Privacy Notice for Fluix Website

Effective date: 29 November 2024 (view archived versions).

Key Changes to the Privacy Notice for Fluix Website

At Fluix, we care about our users, and therefore, we have improved our Privacy Notice governing your use of Fluix Website.

In a nutshell, we:

  • revised the structure of the Privacy Notice;
  • added information on data processing in the newly-released the “Get Started” form;
  • detailed processing of the different data categories and data transfers;
  • added data subject rights belonging to the UK and Canadian residents.

We encourage you to carefully review the full text of the Privacy Notice for Fluix Website. The abovementioned updates become effective as of the publication date.

Intro

Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our website, available at https://fluix.io/ (“Website”).

This Privacy Notice describes which of your personal data is collected by the Website, how it is stored, processed, and used, and what happens when you use the Website, interact with us via our email address, or on our social media accounts, including, but not limited to, LinkedIn, Facebook, Instagram, X, YouTube, Instagram, or otherwise provide us with information about yourself.

When you sign in or log in to the Website, you begin using our Web application Fluix, the iOS applications Fluix Docs or Fluix Tasks, or the Android application Fluix Tasks (“Service”). We describe personal data processing in the Fluix Service in the Privacy Notice for Fluix Service.

We understand the significance of your privacy and appreciate the trust you’ve placed in us. To maintain that trust, we embed the latest data security standards, continuously improve our understanding of the privacy legal framework, and adhere strictly to the General Data Protection Regulation (“GDPR”), California Consumer Privacy Act (“CCPA”), and other pertinent privacy laws.

Please note that we do not collect, track, or store any personal data beyond what is necessary for us to provide and improve our product and services, conduct our marketing campaigns as described in this Privacy Notice, and fulfil our legal obligations.

Table of Contents

About Us

ControllerFluix Limited
630284
Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland
Data Protection Officer (DPO)Privacity GmbH
Address: Neuer Wall 50, 20354 Hamburg, Germany
Emailsupport@fluix.io – for general inquiries
dpo-fluix@fluix.io – for privacy inquiries

When processing your personal data, Fluix may assume different roles under the GDPR and other applicable laws and regulations. We operate as a data controller under the GDPR and as a business under the CCPA, respectively. It means that Fluix determines what data, how and for what purposes are processed.

About You

When you visit and/or in any way interact with Website, you become our user (“User”).

Type of UsersDescription
Demo RequesterA User who fills out the “Book a demo” form or otherwise requests a demo via the “Contact Us” form or other communication channels.
Potential ClientA User who completes and submits the “Contact Us” form regarding Sales or Pricing topics or the “Get Started” form, or utilises an ROI calculator.
Support RequesterA User who completes and submits the “Contact Us” form regarding the Support or Other topic or contacts us via email or any other convenient method seeking assistance.
PartnerA User who registers as a partner via the “Fluix Affiliate Partner” form or “Fluix Partner Program” form.
Job ApplicantA User who applies to our open position on the “Careers” page.
Newsletter SubscriberA User who subscribes to the newsletter via the Newsletter Form or other relevant form.
Content DownloaderA User who downloads the content from the Website and submits personal data through available forms.

Please note: We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us immediately.

Personal Data

Sources of Data

We collect personal data when you visit our Website and interact with it. Depending on your actions on the Website, you may leave your data through cookies and other tracking technologies or via different forms accessible on the Website. We may also collect your personal data when you contact us via email or our social media accounts.

We may also, although not necessarily, receive data from third parties. It depends on your settings and the features you use.

To process your personal data, we rely on the following legal bases:

