Privacy

Privacy policy

As of 21 May 2026

This English version is provided for convenience only. The German version at the corresponding German URL is authoritative and legally binding.

1. Privacy Policy at a Glance

General Information

The following information provides a simple overview of what happens to your personal data when you visit this website or use my support ticket system. Personal data is any data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to the privacy policy listed below this text.

Data Collection on This Website

Who is responsible for the data collection on this website?

Data processing on this website is carried out by the website operator. You can find their contact details in the section "Responsible Party" in this privacy policy.

How do I collect your data?

Your data is collected, on the one hand, by you providing it to me. This can be, for example, data that you enter into a contact form, provide during registration for my support ticket system, or include in support tickets.

Other data is collected automatically or with your consent when you visit the website through my IT systems. This is primarily technical data (e.g. internet browser, operating system or time of the page request). This data is collected automatically as soon as you enter this website.

What do I use your data for?

Part of the data is collected to ensure the error-free provision of the website and the support ticket system. Other data may be used to analyse your user behaviour. Data from contact forms and the support ticket system is used by me exclusively to process your enquiries and to provide my support service.

2. Hosting and Web Space

Hosting of This Website (flexary.de)

The content of this website is hosted with an external service provider. The personal data collected by this provider is stored on servers in Germany. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The use is carried out for the purpose of fulfilling contracts with my potential and existing customers (Art. 6 (1) (b) GDPR) and in the interest of a secure, fast and efficient provision of my online offering through a professional provider (Art. 6 (1) (f) GDPR).

Web Space for Customer Projects (Web Development)

When I develop a website or web application for you, I make the project available on a web space managed by me during development, for testing purposes and for acceptance. The servers are located in Germany. Personal data collected by visitors or users of your project — for example via contact forms, registrations or other functions provided by the project — may be processed on this web space.

The provision is made for the performance of the contract concluded with you or pre-contractual measures (Art. 6 (1) (b) GDPR). As long as the agreed fee has not been paid in full, the project remains on my web space; the source files are only handed over after full payment (see also my General Terms and Conditions).

After full payment you have the choice: migration of the project to a hosting provider of your choice (technical implementation by me on request) or continued operation on my managed web space. The latter is provided as a subordinate ancillary service within the scope of a code maintenance agreement at no additional charge and ends with this agreement; I do not offer a standalone hosting contract without code maintenance. In the case of a migration, the data stored on my web space is transferred accordingly or — after completion of the migration and expiry of any backup periods — deleted, provided that no statutory retention obligations preclude this.

Data processing on behalf (Art. 28 GDPR): If, within the scope of your project, I process personal data not for my own purposes but exclusively in accordance with your instructions and on your behalf (e.g. contact enquiries via your website, customer data in an application developed by me), I am a data processor to that extent. You generally remain the controller of the data of your website users or customers. A data processing agreement (DPA) will be concluded before the relevant processing begins, if required.

Domain: The domain is generally registered directly with a registrar of your choice; the ongoing fees and contractual relationship exist between you and the registrar. On request, I will support you with the technical setup.

3. Responsible Party

The responsible party for data processing on this website is:

flexary.de
Brand name: flxry
Owner: Rico Danne
Enkircher Weg 25
59425 Unna
Germany
Email: datenschutz@flexary.de
Tax number: 316/5049/4167

The responsible party is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, email addresses, etc.).

4. Data Collection on This Website

Server Log Files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

This data is not merged with other data sources.

The collection of this data is based on Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of his website — for this purpose, the server log files must be recorded.

Contact Form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact data you provide there, will be stored by us for the purpose of processing the enquiry and in case of follow-up questions. We do not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) (b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective handling of the enquiries addressed to us (Art. 6 (1) (f) GDPR) or on your consent (Art. 6 (1) (a) GDPR) if this has been requested.

The data you enter in the contact form will remain with us until you request us to delete it, withdraw your consent to its storage, or the purpose for storing the data no longer applies (e.g. after we have finished processing your enquiry). Mandatory statutory provisions — in particular retention periods — remain unaffected.

5. Support Ticket System

Customer Accounts and Registration

Customer accounts can be created for the use of my support ticket system. During registration, the following personal data is collected and stored:

  • Full name
  • Email address
  • Username
  • Company name (optional)
  • Phone number (optional)
  • Encrypted password

The processing of this data is based on Art. 6 (1) (b) GDPR for the performance of the support contract relationship. The data is stored for as long as the customer account exists or until you request us to delete it.

Support Tickets

When support tickets are created, the following data is processed:

  • Ticket number (automatically generated)
  • Subject and description of the issue
  • Customer data (name, email, phone)
  • Category and priority of the ticket
  • Timestamps of creation and processing
  • Ticket status
  • SLA deadlines and status

The processing is based on Art. 6 (1) (b) GDPR for the performance of the support contract relationship. Tickets are automatically archived after processing is completed and closed after 30 days.

Ticket Comments and Communication

All messages and comments within support tickets are stored, including:

  • Author (name and email)
  • Comment content
  • Timestamps
  • Internal notes (visible only to support staff)

This data is processed for the purpose of handling your enquiries and documenting the support services provided (Art. 6 (1) (b) GDPR).

File Uploads

Files can be uploaded as part of support tickets. Permitted file types are: JPG, JPEG, PNG, GIF, PDF, DOC, DOCX, TXT, ZIP, RAR. The maximum file size is 5 MB.

Uploaded files are:

  • Stored in a secure directory
  • Linked to the corresponding ticket
  • Accessible only to authorised persons
  • Automatically removed when the ticket is deleted

The processing is based on Art. 6 (1) (b) GDPR for the effective handling of your support enquiries.

