Privacy policy

1. Introduction

In the following, we inform you about the processing of personal data when using the FLEXVIT online store - https://flexvit.band - and our profiles in social media.

Personenbezogene Daten sind alle Daten, die auf eine konkrete natürliche Person beziehbar sind, z. B. Ihr Name oder Ihre IP-Adresse.

1.1 Contact information

The responsible party for the content of the online store and the collection, processing & use of your personal data within the meaning of the Federal Data Protection Act is:

Flexible Sports GmbH
Managing Director: Tim Hüfner
Am Eichwasen 18
D-72401 Haigerloch GERMANY
E-Mail: info@flexvit.band

1.2 Extent of data processing, purpose of processing and legal grounds

The scope of data processing, processing purposes and legal grounds are further specified below. The following are generally considered to be the legal basis for data processing:

  • Art. 6 Abs. 1 S. 1 it. a DSGVO serves as our legal basis for processing operations for which we obtain consent.
  • Art. 6 Abs. 1 S. 1 lit. b DSGVO is the legal basis insofar as the processing of personal data is necessary for the performance of a contract, e.g. if a site visitor purchases a product from us or we perform a service for him. This legal basis also applies to processing that is necessary for pre-contractual measures, such as in the case of inquiries about our products or services.
  • Art. 6 Abs. 1 S. 1 lit. c DSGVO applies if we fulfill a legal obligation by processing personal data, as may be the case, for example, in tax law.
  • Art. 6 Abs. 1 S. 1 lit. f DSGVO serves as the legal basis when we can rely on legitimate interests to process personal data, e.g. for cookies that are necessary for the technical operation of our website.

1.3. Data processing beyond the EEA

In cases in which we transmit data to service providers or other third parties outside the EEA, the security of the data during the transfer is guaranteed by adequacy decisions of the EU Commission (Art. 45 para. 3 of the GDPR), where these exist (e.g. for the UK, Canada and Israel).

If no adequacy decision exists (e.g. for the USA), the legal basis for the data transfer is usually, i.e. unless we indicate otherwise, standard contractual clauses. These are a set of rules adopted by the EU Commission and are part of the contract with the respective third party. According to Art. 46 (2) lit. b DSGVO, they ensure the security of the data transfer. Many of the providers have given contractual guarantees that protect the data beyond the standard contractual clauses. These are, for example, guarantees regarding the encryption of the data or regarding an obligation on the part of the third party to notify data subjects if law enforcement agencies want to access data.

1.4. Duration of Data Retention

Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as they are no longer required for their intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted, i.e. the data will be blocked and not processed for other purposes. This applies, for example, to data that we must retain for reasons of commercial or tax law.

1.5. Rights of the data subjects

Data subjects have the following rights vis-à-vis us with regard to the personal data concerning them:

  • Right to information,
  • Right to correction or deletion,
  • Right to restriction of processing,
  • Right to object to processing,
  • Right to data portability,
  • Right to revoke consent given at any time.

Data subjects also have the right to complain to a data protection supervisory authority about the processing of their personal data. The contact details of the data protection supervisory authorities are available here.

1.6 Obligation of data provision

Within the scope of a business relationship or other relationship, customers, interested parties or third parties only have to provide us with those personal data that are required for the establishment, implementation and termination of the business relationship or for the other relationship or which we are legally obliged to collect. Without this data, we will usually have to refuse to conclude a contract or provide a service or will no longer be able to perform an existing contract or other relationship.

Mandatory data are marked as such.

1.7 No automatic decision-making in individual cases

For the establishment and implementation of a business relationship or other relationship, we generally do not use fully automated decision-making pursuant to Article 22 DSGVO. Should we use these procedures in individual cases, we will inform about this separately if this is required by law.

1.8 Contacting us

When contacting us, e.g. by e-mail or telephone, the data provided to us (e.g. names and e-mail addresses) will be stored by us in order to answer questions. The legal basis for the processing is our legitimate interest (Art. 6 para. 1 p. 1 lit. f DSGVO) to answer inquiries directed to us. We delete the data accruing in this context after storage is no longer necessary, or restrict processing if there are legal obligations to retain data.

