LAST UPDATED May, 2024

Introduction

This page (“Privacy Policy” or “Policy”) provides our policies and procedures for collecting, using and disclosing your information and outlines the security measures we’ve put in place to protect the information that you store using Flow Local, ("Flow Local") services, including the services made available through this web site, and any other software or services offered by Flow Local in connection with such services (the “Services”). By using these Services, you consent to the collection, transfer, processing, storage, disclosure and other uses of your information described in this Privacy Policy.

What information does Flow Local collect and store?

Personal Information

When expressing an interest in obtaining additional information about the Services or registering to use the Services, Flow Local requires you to provide your personal contact information, such as your name, company name, address, phone number, and email address (these are referred to below as your “Personal Contact Information”). When purchasing the Services, Flow Local also requires you to provide financial and billing information, such as billing name and address, credit card number, and the number of employees within the organization that will be using the Services (“Billing Information”).

Data, Diagnostic & Login Information

Using Flow Local’s Services, you will be able to create, upload, store and share information such as company description, email ID, logo, photos, custom emails, user email IDs, etc. (this is collectively referred to below as “Data”). This information will be stored and maintained on Flow Local’s web site. If you run into technical errors in the course of using the Services, Flow Local may request your permission to obtain a crash report along with certain logging information from your system documenting the error (“Diagnostic Information”). Such information may contain information regarding your Operating System version, hardware, browser version (and .NET version information in case of Windows systems), and your email address, if provided. Additionally, certain login information is maintained in a cookie stored locally on your computer (i.e. not on a server) in order to streamline the login process (“Login Information”).

Analytics Information

As you navigate Flow Locals website and use our Services, Flow Local may also collect information through the use of frequently used information-gathering tools, such as cookies and Web beacons (“Website Navigational Information”). Website Navigational Information includes standard information from your web browser (such as browser type and browser language), your Internet Protocol (“IP”) address, and the actions you take on Flow Local’s website (such as web pages viewed and links clicked). Collectively, this information is referred to as “Analytics Information.”

Third party vendors, including Google, use cookies to serve ads based on a user's prior visits to your website or other websites.

Google's use of advertising cookies enables it and its partners to serve ads to your users based on their visit to your sites and/or other sites on the Internet.

Users may opt out of personalized advertising by visiting Ads Settings or by visiting www.aboutads.info.

Geo-Location Information

Flow Local does not collect any information regarding your real-time geo-location while using the Services; however, it may do so at some point in the future. We will request your permission before collecting such information.

What does Flow Local do with the information it collects?

Flow Local uses the information it collects in the following ways:

Personal Contact Information – We use this information primarily to administer our Services to you and provide you with updates and product announcements. Per the Privacy and Conditions, we may use some of your information for marketing purposes, as explained below.

Billing Information – Flow Local does not store any Billing Information on its servers. Instead, we use a payment provider, Stripe (www.stripe.com), to store and process all payment related transactions. Find information regarding

Stripe’s privacy policy here

.

Data, Diagnostic Information and Login Information – We use this information solely for the purpose of administering and improving our Services to you.

Analytics Information – Flow Local may use your Analytics Information in conjunction with an analytics service such as Google Analytics to monitor and analyze use of the Services, for the Services’ technical administration, to increase the Services’ functionality and user-friendliness, and to verify users have the authorization required for the Services to process their requests.

Sharing & Disclosure of Private Information

Third Party Applications and Your Use

Flow Local provides users with the ability to link to their Data on third party sites such as Facebook, Twitter and LinkedIn. Such linking is at the complete discretion of users. Because of this, Flow Local cannot be held responsible or liable for the linking of user’s Data to such third party sites, nor for how these third party sites use such links.

Marketing and Publicity

Per our Privacy and Conditions, you agree to permit Flow Local to identify you as a customer and to use your name and/or logo in Flow Local’s website and marketing materials.

Sale of Personal Information

Flow Local does not sell, rent, or trade your private information to any third parties in any way.

