We may update this Privacy Policy from time to time in our sole discretion. If we do, we’ll let you know by posting the updated Privacy Policy on our website, and/or we may also send other communications.

We collect personal information that you provide to us, personal information we obtain automatically when you use the Services, and personal information from third-party sources, as described below.

A. Personal Information You Provide to Us Directly

We may collect personal information that you provide to us.

• Account Information. We may collect personal information in connection with the creation or administration of your account, such as your name, email address, and other information you volunteer.
• Payments. We may collect personal information and details associated with your purchases of Services, including payment information. Any payments made via our Services are processed by third-party payment processors. We do not directly collect or store any payment card information entered through our Services, but we may have access to information associated with your payment card information (for example, your billing details or payment status).
• Your Communications with Us. We may collect personal information, such as email address, phone number, or mailing address when you request information about our Services, request customer or technical support, or otherwise communicate with us.
• Surveys. We may contact you to participate in surveys. If you decide to participate, we may collect personal information from you in connection with the survey.
• Interactive Features. We and others who use our Services may collect personal information that you submit or make available through our interactive features (e.g., forums, blogs, and social media pages). Any information you provide using the public sharing features of the Services will be considered “public.”
• Sweepstakes or Contests. We may collect personal information you provide for any sweepstakes or contests that we offer. In some jurisdictions, we are required to publicly share information of sweepstakes and contest winners.
• Conferences, Trade Shows, and Other Events. We may collect personal information from individuals when we attend or host conferences, trade shows, and other events.
• Business Development and Strategic Partnerships. We may collect personal information from individuals and third parties to assess and pursue potential business opportunities.
• Job Applications. If you apply for a job with us, we will collect any personal information you provide with your application, such as your contact information and CV.

B. Personal Information Collected Automatically

We may collect personal information automatically when you use the Services.

• Automatic Collection of Personal Information. We may collect certain personal information automatically when you use the Services, such as your Internet protocol (IP) address, user settings, cookie identifiers, other unique identifiers, browser or device information, location information (including approximate location derived from IP address), and Internet service provider. We may also automatically collect information regarding your use of our Services, such as pages that you visit, items that you search for via the Services, information about the links you click, the frequency and duration of your activities, and other information about how you use our Services.
• Cookie Notice (and Other Technologies). We, as well as third parties, may use cookies, pixel tags, conversion APIs, and other technologies (“Technologies”) to automatically collect information through your use of the Services.
  • Cookies. Cookies are small text files placed in device browsers that store preferences and facilitate and enhance your experience.
  • Pixel Tags/Web Beacons. A pixel tag (also known as a web beacon) is a piece of code embedded in the Services that collects information about engagement on the Services. The use of a pixel tag allows us to record, for example, that a user has visited, a particular web page or clicked on a particular advertisement. We include pixels and web beacons in e-mails to understand whether messages have been opened, acted on, or forwarded.
  • Conversion APIs. Conversion APIs is a server-side tool that collects information about engagement on the Services.
  
  

See “Your Privacy Choices and Rights” below to understand your choices regarding these Technologies.

C. Personal Information Collected from Other Sources

Third-Party Services and Sources. We may obtain personal information about you from other sources, including through third-party services and organizations. For example, if you access our Services through a third-party application, such as an app store, a third-party login service, or a social networking site, we may collect personal information about you from that third-party application that you have made available via your privacy settings.

We use your personal information for a variety of business purposes, including to provide the Services, for administrative purposes, and to market our products and Services, as described below.

A. Provide The Services

We use personal information to fulfill our contract with you and provide the Services, such as:

• Managing your information and accounts;
• Providing access to certain areas, functionalities, and features of our Services;
• Answering requests for customer or technical support;
• Communicating with you about your account, activities on our Services, and policy changes;
• Processing your financial information and other payment methods for products or Services purchased;
• Processing applications if you apply for a job we post on our Services;
• Allowing you to register for events.