  • Performance of the Contract: This involves processing personal data necessary for negotiating, concluding, and performing a contract with you (such as the Terms of Service).
    When you provide us with personal data to book a demo, this action can be considered a request to establish or fulfil a contract between you and us. Nevertheless, if there is uncertainty, we might request explicit consent.
  • Legal Obligation: This involves processing data as required by applicable laws or if requested by a law enforcement agency, court, supervisory authority, or another state-authorised public body.
    We process your personal data to meet our legal obligations, including complying with tax or regulatory requirements. If you send us a request to exercise your rights under the GDPR, CCPA, and other applicable laws, we may request some additional personal data or personal data we already possess to identify you and ensure compliance with the relevant laws.
  • Legitimate interest: This involves processing necessary for the development of our services, considering your interests, rights, and expectations.
    We process your personal data to safeguard our legitimate interests, which include preventing fraud, ensuring the security of our Website, and offering you a seamless user experience. We only collect and use the strictly necessary data to accomplish these purposes and do not supersede your fundamental rights and freedoms.
  • Consent: for additional processing for specific purposes.
    We collect the information you choose to provide us, and we process it based on your consent. You have the right to withdraw your consent for processing your personal data at any time.
    You can withdraw your consent for the processing of your personal data by contacting us.

Data Collection and Storage

Users’ Data

When you use our Website, we automatically collect certain data via cookies and other tracking technologies. This data is collected to ensure the proper functioning of the Website for analytics, marketing activities, remembering your preferences, and other purposes. Such usage may involve the transmission of information from us to you and from you to a third-party website or to us. For the full information on the cookies and other tracking technologies used at the Website, please refer to the Cookie Policy for the Fluix Website.

Type of dataDescriptionReasons for processingLegal basis
Necessary cookies and pixels data.Necessary cookies and pixels data.Information about your visits and usage of the Website, including the source of the links, the time and duration of the visit, and navigation, technical data.The website’s smooth functioning and improvement of the Website and the service.Performance of contract.
Statistics cookies data.Information that helps us to understand how you interact with the Website by collecting and reporting information anonymously.Improvement of the Website and analysis of the statistic for other purposes.Consent.
Analytics cookies data.Information that is necessary for optimisation of the functioning of certain features of the Website.Ensuring and improving the proper functioning of certain features of the Website.Consent.
Marketing cookies data.Marketing information utilised to align relevant advertising with your interests.Marketing.Consent.
Data storage
Cookies.Stored during the terms indicated in the Cookie Policy.

Demo Requesters’ Data

Source of dataData we processReasons for processingLegal basis
“Book a demo” form.First and last name.To set up a demo and use the data to register you in the Service.Performance of the contract.
Company name.
Email.
Phone number.
Country.
To improve our communication and the Service.Legitimate interest.
Hubspot Meetings service.Time and date for the demo call.To set up a call.Performance of the contract.
To track performance of our team members.Legitimate interest.
“Contact Us” form, videocall and/or other communication channels.Full name.
Business email.
Text of the message and the information communicated via videocall and/or other communication channels.
To contact the requester and learn more about the inquiry.
To set up a demo / collect data to register you in the Service.
Performance of the contract.
Data storage
Demo Requesters’ data.In the case of the demo call, stored during communication and for 1 year after the demo call unless an account is created.
If the account is created, for 30 days after the deletion of the account.

Potential Clients’ Data

Source of dataData we processReasons for processingLegal basis
The “Get Started” form.First and last name.To set up a communication with you regarding the Service.Performance of the contract.
Business email.
Phone number.
Country
To improve our communication and the Service.Legitimate interest.
Business email.Marketing mailing.Consent.
From the “Contact us” form.Full name.To respond to your request.Legitimate interest.
Business email.To respond to your request.Performance of a contract.
Text of the message.To respond to your request.Performance of a contract.
The ROI calculator.Business email.To contact you and offer our services.Performance of the contract.
Send you relevant information.Legitimate interest.
Information about your business:
– the number of field workers working with documents;
– average hourly salary of one field worker;
– hours spent per day on traveling per field worker;
– the number of office managers working with documents;
– average hourly salary of one office manager;
– cost of paper and travel expenses per month;
– hours per day to copy data from paper forms into the database.
To provide you with the calculation of the potential benefits of using Fluix’s services.Performance of the contract.
Data storage
Data from the “Get Started” form, including business email for the performance of a contract.Stored during communication and for 1 year after.
Data from the “Contact Us” form, including business email for the performance of a contract.Stored during communication and for 1 year after.
Business email for marketing purposes.Stored until you unsubscribe from the mailing.
Data about the business from the ROI calculator.Stored until you unsubscribe from the mailing.

