FLOWIT PRIVACY POLICY
Updated: 23.02.2022
Thank you for your interest in Flowit (“Flowit”, “we,” or “us”), our web site at https://flowit.ee (the “Site”), the software and other services provided by us and on which a link to this Privacy Policy is displayed, and all other communications with individuals by written or oral means, such as email or phone (collectively, together with the Site, our “Service”).
This Privacy Policy (“Policy”) describes the information that we gather on or through the Service, how we use and disclose such information, and the steps we take to protect such information. By visiting the Site, or by purchasing or using the Service, you accept the privacy practices described in this Policy.
1. Definitions
“Client” means a customer of Flowit.
“Client Data“ means personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.
„Contract“ means a written agreement concluded between the Client and us for the use of Service that is intended to be enforceable by law.
“Personal Data” means any information relating to an identified or identifiable natural person.
“Public Area” means the area of the Site that can be accessed both by Users and Visitors, without needing to log in.
“Restricted Area” means the area of the Site or Service that can be accessed only by Users, and where access requires logging in.
„Software“ means the cloud-based platform „Flowit“ that is available through restricted access to Clients only. Herinafter the Software may also be referred to as the „restricted area of the Site“.
“User” means an employee or representative of a Client, the representatives of the Client’s Customers or any other person authorised by a Client, who primarily uses the restricted areas of the Site for accessing the Service in such capacity.
“Visitor” means an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.
2. Owner and Data Controller
Flowit Estonia OÜ
Kotzebue 13a Tallinn 10412 Estonia
Owner contact email: andres.aavik@flowit.ee
3. Legal basis for processing personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is required to fulfill a contract to which the data subject is a party, GDPR Article 6 (1) (b) serves as the legal basis. This also applies to processing operations that are required to be carried out as pre-contractual measures. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, GDPR Article 6 (1) (c) serves as the legal basis. In the case the vital interests of the data subject or another natural person require the processing of personal data, GDPR Article 6 (1) (d) serves as the legal basis. If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, GDPR Article 6 (1) (f) serves as the legal basis for processing.
4. Data Collected
We collect different types of information from or through the Service. Flowit is primarily processing Personal Data for providing the Service in accordance with Flowit’s Terms of Service and the Contract completed with the Client or in Flowit’s legitimate interests, for example, for fulfilling tax obligations.
1. User Provided Information
When you use the Service as a User, you may provide, and we may collect Personal Data such as name, email address, mailing address, employer/company name, domicile, mobile phone number, activity data, IP information and billing information. Personal Data also includes other information, such as geographic area, user preferences or time-zone, when any such information is linked to information that identifies a specific individual. You may provide us with Personal Data in various ways on the Service. For example, when you register for an Account, use the Service or contact our customer support.
2. Information Collected by Clients
A Client or User may store or upload into the Service Client Data. Flowit has no direct relationship with the individuals whose Personal Data it hosts as part of Client Data. The representatives of the Client’s Customers shall confirm their consent to this Policy prior to being granted access to the Service. Each Client is responsible for providing notice to its customers and third persons concerning the purpose for which the Client collects their Personal Data and how this Personal Data is processed in or through the Service as part of Client Data.
3. Automatically Collected Information
When a User or Visitor uses the Service, including each time our website is accessed, we may automatically record certain information from the User’s or Visitor’s device by using cookies. This automatically collected information may include IP address or other device address or ID, web browser and/or device type, the web pages or sites visited just before or just after using the Service, the pages or other content the User or Visitor views or interacts with on the Service, and the dates and times of the visit, access, or use of the Software. We may also use these technologies or servie providers (see also p.4.5) to collect information regarding a Visitor’s or User’s interaction with email messages, such as whether the Visitor or User opens, clicks on, or forwards a message. This information is gathered from all Users and Visitors.
4. Integrated Services
You may be given the option to access the Service using your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as using your Google accounts.
By authorizing us to connect with an Integrated Service, you authorize us to access and store your name, email address(es), date of birth, gender, current city, profile picture URL, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy.
You should check your privacy settings on each Integrated Service to understand what information that Integrated Service may make available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Service.
5. Information from other sources
We may obtain information, including Personal Data, from third parties and sources other than the Service, such as our partners, service providers, advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy.
5. Use of Data
We use the information to operate, maintain, enhance, and provide all features of the Service, to provide the services and information that the Client and Users request, for creating and managing their accounts and subscriptions, for responding to comments and questions and for providing support to Users of the Service and for fulfiling our legal obligations. Only the employees needing to carry out such tasks are provided access to the Client Data and only to Data necessary for their tasks.
The User passwords are automatically encrypted in the software’s database.
We process Client Data solely in accordance with the directions provided by the applicable Client or User and in accordance with GDPR Articles 5 and 6. Such processing is necessary for the performance of the contract to which you are a party when you are using our Service or in order to take steps prior to entering into the contract.
We may send you e-mails for marketing purposes but only with your explicit consent. You have the right to withdraw your consent at any time and as described in Section 6 of this Policy.
We process your Personal Data if the processing is necessary for the purposes of the legitimate interests pursued by Flowit (e.g. fraud detection, improvement of the Service, development of new features and functionalities) or for fulfilling our legal obligations (e.g. accounting, tax and financial reporting). In every such case Flowit will consider whether such interests might be overridden by the interests or fundamental rights and freedoms of the data subject. If the data is processed for the purpose of statistics, analysing the usage trends and preferences of our Visitors and Users, the data will only be used in anonymized or aggregated form.
