Privacy Policy

Last updated:

1. Introduction

Backflex ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website backflex.world and use our services.

We comply with the General Data Protection Regulation (GDPR), the Austrian Data Protection Act (Datenschutzgesetz – DSG 2018), and other applicable data protection laws in Austria. By using our website, you consent to the practices described in this policy where consent is the legal basis.

2. Data Controller Information

The data controller responsible for your personal data is:

Backflex
Str. zur Autobahn 10
3350 Haag, Austria
Email: assist@backflex.world

3. Personal Data We Collect

We may collect the following categories of personal data:

3.1 Information You Provide

  • Contact information: name, email address, phone number (optional)
  • Order information: shipping address, billing details
  • Communications: messages and inquiries you send to us
  • Consent records: your privacy preferences and consent history

3.2 Automatically Collected Information

  • Device information: browser type, operating system, device type
  • Usage data: pages visited, time spent on site, click patterns
  • Technical data: IP address, cookies, and similar technologies

4. Purposes and Legal Basis for Processing

We process your personal data for the following purposes:

  • Order Processing: To fulfill your orders and provide customer service (Legal basis: Contract performance)
  • Communication: To respond to your inquiries and send order updates (Legal basis: Contract performance, Legitimate interest)
  • Website Improvement: To analyze usage patterns and improve our services (Legal basis: Legitimate interest)
  • Marketing: To send promotional communications with your consent (Legal basis: Consent)
  • Legal Compliance: To comply with legal obligations (Legal basis: Legal obligation)

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy:

  • Order data: 7 years (for tax and accounting purposes)
  • Communication records: 3 years after last interaction
  • Marketing preferences: Until you withdraw consent
  • Analytics data: 26 months

After the retention period expires, we securely delete or anonymize your data.

6. Data Sharing and Transfers

We may share your personal data with:

  • Service Providers: Payment processors, shipping companies, and IT service providers who assist in our operations
  • Legal Authorities: When required by law or to protect our rights

We do not sell your personal data to third parties. If we transfer data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

7. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time without affecting prior processing

To exercise these rights, contact us using the details in section 13. We will respond without undue delay and at latest within one month (Art. 12(3) GDPR).

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption for data transmission
  • Secure server infrastructure
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection

While we strive to protect your data, no method of transmission over the internet is 100% secure.

9. Cookies

Our website uses cookies and similar technologies. For detailed information about our cookie practices, please refer to our Cookie Policy.

10. Children's Privacy

Our website is not intended for children under 14 years of age. Under Austrian law (DSG § 4(4)), valid consent for the processing of personal data in the context of information society services can be given by children from the age of 14. For children under 14, consent must be given or authorised by the holder of parental responsibility. We do not knowingly collect personal data from children under 14 without such consent. Where we address children, we use clear and simple language appropriate to their understanding. If you believe we have collected data from a child without proper consent, please contact us immediately.

11. Complaints

If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with a supervisory authority. In Austria, this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde):

Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Vienna, Austria
Website: www.dsb.gv.at

12. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We encourage you to review this policy periodically.

13. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Backflex
Str. zur Autobahn 10
3350 Haag, Austria
Email: assist@backflex.world