Partners’ Data

Source of dataData we processReasons for processingLegal basis
The “Fluix Affiliate Partner” form.Email.Creating of the Affiliate Partner’s account.Performance of the contract.
Full name.Creation of the Affiliate Partner’s account.Performance of the contract.
Company name.Creation of the Affiliate Partner’s account.Performance of the contract.
Country.To choose a payment method.Performance of the contract.
Password.Protecting your account.Performance of the contract.
The “Fluix Partner Program” form.First and last name.Negotiations of the potential partnership and development of business relations.Consent.
Job title.Consent.
Email.Consent.
Company name.Consent.
Calls with potential and current partners.Meeting records.Analysis of the received feedback and improvement of the processes.Consent.
Data storage
Data from “Fluix Affiliate Partner” form.Stored during the existence of the Partner’s account.
Data from the “Fluix Partner Program” form.Stored until you withdraw the consent.
Meeting records.Stored until you withdraw the consent.

Job Applicants’ Data

Source of dataData we processReasons for processingLegal basis
From a third-party hiring provider available through the “Careers” page.Full name.Identifying the candidate.Performance of the contract.
Email.Contacting the candidate.
Phone.
Links to the social media accounts (if any).
Resume/CV.Evaluating the candidate’s skills, experience, and other relevant qualities.
Cover letter (if any).
LinkedIn URL (if any).
GitHub URL (if any).
Portfolio URL (if any).
Other website URL, e.g. personal (if any).
How did you know about Fluix.Improvement of the recruitment process.Legitimate interest.
How did you learn about the opportunity.
Additional information.Process the messageConsent.
Data listed above after the end of the basic retention period.Contacting the candidate in case of new opportunities.Consent.
Data storage
Data that is processed based on the performance of the contract.Stored for 1095 days after the candidate has been rejected on all applications. 30 days before a candidate’s retention period expires, we send an automated email with the request for permission from candidates to keep their data for another retention period.
Data that is processed based on the legitimate interest.
Data that is processed based on the consent.Stored until you withdraw the consent.

Newsletter Subscribers’ Data

Source of dataData we processReasons for processingLegal basis
“Subscribe to our newsletter” form or other form with a newsletter checkbox.Email.Marketing mailing.Consent.
Improve our communication and the Service.Legitimate interest.
Data storage
Data from “Subscribe to our newsletter” form.Stored until you unsubscribe from the newsletter.

Support Requesters’ Data

Source of dataData we processReasons for processingLegal basis
The “Contact us” form.Full name.To respond to your request.Performance of a contract.
Business email.
Text of the message.
Emails for inquiries..Data provided in the email (it may include the full name, email text, and any other relevant data, provided by the user).To respond to your request.Performance of a contract.
Data storage
Data from the “Contact us” form.Stored during communication and for 1 year after.

Content Downloaders’ Data

Source of dataData we processReasons for processingLegal basis
Content downloading forms.Business email.To send you content.Consent.
Industry of interest.Personalization of the relevant mailing.Consent.
Improve our communication and the Service.Legitimate interest.
Data storage
Data from the content downloading forms.Stored during communication and for 1 year after.

Please note that we collect the aforementioned data to provide you with the available tools and services on the Website. We collect data solely for the purposes listed above and in strict adherence to data protection principles. Failure to provide the requested information or providing incomplete information may hinder our ability to effectively provide the functionality of our Website.

Data Received from Third Parties

We may receive certain personal data from third parties.

The amount of data collected, the purposes, and the legal basis for processing are determined by the respective privacy documents of such third parties.

Third partiesDescription
Analytics toolsWe use various analytics tools to understand and promote our business. To get a detailed list of analytics tools, contact us.
Social networksWe use various social networks to spread information about our activities. To get a detailed list of social networks, contact us.
MessengersWe use different messengers to communicate with you in ways that are convenient for you. To get a detailed list of messengers, contact us.
CRM systemsWe use various CRM systems to develop our public organisation. To get a detailed list of CRM systems, contact us.

Data Sharing with Third Parties

We use your personal data on the basis of the performance of the contract to provide services and communicate with you.

