Privacy Notice for Fluix Website
Effective date: 29 November 2024 (view archived versions).
Key Changes to the Privacy Notice for Fluix Website
At Fluix, we care about our users, and therefore, we have improved our Privacy Notice governing your use of Fluix Website.
In a nutshell, we:
- revised the structure of the Privacy Notice;
- added information on data processing in the newly-released the “Get Started” form;
- detailed processing of the different data categories and data transfers;
- added data subject rights belonging to the UK and Canadian residents.
We encourage you to carefully review the full text of the Privacy Notice for Fluix Website. The abovementioned updates become effective as of the publication date.
Intro
Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our website, available at https://fluix.io/ (“Website”).
This Privacy Notice describes which of your personal data is collected by the Website, how it is stored, processed, and used, and what happens when you use the Website, interact with us via our email address, or on our social media accounts, including, but not limited to, LinkedIn, Facebook, Instagram, X, YouTube, Instagram, or otherwise provide us with information about yourself.
When you sign in or log in to the Website, you begin using our Web application Fluix, the iOS applications Fluix Docs or Fluix Tasks, or the Android application Fluix Tasks (“Service”). We describe personal data processing in the Fluix Service in the Privacy Notice for Fluix Service.
We understand the significance of your privacy and appreciate the trust you’ve placed in us. To maintain that trust, we embed the latest data security standards, continuously improve our understanding of the privacy legal framework, and adhere strictly to the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), and other pertinent privacy laws.
Please note that we do not collect, track, or store any personal data beyond what is necessary for us to provide and improve our product and services, conduct our marketing campaigns as described in this Privacy Notice, and fulfil our legal obligations.
Table of Contents
- About Us
- About You
- Personal Data
- Data Collection and Storage
- Data Sharing with Third Parties
- Data Transfer Outside the European Economic Area
- Security Measures
- Data Subjects Rights
- Privacy Notice Updates
About Us
| Controller | Fluix Limited 630284 Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland |
| Data Protection Officer (DPO) | Privacity GmbH Address: Neuer Wall 50, 20354 Hamburg, Germany |
| support@fluix.io – for general inquiries dpo-fluix@fluix.io – for privacy inquiries |
When processing your personal data, Fluix may assume different roles under the GDPR and other applicable laws and regulations. We operate as a data controller under the GDPR and as a business under the CCPA, respectively. It means that Fluix determines what data, how and for what purposes are processed.
About You
When you visit and/or in any way interact with Website, you become our user (“User”).
| Type of Users | Description |
|---|---|
| Demo Requester | A User who fills out the “Book a demo” form or otherwise requests a demo via the “Contact Us” form or other communication channels. |
| Potential Client | A User who completes and submits the “Contact Us” form regarding Sales or Pricing topics or the “Get Started” form, or utilises an ROI calculator. |
| Support Requester | A User who completes and submits the “Contact Us” form regarding the Support or Other topic or contacts us via email or any other convenient method seeking assistance. |
| Partner | A User who registers as a partner via the “Fluix Affiliate Partner” form or “Fluix Partner Program” form. |
| Job Applicant | A User who applies to our open position on the “Careers” page. |
| Newsletter Subscriber | A User who subscribes to the newsletter via the Newsletter Form or other relevant form. |
| Content Downloader | A User who downloads the content from the Website and submits personal data through available forms. |
Please note: We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us immediately.
Personal Data
Sources of Data
We collect personal data when you visit our Website and interact with it. Depending on your actions on the Website, you may leave your data through cookies and other tracking technologies or via different forms accessible on the Website. We may also collect your personal data when you contact us via email or our social media accounts.
We may also, although not necessarily, receive data from third parties. It depends on your settings and the features you use.
Legal Basis for Processing
To process your personal data, we rely on the following legal bases:
- Performance of the Contract: This involves processing personal data necessary for negotiating, concluding, and performing a contract with you (such as the Terms of Service).
When you provide us with personal data to book a demo, this action can be considered a request to establish or fulfil a contract between you and us. Nevertheless, if there is uncertainty, we might request explicit consent. - Legal Obligation: This involves processing data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body.
