top of page

Privacy Policy

Flex UG (haftungsbeschränkt)
Last updated: 21 February 2026

1. Controller

The controller responsible for data processing on this website is:

Flex UG (haftungsbeschränkt)
Eversbuschstr. 15
80999 Munich
Germany

Represented by the managing directors:
T. Hess
M. Epplen

Commercial Register: HRB 303725

Email: foodforflexitarians@gmail.com

To exercise your data protection rights, a simple notification to the above email address is sufficient.

2. General Information on Data Processing

We process personal data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

Personal data means any information relating to an identified or identifiable natural person.

3. Categories of Data Processed

Depending on how you use our website and online shop, we may process:

  • Identity data (e.g., name, address)

  • Contact data (e.g., email address, phone number)

  • Contract data (e.g., orders, payment details)

  • Content data (e.g., form entries)

  • Usage data (e.g., visited pages, interactions)

  • Meta/communication data (e.g., IP address, device information)

4. Purposes of Processing

We process personal data for the following purposes:

  • Providing and operating our online shop

  • Processing orders and deliveries

  • Handling payments

  • Customer service

  • Security and fraud prevention

  • Marketing and analytics (subject to consent)

  • Newsletter distribution

  • Communication with users

5. Legal Bases for Processing

Processing is based on:

  • Art. 6(1)(a) GDPR – Consent

  • Art. 6(1)(b) GDPR – Performance of a contract

  • Art. 6(1)(c) GDPR – Legal obligation

  • Art. 6(1)(f) GDPR – Legitimate interests

6. Hosting & Website Operation (Wix)

Our website is hosted and operated using the platform:

Wix.com Ltd.
Nemal St. 40
6350671 Tel Aviv
Israel

Wix provides the technical infrastructure (hosting, databases, shop functionality).

The following data may be processed in this context:

  • IP address

  • Browser type

  • Operating system

  • Date and time of access

  • Referrer URL

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and efficient operation of our website).

7. Payment Service Providers

To process payments, we transfer necessary data to:

  • PayPal (Europe) S.à r.l. et Cie, S.C.A.

  • Credit card providers

  • Apple Pay

  • Google Pay

Processing is carried out for contract performance pursuant to Art. 6(1)(b) GDPR.

We do not store full payment details.

8. Shipping Service Providers

For the delivery of goods, we transfer name and shipping address to logistics providers.

Legal basis: Art. 6(1)(b) GDPR.

9. Cookies

We use cookies to provide our website and – subject to consent – for analytics and marketing purposes.

Essential Cookies

These are necessary for:

  • Shopping cart functionality

  • Login

  • Security

  • Language preferences

Legal basis: Art. 6(1)(f) GDPR.

Analytics and Marketing Cookies

These are only set after your explicit consent.

Legal basis: Art. 6(1)(a) GDPR.

Cookies may remain stored for up to 24 months unless deleted earlier by the user.

10. Cookie Consent Management

We use a cookie consent management tool that allows users to manage and withdraw consent at any time.

Your consent is logged and stored for compliance purposes.

11. Newsletter

Our newsletter is sent exclusively on the basis of your consent (double opt-in procedure).

We store:

  • Email address

  • Registration timestamp

  • IP address at the time of registration

Newsletter Tracking

Our newsletters may contain tracking technologies (e.g., web beacons) that allow us to measure:

  • Open rates

  • Click-through rates

  • Time of access

This tracking is carried out exclusively on the basis of your consent.

You may withdraw your consent at any time by clicking the unsubscribe link in any newsletter email.

12. Online Marketing & Analytics

We may use analytics and marketing services (e.g., Google Analytics).

Data processed may include:

  • Usage data

  • Shortened/anonymized IP addresses

  • Device information

Tracking for marketing purposes occurs only after consent.

Where possible, IP masking (pseudonymization) is used.

13. International Data Transfers

Personal data may be transferred to countries outside the European Union or European Economic Area, including the United States.

This may affect:

  • Payment providers

  • Marketing platforms

  • Social media providers

  • Hosting infrastructure

Transfers are carried out based on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission

  • Adequacy decisions (where applicable)

Please note that third countries may not provide a level of data protection equivalent to that of the EU.

14. Social Media

We maintain online presences on:

  • Instagram

  • Facebook

  • Twitter

When interacting with our social media pages, data may be processed by the respective platform providers.

Further information can be found in the privacy policies of the respective providers.

15. Data Retention

Personal data will be deleted once the purpose of processing ceases to apply, unless statutory retention obligations require longer storage.

Commercial and tax law retention periods remain unaffected.

16. Rights of Data Subjects

Under Art. 15–21 GDPR, you have the right to:

  • Access your personal data

  • Rectification of inaccurate data

  • Erasure of data

  • Restriction of processing

  • Data portability

  • Object to processing

  • Withdraw consent at any time

You also have the right to lodge a complaint with a supervisory authority.

To exercise your rights, please contact:
foodforflexitarians@gmail.com

17. Changes to this Privacy Policy

We reserve the right to amend this Privacy Policy where necessary due to legal changes or modifications in our data processing activities.

bottom of page