This policy describes how we collect and process your data through https://www.flowpoint.ai website (the "Website"). The terms "Flowpoint", "we", "us", "our" and "ourselves" refer to Flowpoint Analytics Ltd, a legal person registered under the laws of England and Wales.

We are committed to safeguarding the privacy of our users. We are not going to misuse your data.

Controller details

Flowpoint Analytics Ltd

Registered address: Flat 41 Oslo Court, Prince Albert Road, London, England, NW8 7EN

Contact email address: office@flowpoint.ai

Our Data Protection Officer

dpo.flowpoint@legalnodes.com

Information we collect from you 

Account set up and provision of services

To access the services and start using our product, you will be required to create an account on our Website and provide us with some information. Specifically, we will ask you to provide us with the following categories of information:

• email address;

• full name of the person creating the account;

• the name of the organisation you represent as well as your address;

• your organisation's website domain.

The above-mentioned personal information will be processed in order to perform the contract between you and us (GDPR Art. 6.1.b).

Communication and customer support

We may receive your information when you leave a request for support on the Website, or when you inquire about our services. We will use the information given by you to provide you with the help you might need, fix and improve the Website, and analyse our efficiency in product efforts. Additionally, we may process other communications between us and you, for example, your inquiries regarding the services.

The applied legal basis for this is the performance of the contract between you and us (GDPR Art. 6.1.b) and our legitimate interest in improving the Website (GDPR Art. 6.1.f).

Website analytics and marketing activities

We analyse our Website in order to better understand your preferences and enhance your experience with Flowpoint.When we do so, we may collect the following categories of your information:

• IP address, UID, email address;

• activity on the Website (mouse clicks, page scrolls, page reloads, tabs switching, repeated clicks, and the timestamps of their actions);

• details of the devices used (screen size, device type, other details).

In addition to the data points mentioned above, we may use cookies and other technologies to analyse our Website. If you want to know more about how we use cookies and what other information we may collect, please visit our Cookie Notice.

Also, upon receiving consent from you, we will share with you our marketing and promotional materials via email. You can always opt out of this by clicking the appropriate button in our emails to you. The withdrawal of your consent will not affect the lawfulness of processing based on consent before.

Integrated services

You may be given the option to access/authenticate or register for the Website through the use of your user name and passwords for certain services provided by third parties (each, an “Integrated Service”), such as through the use of your Google account, or otherwise have the option to authorise an Integrated Service to provide your personal data or other information to us. By authorising us to connect with an Integrated Service, you allow us to access and store your name, profile information, email address, and other information that the Integrated Service makes available to us, and to use and disclose it in accordance with this Policy. You should check your privacy settings on each Integrated Service to understand what information that Integrated Service makes available to us, and make changes as appropriate. Please review each Integrated Service’s terms of use and privacy policies carefully before using their services and connecting to our Website.

Our data processor obligations 

Please note that apart from being a data controller, we also take up the role of a data processor when we provide you with our services and analyse your organisation’s website. Specifically, where this is the case, we will process personal data in relation to analytics of the behaviour of your organisation’s website visitors. Such data will typically include: 

• user'’s IP address, approximate location, UID, browser details (configuration, fingerprint), email address (if made available);

• their activity on your website (mouse clicks, page scrolls, page reloads, tabs switching, repeated clicks, and the timestamps of their actions); and

• the details of the devices used by them (screen size, device type, operating system, other details); and.

• custom data: information about user custom events, user custom attributes, other related data.

As a data processor of such information, we do not use it for our own purposes and only store it on behalf of our customers so they can use our user analytics software.

We will offer you to sign a Data Processing Agreement with us when we start to process the information provided by you as a data processor.

Retention of your information

We will store your information and data of your website visitors for as long as you have an activated account with us. When you stop being our client, we will delete or anonymise the information collected from you and your website visitors after 6 months, unless you explicitly ask us to delete the information earlier.

However, we may need to retain some of your personal data for longer if there is a need for it, for example, in order to comply with our tax, accounting and legal requirements. In this case, the applied legal basis for the processing of your information will be the necessity to comply with a legal obligation.

Third-party access to information

Your personal information may be shared with the following third parties:

• IT outsourcing service providers;

• email service providers;

• cloud hosting providers to store and process collected data;

• customer communication solutions;

• payment service providers;

• online document storage solutions;

• CRM software solutions;

• project management solutions.

The providers listed above process your information based on our instructions only.

In case your personal data is provided to third parties outside the EEA, we will implement appropriate safeguards to protect your personal data, including Standard Contractual Clauses as adopted by the European Commission. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Google API Services

The Website’s use and transfer to any other website of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements. Please make sure to familiarise yourself with this policy.