We process your personal data to meet our legal obligations, including complying with tax or regulatory requirements. If you send us a request to exercise your rights under the GDPR, CCPA, and other applicable laws, we may request some additional personal data or personal data we already possess to identify you and ensure compliance with the relevant laws. - Legitimate interest: This involves processing necessary for the development of our services, considering your interests, rights, and expectations.
We process your personal data to safeguard our legitimate interests, which include preventing fraud, ensuring the security of our Website, and offering you a seamless user experience. We only collect and use the strictly necessary data to accomplish these purposes and do not supersede your fundamental rights and freedoms. - Consent: for additional processing for specific purposes.
We collect the information you choose to provide us, and we process it based on your consent. You have the right to withdraw your consent for processing your personal data at any time.
You can withdraw your consent for the processing of your personal data by contacting us.
Data Collection and Storage
Users’ Data
When you use our Website, we automatically collect certain data via cookies and other tracking technologies. This data is collected to ensure the proper functioning of the Website for analytics, marketing activities, remembering your preferences, and other purposes. Such usage may involve the transmission of information from us to you and from you to a third-party website or to us. For the full information on the cookies and other tracking technologies used at the Website, please refer to the Cookie Policy for the Fluix Website.
| Type of data | Description | Reasons for processing | Legal basis |
|---|---|---|---|
| Necessary cookies and pixels data.Necessary cookies and pixels data. | Information about your visits and usage of the Website, including the source of the links, the time and duration of the visit, and navigation, technical data. | The website’s smooth functioning and improvement of the Website and the service. | Performance of contract. |
| Statistics cookies data. | Information that helps us to understand how you interact with the Website by collecting and reporting information anonymously. | Improvement of the Website and analysis of the statistic for other purposes. | Consent. |
| Analytics cookies data. | Information that is necessary for optimisation of the functioning of certain features of the Website. | Ensuring and improving the proper functioning of certain features of the Website. | Consent. |
| Marketing cookies data. | Marketing information utilised to align relevant advertising with your interests. | Marketing. | Consent. |
| Data storage | |
|---|---|
| Cookies. | Stored during the terms indicated in the Cookie Policy. |
Demo Requesters’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| “Book a demo” form. | First and last name. | To set up a demo and use the data to register you in the Service. | Performance of the contract. |
| Company name. | |||
| Email. | |||
| Phone number. | |||
| Country. | |||
| To improve our communication and the Service. | Legitimate interest. | ||
| Hubspot Meetings service. | Time and date for the demo call. | To set up a call. | Performance of the contract. |
| To track performance of our team members. | Legitimate interest. | ||
| “Contact Us” form, videocall and/or other communication channels. | Full name. Business email. Text of the message and the information communicated via videocall and/or other communication channels. | To contact the requester and learn more about the inquiry. To set up a demo / collect data to register you in the Service. | Performance of the contract. |
| Data storage | |
|---|---|
| Demo Requesters’ data. | In the case of the demo call, stored during communication and for 1 year after the demo call unless an account is created. |
| If the account is created, for 30 days after the deletion of the account. | |
Potential Clients’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| The “Get Started” form. | First and last name. | To set up a communication with you regarding the Service. | Performance of the contract. |
| Business email. | |||
| Phone number. | |||
| Country | |||
| To improve our communication and the Service. | Legitimate interest. | ||
| Business email. | Marketing mailing. | Consent. | |
| From the “Contact us” form. | Full name. | To respond to your request. | Legitimate interest. |
| Business email. | To respond to your request. | Performance of a contract. | |
| Text of the message. | To respond to your request. | Performance of a contract. | |
| The ROI calculator. | Business email. | To contact you and offer our services. | Performance of the contract. |
| Send you relevant information. | Legitimate interest. | ||
| Information about your business: – the number of field workers working with documents; – average hourly salary of one field worker; – hours spent per day on traveling per field worker; – the number of office managers working with documents; – average hourly salary of one office manager; – cost of paper and travel expenses per month; – hours per day to copy data from paper forms into the database. | To provide you with the calculation of the potential benefits of using Fluix’s services. | Performance of the contract. |