We share your data with third-party service providers and contractors to the extent necessary to provide our services and technical and customer support. Please request Annex A. List of the processors to look through the list of service providers.

Such third-party service providers and contractors, for example, help us to:

  • operate, develop, and improve the features and functionality of our Website;
  • provide you with their services;
  • complete your payment transactions;
  • fulfill your support requests;
  • convert your files;
  • communicate with you as described elsewhere in this Privacy Notice.

We have implemented organisational and technical measures to ensure the security of personal data during data transfer to third parties. Where possible, we also always enter into data processing agreements (DPAs) and Non-Disclosure Agreements (NDAs) with our third parties.

We can share your data on the following grounds:

Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.

Consent. We may transfer your personal data based on your explicit consent.

Legal obligation. We may disclose your personal data to third parties to the extent that it is necessary:

  • to comply with a government request, court order, or applicable law;
  • to prevent unlawful use of our Website or policies;
  • to protect against claims of third parties;
  • to help prevent or investigate fraud.

Legitimate interest. We may transfer your data to our contractors, partners, and affiliates based on our legitimate interest to the extent necessary to assist us in providing services.

Please note: We will ask for your consent if the transfer of data is not part of the contract.

Data Transfer Outside the European Economic Area

The personal data we collect is stored on servers in the USA. The European Commission has recognized the USA (commercial organisations participating in the EU-US Data Privacy Framework) as providing adequate protection. Specifically, Amazon Web Services, Inc. as well as Google LLC and its wholly-owned US subsidiaries (unless explicitly excluded) have certified that they adhere to the EU-US Data Privacy Framework Principles.

Still, we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.

For countries not covered by the adequacy decision of the European Commission, including Ukraine or some US entities, we use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.

We also implement technical and organisational measures when transferring data outside the European Union. These measures include assessing the service provider’s reliability and personal data protection practices, encrypting the transferred personal data, promptly responding to any threats to confidentiality, integrity, and availability of personal data, and conducting Transfer Impact Assessments when necessary, etc.

Security Measures

We are regularly certified by ISO 27001 Standard.

We systematically perform Data Protection Impact Assessments to ensure that we use appropriate technical and organisational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorised disclosure of or access to personal data transmitted, stored, or otherwise processed.

To specify, for the protection of your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies such as password policy and physical access policy etc.

Furthermore, we systematically monitor our technologies’ state-of-the-art and maintain timely backups. All our contractors operate under contractual obligations compliant with the GDPR and other applicable privacy laws requirements. For any queries regarding security concerns, feel free to contact our customer support.

Here you can find details about the steps we mentioned above:

Physical measures
Limited access to premises
Organizational measures
Policies and instructions Password policy. We regulate access to our systems via password procedures and the use of SSH keys of at least 4096 bits in length Monitoring and physical access policy Contractual obligations and corporate VPN Internal security policy Access control policyTransfer protection Data protection agreements Data transfer agreements Standard contractual clauses
Agreements Non-disclosure agreements Data protection agreements
Contractor and staff trainingPrivacy protection: Implementation of privacy by design and privacy by default. Internal procedures for GDPR and other applicable privacy laws compliance Data protection impact assessments
Regular access and policy review Code review
Technical measures
Encryption technologies:
encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys
Backup
We ensure data availability through various means. For instance, the entire system undergoes regular backups, which can be utilised in case other availability measures falter. Critical services are redundantly operated across multiple data centres and managed by a high-availability system.
Two-factor authentication
Static AnalysisQuality Assurance
Regular Patch ManagementDependency and Supply Chain Vulnerability Check
Stress-testsInternal pen-testing

Data Subjects Rights

European Economic Area and United Kingdom Residents

As a data subject, you have the right to directly interact with your data or request interaction through us. This section outlines these rights and how you can exercise them. To exercise your rights, please contact us.