Service Providers and Business Partners

Flow Local may use certain trusted third party companies and individuals to help us provide, analyze, and improve the Services (including, but not limited to, data storage, maintenance services, database management, web analytics, payment processing, and improvement of the Services’ features). These third parties may have access to your information strictly for the purposes of performing these tasks on our behalf and under obligations similar to those in this Privacy Policy.

Non-Private or Non-Personal Information

We may disclose your non-private, aggregated, or otherwise non-personal information, such as usage statistics of our Services, in our discretion.

Our Use And Disclosure of Information

Flow Local will not disclose any personally identifiable information about any individual except as set forth in this Privacy Policy. This applies to information about our customers and information our customers provide to us about their customers. We are not limited in any way in our use of non-personal information that does not permit direct association with any specific individual or non-identifiable aggregate information about our users (such as the number of customers who use our services, the geographic distribution of our users, the amount of information located and/or removed, etc.).

Internal Uses of Your Personally Identifiable Information

We collect, store and process your personally identifiable information on servers located in the United States. Due to the unpredictable nature of Internet routing, your information may pass through other countries while in transit to our servers. We use the information we collect about you in order to:

Develop and deliver our services; Process your transactions; Provide customer service and manage your account; Improve our products, services and marketing.

We provide access to personally identifiable information about our users only to those who require it for the above purposes.

Flow Local will not sell or rent any of your personally identifiable information to third parties. Flow Local will not share any of your personally identifiable information with third parties except in the limited circumstances described below.

We share information with service providers under contract who help with our business operations such as payment and order processing, fraud investigation, bill collection, and information management and analytics. If content generation is included in your services, we may share information with service providers under contract to create, edit and/or publish such content. These third parties are obligated to protect your information and are contractually prohibited from using your personally identifiable information for any other purpose. They are never permitted to share your information with any third parties. They are authorized to use your personal information only as necessary to provide these services to Flow Local.

We disclose information that we, in good faith, believe is appropriate to cooperate in investigations of fraud or other illegal activity, to conduct investigations of violations of our Privacy of Use and/or to protect our right, protect your safety and the safety of others. For example, this means that if we conduct a fraud investigation and conclude that one side has engaged in deceptive practices, we reserve the right to provide that person or entity’s contact information (but not bank account or credit card information) to victims who request it.

We disclose information in response to a subpoena, warrant, court order, levy, attachment, order of a court-appointed receiver or other comparable legal process, including subpoenas from private parties in a civil action. If the subpoena seeks information about an identified subscriber or limited group of subscribers, we will make reasonable business efforts to contact the subscriber(s) before providing information to the party that requests it. We cannot guarantee that we will be able to do so in all cases, whether due to a time limit, court order, inability to effectively contact a subscriber, or other circumstances.

When a user signs up for a co-branded version of our service through links to Flow Local.com from our co-branded partner’s website, Flow Local will share with the co-branded partner that user’s name, e-mail address and physical address in order to provide enhanced integration between Flow Local’s services and the services of our co-branded partner. If you do not want your information shared with Flow Local’s co-branded partner, sign up for Flow Local directly through Flow Local.com and other sub-domains and not through a link from our partner’s website.

We disclose information to your agent or legal representative (such as the holder of a power of attorney that you grant, or a guardian appointed for you).

We share information with companies that provide public relations and marketing services for us. Such information will only be shared by us to customize, measure and improve our products, services and advertising. It will not be shared with third parties for their marketing purposes. These third parties are contractually obligated to protect your information and are prohibited from using your personally identifiable information for any other purpose.

As with any other business, it is possible that in the future, Flow Local could merge with or be acquired by another company. If such an acquisition occurs, the successor company would have access to the information maintained by Flow Local, including customer account information, but would continue to be bound by this Privacy Policy until it is amended.

We share your information with our parent, subsidiaries and joint ventures to help coordinate the services we provide to you, enforce our terms and conditions, and promote trust and safety.

The implementation of our Services, by its very nature, may require using your personally identifiable information to locate other information about you. Such use may include, but not be limited to, using your information to search the publicly accessible Internet sites as well as searching private information databases and sites.

The implementation of our Services, by its very nature, may require revealing your personally identifiable information in order to effect removal of Internet content about you. For example, we may have to disclose your name to a website in order to notify them to remove Internet content about you. This occurs with your express permission for a specific, given purpose.