B. Administrative Purposes

We use personal information for various administrative purposes, such as:

• Pursuing our legitimate interests such as direct marketing, research and development (including marketing research), network and information security, and fraud prevention;
• Detecting security incidents, protecting against malicious, deceptive, fraudulent or illegal activity, and prosecuting those responsible for that activity;
• Carrying out analytics, and analyzing, improving, modifying, customizing and measuring our Services, including training artificial intelligence/machine learning models;
• Creating de-identified and/or aggregated information. If we create or receive de-identified information, we will not attempt to reidentify such information, unless permitted by, or required to comply with, applicable laws;
• Measuring interest and engagement in our Services;
• Short-term, transient use, such as contextual customization of ads;
• Improving, upgrading, or enhancing our Services;
• Developing new products and services;
• Ensuring internal quality control and safety;
• Authenticating and verifying individual identities, including requests to exercise your rights under this Privacy Policy;
• Debugging to identify and repair errors with our Services;
• Auditing relating to interactions, transactions, and other compliance activities;
• Sharing personal information with third parties as needed to provide the Services;
• Enforcing our agreements and policies; and
• Carrying out activities that are required to comply with our legal obligations.

C. Marketing

We may use personal information to tailor and provide you with marketing and other content. We may provide you with these materials as permitted by applicable law.

If you have any questions about our marketing practices, you may contact us at any time as set forth in “Contact Us” below.

D. With Your Consent

We may use personal information for other purposes that are clearly disclosed to you at the time you provide personal information or with your consent.

E. Other Purposes

We also use your personal information for other purposes as requested by you or as permitted by applicable law.

• De-identified and Aggregated Information. We may use personal information to create de-identified and/or aggregated information, such as information about the device from which you access our Services, or other analyses we create.

We disclose personal information to third parties for a variety of business purposes, including to provide our Services, to protect us or others, or in the event of a major business transaction such as a merger, sale, or asset transfer, as described below.

A. Disclosures to Provide the Services

The categories of third parties with whom we may share your personal information are described below.

• Service Providers. We may share your personal information with our third-party service providers and vendors that assist us with the provision of the Services. This includes service providers and vendors that provide us with IT support, hosting, payment processing, customer service, and related services.
  • Some of the service providers we may use include:
    • Google Analytics. For more information about how Google uses your personal information (including for its own purposes, for example, for profiling or linking it to other data), please visit Google Analytics’ Privacy Policy. To learn more about how to opt-out of Google Analytics’ use of your information, please click here.
• Business Partners. We may share your personal information with business partners to provide you with a product or service you have requested. We may also share your personal information with business partners with whom we jointly offer products or services.
• Affiliates. We may share your personal information with our company affiliates.
• Flodesk Members (Authorized Users Only). In cases where you use our Services as yourself, an authorized Flodesk employee or contractor, or other Authorized Team Member, that Member may access information associated with your use of the Services including usage data and the contents of the communications and files associated with your account. Your personal information may also be subject to the Flodesk Member’s privacy policy. We are not responsible for the Flodesk Member’s processing of your personal information.
• Advertising Partners. We may share your personal information with third-party advertising partners. These third-party advertising partners may set Technologies and other tracking tools on our Services to collect information regarding your activities and your device (for example, your IP address, cookie identifiers, page(s) visited, location, time of day). These advertising partners may use this information (and similar information collected from other services) for purposes of delivering personalized advertisements to you when you visit digital properties within their networks. This practice is commonly referred to as “interest-based advertising”, “targeted advertising,” “personalized advertising, or cross-context behavioral advertising.”
  • Facebook Connect or Meta Business Tools. For more information about Meta’s use of your personal information, please visit Facebook’s Data Policy. To learn more about how to opt-out of Facebook’s use of your information, please click here while logged in to your Facebook account.

B. Disclosures to Protect Us or Others

We may access, preserve, and disclose any information we store associated with you to external parties if we, in good faith, believe doing so is required or appropriate to: comply with law enforcement and legal process, such as a court order or subpoena; protect your, our, or others’ rights, property, or safety; enforce our policies or contracts; collect amounts owed to us; or assist with an investigation or prosecution of suspected or actual illegal activity.

C. Disclosure in the Event of Merger, Sale, or Other Asset Transfers

If we are involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, purchase or sale of assets, transition of service to another provider, or other similar corporate transaction, your personal information may be disclosed, sold, or transferred as part of such a transaction.

Your Privacy Choices. The privacy choices you may have about your personal information are determined by applicable law and are described below.

• Email Communications. If you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails. Note that you will continue to receive transaction-related emails regarding products or Services you have requested. We may also send you certain non-promotional communications regarding us and our Services, and you will not be able to opt out of those communications (for example, communications regarding our Services or updates to our Terms or this Privacy Policy).
• Do Not Track. Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honor DNT signals or similar mechanisms transmitted by web browsers.
• Cookies and Personalized Advertising. You may stop or restrict the placement of Technologies on your device or remove them by adjusting your preferences as your browser or device permits. However, if you adjust your preferences, our Services may not work properly.