| Data storage | |
|---|---|
| Data from the “Get Started” form, including business email for the performance of a contract. | Stored during communication and for 1 year after. |
| Data from the “Contact Us” form, including business email for the performance of a contract. | Stored during communication and for 1 year after. |
| Business email for marketing purposes. | Stored until you unsubscribe from the mailing. |
| Data about the business from the ROI calculator. | Stored until you unsubscribe from the mailing. |
Partners’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
|---|---|---|---|
| The “Fluix Affiliate Partner” form. | Email. | Creating of the Affiliate Partner’s account. | Performance of the contract. |
| Full name. | Creation of the Affiliate Partner’s account. | Performance of the contract. | |
| Company name. | Creation of the Affiliate Partner’s account. | Performance of the contract. | |
| Country. | To choose a payment method. | Performance of the contract. | |
| Password. | Protecting your account. | Performance of the contract. | |
| The “Fluix Partner Program” form. | First and last name. | Negotiations of the potential partnership and development of business relations. | Consent. |
| Job title. | Consent. | ||
| Email. | Consent. | ||
| Company name. | Consent. | ||
| Calls with potential and current partners. | Meeting records. | Analysis of the received feedback and improvement of the processes. | Consent. |
| Data storage | |
|---|---|
| Data from “Fluix Affiliate Partner” form. | Stored during the existence of the Partner’s account. |
| Data from the “Fluix Partner Program” form. | Stored until you withdraw the consent. |
| Meeting records. | Stored until you withdraw the consent. |
Job Applicants’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
| From a third-party hiring provider available through the “Careers” page. | Full name. | Identifying the candidate. | Performance of the contract. |
| Email. | Contacting the candidate. | ||
| Phone. | |||
| Links to the social media accounts (if any). | |||
| Resume/CV. | Evaluating the candidate’s skills, experience, and other relevant qualities. | ||
| Cover letter (if any). | |||
| LinkedIn URL (if any). | |||
| GitHub URL (if any). | |||
| Portfolio URL (if any). | |||
| Other website URL, e.g. personal (if any). | |||
| How did you know about Fluix. | Improvement of the recruitment process. | Legitimate interest. | |
| How did you learn about the opportunity. | |||
| Additional information. | Process the message | Consent. | |
| Data listed above after the end of the basic retention period. | Contacting the candidate in case of new opportunities. | Consent. |
| Data storage | |
| Data that is processed based on the performance of the contract. | Stored for 1095 days after the candidate has been rejected on all applications. 30 days before a candidate’s retention period expires, we send an automated email with the request for permission from candidates to keep their data for another retention period. |
| Data that is processed based on the legitimate interest. | |
| Data that is processed based on the consent. | Stored until you withdraw the consent. |
Newsletter Subscribers’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
| “Subscribe to our newsletter” form or other form with a newsletter checkbox. | Email. | Marketing mailing. | Consent. |
| Improve our communication and the Service. | Legitimate interest. |
| Data storage | |
| Data from “Subscribe to our newsletter” form. | Stored until you unsubscribe from the newsletter. |
Support Requesters’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
| The “Contact us” form. | Full name. | To respond to your request. | Performance of a contract. |
| Business email. | |||
| Text of the message. | |||
| Emails for inquiries.. | Data provided in the email (it may include the full name, email text, and any other relevant data, provided by the user). | To respond to your request. | Performance of a contract. |
| Data storage | |
| Data from the “Contact us” form. | Stored during communication and for 1 year after. |
Content Downloaders’ Data
| Source of data | Data we process | Reasons for processing | Legal basis |
| Content downloading forms. | Business email. | To send you content. | Consent. |
| Industry of interest. | Personalization of the relevant mailing. | Consent. | |
| Improve our communication and the Service. | Legitimate interest. |
| Data storage | |
| Data from the content downloading forms. | Stored during communication and for 1 year after. |
Please note that we collect the aforementioned data to provide you with the available tools and services on the Website. We collect data solely for the purposes listed above and in strict adherence to data protection principles. Failure to provide the requested information or providing incomplete information may hinder our ability to effectively provide the functionality of our Website.
