The purpose of this notice
In this privacy notice we explain how we will process your personal information obtained through your use of our website www.flow.co.uk and through other interactions with you, for example, when you visit our social media pages, buy our services, or when you interact with us professionally.
It is important that you read this privacy notice, together with any other privacy notice we may provide on specific occasions, so that you are fully aware of how and why we are using your data, and what data protection rights you have.
About Flow
Flow is an online business-to-business marketplace connecting businesses that are seeking e-commerce services with providers of such services.
Flow matches buyers of e-commerce services with service providers, allows the buyers and providers to communicate directly to enter into service contracts and to carry out the projects. It also facilitates payments from the buyer to the provider using a third party payment provider.
What does this notice cover:
- Who we are and how to contact us
- Data Protection Legislation
- Personal data we collect
- How we collect personal data
- How and why we use personal data
- Marketing
- Who we share personal data with
- International data transfers
- How long we keep personal data
- Your rights
- Information security
- Complaints
- Changes to this privacy notice
Who we are and how to contact us
When we say we, us or our in this privacy notice, we mean Flow Digital Ltd, a company incorporated and registered in England and Wales with company number 08738226 and whose registered office is at Adamson House 4th Floor, 65 Westgate Road, Newcastle Upon Tyne, England, NE1 1SG.
For the purposes of the Data Protection Legislation, we are the controller of your personal data. This means that we are responsible for deciding how we hold and use personal information about you.
If you have any questions in regard to any part of this notice or our use of your personal data, please contact us by email at hello@flow.co.uk, by post to the address above, or by phone on 0191 640 2700.
Data Protection Legislation
We are committed to protecting your privacy and safeguarding your personal data. Our use of your personal data is subject to the UK General Data Protection Regulation, the UK Data Protection Act 2018 and other UK privacy laws (together Data Protection Legislation).
Personal data we collect
Personal data means information which relates to an identified or an identifiable individual.
Types of personal data we may collectExamples
Identity data | name; title; user name | |
Contact data | address; email; telephone number; | |
Contract data | details of your contracts with us | |
Usage data | how you use and navigate our website our social media pages; services you signed up to; events you attended or expressed interest in; | |
Profile data | information about you that you provide in your profile in your account in Basecamp projects initiated by us; your interests and preferences; posts and materials you upload onto our website; | |
Advertising profile data | interests; preferences; feedback and survey responses; assumptions about your predicted buying behaviour and interests based on the usage data collected by us from you and held about you by our advertisers such as Facebook, Twitter, Google, LinkedIn, Instagram; | |
Professional data | job title; name of business or organisation; professional credentials; professional contact details; | |
Communication data | details of enquiries submitted by you through our website or emailed to us; information obtained through networking; | |
IT data | logins and usernames to our website; encrypted passwords; | |
Technical data | your IP address; your general geographic location based on your IP address; your time zone setting; the type of device you use and its operating system and version; your browser type; the platform you use and other technology on the devices you use to access our website; the pages you view on our website and how you interact with that content; advertising identifiers (such as those on mobile devices, tablets and streaming media devices that include such identifiers). |
Anonymised data
We may also collect, use and share anonymised, aggregated data such as statistical or demographic data for any purpose. Anonymised data may be derived from your personal data but is not considered personal information in law as this information does not directly or indirectly reveal your identity. For example, we may aggregate information on how you use our website to calculate the percentage of users accessing a specific website feature.
How we collect personal data
We collect most of this information from you direct. However, we may also collect information from other sources.
Type of source | Examples |
Your use of our website and services | when you register our website; when you use our website services; when you buy our services; when you submit an enquiry or feedback to us or complete our survey; when you sign up to our mailing list; when you post any information or materials on our website. |
Your use of our social media pages | when you follow, post on, or interact with our post on our Facebook page. |
Direct interactions with you | when you contact us (e.g. by phone or email); when you participate in our user research activities (e.g. provide us with feedback or respond to our questionnaires); when you network with us (e.g. provide us with your business card or contact us via our social media); when you register interest in our services. |
From publicly accessible sources | your website; your profiles on social media platforms (e.g. LinkedIn, Facebook, Twitter); professional networking groups and databases. |
Third parties | from another organisation or professional who told us that you would like to hear from us; or if you visit our website by clicking on our advertisement on social media or another website or app. |
Automated technologies or interactions | as you interact with our website and advertisements, we may automatically collect technical data (as described in section The personal data we collect above). We collect this personal data by using cookies, server logs and other similar technologies. |
How and why we use personal data
Under the Data Protection Legislation, we can only use your personal data if we have a proper reason for doing so, for example: consent, contact, legitimate interests, or legal obligation.
