Privacy Notice for Fluix Service
Effective date: 22 September 2023 (view archived versions).
Intro
Fluix Limited (“Fluix” or “we”) welcomes you. We provide you with our iOS, Android, and Web application “Fluix” (“Service”) under the Terms of Service.
This Privacy Notice describes which of your personal data the Service collects, how stores, processes, and uses it, and what happens when you use the Service.
We collect your personal data according to this Privacy Notice when you use the Service. When you use our website, available following the link fluix.io (“Website”), your personal data is processed in accordance with the Privacy Notice for Fluix Website.
We understand you care about your privacy, and we appreciate the trust you place in us. To justify that trust, we embed the latest data security standards by certifying our product with ISO 27001, improve our awareness of privacy matters, and comply with the General Data Protection Regulation and other privacy laws.
Please note that we do not collect, track, or store any personal data over what we need to provide and improve our product and services, perform our marketing campaigns as described in this Privacy Notice, and comply with our legal obligations.
Table of Contents
About Us
| Name | Fluix Limited |
| Registration number | 630284 |
| Address | Glandore Business Centre, Grand Canal House, 1 Grand Canal Street Upper, Dublin 4, D04 Y7R5, Ireland |
| support@fluix.io – for general inquiries dpo-fluix@fluix.io – for privacy inquiries |
|
| Phone numbers | +1 650 433 9008 +44 2392 16 2010 |
| Data Protection Officer (DPO) | External Data Protection Officer: Legal IT Group LLC Address: Office 1, 38 Volodymyrska Str., 01050 Kyiv, Ukraine Email: dpo-fluix@fluix.io |
About You
When you register in our Service, or your teammate registers you, you become our user. Our users can have different accesses and rights in the company’s account.
| User | any user who registers in the Service. |
| Please note! We do not knowingly process the personal data of Users under the age of 18. If you are such a User or you are a legal representative of such a User, please, contact us. | |
Personal Data
Sources of Data
We receive data about you and your team when you register in our Service (via the Service or with our help) and interact with it, depending on your actions in the Service.
We may also, although we do not necessarily do so, receive data from third parties. It depends on your settings and the features you use.
Legal Basis for Processing
To process your personal data, we rely on the following legal bases:
Technical Data
When you use our Service, we may collect some data in logs.
| Type of data | Reasons for processing | Legal basis |
| Device info (device type, local time, other characteristics). | Improvement of our Service. | Legitimate interest. |
| Data that a certain User enters into a document. | Improvement of our Service. | Legitimate interest. |
| Data storage | |
| Device info. | Stored for 30 days after the deletion of the account. |
| Data that a certain User enters into a document. | Stored for 30 days after the deletion of the account. |
Registration Data
When you register in the Service, you leave certain data about you, your teammates, and your company. We may also use the data you leave in the “Book a demo” form to register you as a User of the Service.
We also create a company ID once a new company is registered in Service and assign new Users to these IDs.
| Type of data | Reasons for processing | Legal basis |
| First and last name. | To identify Users. | Performance of the contract. |
| Company name. | To identify the registered companies and connect Users in teams. | Performance of the contract. |
| Company ID. | To identify the registered companies and connect Users in teams. | Performance of the contract. |
| To create more relevant messaging and improve the Service. | Legitimate interest. | |
| Email. | To identify Users and contact concerning the use of the Service. | Performance of the contract. |
| Phone number. | To identify Users and contact concerning the use of the Service. | Performance of the contract. |
| Country. | Type of payment process. | Performance of the contract. |
| Time and date for the activation call. | To help you to set up the Service. | Performance of the contract. |
| Password. | To protect your account. | Performance of the contract. |
| Data storage | |
| First and last name, company name, email, phone number, and country. | Stored for 30 days after the deletion of the account. |
| Password. | Stored until the deletion of the account. |
| Time and date for the activation call. | Stored for 30 days after the deletion of the account. |
Email Interaction Data
When, after filling out the registration form, you receive a registration email from us, we may collect the data about you and your interaction with the email.
To obtain that data, we use a third-party service provider.
| Type of data | Reasons for processing | Legal basis |
| When you open a registration email. | ||
| Region of the User. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Operating system information. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Browser information. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Device and platform used to read the email. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| When you click on the link in the registration email. | ||
| IP. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| User-Agent. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Link ID. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Timestamp. | To track the possible problems of the User and improve the Service. | Legitimate interest. |
| Data storage | ||
| Email interaction data. | Stored for 45 days after the collection. | |
Settings Data
Admin of the account can adjust the settings of the account, which are connected to each of the Users of that account.
| Type of data | Reasons for processing | Legal basis |
| Company email domain. | To let you log in using Single Sign-On (“SSO”). | Performance of the contract. |
| SSO URL. | To redirect the User to the SSO flow. | Performance of the contract. |
| USER ID ATTRIBUTE. | To verify the email of the User logging in with SSO. | Performance of the contract. |
| Data storage | ||
| Settings data. | Stored for 30 days after the deletion of the account. | |
Functionality Data
When you use our Service, you can provide us with data about you or other Users, which we use to provide you with the functions of and improve the Service.
