V1.4 (February 19, 2025)
This privacy policy, outlines and explains how we, as the data controller, collect, use, disclose and process your personal data. We are committed to handling all personal information in full compliance with applicable European and Austrian data protection laws.
MYFLEXBOX Austria GmbH
Warwitzstraße 8/2. OG
5023 Salzburg
Austria
support@myflexbox.at
Data Protection Officer
heyData GmbH,
Schützenstraße 5,
10117 Berlin
Germany
datenschutz@heydata.eu
We collect, process and use your personal data only in accordance with the GDPR and other applicable data protection laws and regulations. Please be aware that within the app (e.g. shipment data), we act as a (sub-)processor, handling your data on behalf of your contractual partner.
Your personal data is processed to enable the free use of the Going Forward app (in accordance with our contractual obligations under Art. 6 (1)(b) GDPR). The data will be processed only for as long as you use the app and will be deleted afterwards, unless legal retention is required for tax purposes (due to a fee-based contract or our role as a processor for a contractual partner), in which case a seven-year retention period applies.
The following data may be processed:
Registration: Upon registration, your login credentials and email address will be processed. After completing your registration, you can save your preferred myflexbox location and indicate whether you prefer compartments that are easier to access.
Parcel storage: After scanning the collection code, you can choose the nearest available myflexbox location and reserve a compartment in advance.
Location sharing: By granting permission for location sharing on a mobile device (you will be asked to allow it during use), we can show you nearby myflexbox locations. You can disable location access at any time in your device settings. The app remains fully functional even without location sharing.
As a data subject, you have the right to access your stored personal data, as well as the rights to rectification, data portability, objection, restriction of processing, blocking, anonymization or deletion of your data, unless exceptions apply (such as statutory retention obligations) and in accordance with applicable laws.
Should you believe that our processing of your personal data violates applicable data protection laws or infringes upon your rights, you are entitled to file a complaint with the appropriate supervisory authority. In Austria, the Data Protection Authority (www.dsb.gv.at) is responsible for this.
We protect your personal data by implementing appropriate organizational and technical measures. These measures help to ensure protection against unauthorized access, unlawful processing, data loss, misuse and manipulation.
Data may be disclosed to processors who are involved in fulfilling contractual obligations or supporting general IT services. These typically include IT service providers such as email providers, hosting providers, cloud providers and other external IT consultants and providers.
Whenever data is transferred to third parties for specific processing purposes that require additional information, this will be clearly outlined under the relevant purpose.
In accordance with applicable data protection regulations, Article 5 (1)(e) of the GDPR requires us to promptly delete personal data once the purpose of processing has been fulfilled. However, we would like to emphasize that statutory retention obligations and retention periods constitute a legitimate reason for the continued processing of personal data.
In order to ensure the operation and maintenance of the security and functionality of our app, as well as to provide you with information about our services, we automatically collect and store certain data in “server log files” which your browser automatically transmits to us.
The collected data includes:
This information is technically necessary for the operation of the app and the website (according to section 165 (2) of the TKG and section 25 (2) of the TDDDG).
We reserve the right to review this data retrospectively if we become aware of concrete indications of unlawful use. This data will be deleted after 14 days.
For certain processing activities on our company pages, we act as joint controllers together with the respective social media platform. If you interact with our company page and have any questions regarding these activities, please do not hesitate and contact us directly. We would like to point out that we have no control over the nature or extent of data processing carried out by the social media platforms.
We process your data within the scope of the respective social media platform to the extent you share it with us. This may include, for example, your (user) name, interactions with our profiles or pages and comments. This processing is based on your use of the social network’s features (according to section 165 (2) of the TKG and section 25 (2) of the TDDDG) and our overriding legitimate interest in accordance with Article 6 (1)(f) of the GDPR, as long as this content is published by you on the respective platform. In the case of direct messages, we process the data contained therein for (pre-)contractual communication purposes (Article 6 (1)(b) of the GDPR).
The social network facebook.com is operated by Meta Platforms Inc. (formerly Facebook Inc), located at 1601 S. California Ave, Palo Alto, CA 94304, USA and serves for user interaction. Meta Platforms Inc. is part of the EU-US Data Privacy Framework. The data controller for users in the European Union is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (both: “Facebook”). When you visit our Facebook profile, Facebook’s own privacy policy applies.