1. Consent. Generally, we do not rely on consent as a legal basis for processing your personal data other than to:
- to place cookies and similar tracking technologies on your device including third-party cookies; and
- when using your data for certain marketing purposes (see the Marketing section of this notice for further details).
Where your permission is required, we will ask you for such consent clearly and separately from the body of this Privacy Notice or our Terms and Conditions. You have the right to withdraw consent to marketing at any time. For further information, please see the Marketing section of this Privacy Notice.
2. Contract. We will use your personal data if we need to do it to perform our obligations under a contract with you, or if it is necessary for a contract which we are about to enter with you. For example, if we need to:
- register you as a new customer and administer your account (e.g. set up your payment profile);
- provide our services to you (e.g. facilitate payments between buyers and service providers); or
- manage our relationship with you (e.g. to respond to your enquiries or to notify you about changes to our services).
3. Legitimate interests. We may process your personal data when we (or a third party) have a legitimate reason to use it, so long as this is not overridden by your own rights and interests. For example:
- to administer and protect our business and our website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);
- to manage your account and our relationship with you;
- to manage payments, fees, charges, and to collect debts which you may owe to us;
- to interact with you professionally (e.g. if you represent our current or prospective customer, supplier or business partner) to manage our relationship with the organisation you represent;
- to provide you with a free service (e.g. a free trial or the use of the functionalities of our website);
- to ask you to leave a review or complete a survey;
- for marketing purposes (see the Marketing section of this notice for further details);
- to increase our business or promote our brand through delivering relevant website content, advertisements, and marketing communications to you;
- to measure or understand the effectiveness of the advertising we provide to you;
- to improve our website, products, services, marketing, and customer relationships; for the prevention and detection of fraud and spam; and for the establishment, exercise or defence of our rights under our contract with you and/or legal claims
3. Legal obligation. We may process your personal data to comply with our legal obligation. For example, to:
- notify you about changes to our terms or privacy notice;
- address your complaint;
- and comply with a request from a competent authority.
Marketing
Our marketing communication
We may contact you about our services by email, in-platform messages, phone or post. We rely on our legitimate interests to use your personal data in this way, except when your express consent is required by law. If you are not representing a business and are not our existing customer, we will only send marketing emails to you when you expressly agree to that.
Profiling
If you are our existing customer, we may use the information we have about you (such as what product you previously bought from us, where you are based, how you use our website) to make predictions on what other products may be of interest to you. We will use that information to make our marketing emails and offers relevant to you. This type of personal data use is called ‘profiling’. We will do that on the basis of our legitimate interests.
Cookies and similar technologies
We may also use cookies and similar tracking technologies (for example tracking pixels in our marketing emails and website/app advertisements) and analytics services (such as Google Analytics) to collect information about your use of our website, app, services and your interactions with our marketing emails and advertisements.
In addition, third party advertising platforms (for example, Facebook, Google and LinkedIn) may also use their advertising pixels and other cookies on our website and in our emails with our permission. Their cookies are used to track visitors across websites in order to deliver adverts more relevant to them and their interests. The advertisers may use information about your visit to our website to target advertising to you on other websites.
We will ask for your consent to the use of non-essential cookies, including third party cookies. You can find further information, and manage your consent, on our Cookie Policy page.
Data from other providers
We use Lusha and Apollo to obtain additional contact details for our prospective customers (or individuals representing our existing customers) from other sources, such as their social media profiles. This type of personal data use is also called ‘profiling’. We will use your personal data in this way on the basis of our legitimate interests.
If you click on our advertisement on social media (for example, Facebook or Google) or a website or app or another provider (for example, LinkedIn), that provider will share with us information about you (the fact that you came to our website/app from their service.
Third party advertising
We may share your name, email address, telephone number, and other information, such as whether you made any purchases with us and how much you spent, for our advertising purposes with social media platforms and other third party advertising providers (for example, Facebook, Google or LinkedIn). The third-party advertising provider will use that information to match it against the list of their own users. If the email address or telephone number we give them matches with their list, they will use it to show you our advertisements on their platform.
The third party advertising providers will also use that information to combine it with the information they hold on you (for example, your interests, likes, advertisements you previously clicked on) and match it with other users of their services who share similar characterises. They will then show our advertisements to those other people. The third-party advertising providers will use your data and the other ‘look like’ users’ data in this way as data controllers on the basis of their terms and policies that govern their users’ use of their services. They will not share any of that information with us. However, if you are one of such ‘look like’ users of the third party advertising provider, and come to our website/app by clicking on our advertisement on that provider’s platform, we will know that you came to us that way. The third-party advertiser may also shared certain statistical information with us (for example, the demographic composition of persons that interacted with our advertisement).
We will share information with third party advertising providers for the above purposes only if you consent to our sharing of your personal data with third parties for advertising purposes on third party platforms.