| Type of data | Reasons for processing | Legal basis |
| Time of the last login in the Service. | To show the other Users the periods of your last activity. | Performance of the contract. |
| Group membership. | To let you manage permission and access. | Performance of the contract. |
| Role in the account. | To let you manage permission and access. | Performance of the contract. |
| To create more relevant messaging and improve the Service. | Legitimate interest. | |
| Information on the processes and tasks assigned. | To provide you with the Service functionality. | Performance of the contract. |
| To create more relevant messaging and improve the Service. | Legitimate interest. | |
| Files downloaded. | To provide you with the Service functionality. | Performance of the contract. |
| Device info. | To let your admins see your device info for security reasons. | Performance of the contract. |
| Data storage | ||
| Functionality data. | Stored for 30 days after the deletion of the account. | |
Billing Info
We obtain this information when you pay for the use of the Service or when we invoice you.
| Type of data | Reasons for processing | Legal basis |
| Payment method. | To process the payment. | Performance of the contract. |
| Payment term. | To process the payment. | Performance of the contract. |
| Choice of the plan. | To provide you with the requested functionality. | Performance of the contract. |
| Company name. | To identify the company you pay for. | Performance of the contract. |
| First and last name of the paying User. | To identify the payer. | Performance of the contract. |
| Email of the paying User. | To process the payment. | Performance of the contract. |
| Phone of the paying User. | To contact in case of any questions about the payment. | Performance of the contract. |
| Country of the company. | To comply with applicable legislation. | Legal obligation. |
| Postal code of the company. | To comply with applicable legislation. | Legal obligation. |
| City of the company. | To comply with applicable legislation. | Legal obligation. |
| Address of the company. | To comply with applicable legislation. | Legal obligation. |
| VAT number. | To comply with applicable legislation. | Legal obligation. |
| Name on the card. | To process the payment. | Performance of the contract. |
| Card number. | To process the payment. | Performance of the contract. |
| Expiry date. | To process the payment. | Performance of the contract. |
| Secure code. | To process the payment. | Performance of the contract. |
| Invoices. | To provide you with the info about the payment to make. | Legal obligation. |
| Invoices. | To store the invoices in the Service. | Legal obligation. |
| Data storage | |
| Data that is processed based on the performance of the contract. | Stored for 30 days after the deletion of the account. |
| Data that is processed based on the legal obligation. | Stored for 6 years after the deletion of the account. |
Support Request Data
When you address your request to support in the Service, we collect some information to help you.
| Email. | To respond to your request. | Performance of a contract. |
| Phone. | To respond to your request. | Performance of a contract. |
| Text of the request. | To fulfill your support request. | Performance of a contract. |
| Attached files. | To fulfill your support request. | Performance of a contract. |
| Logs. | To fulfill your support request. | Performance of a contract. |
| Data storage | |
| Support request data. | Stored for 3 years after the end of the communication on the issue. |
Data Received from Third Parties
We may receive some personal data from third parties. Mainly, the received data is the same as indicated in this Privacy Notice, provided not by the User, but by the representative of the purchaser of the Service.
The amount of data collected, the purposes, and the legal basis for processing is determined by the respective privacy documents of these parties.
| Third parties | Description |
| Analytics tools | We use various analytics tools to understand and promote our business. To get a detailed list of analytics tools, contact us. |
| Social networks | We use various social networks to spread information about our activities. To get a detailed list of social networks, contact us. |
| Messengers | We use different messengers to communicate with you in ways that are convenient for you. To get a detailed list of messengers, contact us. |
| CRM systems | We use various CRM systems to develop our public organization. To get a detailed list of CRM systems, contact us. |
Data Sharing with Third Parties
We use your personal data on the basis of the performance of the contract to provide services and communicate with the Users.
We share your data with the service providers (please, request Annex A. List of the processors to look through the list of service providers) and contractors to the extent necessary to provide services, technical and customer support, who, for example, help us:
In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third-party.
We can share your data on the following grounds: consent, compliance with the law, and legitimate interest.
Details
Performance of a contract. We may transfer your data to our contractors and partners for contractual purposes.
Consent. We may transfer your personal data based on your explicit consent.
Compliance with the law. We may disclose your personal data to third parties to the extent that it is necessary:
Transfer of personal data to third parties. We may transfer your personal data to third parties based on a data processing agreement, subject to the application of technical and organizational measures to protect your personal data. We may share data with certain companies, consultants and contractors hired to provide certain services to us or on our behalf.
Please note! We will ask for your consent if the transfer of data is not part of the contract.
Data Transfer Outside the European Economic Area
The personal data we collect is stored on servers in the USA. The data is stored in the USA by default, but we may need to process your personal data in another country. We also share some data with our service providers in Ukraine.
There is no adequate decision by the European Commission regarding either the US or Ukraine. This means that the USA and Ukraine are not deemed to provide an adequate level of protection for your personal data. We use adopted Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here and in our Data Processing Agreement for the European Economic Area residents and Data Processing Agreement for the United States residents.
