Privacy Notice for Fluix Website

Effective date: 10 August 2023 (view archived versions).

Intro

Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our website, available following the link fluix.io (“Website”).

This Privacy Notice describes which of your personal data the Website collects, how stores, processes, and uses it, and what happens when you use the Website.

We collect your personal data according to this Privacy Notice when you use the Website. When you sign in or log in to the Website, you start using our iOS, Android, and Web application “Fluix” (“Service”). We describe personal data processing in the Fluix Service in the Privacy Notice for Fluix Service.

We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.

Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.

About Us

Name	Fluix Limited
Registration number	630284
Address	Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland
Email	support@fluix.io – for general inquiries dpo@fluix.io – for privacy inquiries
Phone numbers	+1 650 433 9008 +44 2392 16 2010
Data Protection Officer (DPO)	External Data Protection Officer: Legal IT Group LLC Address: Office 1, 38 Volodymyrska Str., 01050 Kyiv, Ukraine Email: dpo@fluix.io

About You

When you visit the Website, you become our user (“User”).

Type of data subject	Description
Visitor	User who visits the Website.
Demo Requester	User who fills out the “Book a demo” or “Start a trial” form.
Potential Client	User who fills out the “Contact Us” form on the Sales or Pricing topics or uses a ROI calculator.
Support Requester	User who fills out the “Contact Us” form on the Support topic.
Other Requester	User who fills out the “Contact Us” form on Other topic.
Partner	User who registers as a partner via the “Fluix Affiliate Partner” form.
Job Applicant	User who applies to our open position on the “Careers” page.
Newsletter Subscriber	User who subscribes to the newsletter via newsletter form or any other form.
Content Downloader	User who downloads the content from the Website.

Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us.

Personal Data

Sources of Data

We receive data when you visit our Website and interact with it, depending on your actions on the Website.

We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.

Legal Basis for Processing

To process your personal data, we rely on the following legal bases:

performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (for example, the Terms of Service) with you;
legal obligation — for the processing of data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations;
consent — for additional processing for specific purposes.

Visitors’ Data

When you use our Website as a Visitor, we collect some data automatically. We need technical data to operate, support, and improve the Website’s functionality.

Type of data	Description	Reasons for processing	Legal basis
Necessary cookies.	Information about your visits and use of the Website, including the source of the links, the time and duration of the visit, and navigation.	The smooth operation of the Website and improvement of the Website and the Service.	Legitimate interest.
Necessary cookies.	Information that is necessary for the operation of the Website.	Improving your experience using the Website.	Performance of the contract.
Statistics cookies.	Information that helps us to understand how you interact with the Website by collecting and reporting information anonymously.	Improvement of the Website and analysis of the statistic for other purposes.	Consent.
Preference cookies.	Information that is necessary for the operation of some services on the Website.	The operation of some services on the Website.	Consent.
Marketing cookies.	Marketing information used to match relevant advertising to you.	Marketing.	Consent.

Data storage
Cookies.	Stored during the terms indicated in the Cookie Policy.

Demo Requesters’ Data

Source of data	Data we process	Reasons for processing	Legal basis
“Book a demo” or “Get a trial” form.	First and last name.	To set up a demo and use the data to register you in the Service.	Performance of the contract.
	Company name.
	Email.
	Phone number.
	Country.
	Country.	To improve our communication and the Service.	Legitimate interest.
Hubspot Meetings service.	Time and date for the demo call.	To set up a call.	Performance of the contract.
Hubspot Meetings service.	Time and date for the demo call.	To track performance of our team members.	Legitimate interest.

Data storage
Demo Requesters’ data.	In a case of the demo call, stored for 6 months after the demo call, unless the account is created. If the account is created, for 30 days after the deletion of the account.

Potential Clients’ Data

Source of data	Data we process	Reasons for processing	Legal basis
From the “Contact us” form.	Full name.	To personalize our response to your request.	Legitimate interest.
	Business email.	To respond to your request.	Performance of a contract.
	Text of the message.	To propose our services based on your request.	Performance of a contract.
From the ROI calculator.	Your business email.	To contact you and offer our services.	Performance of the contract.
	Your business email.	Send you relevant information.	Legitimate interest.
	Information about your business include: – the number of field workers working with documents; – average hourly salary of one field worker; – hours spent per day on traveling per field worker; – the number of office managers working with documents; – average hourly salary of one office manager; – cost of paper and travel expenses per month; – hours per day to copy data from paper forms into the database.	To provide you with the calculation of the potential benefits of using Fluix’s services.	Performance of the contract.