1.9 Customer surveys

From time to time we conduct customer surveys in order to get to know our customers and their wishes better. In doing so, we collect the data requested in each case. It is our legitimate interest to get to know our customers and their wishes better, so that the legal basis for the associated data processing is Art. 6 para. 1 p. 1 lit f DSGVO. We delete the data when the results of the surveys have been evaluated.

2. Newsletter

We reserve the right to inform customers who have already used services from us or purchased goods from time to time by e-mail or other means electronically about our offers, if they have not objected to this. The legal basis for this data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in direct advertising (recital 47 DSGVO). Customers can object to the use of their e-mail address for advertising purposes at any time without incurring additional costs, for example via the link at the end of each e-mail or by sending an e-mail to our above-mentioned e-mail address.

Interested parties have the option to subscribe to a free newsletter. We process the data provided during registration exclusively for sending the newsletter. Subscription takes place by selecting the appropriate field on our website, by ticking the appropriate field in a paper document or by another clear action, whereby interested parties declare their consent to the processing of their data, so that the legal basis is Art. 6 (1) p. 1 lit. a DSGVO. Consent can be revoked at any time, e.g. by clicking the corresponding link in the newsletter or notifying our e-mail address given above. The processing of the data until revocation remains lawful even in the event of revocation.

Based on the consent of the recipients (Art. 6 para. 1 p. 1 lit. a DSGVO), we also measure the opening and click-through rate of our newsletters to understand which content is relevant to our recipients.

We use the services of Klaviyo, Inc ("Klaviyo"), 125 Summer Street, Boston MA, 02111, USA, to analyze user behavior in our online store for our own advertising and market research purposes. Klaviyo also uses cookies and may link your behavior in our webshop with your personal data, provided that you have subscribed to our newsletter, created a customer account or gone through an order process in our webshop. You can find Klaviyo's privacy policy at https://www.klaviyo.com/privacy.

When using the services offered by Klaviyo, personal data is transmitted to Klaviyo and processed by Klaviyo:

  • Contact details and demographic data, purchase history and details about consumer engagement with marketing communications;
  • Details regarding the terminal devices used to access our website (such as IP address and type of operating system and web browser);
  • Dates and times of visits to and use of our website;
  • Information about how our website is used (such as the content displayed on our customers' websites and how users navigate between websites, and the date and time of access);
  • Details about how individuals interact with our emails (such as whether the email is opened and which links in the email are clicked);
  • URLs that point visitors to our website.

In order to provide its service, Klaviyo may share such personal data with its partner companies. If this is the case, Klaviyo enters into an agreement with them that contains provisions on data protection that provide at least as high a level of protection as the provisions of the data protection agreement that Klaviyo has entered into with us. A list of companies affiliated with Klaviyo can be found here: https://www.klaviyo.com/legal/subprocessors.

To protect your data in the U.S., we have entered into a data processing agreement ("Data Protection Addendum") with Klaviyo based on the European Commission's standard contractual clauses to enable the transfer of your personal data to Klaviyo. This data processing agreement can be viewed at the following Internet address if you are interested: https://www.klaviyo.com/privacy/dpa.

Klaviyo Inc. is a company based in the USA. The transfer to, as well as the processing and/or storage of personal data by Klaviyo is based on the standard contractual clauses of the European Commission. You can find these clauses in the order agreement we have concluded with Klaviyo: https://www.klaviyo.com/privacy/dpa.

3. Data processing on our website

3.1 Informational use of the website

During the informative use of the website, i.e. when site visitors do not separately transmit information to us, we collect the personal data that the browser transmits to our server in order to ensure the stability and security of our website. This is our legitimate interest, so that the legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO.
These data are:

    • IP address
    • Date and time of the request
    • Time zone difference from Greenwich Mean Time (GMT)
    • Content of the request (specific page)
    • Access status/HTTP status code
    • amount of data transferred in each case
    • Website from which the request comes
    • Browser
    • Operating system and its interface
    • Language and version of the browser software.

    This data is also stored in log files. They are deleted when their storage is no longer necessary, at the latest after 14 days.