Data Received from Third Parties
We may receive certain personal data from third parties.
The amount of data collected, the purposes, and the legal basis for processing are determined by the respective privacy documents of such third parties.
| Third parties | Description |
| Analytics tools | We use various analytics tools to understand and promote our business. To get a detailed list of analytics tools, contact us. |
| Social networks | We use various social networks to spread information about our activities. To get a detailed list of social networks, contact us. |
| Messengers | We use different messengers to communicate with you in ways that are convenient for you. To get a detailed list of messengers, contact us. |
| CRM systems | We use various CRM systems to develop our public organisation. To get a detailed list of CRM systems, contact us. |
Data Sharing with Third Parties
We use your personal data on the basis of the performance of the contract to provide services and communicate with you.
We share your data with third-party service providers and contractors to the extent necessary to provide our services and technical and customer support. Please request Annex A. List of the processors to look through the list of service providers.
Such third-party service providers and contractors, for example, help us to:
- operate, develop, and improve the features and functionality of our Website;
- provide you with their services;
- complete your payment transactions;
- fulfill your support requests;
- convert your files;
- communicate with you as described elsewhere in this Privacy Notice.
We have implemented organisational and technical measures to ensure the security of personal data during data transfer to third parties. Where possible, we also always enter into data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.
We can share your data on the following grounds:
Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.
Consent. We may transfer your personal data based on your explicit consent.
Legal obligation. We may disclose your personal data to third parties to the extent that it is necessary:
- to comply with a government request, court order, or applicable law;
- to prevent unlawful use of our Website or policies;
- to protect against claims of third parties;
- to help prevent or investigate fraud.
Legitimate interest. We may transfer your data to our contractors, partners, and affiliates based on our legitimate interest to the extent necessary to assist us in providing services.
Please note: We will ask for your consent if the transfer of data is not part of the contract.
Data Transfer Outside the European Economic Area
The personal data we collect is stored on servers in the USA. The European Commission has recognized the USA (commercial organisations participating in the EU-US Data Privacy Framework) as providing adequate protection. Specifically, Amazon Web Services, Inc. as well as Google LLC and its wholly-owned US subsidiaries (unless explicitly excluded) have certified that they adhere to the EU-US Data Privacy Framework Principles.
Still, we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.
For countries not covered by the adequacy decision of the European Commission, including Ukraine or some US entities, we use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
We also implement technical and organisational measures when transferring data outside the European Union. These measures include assessing the service provider’s reliability and personal data protection practices, encrypting the transferred personal data, promptly responding to any threats to confidentiality, integrity, and availability of personal data, and conducting Transfer Impact Assessments when necessary, etc.
Security Measures
We are regularly certified by ISO 27001 Standard.
We systematically perform Data Protection Impact Assessments to ensure that we use appropriate technical and organisational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed.
To specify, for the protection of your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies such as password policy and physical access policy etc.
Furthermore, we systematically monitor our technologies’ state-of-the-art and maintain timely backups. All our contractors operate under contractual obligations compliant with the GDPR and other applicable privacy laws requirements. For any queries regarding security concerns, feel free to contact our customer support.
Here you can find details about the steps we mentioned above:
| Physical measures |
| Limited access to premises |
| Organizational measures | |
| Policies and instructions Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length Monitoring and physical access policy Contractual obligations and corporate VPN Internal security policy Access control policy | Transfer protection Data protection agreements Data transfer agreements Standard contractual clauses |
| Agreements Non-disclosure agreements Data protection agreements | |
| Contractor and staff training | Privacy protection: Implementation of privacy by design and privacy by default. Internal procedures for GDPR and other applicable privacy laws compliance Data protection impact assessments |
| Regular access and policy review Code review | |
| Technical measures | |
| Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys | Backup We ensure data availability through various means. For instance, the entire system undergoes regular backups, which can be utilised in case other availability measures falter. Critical services are redundantly operated across multiple data centres and managed by a high-availability system. |
| Two-factor authentication | |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
| Stress-tests | Internal pen-testing |
Data Subjects Rights
European Economic Area and United Kingdom Residents
As a data subject, you have the right to directly interact with your data or request interaction through us. This section outlines these rights and how you can exercise them. To exercise your rights, please contact us.