However, if a data transfer is required to perform a contract or provide you services, we have the right to do so without your consent.
Security Measures
We are regularly certified by ISO 27001 Standard.
We systematically perform Data Protection Impact Assessments to ensure that we use an appropriate level of technical and organizational measures to prevent accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of or access to personal data transmitted, stored, or otherwise processed.
To be more specific, to protect your personal data, we use HTTPS and encryption, divided group and individual access (where appropriate), an alarm system, corporate VPN, and written approved internal policies (like password policy and physical access policy).
Moreover, we systematically monitor our technologies’ state of the art and never forget about the backups. All our contractors are under contractual obligations compliant with the GDPR requirements. You can contact customer support in case of any questions regarding the security issues.
Here you can find information about the steps we mentioned above:
| Physical measures |
|
Limited access to premises We use logically separate databases to prevent unauthorized persons from accidentally reading data to separate data. Access to the data is also restricted because employees use services (applications) that control access. |
| Policies and instructions | Transfer protection |
| Agreements | |
| Contractor and staff training | Privacy protection: |
|
Regular access and policy review Code review |
| Technical measures | |
|
Encryption technologies: encryption in transit, backup encryption, state-of-the-art methods of cryptographic keys |
Backup
We ensure the availability of data in several ways. For example, there is a regular backup of the entire system. This can be used if the other availability measures fail. Critical services are operated redundantly in multiple data centers and controlled by a high-availability system. |
| Two-factor authentication | |
| Static Analysis | Quality Assurance |
| Regular Patch Management | Dependency and Supply Chain Vulnerability Check |
| Stress-tests | Internal pan-testing |
Data Subjects Rights
European Economic Area Residents
You, as a data subject, have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them:
| Right | Description |
| Right to access | You can request an explanation of the processing of your personal data. |
| Right to rectification | You can change the data if it is inaccurate or incomplete. |
| Right to erasure | You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. |
| Right to restriction the processing | You may partially or completely prohibit us from processing your personal data. |
| Right to data portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. |
| Right to object | You may object to the processing of your personal data. |
| Right to withdraw consent | You can withdraw your consent at any time. |
| Right to file a complaint | If your request was not satisfied, you can file a complaint to the regulatory body. |
| To exercise your rights, contact us. If your request was not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it here. | |
United States Residents
You, as data subjects, have some special privacy rights. To use them, please contact us.
| Note: Depending on the state and legislative requirements, we have from 30 to 60 days to exercise your request with the right to postpone it for 30 days more. |
If your complaint is not satisfied, you can file a complaint with the Federal Trade Commission.
Your rights vary depending on the laws that apply to you, but may include:
| Right | Description | Area | |
| Right to access | You can request an explanation of the processing of your personal data. | California Virginia Ohio Colorado Nevada Massachusetts |
Minnesota New York North Carolina Pennsylvania Delaware Utah |
| Right to rectification | You can change the information if it is inaccurate or incomplete. | California Virginia Colorado Nevada Delaware |
Massachusetts Minnesota New York North Carolina |
| Right to deletion | You can send us a request to delete your personal data from our systems. | California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Pennsylvania Utah |
| Right to restriction | You may partially or completely prohibit us from processing your personal data. | California Massachusetts |
New York |
| Right to portability | You can request all the data that you provided to us, as well as request to transfer data to another controller. | California Virginia Ohio Colorado Massachusetts |
Minnesota New York North Carolina Utah |
| Right to Opt-Out | The right to prohibit the sharing or selling of your data. | California Virginia Ohio Nevada Massachusetts Minnesota |
New York North Carolina Pennsylvania Delaware Colorado Utah |
| Right Against Automated Decision Making | You have the right not to be subject to a decision based solely on automated means if the decision produces legal effects concerning you or significantly affects you in a similar way. | California Virginia Colorado Massachusetts |
Minnesota North Carolina New York |
| Right to lodge a complaint | If your request is not satisfied, you can file a complaint to the regulatory body. | by default | |
| Note: Some states do not have their own privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please contact us. | |||
Do Not Sell My Personal Information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
Fluix does not sell your personal information to anyone nor use your data as a business model.
However, we support the CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-Not-Track Requests
California residents visiting our Service may request that we do not automatically gather and track information pertaining to their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently do not have the ability to honor these requests. We may modify this Privacy Notice as our abilities change.
Privacy Notice Updates
The Privacy Notice and the relationships falling under its effect are regulated by the General Data Protection Regulation. Existing laws and requirements for processing personal data are subject to change. Should this be the case, we will publish a new version of the Privacy Notice addressing such changes in our Service.
If we make substantial changes to the Privacy Notice or the Service that affect your data privacy rights, we will notify you by email or display information in the Service and ask you to read it. We will notify you in advance, and, if you continue using the Service after the changes come into effect, it shall be deemed that you have agreed to and accepted the updated Privacy Notice.