Right to withdraw consent or to object to processing
You can always ask us to stop using your personal information for marketing purposes by:
- emailing us at hello@flow.co.uk;
- changing your marketing preferences within your account on our website or app;
- in case of marketing emails, by using the ‘unsubscribe’ link in our marketing emails; or
- in case of cookies, by using the cookie preferences settings on our website.
From time to time, we may ask you to confirm or update your marketing preferences.
Who we share personal data with
We may share your information with third parties for the purposes set out in this notice.
Service provision
If you are our registered user of our services, we will share your personal data with other users. For example, if you are a buyer of e-commerce services, we will share your information with service providers and vice versa. Service buyers and service providers will also be required to use a project management tool, Basecamp to work on projects. For information on how Basecamp uses personal data, please see their privacy policy.
We may also use Stripe, a payment gateway, to process payments in connection with our services. If you pay us using Stipe or if you receive payments from us through Stripe, you will be providing your personal data (for example, details of your payment card and billing address) to Stripe. Please see their privacy policy.
Social media
We may share your information with Facebook, Google and LinkedIn when you use the social media buttons embedded in our website or emails. Please also see the Marketing section of this notice for further details of sharing information with social media platforms.
IT and technology
We also share data with providers of other IT, digital, and technology products and services, which we use to operate our business. For example, providers of website hosting services, website and app analytics services, customer email services, digital marketing services, and social media advertising services. We impose contractual obligations on the above providers to ensure that your personal data is protected.
Other sharing
We may also:
- share your personal data with members of our staff;
- our parent company, Venture Stream Ltd;
- disclose your personal data to professional advisers (e.g. lawyers, accountants, auditors or insurers) who provide professional services to us;
- disclose your personal data to certain third parties if specifically requested or agreed with you (e.g. if you ask us to introduce you to a third party);
- disclose and exchange certain information with law enforcement agencies and regulatory bodies to comply with our legal obligations; and
- share some personal data with other parties, such as potential buyers of some or all of our business, potential investors, or group companies if our business undergoes a corporate re-structure.
Such data recipients will be bound by confidentiality obligations.
International data transfers
Transfers of personal data outside the United Kingdom are subject to special rules under the Data Protection Legislation.
If you are based outside the United Kingdom, we may receive and transfer your personal data directly to you to the country where you are based.
We may also transfer your personal data to providers based in the European Economic Area (EEA). The UK Government has recognised the EEA as providing an appropriate level of protection to the data protection rights of individuals.
We may also transfer your personal data to technology providers based in the USA. To protect your information, we have entered into the standard contractual data protection provisions (Standard Contractual Clauses) with the third parties in those territories with whom we share your data. The Standard Contractual Clauses are one of the appropriate data transfer safeguards specified in the UK Data Protection Legislation.
How long we keep personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
We may also anonymise your personal data (so that it can no longer be associated with you) for analytics, research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your rights
You have a number of rights in relation to your personal data, which allow you to access and control your information in certain circumstances. You can exercise these rights free of charge, unless your request is manifestly unfounded or excessive (in which case we may charge a reasonable administrative fee or refuse to respond to such request).
Your right | Explanation |
Access | This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. |
Rectification | The right to require us to correct any inaccuracies in your personal data. |
Erasure (to be forgotten) | The right to require us to delete your personal data in certain situations. |
Restriction of processing | The right to require us to restrict processing of your personal data in certain circumstances (e.g. if you contest the accuracy of the data we hold). |
Data portability | The right to receive, in certain situations, the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party. |
To withdraw consent | The right to withdraw your consent, if we rely on your consent to use your information. |
To object | The right to object at any time to your personal data being processed for direct marketing (including profiling) or, in certain other situations, to our continued processing of your personal data (e.g. processing carried out for the purpose of our legitimate interests). |
Not to be subject to automated individual decision-making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you, or similarly significantly affects you. |
If you would like to exercise any of those rights, please contact us at hello@flow.co.uk. Please let us know what right you want to exercise and the information to which your request relates.
Information security
We have appropriate security measures to prevent personal data from being accidentally lost or used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Complaints
We hope that we can resolve any query or concern you may raise about our use of your information. You may contact us by using the contact methods set out in the How to contact us section of this privacy notice.
The Data Protection Legislation also gives you a right to lodge a complaint with a supervisory authority, in the country where you work, normally live or where any alleged infringement of data protection laws has occurred. The supervisory authority in the United Kingdom is the Information Commissioner, who may be contacted at https://ico.org.uk/make-a-complaint/, telephone on 0303 123 1113, or by post to: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.
We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.
Changes to this privacy notice
This privacy notice was last updated on May 24, 2021.
We may change this privacy notice from time to time; when we do, we will publish the new version of the privacy notice on our website. If you are our customer, we may also inform you via email or post.