data protection and privacy
.svg)
order processing agreement (AVV)
We conclude a data processing agreement with all our customers in accordance with the GDPR guidelines in order to contractually record the processing of personal data. The purpose of data processing, type of data, groups of people affected, Flexopus subcontractors and the rights of the data subjects are recorded in this contract.
ISO 27001
Flexopus has been certified by TÜV Rheinland according to ISO27001:2022. The certification ensures a standardized and maintained information security management system (ISMS).
Hosted in Germany (EU)
Your data is safe with us. Flexopus is operated exclusively on Hetzner servers in the Federal Republic of Germany, so your data will never leave the country under any circumstances. Hetzner is ISO 27001 certified, which meets the highest requirements for IT security procedures and information security management systems.
GDPR compliant
Flexopus complies with the GDPR guidelines and in particular consistently implements the following guidelines:
- Conclusion of AV contracts (order processing) in accordance with. Art. 28 para. 3 GDPR
- Anonymization and no purposeless storage of personal and personal data
- No data exchange with third parties or data transfers across national borders
- Regular training of all employees in data protection, data security and privacy
- Continuous development of security standards in the form of audits and the adaptation of our documentation, processes, structures or functionalities as well as technical and organizational measures
Flexopus is developed according to the concepts of "privacy by default" and "privacy by design" and therefore takes data protection into account from start to finish.
Purpose-bound data storage
The stored personal data will only be used for the intended purpose.
data anonymization
With Flexopus you determine after which period of time personal data is anonymized or removed from the system. However, you will still retain booking details such as the start and end times of a booking for capacity analysis.
However, these can no longer be traced back to a specific person. This way, you can keep track of the utilization of available resources to optimize your office while protecting your employees' sensitive data.
Encrypted data transfer
The data is encrypted during transmission using the TLS method, which is also used for online shopping or online banking. The integrity of the encryption can be verified here (https://www.ssllabs.com/ssltest/analyze.html?d=demo.flexopus.com).
privacy of employees
With Flexopus you decide whether bookings for workstations or other objects should be visible to all employees in your company or not. While we recommend this in a collaborative corporate environment, in special cases it may make sense to let users decide for themselves whether the booked seat is visible to others.
backups with data-at-rest encryption
Flexopus is a cloud solution hosted on a dedicated server. Our customers’ databases are backed up daily. Backups are stored for 30 days with data-at-rest encryption on a location-independent server in Germany. The data will then be deleted.
Audits & Penetration tests
Our development team ensures that the application is developed release by release by adhering to internal security policies:
- Internal manual audits
Four-eyes principle during development, code reviews, functional testing, security audits by our experts - Internal automated audits
Code analyses, system logs, application logs, logging, code quality checks - External audits / penetration tests
Thanks to our customers, the software is audited by an independent third party at irregular intervals, but at least twice a year. Penetration tests are carried out by our customers as part of the usual assessment and approval process.
Careful selection of suppliers
Flexopus pays particular attention to data protection and reliability when selecting subcontractors. We only select subcontractors from the EU:
- Server Provider: Hetzner Online GmbH
The application is hosted on a dedicated server cluster in Falkenstein. Our backup infrastructure is set up in Nuremberg. - SMTP Provider
We use RapidMail, based in Germany, as our primary SMTP provider. As a secondary SMTP provider we use MailJet based in France. - Development team
The developers and software subcontractors are based exclusively in the EU.
further development of security
The application is constantly checked for security through internal and external audits. As part of our ongoing development, potential security vulnerabilities and features for improving data protection at the infrastructure level and the application itself are improved release by release. Release notes are published continuously to provide greater transparency to our customers.
The open source components used are updated regularly. A list of the open source components used is provided in the application for administrators.
privacy policies
Use our privacy policy, which is generated automatically, or upload your own document. You should also decide whether you want to require confirmation of consent from all employees.
contracts under German law
The company Flexopus GmbH is headquartered in Stuttgart, Germany. Contracts are concluded exclusively under German law. Made in Germany. Hosted in Germany.