Internal Uses of Your Personally Identifiable Information

We will retain your information for as long as your account is active or as needed to provide you the Services. If you wish to cancel your account or request that we no longer use your information to provide you the Services, you may delete your account (this will be done by Flow Local’s customer care team). If you delete your account, your Data will no longer be stored in our servers. While we try to delete your Data from our servers as quickly as possible, please be aware that there may be a delay from the time you delete your account to the time that your Data is removed, and that some of your Data may continue to exist for a period in backup copies.

Changes To Privacy Policy

If we decide to make material changes to our Privacy Policy, we will notify you by e-mail through the primary e-mail address specified in your account and/or post those changes to this Privacy Policy on the Website homepage prior to the changes taking effect. You are responsible for ensuring we have an up-to-date active and deliverable e-mail address for you.

You are also responsible for regularly reviewing the Privacy Policy and related documents. We reserve the right to modify this Privacy Policy at any time. No amendment to or modification of this Policy will be binding unless in writing and signed by a duly authorized representative of Flow Local, or posted to the Site by a duly authorized representative of Flow Local.

In the event that Flow Local goes through a business transition, such as a merger, an acquisition by another company, or a sale of a portion of its assets, users' personally identifiable information will, in most instances, be part of the assets transferred. Users will be notified via prominent notice on the site for 30 days after a change of ownership or control of their personally identifiable information. If, as a result of the business transition, a user’s personally identifiable information will be used in a manner different from that stated at the time of collection, users will be given a choice consistent with our notification of changes section.

Internal Uses of Your Personally Identifiable Information

If you reside in the European Union (“EU”), United Kingdom, Lichtenstein, Norway, Iceland or Switzerland, you may have additional rights with respect to your personally identifiable information (otherwise known as Personal Data). These rights may include rights under the EU’s General Data Protection Regulation (“GDPR”), if you are a resident of the EU, United Kingdom, Lichtenstein, Norway or Iceland. “Personal Data” is any data that relates to an identified or identifiable natural person. Examples of Personal Data include identifiers such as name, location data, and unique online identifiers.

In addition to the principles, practices and policies set forth above in this Privacy Policy, Flow Local has adopted the following principles to govern its collection and processing of Personal Data:

Personal Data shall be processed lawfully, fairly, and in a transparent manner.

The Personal Data collected will only be those specifically required to fulfill Flow Local’s obligations to deliver the Flow Local service.

Personal Data shall only be retained for as long as it is required to fulfill contractual requirements.

Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed. Personal Data shall be accurate and, where necessary, kept up to date.

The data subject has the right to request from Flow Local access to and rectification or erasure of their Personal Data, to object to or request restriction of processing concerning the data, or to the right to data portability. In each case such a request must be put in writing to Flow Local.

Cookies

On 26th May 2011, new laws came into force in the UK that affect most web sites. If cookies are used in a site, the Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011 (UK Regulations) provide that certain information must be given to that site’s visitors and the user must give his or her consent to the placing of the cookies.

The UK Regulations implemented into UK law the provisions of the amended E-Privacy Directive of 2009. The Directive required that the new laws be implemented into the laws of all EU Member States by 25th May 2011The UK is only one of three member states to meet this deadline.

Below you will find details on the UK Regulations and some additional information on the E-Privacy Directive itself. Because each Member State has some discretion in how it implements a Directive, the cookie laws in other European countries may differ from those of the UK.

UK Regulations

The actual wording of the Regulations

The relevant rules are found in amended regulation 6, which reads as follows:

6.

– (1) Subject to paragraph (4), a person shall not store or gain information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment –

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information –

(a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

What does this mean?

The UK Regulations mean that a website operator must not store information or gain access to information stored in the computer (or other web-enabled device) of a user unless the user “is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information” and “has given his or her consent”.

The consent requirement in the UK Regulations replaces the previous position which provided that visitors should be given the option to refuse cookies.

The only cookies that do not need users’ consent are those that are necessary to fulfill the user’s request. That will cover, for example, the use of cookies to remember the contents of a user’s shopping cart as the user moves through several pages on a website. Other cookies, including those used to count visitors to a site and those used to serve advertising, will require consent.

