Last updated: September 30, 2020
Last updated: September 30, 2020
When you use our website or our other digital services, we collect, use and process your personal data. The protection and confidentiality of these personal data is important to us, and we are determined to protect it.
3.2 Customer Support
FLOW has various forms of customer support in order to help you. For us to be able to provide you with customer support, we will process your personal data to identify you and help you as best we can.
On our website, you will be able to submit a questionnaire form and you can also contact us by phone, via email or letters, or by through social media; and when you communicate with us via any of these means, we will help you with inquiries, questions or feedbacks concerning our services.
Depending on your inquiry, question or feedback, you may be asked to provide additional personal data. After you have contacted Customer Support, we will examine the content of our communication with you. This is to control the quality of the service we have provided to you. For this purpose, your personal data such as your name, contact detail may be processed.
To maintain our service level, we may conduct data testing regarding our websites and mobile applications when an error occurs or when any change is made to our system, and this involves processing your personal data. This enables us to debug (to eliminate technical errors) our systems, to correctly display any changes made by you or us that is relevant to you, and to ensure the proper functioning of these websites and mobile applications.
We also produce reports and statistics by analyzing the data you have provided to us, such as your name and contact details. The purpose is to improve our service and to provide you a better user experience next time when you use our services.
Aiming to help you make the most of the offers provided by us, we will send you or in other ways make you aware of various activities and offers via email, which may include newsletter, unique offers based on your preferences. For this purpose we will process your e-mail address and campaign participation history.
FLOW strives to be as relevant as possible for each customer across different digital channels. If you have visited our website, we may present relevant offers to you on other digital media based on your web clicks. Anonymized IP in cookies will be processed for this purpose. When you visit our website we will use your on-line behavior in order to present relevant offers through our internet portals, e-mail campaign and in other digital media.
The legal basis for processing your personal data is your consent and our legitimate interests to operate and improve our business. Please note that withdrawal of any consent does not affect the lawfulness of the processing that has taken place based on a consent given prior to the withdrawal.
We do not sell your personal data for marketing purposes to other companies.
When you visit our website or use our mobile applications we collect certain information by automated means using cookies. Cookies are small text files stored on your device when you visit a website. When you first visit a website, a cookie file is sent to your device that identifies your browser
By using cookies you help FLOW improve the functionality of our website. They are important to reduce download time and improve your user experience. The cookie will collect information about how visitors use our websites and thus provide us useful information about how we can provide a better customer experience and improve our services.
If you want to learn more about how behavioral advertising works, see in depth information about cookies and the steps you can take to protect your privacy on the internet on Your Online Choices: http://www.youronlinechoices.com/.
You have the right to request access, rectification, restriction and deletion of your personal data held by us, and to receive a copy of your personal data in a structured machine-readable format.
You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.
Where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory. If such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.
Your personal data will be retained in accordance with the provisions of the various subsections of section 3.
You can reach us online at firstname.lastname@example.org or via mail directed to:
21 Italiana St., disctrict 2, Bucharest,
If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the Romanian Data Protection Authority.
The practices and processes set out in this document may be amended by FLOW from time to time to comply with applicable laws and to reflect improvements of FLOW’s procedures.
FLOW has implemented appropriate technical and organisational measures to ensure necessary and appropriate level of security, both for IT and information security in general and for privacy specifically. We have further implemented routines for regular review of these measures, and our operations, policies, and procedures are reviewed annually to ensure that FLOW meets all standards expected of managed services providers.
Our information security program includes internal policies and procedures which govern crucial security aspects, including but not limited to:
– risk management
– remote access and network management
– physical access and security monitoring
– data classification
– data sharing and storage controls
– service provider engagement and security
In general, FLOW follows industry best practices for the implementation of secured transmission, storage, and disposal of information and of authentication and access controls within media, applications, operating systems, and equipment.
FLOW has also implemented proactive security procedures such as perimeter defense and intrusion prevention systems.
Processing of personal data
FLOW only processes information you agree to give us, and according to applicable laws and regulations.
FLOW only requires the minimum amount of personal information that is necessary to fulfil the purpose of your interaction with us. We will never sell personal information to third parties.
Investigation and Reporting of Security Incidents
FLOW has a documented internal security incident response plan aligned with GDPR’s personal data breach notification requirements.
A number of incidents or anomalies are handled by FLOW’s staff according to internal procedures and guidelines, thereby giving FLOW security visibility of security threats affecting the company and the company clients. Examples of such reports are phishing, possible mishandling of credentials and inappropriate permissions.
Information Classification and Risk-Based Controls
All information that FLOW processes on behalf of its customers is given the highest levels of protection.
Use of Microsoft products
FLOW extensively utilizes Microsoft productivity, collaboration, management tools, products, and software, thereby benefiting from Microsoft’s extensive investment and experience in the security field. The use of Microsoft products enables FLOW to set appropriate security controls and actions. We use Microsoft security solutions, such as, but not limited to Azure Information Protection, Conditional access policies and multi-factor authentication. All products are configured according to Microsoft Best practices or industry standards, whichever provides the highest level of security.
In addition to adhering to various security best practices, FLOW requires all employees to set up multi-factor authentication on all business accounts. User behaviors are closely monitored and anomalies will result in immediate account lockout.
Data Encryption at rest and in transit
Customer data is encrypted at rest whenever possible.
Security Compliance by FLOW Staff
FLOW takes appropriate steps to ensure compliance with our security measures and standards by our employees and contractors to the extent applicable to their scope of risk and performance, hereunder ensuring that all persons authorized to process customer personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
All employees receive privacy and security training during onboarding as well as on an ongoing basis.
Retention and Deletion
FLOW only retains customer personal data as long as necessary to provide services for our customers and within limits of applicable laws. Once the purpose of retaining personal data expires, FLOW will return or delete personal data to the customer and will only retain a copy of such data if required by law, and to that extent, only the portion of personal data that is necessary.
Ongoing evaluations and improvements
FLOW recognizes that data protection and data security are an important priority for our customers. As such, FLOW continues to monitor legal developments and to improve its practices and processes.
We reserve the right, at our sole discretion, to update, change or replace any part of these terms by posting updates and changes to our website. Please check our website periodically for changes.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.