| Right | Description |
| Right to be informed | You have the right to be informed about the collection and use of your personal data. All information is available in this Privacy Notice, the Cookie Policy, and other legal documents at the Website. |
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restriction the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right not to be subject to a decision based solely on automated processing | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request is not satisfied, you can file a complaint with the regulatory body. |
| For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns. | |
United States Residents
You, as data subjects, have some special privacy rights. To exercise the following rights by submitting your request, please contact us.
| Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more. |
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
| Right | Description | Area | |
| Right to access | You can request an explanation of the processing of your personal data. | California Virginia Ohio Colorado Nevada Massachusetts | Minnesota New York North Carolina Pennsylvania Delaware Utah |
| Right to rectification | You can change the information if it is inaccurate or incomplete. | California Virginia Colorado Nevada Delaware | Massachusetts Minnesota New York North Carolina |
| Right to deletion | You can send us a request to delete your personal data from our systems. | California Virginia Ohio Colorado Massachusetts | Minnesota New York North Carolina Pennsylvania Utah |
| Right to restriction | You may partially or completely prohibit us from processing your personal data. | California Massachusetts | New York |
| Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. | California Virginia Ohio Colorado Massachusetts | Minnesota New York North Carolina Utah |
| Right to Opt-Out | The right to prohibit the sharing or selling of your data. | California Virginia Ohio Nevada Massachusetts Minnesota | New York North Carolina Pennsylvania Delaware Colorado Utah |
| Right Against Automated Decision Making | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. | California Virginia Colorado Massachusetts | Minnesota North Carolina New York |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. | by default | |
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. |
Canada Residents
| Right | Description |
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the information if it is inaccurate or incomplete. |
| Right to deletion | You can send us a request to delete your personal data from our systems. We will remove all data except of what we are obliged to store in compliance with the law requirements. |
| Right to data portability | You can request all the data you provided to us and request to transfer data to another controller. |
| Right to object opt-out | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right not to be subject to automated decision-making | You can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing. |
| Right to lodge a complaint | If your request is not satisfied, you could file a complaint to the regulatory body. |
| To exercise your rights, contact us. |
| We will answer your request within 30 days. If your complaint is not satisfied, you can submit a complaint to the Office of the Privacy Commissioner of Canada. |
Do Not Sell My Personal Information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by the CCPA.
Fluix does not sell your personal information to anyone, nor use your data as a business model. Additionally, we do not provide any financial incentives associated with our collection, sharing, or retention of your personal information.
Nevertheless, we comply with the CCPA by allowing California residents to opt out of any future sale of their personal information. If you wish to indicate your preference that we refrain from selling your data in the future, please contact us at dpo-fluix@fluix.io.
Do-Not-Track Requests
California residents visiting our Website may request that we refrain from automatically gathering and tracking information pertaining to their online browsing activities across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms enabling consumers to control the collection of personal data regarding an individual consumer’s online activities across third-party websites or online services over time.
Currently, we do not possess the capability to fulfil these requests. We reserve the right to update this Privacy Notice as our capabilities evolve.
Privacy Notice Updates
The Privacy Notice and the relationships falling under its effect are regulated by the GDPR, CCPA, and other applicable privacy laws. Existing laws and requirements for processing personal data are subject to change. At the same time, we also continuously improve our privacy practices, and our business evolves. In the event of such changes, we will publish a new version of the Privacy Notice on our Website to address them.
If substantial changes to the Privacy Notice or the Website that affect your data privacy rights are made, we will notify you via email or display information on the Website, requesting you to review it. We will provide the notice, and if you continue using the Website after the changes take effect, it will be considered that you have accepted the updated Privacy Notice.