Table of Contents
1.1 Who We Are and How to Contact Us 2
2.0 Scope of this Privacy Policy 2
3.0 Personal Data We Collect 3
4.0 How We Collect Personal Data 4
5.0 How We Use Personal Data 4
6.0 Lawful Bases for Processing 5
7.0 Customer Content and Uploaded Materials 6
8.0 Payments, Billing and Financial Data 6
9.0 Third-Party Service Providers and Subprocessors 7
10.0 International Data Transfers 7
11.0 How Long We Keep Personal Data 7
12.0 How We Protect Personal Data 8
14.0 Changes to this Privacy Policy 9
This Privacy Policy explains how Flowly collects, uses, stores and protects personal data when individuals access the website, create an account, use the platform, contact support, or otherwise interact with Flowly. The policy should be read together with Flowly’s Terms of Service, Cookie Policy, Data Processing Agreement, and any other privacy or data protection documents that apply to the use of the platform.
This Privacy Policy is intended to support Flowly’s compliance with applicable data protection laws, including the UK GDPR and the Data Protection Act 2018.
Flowly provides a SaaS platform for production teams. In providing the service, Flowly may process personal data relating to users, account owners, invited team members, support contacts and other individuals whose information is added to the platform.
For general privacy questions, data protection requests, or concerns about how personal data is handled, individuals can contact Flowly using the details below.
Business name: | Flowly Now Ltd |
|---|---|
Trading name: | Flowly |
Business address: | 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ |
Data Protection Officer (DPO) email: | |
Website: |
Flowly may act as a controller where it decides how personal data is used, such as for account administration, billing, support and website use. Where customers use Flowly to manage personal data within their own workspaces, Flowly will usually act as a processor on behalf of the customer.
This Privacy Policy applies to personal data handled by Flowly through its website, platform, user accounts, support channels and related services.
It applies to individuals who visit the website, create an account, use the platform, join a workspace, contact Flowly, or otherwise interact with the service. It may also apply to individuals whose personal data is added to Flowly by a customer, including, but not limited to, team members, collaborators, clients or other project contacts.
This policy does not cover third-party websites, services or platforms that Flowly does not control. Where a third-party service is used, that provider’s own privacy policy may also apply.
Where a customer uses Flowly to process personal data for its own business purposes, the customer is normally responsible for deciding why and how that data is used. In those cases, Flowly processes the data on the customer’s behalf, subject to the applicable data protection arrangements.
Some personal data is required to create an account, provide the service, manage a subscription or meet legal obligations. If the required information is not provided, Flowly may be unable to provide access to the platform or certain features.
The personal data collected will depend on how an individual uses Flowly. This may include account information such as name, email address, username, profile image, subscription plan and account activity. Where a user joins or manages a studio workspace, Flowly may also process information connected with that workspace, including team membership, roles, permissions and invitations.
Flowly may process project-related information added by users through the platform. Including (but not limited to):
The extent of this data is controlled by the customer and the users who add it to the platform.
Flowly may also process payment-related information, including:
Flowly may collect technical and usage information when individuals use the website or platform to support security, troubleshooting, service improvement and audit activity.
Where personal data is added by a customer or another user, Flowly may not have a direct relationship with the individual concerned. In those cases, the customer is responsible for providing any privacy information required by law.
Flowly uses personal data so that users can access the platform, manage their account and use the service in the way it is intended to operate. This includes making the correct workspace, subscription and account features available to the user.
Personal data may also be used to manage Flowly’s relationship with the customer. For example, Flowly may use contact details to respond to support requests, send account notices or provide important service updates.
Where users add content to Flowly, any personal data within that content is processed as part of the customer’s use of the platform. Flowly does not decide what personal data customers add to their workspaces, but it processes that information as needed to provide the service.
Flowly uses technical and usage information to keep the platform secure, reliable and functioning properly. This includes reviewing account activity where there is a suspected security issue or investigating a fault affecting the service.
Flowly may also use personal data where it is necessary to meet legal obligations, enforce its Terms of Service, resolve disputes, prevent misuse or protect the rights and security of Flowly, its users or others.
Marketing communications will only be sent where lawful to do so. Users can manage or withdraw marketing preferences using the options provided by Flowly.
Flowly will only process personal data where it has a lawful basis to do so under applicable data protection law. The lawful basis will depend on the type of personal data involved and the reason it is being used.
In many cases, Flowly processes personal data because it is necessary to provide the service requested by the user or customer. This applies where personal data is needed to create an account, provide access to the platform, manage a subscription or respond to support requests.
Flowly may also process personal data where it has a legitimate interest in doing so, provided those interests are not overridden by the rights and freedoms of the individual. This applies to maintaining platform security, improving service reliability, preventing misuse or managing business communications.
Flowly’s legitimate interests may include maintaining platform security, preventing misuse, improving service reliability, managing customer relationships and protecting its legal or commercial position.
Where Flowly is required to meet a legal obligation, personal data may be processed for compliance purposes. This may include keeping records required for tax, accounting, regulatory, legal or dispute-related reasons.
In limited cases, Flowly may rely on consent. This is most likely to apply to optional marketing communications or certain cookies where consent is required. Where processing is based on consent, the individual may withdraw that consent at any time.
Where a customer uses Flowly to process personal data for its own purposes, the customer is responsible for identifying the lawful basis for that processing. In those cases, Flowly usually acts as a processor and handles the data in accordance with the customer’s instructions and the applicable Data Processing Agreement.
Flowly allows users to add content and materials to the platform as part of their use of the service. Where personal data is included within customer content, Flowly processes that information so the platform can provide the relevant service. Flowly does not control what personal data customers choose to add to their workspaces, and customers are responsible for making sure they have the right to upload and use that information.