The term “consent” is not defined in the UK Regulations or the Data Protection Act 1998.

It is, however, defined in the Data Protection Directive of 1995, as “any freely given specific and informed indication of his wishes”.

This Directive was implemented in the UK by the Data Protection Act.

The consent requirement has been the subject of much discussion since the publication of the amended E-Privacy Directive.

Various authorities, including the Article 29 Working Party (a coalition of data protection regulators from across the EU), the UK Government and the Information Commissioner’s Office (ICO) have voiced conflicting opinions on how the consent requirement will operate in practice.

The authorities have differing views on whether consent should be obtained prior to the placing of cookies. It is difficult to see how anything other than prior consent will comply with the wording of the UK Regulations.

“Consent must be obtained before the cookie is placed and/or information stored in the user’s terminal equipment is collected, which is usually referred to as prior consent,” said the

Working Party’s Opinion

(24-page / 202KB PDF). “Informed consent can only be obtained if prior information about the sending and purposes of the cookie has been given to the user.”

“Average data subjects are not aware of the tracking of their online behaviour, the purposes of the tracking, etc. They are not always aware of how to use browser settings to reject cookies, even if this is included in privacy policies,” said the Working Party. “It is a fallacy to deem that on a general basis data subject inaction (he/she has not set the browser to refuse cookies) provides a clear and unambiguous indication of his/her wishes.”

The Working Party did not go as far as to say that every website needs to ask every visitor to accept every cookie, though. Many cookies are used by advertising networks across multiple sites. For these cookies, consent can be given once to a network and cover all the sites that network serves, according to the Working Party.

Shortly before the publication of the Regulations the Information Commissioner published guidance that offers advice on when and how the consent may be given.

Although the guidance suggests a number of methods to obtain consent it stops short of providing definitive guidance on how to achieve compliance, leaving it to businesses and organisations to review their use of cookies and consider how they might be able to obtain the necessary consent.

Both the ICO and the UK Government have not ruled out the use of browser settings to achieve compliance in the future.

The Government has set up a working group comprising Mozilla, Apple, Microsoft, Google, Yahoo, the Internet Advertising Bureau and Adobe to work on a technical solution. In the meantime the ICO advises businesses to obtain consent some other way.

The guidance states:

“At present, most browser settings are not sophisticated enough to allow you to assume that the user has given consent to allow your website to set a cookie. Also, not everyone who visits your site will do so using a browser.

They may, for example, have used an application on their mobile device.

So, for now we are advising organisations which use cookies or other means of storing information on a user’s equipment that they have to gain consent some other way”.

The guidance continues:

“You need to provide information about cookies and obtain consent before a cookie is set for the first time.

Provided you get consent at that point you do not need to do so again for the same person each time you use the same cookie (for the same purpose) in future”.

The ICO will consider issuing more detailed advice if they deem it appropriate.

They have stated in their guidance that this may include further examples of how to gain consent for particular types of cookies as methods develop.

Penalty for non-compliance

Fortunately for operators of web sites, the ICO has indicated that during the next twelve months it will not be taking any enforcement action against companies that can show that they are considering their use of cookies and working on solutions to the problem of obtaining consent.

The key message from the ICO is that inaction is not acceptable. If the ICO is of the view that organisations are not making adequate preparations to be compliant by May 2012 a warning may be issued as to the use of the Information Commissioner’s future powers.

From May 2012 the ICO will follow the approach to enforcement set out in the Commissioner’s Data Protection Regulatory Action Policy. In deciding whether enforcement action is appropriate the ICO will be concerned with the impact of the breach of the new cookie law on the privacy and other rights of website users, not just with if there has been a technical breach of the UK Regulations.

The UK Regulations carry a maximum fine of £500,000 for serious breaches. It is anticipated that this power will only be used in limited circumstances. Before this the fine was £5,000 and companies may have been willing to run the risk but with these increased powers the result of enforcement action is potentially more severe.