Data storage
Data from the “Contact us” form.	Stored during communication and for 1 year after.
Business email for the performance of a contract..	Stored during communication and for 1 year after.
Business email for marketing purposes.	Stored until you unsubscribe from the mailing.
Data about the business from the ROI calculator.	Stored until you unsubscribe from the mailing.

Partners’ Data

Source of data	Data we process	Reasons for processing	Legal basis
From “Fluix Affiliate Partner” form.	Email.	Creation of the Affiliate Partner’s account.	Performance of the contract.
	Full name.	Creation of the Affiliate Partner’s account.	Performance of the contract.
	Company name.	Creation of the Affiliate Partner’s account.	Performance of the contract.
	Country.	To choose a payment method.	Performance of the contract.
	Password.	Protecting your account.	Performance of the contract.

Data storage
Data from “Fluix Affiliate Partner” form..	Stored during the existence of the Partner’s account.

Job Applicants’ Data

Source of data	Data we process	Reasons for processing	Legal basis
From a third-party hiring provider available through the “Careers” page.	Full name.	Identify the candidate.	Performance of the contract.
	Email.	Contact the candidate.
	Phone.	Contact the candidate.
	Resume/CV.	Evaluation of the candidate.
	Current company.
	LinkedIn URL.
	GitHub URL.
	Portfolio URL.
	Other website URL.
	How did you know about Fluix message.	Improvement of the recruitment process.	Legitimate interest.
	How did you learn about the opportunity message.	Improvement of the recruitment process.	Legitimate interest.
	Additional information message.	Process the message	Consent.

Data storage
Data that is processed based on the performance of the contract.	Stored during communication and for 1 year after.
Data that is processed based on the legitimate interest.	Stored for 1 year after collection.
Data that is processed based on the consent.	Stored during communication and for 1 year after.

Source of data	Data we process	Reasons for processing	Legal basis
“Subscribe to our newsletter” form or other form with a newsletter checkbox.	Email.	Marketing mailing.	Consent.
	Industry of interest.	Personalization of the newsletter.	Consent.
	Industry of interest.	Improve our communication and the Service.	Legitimate interest.

Data storage
Data from “Subscribe to our newsletter” form.	Stored until you unsubscribe from the mailing.

Support Requesters’ Data

Source of data	Data we process	Reasons for processing	Legal basis
From the “Contact us” form.	Full name.	To personalize our response to your request.	Legitimate interest.
	Business email.	To respond to your request.	Performance of a contract.
	Text of the message.	To fulfill your support request.	Performance of a contract.

Data storage
Data from the “Contact us” form.	Stored during communication and for 1 year after.

Other Requesters’ Data

Source of data	Data we process	Reasons for processing	Legal basis
From the “Contact us” form.	Full name.	To personalize our response to your request.	Legitimate interest.
	Business email.	To respond to your request.	Consent.
	Text of the message.	To fulfill your request.	Consent.

Data storage
Data from the “Contact us” form.	Stored during communication and for 1 year after.

Content Downloaders’ Data

Source of data	Data we process	Reasons for processing	Legal basis
Content downloading forms.	Email.	To send you content.	Consent.
	Industry of interest.	Personalization of the relevant mailing.	Consent.
	Industry of interest.	Improve our communication and the Service.	Legitimate interest.

Data storage
Data from the content downloading forms.	Stored during communication and for 1 year after.

Data Received from Third Parties

We may receive some personal data from third parties.

The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties.

Third parties	Description
Analytics tools	We use various analytics tools to understand and promote our business. To get a detailed list of analytics tools, contact us.
Social networks	We use various social networks to spread information about our activities. To get a detailed list of social networks, contact us.
Messengers	We use different messengers to communicate with you in ways that are convenient for you. To get a detailed list of messengers, contact us.
CRM systems	We use various CRM systems to develop our public organization. To get a detailed list of CRM systems, contact us.

We use your personal data on the basis of the performance of the contract to provide services and communicate with the Users.

We share your data with the service providers (please, request Annex A. List of the processors to look through the list of service providers) and contractors to the extent necessary to provide services, technical and customer support, who, for example, help us:

operate, develop, and improve the features and functionality of our Website;
provide you with their services;
complete your payment transactions;
fulfill your support requests;
convert your files;
communicate with you as described elsewhere in this Privacy Notice.

In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third-party.