    3.2.  Web Hosting and Provision of the Website

    Our website is hosted by Shopify. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. In doing so, the provider processes personal data transmitted via the website, e.g. content, usage, meta/communication data or contact data, in the EU. Further information can be found in the provider's privacy policy at https://www.shopify.de/legal/datenschutz.

    It is our legitimate interest to provide a website, so the legal basis of the described data processing is Art. 6 para. 1 p. 1 lit. f DSGVO.

    Shopify CDN

    We use the content delivery network Shopify CDN. The provider is Shopify International Limited, Victoria Buildings, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland (hereinafter "Shopify").

    Shopify CDN is a globally distributed content delivery network. This technically routes the transfer of information between your browser and our website through the Content Delivery Network. This allows us to increase the global accessibility and performance of our website.

    The use of Shopify CDN is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6 para. 1 lit. f DSGVO).

    Order processing

    We have concluded an order processing agreement (AVV) with the above-mentioned provider. This is a contract required by data protection law, which ensures that this provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the DSGVO.

    3.3.  Contact form

    When contact is made via the contact form on our website, we store the data requested there and the content of the message.
    The legal basis for the processing is our legitimate interest in answering inquiries directed to us. The legal basis for the processing is therefore Art. 6 para. 1 p. 1 lit. f DSGVO.

    We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal retention obligations.

    3.4. Bewertungen

    Page viewers can leave reviews on our website for our goods, services or generally about our company. For this purpose, we process meta data or communication data in addition to the data entered. We have a legitimate interest in receiving feedback from site visitors about our offerings. Therefore, the legal basis for data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Insofar as we use a tool from a third-party provider for the agreement, the information on this can be found under "Third-party providers".

    3.5. Customer account

    Visitors to the website can open a customer account on our website. We process the data requested in this context based on the consent of the site visitor. The legal basis for the processing is therefore Art. 6 para. 1 p. 1 lit. a DSGVO.

    The consent can be revoked at any time, e.g. via the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation. If consent is revoked, we will delete the data unless we are obliged or entitled to continue storing it.

    3.6. Offer of goods

    We offer goods via our website. In doing so, we process the following data as part of the order:

    Delivery address, optional billing address, telephone, e-mail address, marketing opt-in, payment data.

    The processing of the data takes place for the performance of the contract concluded with the respective site visitor (Art. 6 para. 1 p. 1 lit. b DSGVO).

    We pass on the aforementioned data to the following service providers, insofar as this is necessary in the context of the order:

    Klaviyo, WeClapp, shipping service providers (DHL or DPD) and the respective payment service provider.

    The legal basis of the processing is Art. 6 para. 1 p. 1 lit. b DSGVO, as it is necessary for the performance of the contract.

    3.7. Payment service provider

    For the processing of payments, we use payment processors that are themselves data controllers within the meaning of Art. 4 No. 7 DSGVO. Insofar as they receive data and payment data entered by us in the ordering process, we thereby fulfill the contract concluded with our customers (Art. 6 para. 1 p. 1 lit. b DSGVO).

    These payment service providers are:

    • larna Bank AB (publ), Sweden ("Klarna Sofort").
    • PayPal (Europe) S.à r.l. et Cie, S.C.A., Luxembourg
    • Shopify Inc, Canada (for Shop Pay)
    • Stripe Payments Europe, Ltd, Ireland

    3.8. Technically necessary cookies

    Our website sets cookies. Cookies are small text files that are stored in the web browser on the end device of a site visitor. Cookies help to make the offer more user-friendly, effective and secure. Insofar as these cookies are necessary for the operation of our website or its functions (hereinafter "Technically Necessary Cookies"), the legal basis for the associated data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. We have a legitimate interest in providing customers and other site visitors with a functional website.


    Specifically, we set technically necessary cookies for the following purpose or purposes:

    • Cookies that adopt language settings,
    • Cookies that save the shopping cart,
    • Cookies that store log-in data, and
    • Cookies that payment providers set for payment processing and do not analyze user behavior.

    3.9. third-party providers

    3.9.1. ​Shopify​

    We use Shopify to maintain an online store. The provider is Shopify International Limited, Victoria Buildings, 2nd Floor, 1-2 Haddington Road, Dublin 4, D04 XN32, Ireland. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU.