OpenAI Services

Our platform engages with OpenAI services for processing specific queries and generating reports based on your website's visitor data. In doing so, we ensure that the handling and transfer of this data to OpenAI adhere to OpenAI's Data Management Policies. This collaboration is aimed at enhancing our analytical capabilities while respecting your data's integrity and confidentiality. We encourage you to review OpenAI's policy guidelines to better understand how your data is managed and utilized in this process.

Please read OpenAI Privacy Policy as your sharing of data with OpenAI will be in accordance with that policy.

Other disclosures

In addition to the disclosures for the purposes identified before, we may disclose information about you for the following purposes:

• law enforcement, legal process and compliance: if we are required to do so by law, in connection with any legal proceedings or to establish, exercise or defend our legal rights, or in the good-faith belief that such action is necessary to comply with applicable laws, in response to a facially valid court order, judicial or other government subpoena or warrant, or to otherwise cooperate with law enforcement or other governmental agencies. We also reserve the right to disclose personal data or other information that we believe, in good faith, is appropriate or necessary to: (i) take precautions against liability; (ii) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; (iii) investigate and defend ourselves against any third-party claims or allegations; (iv) protect the security or integrity of our services and any facilities or equipment used to make our services available; or (v) protect our property or other legal rights, enforce our contracts, or protect the rights, property, or safety of others;

• change of ownership or other business needs: (i) in case we sell, licence or otherwise assign our company, corporate rights, the Website or its separate parts or features to third parties; (ii) as part of a transaction, financing, or for other business needs (e.g., if Flowpoint needs to disclose your personal data to the prospective lender or bank, investor or prospective investor, and/or their professional advisers as part of certain due diligence processes, as the case may be); (iii) we may also disclose and otherwise transfer your personal data to an acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient of the information commits to a privacy policy that has terms substantially consistent with this policy.

Your rights

You may exercise GDPR rights regarding your personal data. In particular, you have the right to: 

• The right to access your information. You have the right to know what personal data we process. As such you can obtain the disclosure of the personal data involved in the processing and you can obtain a copy of the information undergoing processing.

• The right to verify your information and seek its rectification. If you find that we process inaccurate or out-of-date information, you can verify the accuracy of your information and/or ask for it to be updated or corrected;

• The right to have your personal data deleted. If we are not under the obligation to keep your personal data for legal compliance and it is not needed in the scope of an active contract or claim, we will remove your information upon your request.

• The right to restrict the processing of your information. When you contest the accuracy of your information, believe we process it unlawfully or want to object to the processing, you have the right to temporarily stop the processing of your information to check if the processing was consistent. In this case, we will stop processing your personal data (other than storing it) until we are able to provide you with evidence of its lawful processing.

• The right to have your personal data transferred to another organisation. Where we process your personal data on the legal basis of consent you provided us or on the necessity to perform a contract, we can make, at your request, your personal data available to you or to an organisation of your choosing.

• The right to object against the processing of your information. If we process your information for our legitimate interests (e.g., for direct marketing emails or for our marketing research purposes), you can object to it. Let us know what you object against and we will consider your request. If there are no compelling interests for us to refuse to perform your request, we will stop the processing for such purposes. If we believe our compelling interests outweigh your right to privacy, we will clarify this to you.

You can formulate such requests or channel further questions on data protection by contacting us directly at office@flowpoint.ai or by contacting our Data Protection Officer at: dpo.flowpoint@legalnodes.com.

If you are a visitor of the website that uses our services, please send your personal data request to the data controller of your data, i.e., the website owner.

If you believe that our use of personal information violates your rights, or if you are dissatisfied with a response you received to a request you formulated to us, you have the right to lodge a complaint with the competent data protection authority of your choice. 

Security of information

We will take all necessary measures to protect your information from unauthorised or accidental access, destruction, modification, blocking, copying, and distribution, as well as from other illegal actions of third parties. As we use the services of third-party software providers across several countries outside of the European Union, we may transfer the collected information to those countries for further processing. In such cases, we will make sure that relevant safeguards are in place. More information on such safeguards can be provided upon request. 

We also make sure that access to your information stored in our database is only possible via a secure and closed VPN connection. Additionally, all communications exposed to the internet are TLS encrypted to provide the highest level of communications security.

Changes to this Policy

We may update this Privacy Policy from time to time by posting a new version on our website. We advise you to check this page occasionally to ensure you are happy with any changes. However, we will endeavour to provide you with an announcement about any significant changes.