“ see: https://www.facebook.com/business/help/611774685654668).
12.7. You may opt out of the collection of data by Facebook Pixel and the use of your data to present Facebook ads. For information on how to change your settings of the types of ads to be displayed within Facebook, see the webpage set up by Facebook and then follow the instructions on the settings for user-based advertisement: https://www.facebook.com/settings?tab=ads. The settings are not platform-based, i.e., they are applied across all devices, such as desktop computers or mobile devices.
12.8. To prevent the collection of your data on our website via Facebook Pixel, click the following link:
Note: If you click the link, an “opt out” cookie is stored on your device. If you delete the cookies in your browser, you will have to click the link once again. In addition, the opt out only applies within the browsers you use and within our web domain on which the link was clicked.
13.1. The following remarks provide information regarding the content of our newsletter, and the registration, mailing, and statistical analysis procedures, as well as your opt-out rights. By subscribing to our newsletter, you agree to receive such newsletters and accept the described procedures.
13.2. Newsletter content: We do not send any newsletters, emails, and other electronic messages containing advertising (hereinafter referred to as “newsletter”) without the recipient’s consent or a legal consent. If the content of a newsletter is described in detail before the subscription, such content is subject to the user’s consent. Moreover, our newsletters contain internal flexword news and offers, as well as information regarding blogs relating to language, cultures, countries, translations, and similar topics.
13.3. Double opt-in and logging: Subscription to our newsletter is subject to a so-called double opt-in procedure. This means that, after the registration, you receive an email in which you are asked to confirm your registration. This confirmation is required so that nobody can register with another person’s email address. The newsletter subscriptions are logged in order to be able to provide evidence regarding the registration procedure in accordance with the legal requirements. This includes storage of the time of registration and confirmation and the IP address. The changes in your data stored by our mailing service provider are logged as well.
13.4. Data collection and analysis for statistical purposes – The newsletters contain a so-called “web beacon,” i.e., a pixel-sized file which is executed by our server when the user opens the newsletter. Upon such execution, both technical information, such as browser and system information, and your IP address and the time of the access are recorded. This information is used to improve the service from a technical perspective based on technical data or based on the information regarding the target audience and their reading behaviour. The statistical collection also includes verification that the newsletters were opened, when they were opened, and which links were clicked. This data can be attributed to individual newsletter recipients for technical reasons. However, the goal is not to monitor individual users. The analytical data is rather used to identify our users’ reading habits and adjust our content based on such habits or send various contents based on the users’ interests.
13.5. The procedure for the statistical collection and analysis, as well as the logging of the registration procedure are based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR. Our interest is based on the deployment of a user-friendly and secure newsletter system that both meets our business interests and the users’ expectations.
13.6. Cancellation/opt-out – You can cancel your newsletter subscription at any time, i.e., revoke your consent. An “Unsubscribe” link can be found at the end of each newsletter. In the event that users subscribe only to our newsletter and unsubscribe, their personal information is deleted.
14. Integration of third-party services and contents
14.1. Based on our legitimate interests (i.e., interest in analytics, optimization and efficient operation of our Online Offering pursuant to Art. 6 (1) lit. f GDPR), we use content and services offered by third-party providers within our Online Offering to integrate their contents and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This is at all times subject to the condition that the third-party providers of such content identify the users’ IP address since they cannot send the content to their browser without the IP address. Thus, the IP address is required to display such content. We make our best effort to use only such content that the providers of which use the IP address only to deliver the content. Furthermore, the third-party providers can use so-called pixel tags (invisible images, also referred to as “web beacons”) for statistical or advertising purposes. By means of the “pixel tags,” information such as user traffic on the pages of this website can be analysed. Furthermore, the pseudonymous information can be stored in cookies on the user’s device and, inter alia, contains technical information regarding the browser and operating system, referring websites, the time of the visit, as well as other information regarding the use of our Online Offering, and can also be combined with such information from other sources.
14.2. The following presentation provides an overview of the third-party providers as well as their content, including links to their privacy policies containing additional remarks regarding the processing of data and, as mentioned herein in some cases, any opt-outs:
– Information regarding Google, Inc.: Google is certified pursuant to the Privacy Shield Framework Program and thus guarantees compliance with European data protection and privacy laws (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).
15. User rights
15.1. Users are entitled to receive free-of-charge information, upon request, about their personal information which we have stored.
In addition, users have the right to have inaccurate data rectified, to limit the processing of their data, and to delete their personal information, if any, to exercise their data portability rights, and – in the event that illegal data processing is suspected – to file a complaint with the competent regulatory body (Der Landesbeauftragte für den Datenschutz Baden-Württemberg, Königstraße 10a, 70173 Stuttgart.
15.2. In addition, users may revoke their consent, in principle for the future.
16. Deletion of data
16.1. The data we store is deleted as soon as it is no longer needed for the intended purpose and the deletion of such data is not prevented by any legal retention obligations. If user data is not deleted due to the fact that it is required for other and legally permitted purposes, the processing of such data is limited. That means that the data is blocked and cannot be processed for any other purposes. This applies in particular to user data which is subject to commercial or tax-law retention requirements.
16.2. Based on the applicable legal provisions, data is retained for a period of 6 years as per Sec. 257 (1) German Commercial Code (HGB) (trade accounts, inventories, opening balance sheets, financial statements, commercial letters, vouchers, etc.) and 10 years as per Sec. 147 (1) German Fiscal Code (AO) (books, records, management reports, vouchers, commercial and business letters, documents relevant for taxation purposes, etc.).
17. Right to opt out
Users may opt out at any time of the processing of their personal information in the future based on the legal requirements. The opt out may in particular include the processing for direct marketing purposes.
Last updated on: 20 January 2018
- EN ISO 9001-认证的质量管理
- 符合 EN ISO 17100 的翻译服务