    The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

    The data will be deleted when the purpose of its collection has ceased to apply and there is no obligation to retain it. Further information is available in the provider's privacy policy at https://www.shopify.de/legal/datenschutz.

    3.9.2. Thinkific

    We use Thinkific to deliver our online courses and training. The provider is Thinkific Labs Inc, #400 - 369 Terminal Ave, Vancouver, BC, V6A 4C4, Canada. In case of a booking of one or more of our online courses, a transmission of your customer data (name, e-mail address) to Thinkific is required in order to automatically create a Thinkific account for you. Information about the processing of your data by Thinkific can be found here: https://www.thinkific.com/privacy-policy/

    The legal bases of the processing are Art. 6 para. 1 p. 1 lit. a DSGVO, Art. 6 para. 1 lit. b (execution of order transactions) and c (legally required archiving) DS-GVO. In this context, the information marked as required is necessary for the justification and fulfillment of the contract. We disclose the data to third parties only in the context of delivery, payment or in the context of legal permissions and obligations to legal advisors and authorities. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

    3.9.3. GoAffPro

    We use GoAffPro to provide an affiliate program. The provider is GoAffPro.com, 16, Sector 20, Haryana, India. The provider processes meta/communication data (e.g. device information, IP addresses) in the EU. Details of this can be found at https://goaffpro.com/policies/compliance.

    Die Nutzung von GoAffPro ermöglicht es uns, ein Affiliate-Programm zu nutzen, d.h., Provisionen oder sonstige Vorteile für Nutzer (bezeichnet als “Affiliates“) anzubieten, die auf unsere Angebote und Leistungen verweisen. Dieser Verweis erfolgt mittels eines dem jeweiligen Affiliate zugeordneten Link oder anderer Methoden (z.B. Rabatt-Codes), die es uns erlauben, zu identifizieren, dass die Inanspruchnahme unserer Leistungen auf dem Verweis beruhte.

    Um nachverfolgen zu können, ob die jeweiligen Nutzer unsere Leistungen aufgrund der von den Affiliates eingesetzten Affiliate-Links wahrgenommen haben, ist es notwendig, dass wir erfahren, dass die Nutzer einem Affiliate-Link gefolgt sind. Die Zuordnung der Affiliate-Links zu den jeweiligen Geschäftsabschlüssen oder zur sonstigen Inanspruchnahme unserer Leistungen dient alleinig dem Zweck der Provisionsabrechnung und wird aufgehoben, sobald sie für den Zweck nicht mehr erforderlich ist.

    The use of GoAffPro allows us to use an affiliate program, i.e., to offer commissions or other benefits to users (referred to as "affiliates") who refer to our offers and services. This referral is made by means of a link or other methods (e.g., discount codes) associated with the particular Affiliate that allow us to identify that the use of our services was based on the referral.

    In order to be able to track whether the respective users have used our services based on the affiliate links used by the affiliates, it is necessary that we learn that the users have followed an affiliate link. The assignment of the affiliate links to the respective business transactions or other use of our services is solely for the purpose of commission accounting and will be cancelled as soon as it is no longer necessary for the purpose.

    For the purposes of the aforementioned assignment of the affiliate links, these can be extended by certain values that are a component of the link or can be stored otherwise, e.g. in a cookie. The values may include, in particular, the source website (referrer), the time, an online identifier of the operator of the website on which the affiliate link was located, an online identifier of the respective offer, the type of link used, the type of offer and an online identifier of the user. Further information is available in the provider's privacy policy at https://goaffpro.com/privacy.

    The legal basis of the processing is Art. 6 para. 1 p. 1 lit. a DSGVO. The processing is based on consent. Data subjects may revoke their consent at any time by contacting us, for example, using the contact details provided in our privacy policy. The revocation does not affect the lawfulness of the processing until the revocation.

    3.9.4. Google

    ​Google Webfonts​

    This site uses so-called web fonts provided by Google for the uniform display of fonts. The Google Fonts are installed locally. A connection to Google servers does not take place.

    Further information on Google Web Fonts can be found at  https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.