The online advertising industry also provides websites from which you may opt out of receiving targeted ads from organizations that participate in self-regulatory programs. You can access these and learn more about targeted advertising and consumer choice and privacy by visiting the Network Advertising Initiative, the Digital Advertising Alliance, the European Digital Advertising Alliance, and the Digital Advertising Alliance of Canada.

Please note you must separately opt out in each browser and on each device.

In addition, you may stop or restrict the placement of Technologies by clicking Your Privacy Choices and following the instructions found on the website.

Your Privacy Rights. In accordance with applicable law, you may have the right to:

• Confirm Whether We Are Processing Your Personal Information (the right to know);
• Request Access to and Portability of Your Personal Information, including: (i) obtaining access to or a copy of your personal information; and (ii) receiving an electronic copy of personal information that you have provided to us, or asking us to send that information to another company in a structured, commonly used, and machine-readable format (also known as the “right of data portability”);
• Request Correction of your personal information where it is inaccurate or incomplete;
• Request Deletion of your personal information;
• Request to Opt-Out of Certain Processing Activities including, as applicable, if we process your personal information for “targeted advertising” (as “targeted advertising” is defined by applicable privacy laws), if we “sell” your personal information (as “sell” is defined by applicable privacy laws), or if we engage in “profiling” in furtherance of certain “decisions that produce legal or similarly significant effects” concerning you (as such terms are defined by applicable privacy laws);
• Request Restriction of or Object to our processing of your personal information; and
• Withdraw your Consent to our processing of your personal information. Please note that your withdrawal will only take effect for future processing, and will not affect the lawfulness of processing before the withdrawal.

If you would like to exercise any of these rights, please contact us as set forth in “Contact Us”. We will process such requests in accordance with applicable laws.

To protect your privacy, we will take commercially reasonable steps to verify your identity before fulfilling requests submitted under applicable privacy laws. These steps may involve asking you to provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Examples of our verification process may include asking you to confirm the email address we have associated with you.

Only you, or someone legally authorized to act on your behalf in certain jurisdictions, may make a request to exercise the rights listed above regarding your personal information. If your personal information is subject to a law that allows an authorized agent to act on your behalf in exercising your privacy rights and you wish to designate an authorized agent, please provide written authorization signed by you and your designated agent using the information found in “Contact Us” below and ask us for additional instructions.

Some laws may allow you to appeal our decision if we decline to process your request. If applicable laws grant you an appeal right and you would like to appeal our decision with respect to your request, you may do so by informing us of this and providing us with information supporting your appeal.

All personal information processed by us may be transferred, processed, and stored anywhere in the world, including, but not limited to, the United States or other countries, which may have data protection laws that are different from the laws where you live.

If we transfer personal information which originates in the European Economic Area, Switzerland, and/or the United Kingdom to a country that has not been found to provide an adequate level of protection under applicable data protection laws, one of the safeguards we may use to support such transfer is the EU Standard Contractual Clauses.

For more information about the safeguards we use for international transfers of your personal information, please contact us as set forth below.

We store the personal information we collect as described in this Privacy Policy for as long as you use our Services, or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

To determine the appropriate retention period for personal information, we may consider applicable legal requirements, the amount, nature, and sensitivity of the personal information, certain risk factors, the purposes for which we process your personal information, and whether we can achieve those purposes through other means.

This Supplemental Notice for California Residents supplements our Privacy Policy and only applies to our processing of personal information that is subject to this Privacy Policy and the California Consumer Privacy Act of 2018 (as amended from time to time) (“CCPA”).

The CCPA provides California residents with the right to know what categories of personal information Flodesk has collected about them, whether Flodesk disclosed that personal information for a business purpose (e.g., to a service provider), whether Flodesk “sold” that personal information, and whether Flodesk “shared” that personal information for “cross-context behavioral advertising” in the preceding twelve months. California residents can find this information below:

The categories of sources from which we collect personal information and our business and commercial purposes for using and disclosing personal information are set forth in “Personal Information We Collect”, “How We Use Personal Information”, and “How We Disclose Personal Information” above, respectively. We will retain personal information in accordance with the time periods set forth in “Retention of Personal Information.”