Details and information about the purpose, scope and types of data collected, processed and used by Facebook can be found in Facebook’s own privacy policy. You can view their privacy policy at: http://www.facebook.com/policy.php. To ensure transparency, we have summarized the main and key points for users below:
The data collected is used to analyze user behavior and to provide, select, evaluate and understand advertisements displayed both on and off Facebook. This also includes advertisements provided by Facebook subsidiaries or on their behalf. Additionally, the data is used to compile statistics about users. Facebook also utilizes data to enhance its advertising and measurement systems, enabling it to show users relevant advertisements across Facebook services and external platforms, as well as to assess the effectiveness and reach of these ads and services. For registered Facebook users, the collected data allows Facebook to offer personalized services, tailor content and suggest links or offers that may be of interest to the user. Furthermore, the collected data is used to send marketing communications, engage with users regarding its services and keep them informed about Facebook’s policies, terms and conditions.
By holding a Facebook account and using Facebook, the user consents to the collection, transfer, storage, disclosure and use of their information in accordance with Facebook’s privacy policy (https://www.facebook.com/about/privacy). Users can manage their privacy settings through their Facebook account settings.
Further information about Facebook and the GDPR can be found at: https://www.facebook.com/business/gdpr#Facebook-als-Datenverantwortlicher-vs.-Auftragsverarbeiter.
Instagram is owned by Meta Platforms Inc. (formerly Facebook Inc), located at 1601 S. California Ave, Palo Alto, CA 94304, USA. Meta Platforms Inc. is part of the EU-US Data Privacy Framework. For users within the European Union, the data controller is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. When you visit our Instagram profile, Instagram’s own privacy policy applies.
Details and information about the purposes of data collection and processing, as well as how Instagram and Facebook use such data, including the types and scope of data involved, can be found in Instagram’s official privacy policy: https://privacycenter.instagram.com/policy/. The information highlighted above regarding Facebook applies accordingly to Instagram.
By following the link to Instagram, data is processed, collected, transferred, stored, disclosed and used in accordance with Instagram’s privacy policy. Furthermore, cookies may be stored on your device when visiting Instagram’s website. In this case, Facebook’s Cookie Policy applies: https://www.facebook.com/privacy/policies/cookies. If you have an Instagram account, Instagram or Facebook may link and associate the collected information with your account.
Our websites includes links to LinkedIn and we even maintain a LinkedIn company page. The provider is LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland (“LinkedIn”). Its parent company, LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94085 is a participant in the EU-US Data Privacy Framework.
If you follow a link to LinkedIn or visit our company page/profile, your data will be processed by LinkedIn as the data controller in accordance with its privacy policy. When you interact with our company page/profile such as by commenting, liking or engaging with posts, your data will be processed by LinkedIn and by us. Kindly note that your interactions with public company pages or profiles may be visible to others. This data processing is technically necessary for LinkedIn’s platform features to function properly.
Further information about data protection on LinkedIn can be found in their privacy policy: www.linkedin.com/legal/privacy-policy. You can also manage your advertising preferences or opt out here: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
YouTube is operated by Google LLC, located at 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. Google LLC is a participant in the EU-US Data Privacy Framework. For users within the European Union, the service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Details and information about the purpose, scope and types of data collected, processed and used by YouTube can be found in YouTube’s privacy policy. You can view it here: https://policies.google.com/privacy?hl=de&gl=de.
By following the link to YouTube, your data will be collected, transferred, stored, disclosed and used in accordance with YouTube’s privacy policy (https://policies.google.com/privacy?hl=de&gl=de). Furthermore, cookies may be stored on your device when visiting YouTube’s website. The Cookie Policy of Google applies here: https://policies.google.com/technologies/cookies. If you have a YouTube account, YouTube may link and associate the collected information with your account.
If you contact us directly such as via email or telephone, we process your personal data (including your email, phone number and content of your request) for the purpose of handling your request ((pre-)contractual communication Article 6 (1)(b) of the GDPR). Once your request has been fully addressed, this data will be deleted.
Video cameras are installed and clearly marked at myflexbox parcel lockers. The surveillance system may record the following data: visual data of individuals (such as their appearance or behaviour), recording location (such as premises or camera position) and time of recording (such as date, time, duration). The purpose of processing this data is to protect property, particularly the parcel lockers and their contents, and to preserve evidence. Processing is based on our legitimate interests and those of users of the parcel lockers (Article 6(1)(f) of the GDPR). Recorded footage is automatically deleted after seven days unless it is required for the investigation of a criminal offense. Recordings may be shared with the following recipients: data subjects (if needed for legal claims or evidence preservation purposes), police and law enforcement authorities, courts, legal representatives and insurance companies.