The Data Protection Act Can Also Apply

The UK’s Data Protection Act of 1998 derives from the EU Data Protection Directive and does not contain specific provisions relating to cookies. However, it does require that where personal information is collected then data subjects (which will include internet users) should be told of this collection or information about it should be made available to them.

Even where it is possible to anonymise information, the information may still be classed as personal data under the Act if it can be traced back or put together with other information to identify the individual.

Therefore the requirements of the Act are that the owner of a web site using cookies (the data controller) must make its identity clear, the purposes for it having the information and anything else necessary in the circumstances to make the processing fair. This information must also be provided when personal data are collected from third parties.

Summary

There is a requirement under the amended E-Privacy Directive and the UK Regulations to

tell users about cookies and what you are going to use their information for; andobtain their consent to the placing of the cookies..

The Data Protection Act also requires users to be provided with certain information. A simple way to provide internet users with information is to provide them with a privacy policy, a data protection notice, or both. The privacy policy or notice if used properly can meet the information provision requirements of both the Directive and the Act.

Obtaining users’ consent to the placing of a cookie is technically more difficult. As yet the browser settings option for obtaining consent is not sufficient in the UK as browsers are currently not sophisticated enough. Until such time as this becomes a possibility (if at all) the ICO and the UK Government advise that consent must be obtained in some other way. The ICO guidance which is a starting point for compliance for organisations, suggests a number of different ways to obtain consent:

pop ups or similar techniques asking for consent can be used. Pop ups are discouraged by Web Content Accessibility Guidelines. They may also spoil the experience of using a website Users can also block pop ups by default, making this impractical; consent can be obtained by using terms of use or terms and conditions. In using this option consent is given by the user when they first register or sign-up. If this method is used it is essential that a user is made aware of any changes made to the terms to include consent for cookies and specifically that the changes relate to the use of cookies. It would then be necessary to obtain a positive indication that the user understands and agrees to the changes; preferences that users choose when visiting a site can also be used as a means of obtaining consent. Consent could be gained as part of the process by which the user confirms what they want to do or how they want the site to work, provided sufficient information about the use of the cookies is provided. This would apply to any feature where a user is told that a site can remember certain settings they have chosen; website features, such as videos, that remember how users personalise their interaction can also determine user consent. In this case, where the user is taking some action to tell the webpage what they want to happen – opening a link, clicking a button or agreeing to the functionality being ‘switched on’ – then their consent to set a cookie can be asked at this point; for use of analytic cookies to gather information about how people access and use a site it may be possible to add a footer or header to a webpage containing text. This text is highlighted or turned into a scrolling piece of text when a site wants to set a cookie on a user’s device. In turn this could direct the user to read additional information, possibly contained in a privacy policy, and make an appropriate choice; where a site allows a third party to set cookies the process of getting consent is more difficult. Initiatives that seek to ensure that users are given more and better information about the use of information, for example the use of the “i” symbol, referred to below, should be used. Anyone whose site uses or allows third party cookies must ensure that the right information is delivered to users so they can make informed choices.

As an alternative businesses may wish to consider using a non-cookie site. A simple brochure-style site with no way to login and no e-commerce functionality may not use cookies, meaning that the new law will not affect the site. This option may not be practical for many businesses as it could place them at a competitive disadvantage to competitors and sites outside the EU. A non-cookie site may lose revenues from advertising meaning that it is not cost effective to run such a site. Organisations could charge for these sites but is it unlikely that users will pay to see such a site.

In the absence of definitive methods a hybrid of the above methods is likely to be the way forward for the time being at least, namely a combination of information and consent.

The ICO’s own website places cookies and since 26th May a consent ‘opt-in’ box has been placed at the top of their homepage, requiring users to check a box to consent to the placing of cookies.

Website owners/businesses should consider what would work for them by looking at their business and how they use their website.

Community

Our Services may include publicly accessible community services such as blogs, forums, and wikis. Please be aware that any information you provide in these areas may be read, collected, and used by others who access them. Your posts on these communities may remain even after you cancel your account.

Questions, Complaints and Contacts

If you have any questions regarding this Privacy Policy, please contact us at privacy@Flow Local.com, or by mail at the address below:

Flow Local,

Attn: Director

10 Lomond Avenue

Belfast,