Skip to main content

Privacy policy

Status: 09.08.2022

In the following, we inform you in accordance with the applicable data protection regulations about which personal data we or service providers we use in the context of

  • of your visit to our website,
  • our social media presences
  • the use of the contact form,
  • of job advertisements,
  • of the newsletter dispatch

(hereinafter collectively “Website”), for what purposes we use this data and how we use it to optimize our services for you, as well as about your rights as a data subject.

A. General

1. responsible person, data protection officer

a) The responsible Controller pursuant to Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is
Nicholas Otto Street 18
D-52428 Jülich
Fon: +49 2461 – 9777 – 305 (Not for Wave Support)
Fax: +49 2461 – 9353 – 20
hereinafter referred to as “”5FLOW”, “we” or “us”. Further information about the provider can be found in our imprint.
b) You can reach the data protection officer of 5FLOW GmbH by e-mail:,
Tel. +49 7621 5705398 or by post at the above address with the addition “attn. data protection officer”.

2. types of data processed, categories of data subjects

2.1 Nature of the data processed

  • Contact details (e.g., email, phone numbers)
  • Content data (e.g., text input, photographs, videos)
  • Usage data (e.g., web pages visited, interest in content, access times).
  • Communication data and history
  • Consent Management
  • Meta/communication data (e.g., device information, IP addresses)
  • Tracking data
  • Reach measurement

2.2 Categories of affected persons

  • Visitors and users of the website and online offers
  • Customers, prospects and business partners
  • Applicant
  • Other communication partners

(Hereafter, we also refer to the data subjects collectively as “Users”).

3. purpose of processing

We use your personal data

  • in the provision of the website and the online offer, its functions and contents,
  • to manage users’ consent to the processing of their data,
  • for responding to contact requests and communication with users,
  • on security measures,
  • for range measurement
  • For the purposes of direct marketing, e.g. in the form of personalized advertisements, an e-mail newsletter or postal advertising, surveys, invitations to events
  • for the purpose of product and service satisfaction surveys and analysis of these

4. provision of the website and log files

(1) During the mere informational use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser automatically transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 lit. f) GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference from Greenwich Mean Time (GMT)
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • Data volume transferred in each case
  • Web page from which the request comes
  • Browser
  • Operating system and its interface
  • Language and version of the browser software

(2) The IP addresses of the users are deleted or anonymized after termination of use. In the case of anonymization, the IP addresses are changed in such a way that the individual information about personal or factual circumstances can no longer be assigned to a specific or identifiable natural person or can only be assigned to a specific or identifiable natural person with a disproportionate amount of time, cost and effort

5. cookies

(1) In addition to the aforementioned log files data, cookies are stored on your computer when you use our website. Cookies are small text files that are assigned to the browser you are using and stored on your hard drive and through which the body that sets the cookie (in this case by us) receives certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the Internet offer as a whole more user-friendly and effective.

(2) Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Session cookies (for this b)
  • Persistent cookies (in addition c)

b) Session cookies store a so-called session ID, with which various requests from your browser can be assigned to the joint session. Session cookies are deleted when you log out or close the browser. If you restart your browser and go back to the website, the website will not recognize you. You will need to log in again (if a login is required) or reset templates and preferences if the website offers these features. Then a new session cookie is generated, which stores your information and remains active until you leave the site again and close your browser.
c) Persistent cookies are automatically deleted after a specified duration, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

(3) For what purposes do we use cookies?

We use cookies to personalize content and ads, provide social media features, and analyze traffic to our website. We also share information about your use of our website with our social media, advertising, and analytics partners (third-party vendors). Our partners may combine this information with other data that you have provided to them or that they have collected as part of your use of the Services. This occurs if you have consented to the processing of their data by us or the third-party provider.