We may use a Visitor’s or User’s email address or other information to contact that Visitor or User (i) for administrative purposes such as customer service, to address intellectual property infringement, right of privacy violations or defamation issues related to the Client Data or Personal Data posted on the Service or (ii) with updates on our policies and events, relating to the Service offered by us and by third parties we work with.
We may process your personal information on the basis of consent also in other cases. For example, if you contact us via our Webpage to require information about a custom solution of pricing, we ask you to provide us your name, contact information and what otherwise would be necessary for responding to your query.
We may also need to share the information collected by others. Information related to the Clients’ Customers and their representatives is shared with the Clients and their representatives during regular course of providing the Service. In all other cases, in aggregated, anonymous form, which means that the information will not contain any personally-identifiable information about you or any other person.
For the use of automatically collected information through cookies and Google Analytics please refer to Section 8.2.
6. Data Retention
The information collected through your visit to our Site may be retained up to 26 months by some of our service providers.
We only retain the Personal Data collected from a Client and a User for as long as the User’s account is active or otherwise for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise required by law. When your personal information is no longer required, we will destroy, delete or convert it into an anonymous form.
As a derogation from previous, your data may be retained longer if other Users of our Service have the right to process your data. The data will be retained as long as the other User continues using the Service. Your communication within the Software, including the information you may have uploaded or chats shall remain accessible to such Users as long as their user account is not deleted. For example, if a producer (the Client) uses the Service to manage its order process, the authorised representatives of the Client have the right to process the data and information stored by the Client’s customers within the Software and Flowit will retain all the relevant data until the Client uses our Service.
Upon the end of the use of Service by the Client we generally retain the backup of the Data without using the Data (unless required by law) for the period of 1 year (e.g. for the purpose of potential need to provide evidence in case of disputes), however without prejudice to the paragraph 1 in this Section.
In accordance with the applicable accounting regulations, billing and invoicing information is retained for a period of 7 years as of the end of that financial year where, based on such information, relevant financial transaction occurred.
7. Your Data Protection Rights
You have the right to receive information about the Personal Data processed by Flowit, including the categories of data processed, the sources of the data, purposes of processing etc, in accordance with GDPR Articles 13 – 15. You are also entitled to receive copies and extracts of Personal Data processed. We may charge a small fee for this.
You have the right to check your own data stored in the Software and to correct or remove any incorrect or outdated Personal Data. You also have the right to request the correction or updating of data if it turns out that the Personal Data being processed is inaccurate.
You have a right to remove the profile information, however, please note that certain Service cannot be provided after you remove your profile information.
You have the right to object to processing of Personal Data concerning you at any time if such processing is only necessary for the purposes of the legitimate interests pursued by Flowit.
You may forbid the processing of your Personal Data for direct marketing purposes. If you receive commercial emails from us, you may unsubscribe at any time by following the instructions contained within the email.
You may opt out from the collection of navigation information about your visit to the Site by Google Analytics by using the Google Analytics Opt-out Browser Add-on feature.
If Flowit processes the registered person’s Personal Data based on consent, you have the right to cancel such consent. Cancelling this consent might disable this person from using our Service.
8. Cookies
1. What are cookies
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. For further information, visit http://allaboutcookies.org/.
When you visit our Site, we may collect information from you automatically (see Section 4.3).
2. How do we use cookies
We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits; (ii) monitor and analyse the effectiveness of Service; and (iii) monitor aggregate site usage metrics such as total number of visitors and pages viewed.
We use Google Analytics, a service for the marketing analysis of this website, of Google Inc. (“Google”). Google Analytics uses codes consisting of text and numbers, which will be stored on your computer and which allow for an analysis of the use of the Websites (“Cookies”). The information generated by the Cookie about your use of the Website (including your IP address) will be transferred to and stored by a Google Server. Google will use this information, to evaluate your use of the website, to prepare reports about the website activities for the website operators and to provide further services connected to the use of websites and the use of the Internet. Google may transfer this information to third parties, if legally obliged to do so or if third parties process these data on behalf of Google. In no case, Google will connect your IP address with other data from Google. However, it is possible to anonymize the IP addresses Google Analytics collects before they are stored. You have a right to request such anonymization prior to or during the use of our Service.
3. What Types of Cookies Do We Use
There are a number of different types of cookies, however, our Site uses the following:
- Functionality – we use these cookies so that we recognize you on our Site and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party (set by the Site visited by the User) and third-party cookies (set by domains that are not directly visited by the User) are used.
- Security – we use security cookies to authenticate users, prevent fraudulent use of login credentials, and protect user data from unauthorized parties
- Statistics – we use these cookies to help us to understand how the Users and Visitors interact with our and our Clients’ websites by collecting and reporting information anonymously.
9. How to manage your cookies
You can enable or disable the use of cookies by changing the browser settings. Cookies are required for the proper functioning of some features of the Service and we cannot guarantee the operability of our Service, if the cookie functionality is disabled.
10. Privacy Policies of Other Websites
Our Service may integrate other websites or software. This Policy applies only to our Site and Service. If you access such third-party Website through our Site or Service, we recommend familiarising yourself with their Privacy Policy. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
11. Changes to Our Privacy Policy
Flowit keeps its Privacy Policy under regular review and places and updates on this Site. The date of the latest update of the Policy is provided above.
12. How to Contact Us
Please contact us with any questions or comments about this Policy, your Personal Data, our use and disclosure practices, or your consent choices by email at andres.aavik@flowit.ee.
13. How to Contact the Appropriate Authorities
Should you wish to report a complaint or if you feel that Flowit has not addressed your concern in a satisfactory manner, you may contact the Estonian Data Protection Inspectorate www.aki.ee
Email: info@aki.ee
Address: Tatari 39, 10134 Tallinn, Estonia