Customer content may be stored, displayed, transmitted, reviewed or otherwise processed through Flowly as needed for the platform to function. This does not give Flowly ownership of the customer’s content.
Users should avoid adding unnecessary personal data to the platform, particularly where the information is sensitive or not needed for the relevant project. Where sensitive personal data is added by a customer, the customer remains responsible for ensuring that this is lawful and appropriate. Flowly may access customer content where necessary to provide support, investigate a technical issue, respond to a security concern, comply with legal requirements or enforce its Terms of Service. Access will be limited to what is reasonably required in the circumstances.
Flowly uses payment and billing information to manage subscriptions, process payments and maintain accurate customer account records.
Payments are handled through Flowly’s payment provider. Flowly does not store full card details on its own systems where payment processing is carried out by a third-party provider.
Flowly may store limited payment-related information within the platform, such as payment request details, payment status and references linked to the customer’s subscription. Subscription and invoice information may be held by the payment provider and accessed by Flowly where needed to manage the customer relationship. Financial information added by users within a workspace is processed as part of the service.
Flowly may use payment and billing data to confirm subscription status, prevent fraud, resolve billing issues, manage refunds or cancellations, and meet legal or accounting obligations. Where payment data is processed by a third-party provider, that provider’s own privacy notice may also apply.
Flowly uses third-party service providers to support the operation of the website, platform and related services. These providers may process personal data where this is necessary for Flowly to provide its services.
Third-party providers are responsible for their own privacy practices where they process personal data as independent controllers. Users should review the privacy policies of any third-party services that apply to their use of Flowly.
Where a third-party provider processes personal data on Flowly’s behalf, Flowly will take reasonable steps to ensure that appropriate data protection arrangements are in place.
Flowly may use third-party service providers that process or store personal data outside the United Kingdom or the country where the user is based. This can happen where infrastructure, support, or other platform services are provided by international suppliers.
Where personal data is transferred internationally, Flowly will take reasonable steps to ensure that appropriate safeguards are in place. Some third-party providers may have their own international transfer arrangements, which will be explained in their own privacy policies. Users should review those policies where a third-party service applies to their use of Flowly.
Flowly keeps personal data for as long as it is needed to provide the service, manage the customer relationship, meet legal obligations and protect its legitimate business interests.
Account data is usually kept while the user’s account remains active. If an account is closed, Flowly may retain limited records where needed for billing, security, dispute handling or legal compliance.
Customer content stored within a workspace may be retained for as long as the relevant account or subscription remains active. Where content is deleted by a user, removed from a workspace or no longer required, it may still remain in backups for a limited period before being overwritten or securely deleted.
Support, billing and operational records may be kept for longer where this is necessary for accounting, fraud prevention, legal claims or audit purposes.
Flowly will not keep personal data for longer than reasonably necessary. Retention periods may vary depending on the type of data, the reason it is held and any legal or operational requirement that applies.
Flowly takes reasonable technical and organisational measures to protect personal data against unauthorised access, loss, misuse or disclosure.
Access to personal data is limited to those who need it for legitimate business or technical purposes. Flowly also uses third-party service providers to support the security and operation of the platform.
No online service can be guaranteed to be completely secure. Users are responsible for keeping their own account details confidential and for using Flowly in a way that does not compromise the security of their workspace. Where Flowly becomes aware of a security incident involving personal data, it will assess the issue and take appropriate action.
Individuals have certain rights under applicable data protection law in relation to their personal data. These rights may include the right to access personal data, request correction, request deletion, object to certain processing, restrict how data is used, or request that data be transferred to another provider where the law allows. Where Flowly relies on consent, the individual may withdraw that consent at any time using the method provided or by contacting Flowly.
Where Flowly is responsible for deciding how personal data is used, individuals can contact Flowly to exercise their rights using the contact details set out in this Privacy Policy. Flowly may need to verify the person’s identity before responding to a request.
Where personal data has been added to Flowly by a customer, the customer may be the organisation responsible for deciding how that data is used. In those cases, Flowly may need to refer the request to the relevant customer or assist the customer in responding, depending on the applicable data protection arrangements.
Some rights are not absolute and may depend on the reason the data is being processed. Flowly may also need to retain certain information where required for legal, accounting, security, fraud prevention or dispute-related purposes.
Individuals have the right to object to processing based on legitimate interests in certain circumstances. They may also object to direct marketing at any time.
Flowly may update this Privacy Policy from time to time to reflect changes in the platform, legal requirements, data protection practices or the way personal data is handled.
Where a change is material, Flowly will take reasonable steps to notify users before the updated policy takes effect, unless the change needs to be made sooner for legal, security or operational reasons.
The updated Privacy Policy will apply from the date it is made available through the website or platform or from any later date stated in the notice.
Users should review this Privacy Policy periodically so they understand how Flowly handles personal data.
Individuals should contact Flowly in the first instance if they have a concern about how their personal data has been handled. Flowly will review the concern and take reasonable steps to respond appropriately.
If an individual is not satisfied with Flowly’s response, they have the right to make a complaint to the Information Commissioner’s Office. The ICO can be contacted using the details below:
Information Commissioner’s Office Website: https://ico.org.uk/ Telephone: 0303 123 1113 |
|---|
Individuals may also have the right to complain to another supervisory authority if they are based outside the UK and applicable data protection law gives them that right.
Flowly’s company and contact details are set out in subsection 1.1 Who We Are and How to Contact Us. Privacy questions, data protection requests, complaints, or other enquiries about this Privacy Policy should be directed to Flowly using the contact information provided in that section.