Email Notifications

My support ticket system sends automatic email notifications for:

  • Creation of new tickets
  • Status changes of tickets
  • New comments or replies
  • Account creation and password reset
  • Data changes

Emails are sent via SMTP servers or the PHP mail() function. All emails are logged and stored for debugging purposes. The logs are automatically deleted after 30 days.

The processing is based on Art. 6 (1) (b) GDPR for the performance of the support contract relationship.

hCaptcha Security System

To prevent automated attacks, I use hCaptcha in two places:

  • Contact form: hCaptcha is displayed immediately for all guests (users who are not logged in)
  • Login area: hCaptcha is only activated after 5 failed attempts

hCaptcha collects:

  • IP address of the user
  • Browser information
  • Interaction data with the captcha

Data processing is carried out by hCaptcha Inc. in accordance with their privacy policy. The use is based on our legitimate interest in the security of our system (Art. 6 (1) (f) GDPR).

The login attempt count is stored locally in my database and automatically reset after 1 hour.

Automated Processes (Cron Jobs)

My system performs automated tasks that involve the following data processing:

  • Ticket cleanup: Automatic closing of old tickets after 30 days
  • Email notifications: Sending status updates and reminders
  • SLA monitoring: Review of service level agreements and deadlines
  • Login attempt counting: Cleanup of old login attempts

These automated processes serve the proper administration of the support system and are based on Art. 6 (1) (b) GDPR.

6. External Services and Content

Google Fonts

This site uses so-called Google Fonts provided by Google for the consistent display of fonts. When you access a page, your browser loads the required web fonts into its browser cache in order to display text and fonts correctly. For this purpose, your browser must establish a connection to Google's servers. As a result, Google becomes aware that this website has been accessed via your IP address.

The use of Google Fonts is in the interest of a uniform and appealing presentation of our online offering. This constitutes a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

The transfer of data to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://policies.google.com/privacy/frameworks.

For more information about Google Fonts, please visit https://developers.google.com/fonts/faq and Google's privacy policy: https://policies.google.com/privacy?hl=de.

Content Delivery Networks (CDN)

We use Content Delivery Networks (CDN) to deliver certain website content (e.g. icons, JavaScript libraries, fonts). In doing so, your IP address and technical data are transmitted to the servers of the CDN providers in order to ensure fast and reliable delivery of the content.

The use is based on our legitimate interest in a secure and efficient provision as well as the optimisation of our online offering in accordance with Art. 6 (1) (f) GDPR.

The transfer of data to CDN providers is based on standard contractual clauses of the EU Commission or other appropriate safeguards for third countries.

7. Cookies and Tracking

This website only uses cookies to the extent that is technically necessary. Technically necessary cookies are set automatically and are required for the operation of the website. These cookies are stored on the basis of Art. 6 (1) (f) GDPR, as we have a legitimate interest in the technically error-free provision of our website.

When using Google Fonts, CDN services and hCaptcha, technical cookies may be set that are necessary for the proper display of the content and for security.

Session cookies are used for logging into the support area and are automatically deleted when the browser is closed.

8. Your Rights as a Data Subject

Within the framework of the applicable statutory provisions, you have the right at any time to free information about your stored personal data, its origin and recipients, and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the legal notice.

Right of Access

You have the right to request confirmation as to whether data concerning you is being processed, and to information about this data, as well as further information and a copy of the data in accordance with the statutory provisions.

Right to Rectification

In accordance with the statutory provisions, you have the right to request the completion of data concerning you or the correction of incorrect data concerning you.

Right to Erasure and Restriction of Processing

In accordance with the statutory provisions, you have the right to request that data concerning you be deleted without delay, or alternatively, in accordance with the statutory provisions, to request a restriction of the processing of the data.

Right to Data Portability

You have the right to receive data concerning you that you have provided to us in a structured, commonly used and machine-readable format in accordance with the statutory provisions, or to request its transmission to another controller.

Right to Object

You have the right to object to the processing of your personal data, in particular if the processing is based on Art. 6 (1) (f) GDPR.

Right to Lodge a Complaint with a Supervisory Authority

You also have the right, in accordance with the statutory provisions, to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data concerning you violates the GDPR.

9. Storage Duration

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies. If you assert a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted, unless we have other legally permissible reasons for storing your personal data (e.g. tax or commercial retention periods); in the latter case, the deletion will take place after these reasons no longer apply.

Specific Storage Periods

  • Support tickets: 30 days after completion, then automatic archiving
  • Customer accounts: Until deletion by the customer or after 2 years of inactivity
  • Email logs: 30 days, then automatic deletion
  • Login attempts: 1 hour, then automatic reset
  • File uploads: Until the corresponding ticket is deleted
  • Server logs (this website): 90 days, then automatic deletion
  • Data on web space for customer projects: As long as the project is operated on my web space and the contract or agreed maintenance is in place; after migration or termination of the contract, deletion or handover by agreement, provided that no statutory retention obligations preclude this

10. Data Security

We use technical and organisational security measures to protect your data against manipulation, loss, destruction or access by unauthorised persons. Our security measures are continuously improved in line with technological developments.

Security Measures in Detail

  • Encryption: All passwords are stored encrypted using bcrypt
  • HTTPS: All data transfers take place via encrypted connections
  • Session management: Secure session management with automatic timeout
  • Brute-force protection: hCaptcha integration after failed login attempts (from 5 attempts)
  • Bot protection: hCaptcha integration in the contact form for all guests
  • File upload protection: Validation of file types and sizes
  • SQL injection protection: Use of prepared statements

11. Changes to This Privacy Policy

We reserve the right to adapt this privacy policy so that it always complies with the current legal requirements or in order to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply for your next visit.