We can share your data on the following grounds: consent, compliance with the law, and performance of a contract.

Details

Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.

Consent. We may transfer your personal data based on your explicit consent.

Compliance with the law. We may disclose your personal data to third parties to the extent that it is necessary:

to comply with a government request, court order, or applicable law;
to prevent unlawful use of our Website or policies;
to protect against claims of third parties;
to help prevent or investigate fraud.

Transfer of personal data to third parties. We may transfer your personal data to third parties based on a data processing agreement, subject to the application of technical and organizational measures to protect your personal data. We may share data with certain companies, consultants and contractors hired to provide certain services to us or on our behalf.

Please note! We will ask for your consent if the transfer of data is not part of the contract.

Data Transfer Outside the European Economic Area

The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.

There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

You can read more detailed measures to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.

However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.

Security Measures

We are regularly certified by ISO 27001 Standard.

We systematically perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed.

To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).

Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements. You can contact customer support in case of any questions regarding the security issues.

Here you can find information about the steps we mentioned above:

Physical measures
Limited access to premises

Organizational measures
Limited access to premises 1. Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length 2. Monitoring and physical access policy 3. Contractual obligations and corporate VPN 4. Internal security policy 5. Access control policy	Transfer protection 1. Data protection agreements 2. Data transfer agreements 3. Standard contractual clauses
	Transfer protection 1. Non-disclosure agreements 2. Data protection agreements
Contractor and staff training	Privacy protection: 1. Implementation of privacy by design and privacy by default. 2. Internal procedures for GDPR compliance 3. Data protection impact assessments
Regular access and policy review Code review

Technical measures
Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys	Backup We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system.
Two-factor authentication
Static Analysis	Quality Assurance
Regular Patch Management	Dependency and Supply Chain Vulnerability Check
Stress-tests	Internal pen-testing

Data Subjects Rights

European Economic Area Residents

You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:

Right	Description
Right to access	You can request an explanation of the processing of your personal data.
Right to rectification	You can change the data if it is inaccurate or incomplete.
Right to erasure	You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restriction the processing	You may partially or completely prohibit us from processing your personal data.
Right to data portability	You can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to object	You may object to the processing of your personal data.
Right to withdraw consent	You can withdraw your consent at any time.
Right to file a complaint	If your request was not satisfied, you can file a complaint to the regulatory body.
To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

United States Residents

You, as data subjects, have some special privacy rights. To use them, please contact us.

Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.

If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

Right	Description	Area
Right to access	You can request an explanation of the processing of your personal data.	California Virginia Ohio Colorado Nevada Massachusetts	Minnesota New York North Carolina Pennsylvania Delaware Utah
Right to rectification	You can change the information if it is inaccurate or incomplete.	California Virginia Colorado Nevada Delaware	Massachusetts Minnesota New York North Carolina
Right to deletion	You can send us a request to delete your personal data from our systems.	California Virginia Ohio Colorado Massachusetts	Minnesota New York North Carolina Pennsylvania Utah
Right to restriction	You may partially or completely prohibit us from processing your personal data.	California Massachusetts	New York
Right to portability	You can request all the data that you provided to us, as well as request to transfer data to another controller.	California Virginia Ohio Colorado Massachusetts	Minnesota New York North Carolina Utah
Right to Opt-Out	The right to prohibit the sharing or selling of your data.	California Virginia Ohio Nevada Massachusetts Minnesota	New York North Carolina Pennsylvania Delaware Colorado Utah
Right Against Automated Decision Making	You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way.	California Virginia Colorado Massachusetts	Minnesota North Carolina New York
Right to lodge a complaint	If your request is not satisfied, you can file a complaint to the regulatory body.	by default

Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.

Do Not Sell My Personal Information

California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.

Fluix does not sell your personal information to anyone nor use your data as a business model.

However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us at dpo@fluix.io.

Do-Not-Track Requests

California residents visiting our Website may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.

Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.

We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.

Cookies

We use cookies that are needed for the Website’s operation. By using cookies, we receive automatically collected data. You can read more in our Cookies Policy.

If you want to disable cookies, you can find instructions for managing your browser settings at these links:

Internet Explorer	Firefox	Chrome	Opera
Microsoft Edge	Vivaldi	Safari	Brave

Privacy Notice Updates

The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes on our Website.

If we make substantial changes to the Privacy Notice or the Website that affect your data privacy rights, we will notify you by email or display information on the Website and ask you to read it. We will notify

you in advance, and, if you continue using the Website after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.