Basic Information

Purpose Description Storage duration
Technically necessary cookies Technically necessary cookies enable the use of our website by providing basic functions such as page navigation and access to secure areas of the website. Visiting our website cannot function properly without these cookies. Session cookies - are deleted when the browser is closed.
Performance (e.g., user's browser), rendering, and preferences. When using our website, cookies are used (e.g. to recognize the browser) to improve performance (e.g. faster loading of content). When you visit our website, the determined or self-selected country and language selection is stored in cookies to save you from having to select again on subsequent visits. In advance, we check whether your browser supports cookies and this information is stored in another cookie. Subsequently, you will be shown countryand lang age-specific localized contact information, which will also be stored. The legal basis for this is the consent given to us Art. 6 para. 1 lit. a) GDPR Session cookies - are deleted when the browser is closed.
Analysis cookies (statistics) We use third-party analytics cookies to understand how visitors use our site. This helps us improve the quality and content on our site. The aggregate statistical information includes data such as total number of visitors. For example, we learn how often and in what order each page was viewed and how much time visitors spend on our pages on average. We also learn whether users have already visited our website at an earlier time. The legal basis for this is consent given to us (Art. 6 (1) a) GDPR). For more information, see point 12 (web analytics services). Persistent cookies - remain, but are automatically deleted after 26 months if the website has not been visited again, unless shorter periods apply in individual cases.
Advertising cookies (marketing) We use advertising cookies to assess the efficiency of our advertising measures and to derive optimizations from them. The legal basis for this is the consent given to us (Art. 6 para. 1 lit. a) GDPR). Persistent cookies - remain, but are automatically deleted after 26 months if the website has not been visited again, unless shorter periods apply in individual cases.

(4) Control over cookies

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. When deactivating cookies, the functionality of this website may be limited.

(5) Legal basis

See section B.

6. contact

(1) Our website contains a contact form that allows you to contact us electronically in an easy and uncomplicated way. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. The corresponding data, in particular personal data, address data, contact data and messages (free text field) are directly visible on the respective input mask. At the time of sending, the following data is also stored:

  • The IP address of the user
  • Date and time of sending the form

(2) For the processing of data, reference is made to this privacy policy in the context of the sending process. Alternatively, it is possible to contact us via the e-mail addresses provided. In this case, the personal data of the user transmitted with the e-mail will be stored. The data will be used exclusively for processing the request.

(3) We use Google reCAPTCHA to prevent misuse of the contact form. Details on data processing by Google can be found in section B. .

(4) The legal basis for the processing of data transmitted in the context of the use of the contact form or in the course of sending an e-mail, is Art. 6 para. 1 lit. f) GDPR. If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

(5) The processing of personal data from the input mask serves us solely to process the contact. In the case of contact by e-mail, this also constitutes the necessary legitimate interest in processing the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

(6) It is possible to contact us via the e-mail addresses provided on the website. In this case, the user’s personal data transmitted with the e-mail will be stored. The data will be used exclusively for the processing of the request. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 (1) lit. f) GDPR. If the e-mail contact aims at the conclusion of a contract, the legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.

(7) The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. For the personal data from the input mask of the contact form and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is ended when it is clear from the circumstances that the matter in question has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

(8) Notwithstanding para. 3, the following shall apply: Contact requests from customers that relate to a specific business transaction shall be stored as long as this is necessary for the execution and processing of the contract (Art. 6 para. 1 lit. b) GDPR) or due to statutory retention obligations (Art. 6 para. 1 lit. c) GDPR). Contact requests from customers that do not relate to a specific business transaction are stored as long as the business relationship exists. The legal basis is Art. 6 para. 1 lit. f) GDPR to protect our legitimate interests and those of the customer, in particular support and quality assurance. Customers can object to the processing at any time in individual cases.

7. newsletter

(1) With your consent, you can subscribe to our email newsletter (hereinafter referred to as “Newsletter“), which we use to inform you about our products, promotions, promotions and events.

(2) For the registration to our newsletter subscription, we use the so-called double-opt-in procedure. This means that after your registration, we will send you an email to the email address you provided, in which we ask you to confirm that you wish to receive the newsletter. If you do not confirm your registration within 14 days, your information will be automatically deleted. In addition, we store your IP addresses used for registration and confirmation and the times of registration and confirmation. The purpose of this procedure is to prove your registration and, if necessary, to be able to clarify a possible misuse of your personal data.

(3) Mandatory information for sending the newsletter is only your e-mail address. The provision of further information is voluntary and will be used to address you personally. After your confirmation, we store your e-mail address for the purpose of sending the newsletter.

(4) The legal basis for the above processing operations in the context of the newsletter subscription is your consent pursuant to Article 6(1)(a) GDPR.

(5) You can revoke your consent to the sending of the newsletter at any time by unsubscribing. You can unsubscribe by clicking on the link provided in each newsletter email or by sending a message to the contact details mentioned above in section 1. of this privacy policy.