If applicable from the table above, we “sell” and “share” your personal information:

• to provide you with “cross-context behavioral advertising” about Flodesk’s products and services; and
• to provide you with “cross-context behavioral advertising” about your products and services.

Additional Privacy Rights for California Residents

Opting Out of “Sales” of Personal Information and/or “Sharing” for Cross-Context Behavioral Advertising under the CCPA. California residents have the right to opt out of the “sale” of personal information and the “sharing” of personal information for “cross-context behavioral advertising.” California residents may exercise these rights by following the instructions on the cookie banner upon visiting our website, or by clicking “Your Privacy Choices” and following the instructions found on the website.

Disclosure Regarding Individuals Under the Age of 16. Flodesk does not have actual knowledge of any “sale” of personal information of minors under 16 years of age. Flodesk does not have actual knowledge of any “sharing” of personal information of minors under 16 years of age for “cross-context behavioral advertising.”

Disclosure Regarding Opt-Out Preference Signals. Applicable law may provide for an opt out by broadcasting an Opt-Out Preference Signal, such as the Global Privacy Control (GPC) (on the browsers and/or browser extensions that support such a signal). Flodesk recognizes GPC browser signals. To download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Disclosure Regarding Sensitive Personal Information. Flodesk only uses and discloses sensitive personal information for the following purposes:

• To perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services.
• To prevent, detect, and investigate security incidents that compromise the availability, authenticity, integrity, and or confidentiality of stored or transmitted personal information.
• To resist malicious, deceptive, fraudulent, or illegal actions directed at Flodesk and to prosecute those responsible for those actions.
• To ensure the physical safety of natural persons.
• To verify or maintain the quality or safety of Flodesk products, services, or devices, and to improve, upgrade, or enhance Flodesk ’s services or devices.
• For purposes that do not infer characteristics about individuals.

Non-Discrimination. California residents have the right not to receive discriminatory treatment by us for the exercise of their rights conferred by the CCPA.

If you are a California resident and would like to exercise any of your rights under the CCPA, please contact us as set forth in “Contact Us” below. We will process such requests in accordance with applicable laws.

The Services are not directed to children under 18 (or other age as required by local law), and we do not knowingly collect personal information from children. If you are a parent or guardian and you are aware that your child has provided us with personal information, please contact us as set forth in “Contact Us” below. If we become aware that we have collected personal information from children without verification of parental consent, we take steps to remove that information from our servers.

Our Lawful Basis for Processing Personal Information. If your personal information is subject to the EU General Data Protection Regulation or other related legislation, our processing of your personal information is supported by the following lawful bases:

Supervisory Authority. If your personal information is subject to the applicable data protection laws of the European Economic Area, Switzerland, or the United Kingdom, you have the right to lodge a complaint with the competent supervisory authority or attorney general if you believe our processing of your personal information violates applicable law.

• EEA Data Protection Authorities (DPAs) in Ireland
• Swiss Federal Data Protection and Information Commissioner (FDPIC)
• UK Information Commissioner’s Office (ICO)

Representatives.

• EU Representative. We have appointed Bizlegal t/a EUREP as our Representative under Article 27 of the EU General Data Protection Regulation (“GDPR”). All GDPR queries from EU Data Subjects or Data Protection authorities should be submitted to eurep.ie via their dedicated form. Bizlegal t/a EUREP, Company number 635921, Ireland.
• UK Representative. We have appointed HelloDPO Law Limited as our Representative under Article 27 of the UK General Data Protection Regulation (“UK GDPR”). All UK GDPR queries from UK Data Subjects or the Information Commissioner’s Office (ICO) should be submitted to hello@hellodpo.com stating Flodesk Inc. in the subject matter, and copy dpo@flodesk.com.

The Services may contain links to other websites/applications and other websites/applications may reference or link to our Services. These third-party services are not controlled by us. We encourage our users to read the privacy policies of each website and application with which they interact. We do not endorse, screen, or approve, and are not responsible for, the privacy practices or content of such other websites or applications. Providing personal information to third-party websites or applications is at your own risk.

Flodesk is the controller of the personal information about you that we process under the Privacy Notice.
If you have any questions about our privacy practices or this Privacy Policy, or to exercise your rights as detailed in this Privacy Policy, please contact us at:

Flodesk, Inc.
privacy@flodesk.com