You have any questions about our online shop or our products?
You can call our customer service at:

Monday - Friday: 7:00AM - 6:00PM
Except saturdays, sundays and holidays
Or use our FAQ

There you get answers to the most frequently asked questions.

To the FAQ

What are you looking for?

Enter search term

We are sorry!

Unfortunately no results were found.

Privacy Policy


X-CODE -Manager (App / Web-App)

Status: March 2021

We (HANSA-FLEX AG) would hereby like to inform you about the processing of your personal data when using the mobile application and the browser-based web application "X-CODE Manager" as well as the customer portal My.HANSA-FLEX (hereinafter jointly referred to as the "Application").

A. Who is responsible for data processing?

The controller (Art. 4 (7) EU General Data Protection Regulation, GDPR) for data processing in connection with your use of the application is:

Zum Panrepel 44
28307 Bremen
Tel.: +49 421 48 90 7 221
Fax: +49 421 48 90 7 930

You can reach our data protection officer at:

B. What personal data do we process?

(1) Data processing in the context of the use of the Application

You can only use the Application if you have been instructed to do so by a HANSA-FLEX customer. To create a user account, we receive your professional contact details from the HANSA-FLEX customer. Once we have created your user account, you will receive an e-mail from us containing a link to the Application. There you can log in for the first time and assign yourself a password. You can then use the Application as intended. The following categories of data are processed in this context:

  • Name, first name
  • Professional contact details (function, department, address, telephone, fax, e-mail)
Purposes of data processing: We process this data so that we can provide the Application to you for use in accordance with the Terms of Use entered into between you and us.

Legal basis: The processing of your personal data by us is carried out in fulfilment of a contractual obligation (Art. 6 para. 1 lit. b GDPR).

Joint responsibility: In addition to us, the HANSA-FLEX customer on whose behalf you use the application is also responsible for the processing of this data. The HANSA-FLEX customer can view your activities in the Application via the user administration and assign you certain rights for the use of the Application. HANSA-FLEX and the HANSA-FLEX customer are to be regarded as joint controllers in accordance with Art. 26 GDPR with regard to the processing of your data. For this reason, HANSA-FLEX and the HANSA-FLEX customer have concluded a corresponding agreement on the joint processing of personal data pursuant to Art. 26 (1) GDPR. Essentially, it was agreed therein that only we would provide you with information on data processing and inform you about the essential contents of our joint processing agreement, which we do herewith. We have agreed with the HANSA-FLEX customer that you may contact us or the HANSA-FLEX customer at your request regarding the assertion of data subject rights (e.g. right to information, right to erasure). Details of this can be found below in the section "Your rights".

(2) Processing of log files

For technical reasons, further personal data is transmitted to us when you use the application:

- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Data volume transferred in each case
- Website from which the request comes
- Browser
- Operating system and its interface
- Language and version of the browser software
- Device identification (IMEI)

We process this data to enable you to use the Application as smoothly as possible and to ensure the stability and security of the Application. The legal basis is the contract (terms of use) that you concluded with us before using the Application (Art. 6 para. 1 lit. b GDPR) as well as our legitimate interest (Art. 6 para.1 lit. f GDPR).

(3) Newsletter

To receive news about us, about industry information or new product features, you can sign up for our newsletter.
The newsletter can optionally be ordered at the end of the general registration process. To verify your e-mail address, we use the so-called double opt-in procedure. This means that after you have entered your e-mail address, we will send you a confirmation e-mail to the specified e-mail address in which we ask you to confirm that you wish to receive the newsletter.
We process your data for the purpose of sending you the newsletter and providing you with up-to-date information.
We process the data on the basis of the consent given by you on a voluntary basis in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can revoke your consent and unsubscribe from the newsletter at any time. You can declare the revocation by clicking on the link provided in every newsletter e-mail or by sending an e-mail to

The data is only processed internally by the employees responsible for sending the newsletter.
We store your email address until you unsubscribe from the newsletter. The storage serves the sole purpose of being able to send you the newsletter.

C. To whom is personal data transferred?

Within the scope of the above-mentioned data processing, we use the SAP Cloud of the external hosting service provider SAP Deutschland SE & Co KG, Hasso-Plattner-Ring 77, 69190 Walldorf. In addition, we also use Arvato Systems S4M GmbH, Am Coloneum 3, 50829 Cologne, Germany, as a hosting service provider. The service providers have undertaken to comply with appropriate technical and organisational data security measures, among other things, as part of a data processing agreement (Art. 28 GDPR) and act on our behalf in accordance with instructions.

D. Is personal data transferred to a third country?

We process your data only in the European Union or the European Economic Area.

E. How long is personal data stored?

We only store your personal data until the purpose for which we collected or received it has been fulfilled. The log files are stored for a period of seven days and then deleted, unless they need to be held for longer in exceptional cases to track an identified attack. Data on deactivated users is deleted after 12 months.

F. Data security

To protect the security of your data during transmission to our backend, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

G. Does automated decision-making (including profiling) take place?

No, you will not be subject to a decision which produces legal effects concerning you or similarly significantly affects you and which is based solely on automated data processing (Art. 22 GDPR).

H. Your rights

You can assert your following rights against us at any time via the above-mentioned contact options:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, as well as the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;

  • demand the rectification of inaccurate or incomplete personal data stored by us without delay in accordance with Art. 16 GDPR;

  • in accordance with Art. 17 of the Data Protection Regulation, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defence of legal claims or you have objected to the processing in accordance with Art. 21 GDPR;

  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller (right to data portability);

  • revoke your consent at any time in accordance with Art. 7 (3) GDPR. This has the consequence that we may no longer continue the data processing based on this consent for the future;

  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our registered office.

Right of objection

If we process your personal data on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
Go to top