(6) The data you provide when registering for the newsletter will be deleted when you unsubscribe from the newsletter.

8. job postings (career)

(1) We advertise vacancies on our website. Applicants can apply directly on the website. Through the online mask you can enter your data (name, first name, email address, phone number and an individual message) and upload your resume. The legal basis is Art. 6 para. 1 l it. b) GDPR. Your online application data will be transmitted to the administration. Appropriate technical and organizational measures ensure that your personal data is treated confidentially.

(2) Please note that in the case of application by mail, the transmission of data is not encrypted and the data can be viewed or falsified by unauthorized persons. If you have applied for a specific position and it has already been filled, or if we consider you to be equally or even better suited for another position, we will be happy to forward your application within our company. The legal basis for this is Art. 6 para.1 lit. f) GDPR to protect your and our legitimate interests. Please inform us if you do not agree with this procedure. After completion of the application process, but after 6 months at the latest, your personal data will be automatically deleted, unless you expressly agree to longer storage.

(3) In addition, the General Data Protection Information for Employees and Applicants (mandatory information pursuant to Art. 13 GDPR) shall apply.

9. disclosure to third parties

(1) As part of the hosting of our website, your data processed by us is processed on the basis of a contract processing agreement.

(2) In the case of the use of web analytics services and third-party providers, the data is transmitted to the extent described herein.

10. storage period

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. We delete your personal data as soon as it is no longer required for the abovementioned purposes. In this context, personal data may be retained for the period during which claims can be asserted against our companies (statutory limitation periods of three or up to thirty years). In addition, we store your personal data to the extent that we are required to do so by law. Corresponding obligations to provide proof and to retain data result from commercial, tax and social security regulations, generally for 6 or 10 years.

11. automated decision making, profiling

(1) As a matter of principle, we do not use fully automated decisionfindings in accordance with Article 22 GDPR to establish and implement the business relationship.

(2) In order to provide you with targeted information and advice about our products, we or service providers may use web analysis tools, in particular tracking technology, on our behalf. These enable communication and advertising tailored to your needs. In this regard, we refer to section 12 Web analytics services.

B. Data processing by third parties

12. cookies and other technologies

12.1 Google Ads

(1) We use the online advertising program Google Ads from Google. Within the framework of Google Ads, we use conversion tracking. Google sets a cookie on your device if you have reached our website via a Google ad on an external website.

(2) Google provides us with statistical analyses using the information obtained through the cookies. We learn the total number of users who clicked on our ad(s) and were redirected to our website. Based on these evaluations, we can see which of the advertising measures used are particularly effective. We do not receive any further data; in particular, we cannot identify users on the basis of this information.

(3) We do not collect or process any personal data ourselves. By using Google Ads and conversion tracking, we pursue our interest in showing you advertising that might be of interest to you, in making our website more interesting for you and in being able to calculate advertising costs accordingly.

(4) Due to the use of conversion tracking, your browser automatically establishes a direct connection with the Google server. We have no influence on the scope and further use of the data collected by Google through the use of conversion tracking. We inform you according to our level of knowledge: Through the integration, Google receives the information that you have called up the relevant part of our website or clicked on an ad from us. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, Google receives your IP address and statistical information (browser type and version number, address of the previously visited website (referrer), date and time of the request) and the address of the pages that you call up from us.

(5)Google may transfer your personal data to Google group companies, such as Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

(6) The processing is based on your voluntarily given consent. The legal basis for this is Art. 6 (1) p. 1 lit. a) GDPR, Art. 49 (1) p. 1 lit. a) GDPR. You can revoke your consent at any time with effect for the future by changing the cookie settings in the Cookie Consent Manager.

(7) You can also prevent the setting of cookies at any time in various ways: a) by setting your browser accordingly, in particular the suppression of third-party cookies will result in you not receiving ads from third parties; b) by disabling cookies for conversion tracking by setting your browser to block cookies from the domain “” are blocked,; c) by disabling the interest-based ads of the providers that are part of the self-regulatory campaign “About Ads” at the link; d) by permanently disabling them in your browsers at the link We would like to point out that in this case not all functions of our website may be usable.

(8) For more information on the purpose and scope of data collection and processing by Google within the framework of Google Ads, please refer to Google’s privacy policy at and at There you will also receive further information on your rights in this regard and setting options for protecting your privacy.