RightDescription
Right to be informedYou have the right to be informed about the collection and use of your personal data. All information is available in this Privacy Notice, the Cookie Policy, and other legal documents at the Website.
Right to accessYou can request an explanation of the processing of your personal data.
Right to rectificationYou can change the data if it is inaccurate or incomplete.
Right to erasureYou can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law.
Right to restriction the processingYou may partially or completely prohibit us from processing your personal data.
Right to data portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.
Right to objectYou may object to the processing of your personal data.
Right not to be subject to a decision based solely on automated processingYou have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way.
Right to withdraw consentYou can withdraw your consent at any time.
Right to file a complaintIf your request is not satisfied, you can file a complaint with the regulatory body.
For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here.

For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at www.ico.org.uk/concerns.

United States Residents

You, as data subjects, have some special privacy rights. To exercise the following rights by submitting your request, please contact us.

Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more.

If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.

Your rights vary depending on the laws that apply to you, but may include:

RightDescriptionArea
Right to accessYou can request an explanation of the processing of your personal data.California
Virginia 
Ohio
Colorado
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Utah
Right to rectificationYou can change the information if it is inaccurate or incomplete.California
Virginia
Colorado
Nevada
Delaware
Massachusetts
Minnesota
New York
North Carolina
Right to deletionYou can send us a request to delete your personal data from our systems.California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Utah
Right to restrictionYou may partially or completely prohibit us from processing your personal data.California
Massachusetts
New York
Right to portabilityYou can request all the data that you provided to us, as well as request to transfer data to another controller.California
Virginia
Ohio
Colorado
Massachusetts
Minnesota
New York
North Carolina
Utah
Right to Opt-OutThe right to prohibit the sharing or selling of your data.California
Virginia
Ohio
Nevada
Massachusetts
Minnesota
New York
North Carolina
Pennsylvania
Delaware
Colorado
Utah
Right Against Automated Decision MakingYou have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way.California
Virginia
Colorado
Massachusetts
Minnesota
North Carolina
New York
Right to lodge a complaintIf your request is not satisfied, you can file a complaint to the regulatory body.by default
Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us.

Canada Residents

RightDescription
Right to accessYou can request an explanation of the processing of your personal data.
Right to rectificationYou can change the information if it is inaccurate or incomplete.
Right to deletionYou can send us a request to delete your personal data from our systems. We will remove all data except of what we are obliged to store in compliance with the law requirements.
Right to data portabilityYou can request all the data you provided to us and request to transfer data to another controller.
Right to object opt-outYou may object to the processing of your personal data.
Right to withdraw consentYou can withdraw your consent at any time.
Right not to be subject to automated decision-makingYou can object to being subject to automated-based processing to know if there are consequences concerning them due to such processing.
Right to lodge a complaintIf your request is not satisfied, you could file a complaint to the regulatory body.
To exercise your rights, contact us.
We will answer your request within 30 days. If your complaint is not satisfied, you can submit a complaint to the Office of the Privacy Commissioner of Canada.

Do Not Sell My Personal Information

California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by the CCPA.

Fluix does not sell your personal information to anyone, nor use your data as a business model. Additionally, we do not provide any financial incentives associated with our collection, sharing, or retention of your personal information.

Nevertheless, we comply with the CCPA by allowing California residents to opt out of any future sale of their personal information. If you wish to indicate your preference that we refrain from selling your data in the future, please contact us at dpo-fluix@fluix.io.

Do-Not-Track Requests

California residents visiting our Website may request that we refrain from automatically gathering and tracking information pertaining to their online browsing activities across the Internet.

Such requests are typically made through web browser settings that control signals or other mechanisms enabling consumers to control the collection of personal data regarding an individual consumer’s online activities across third-party websites or online services over time.

Currently, we do not possess the capability to fulfil these requests. We reserve the right to update this Privacy Notice as our capabilities evolve.

Privacy Notice Updates

The Privacy Notice and the relationships falling under its effect are regulated by the GDPR, CCPA, and other applicable privacy laws. Existing laws and requirements for processing personal data are subject to change. At the same time, we also continuously improve our privacy practices, and our business evolves. In the event of such changes, we will publish a new version of the Privacy Notice on our Website to address them.

If substantial changes to the Privacy Notice or the Website that affect your data privacy rights are made, we will notify you via email or display information on the Website, requesting you to review it. We will provide the notice, and if you continue using the Website after the changes take effect, it will be considered that you have accepted the updated Privacy Notice.