12.2 Google reCAPTCHA

(1) We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on this website. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

(2) The purpose of reCAPTCHA is to check whether the data input on this website (e.g. in a contact form) is made by a human or by an automated program. For this purpose, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis begins automatically as soon as the website visitor enters the website or the query page. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, time spent by the website visitor on the website or mouse movements made by the user). The data collected during the analysis is forwarded to Google. The reCAPTCHA analyses run entirely in the background. Website visitors are not notified by Google that an analysis is taking place.

(3) Processing is carried out on the basis of Art. 6 (1) a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked voluntarily at any time. If you do not give your consent, you may not be able to use certain functionalities.

(4) For more information on Google reCAPTCHA, please refer to the Google Privacy Policy and the Google Terms of Service at the following links: and .

12.3 Google Fonts

(1) On our website we use Google Fonts. These are the “Google Fonts” of the company Google Inc. For the European area, the company Google Ireland Limited (Gordon House, Barrow Street Dublin 4, Ireland) is responsible for all Google services.

(2) The fonts are embedded locally on our servers and are not reloaded from Google servers when the website is called up. The Google fonts are licensed under the “SIL Open Font License, 1.1” or the “Apache License, version 0”,     see      Google’s           GitHub page ( says: “Since all the fonts available here are licensed with permission to redistribute, subject to the license terms, you can self-host. For help doing this, see”.

(3) The legal basis of the processing is the consent given to us (Art. 6 para. 1 lit. a) GDPR, § 25 TTDSG).

12.4 WordPress

(1) We use WordPress. WordPress is a free content management system. It was programmed from 2003 as software for weblogs and is permanently developed as an open source project.

(2) Provider of the WordPress Plug-in is Defiant. Defiant, Inc, Attn: Legal Department, 1700 Westlake Ave N Ste 200, Seattle, WA 98109,, Defiant’s Privacy Policy can be found here: Privacy Policy – Defiant

(3) What personal data is collected by Wordfence?

  • Email addresses of the administrators
  • IP addresses of the visitors
  • Proxy IP addresses of visitors
  • Visited URLs of the website
  • Complete HTTP header of the visitors
  • HTTP Body requests from visitors
(4) What is this data used for?

  • To provide the services (web security)
  • Continuous support of the plugin
  • Provision of information about other websites and services (advertising)
  • Accounting and other administrative purposes
(5) Who gets this personal data?

  • Defiant, Inc. (creator of the Wordfence plugin, USA)
  • Amazon Web Services, Inc. (sub-processor, USA)
  • Twilio (sub-processor, USA)
  • Freshworks (sub-processor, USA)
  • Mode Analytics (sub-processor, USA)
  • Google LLC (sub-processor, USA)
(6) How long will this personal data be stored?

  • As long as the service is used by the website
  • As long as subcontracted processors need the data for processing
  • Until the deletion of the data at the request of the person concerned

(7) The legal basis for processing is the consent given to us (Art. 6 para. 1 lit. a) GDPR. In addition, our legitimate interests according to Art. 6 para. 1 lit. f) GDPR: )

13. social media

13.1 General information

(1) 5FLOW is interested in presenting itself on social media channels, in being approachable for customers, service providers, other business partners, applicants and interested parties as well as in promoting topics and products via social networks. In addition to the respective provider of a social network, we also collect and process personal user data on our social media channels. For the respective data processing purposes and data categories, we refer to the individual social media channels, which are explained in more detail below.

(2) The data processing serves the following purposes in principle:

  • Communication with 5FLOW social media channel visitors;
  • Handle requests from our 5FLOW social media channel visitors; collect statistical information about the reach of 5FLOW social media channels;

The processing of your personal data is necessary for the achievement of these purposes.

(3) We integrate postings and recommendation functions from LinkedIn, Xing, YouTube on our site. These services are inactive by default, but they can be activated by the user. The services are mainly located in the USA, but are subject to the usual data protection rules in EU and EEA countries. For example, if you actively use a recommendation button on our site or read an article with an embedded post, YouTube video, general framework data such as your IP address may be transmitted back to the social networks and platforms by the embedding technology. We have no influence on how the platforms use the data, possibly also to create usage profiles. Please inform yourself directly about this at Facebook, YouTube, etc. and adjust your privacy settings there.

(4) In social networks and on other external platforms, the respective companies’ own privacy policies apply, even if we disseminate information and maintain presences there with our brands. The U.S. company provides us with its editorial system and general usage data, such as the number of views, duration of use, reader demographics, and the usernames of all contacts – you can read the network’s privacy rules here.

(5) You can find out about the data protection notices of the individual third-party providers under the following links:

13.2 LinkedIn

(1) The 5FLOW LinkedIn pages are operated on LinkedIn, a social network of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”). When you visit the 5FLOW LinkedIn pages, LinkedIn processes your personal data in accordance with their privacy policy, which can be found here.

(2) We process the following personal data:

  • Your LinkedIn username, as well as comments on our 5FLOW LinkedIn pages and messages you send to us through our 5FLOW LinkedIn pages.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

13.3 5FLOW on XING

(1) The 5FLOW XING pages are operated on Xin, a social network of XING SE, Dammtorstraße 30, 20354 Hamburg, Germany (“XING”). When you visit the 5FLOW XING Pages, XING processes your personal data in accordance with their privacy policy, which you can view here.

(2) We use the statistical information (the volume of interactions, statistics on age composition and the working relationships of our visitors) on the use of the 5FLOW XING pages provided by XING via its statistical service in anonymized form. Conclusions about individual users and access to individual user profiles by 5FLOW are not possible.

(3) We process the following personal data:

  • Your XING username as well as comments on our 5FLOW XING pages and messages you send us via our 5FLOW XING pages.
  • Your activity on our 5FLOW XING pages via the XING statistics service, e.g. the volume of interactions, statistics on age composition and the working relationships of our visitors.
  • Other information necessary to respond to requests from our visitors or to uniquely identify our visitors in our systems.

14. links to other websites

 (1) Our website may contain links to websites operated by third parties that are not covered by this Privacy Policy. These third party websites have their own privacy policies and may also use cookies or other tracking technologies. The respective operator or the person designated as responsible of the corresponding website is responsible.

(2) The links to external websites are checked by us before linking. However, we have no influence on whether their operators comply with data protection regulations. If we become aware of violations or infringements, we will remove the corresponding links.

C. Rights of the data subjects

15. your rights

If personal data is processed by you, you are a data subject within the meaning of the GDPR and you are entitled to the following rights against us as the controller.

a) Rights according to Art. 15 ff. GDPR

(1) The data subject shall have the right to obtain from the controller confirmation as to whether personal data concerning him or her are being processed; if this is the case, he or she shall have the right of access to such personal data and to the information specified in Article 15 of the GDPR. Under certain legal conditions, you have the right to rectification under Article 16 GDPR, the right to restriction of processing under Article 18 GDPR and the right to erasure (“right to be forgotten”) under Article 17 GDPR. In addition, you have the right to receive the data you have provided in a structured, common and machine-readable format (right to data portability) according to Article 20 GDPR, provided that the processing is carried out with the help of automated processes and is based on consent according to Article 6 (1) a) or Article 9 (2) a) or on a contract according to Article 6 (1) b) GDPR.

b) Revocation of consent pursuant to Art. 7 (3) GDPR

If the processing is based on consent, you can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

c) Right of appeal

You have the possibility to contact us or a data protection supervisory authority with a complaint (Article 77 GDPR).

In North Rhine-Westphalia, the responsible supervisory authority is: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, phone: 0211/38424-0, fax: 0211/38424-10, e-mail:

d) Right of objection according to Article 21 GDPR

In addition to the aforementioned rights, you have the right to object as follows:

Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Article 6 (1) sentence 1 lit. e) GDPR (data processing in the public interest) and Article 6 (1) sentence 1 lit. f) GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4 no. 4 GDPR.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Right to object to processing of data for advertising purposes

In individual cases, we process your personal data for the purpose of direct advertising. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

D. Final provisions

16. safety

(1) We have taken technical and organizational security measures in accordance with Art. 24, 32 GDPR to protect your personal data from loss, destruction, manipulation and unauthorized access. All our employees and all third parties involved in data processing are obliged to comply with the requirements of the GDPR and the confidential handling of personal data.

(2) SSL or TLS encryption: This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

17. changes to our privacy policy

We reserve the right to change our security and data protection measures, insofar as this becomes necessary due to technical development, the expansion of our services or legal changes. In these cases, we will also adapt our data protection declaration accordingly. Please therefore note the current version of our data protection declaration.