NOTES TO USERS IN EUROPE:
● Because we provide our offerings (and enable our retail partners whose goods you may purchase (“Retail Partners”) to offer their goods) to individuals who are based in the European Economic Area (“Europe”), European data protection legislation known as the General Data Protection Regulation (“GDPR”) applies to us and our use of your Personal Data.
● For more information, please see the provisions under the heading “Provisions Specific to European Users”, below.
What Types of Personal Information Does Flow Collect?
We collect, store, and use information that you provide directly to us and information we acquire in other ways, each as detailed below:
● Information You Provide to Us Directly. We acquire information from you when you (a) provide information via any of the Flow Digital Properties, including any user accounts or other accounts, (b) interact with any Flow Digital Property’s checkout pages, (c) purchase goods and/or services from Flow, (d) communicate or interact with Flow customer service (via email, mail, courier, fax, web form, and/or phone), (e) download any whitepaper, article, research paper, infographic or other downloadable, (f) request or otherwise sign up to receive our newsletter(s) and/or watch any webinar, video or other online content, and/or (g) engage in any other electronic or oral conversation with an employee, contractor, agent or retail partner of Flow.
Through these channels, you might provide us with information about you, information about the recipient of any merchandise you are ordering and/or having shipped, including but not necessarily limited to, in either case, names, email addresses, postal addresses, phone numbers, genders, birthdays, marketing preferences, personal interests, credit card information, and other information, such as driver’s license numbers, CPF numbers or other national identifiers, and passport information.
To the extent that you provide us information that is retained as a user account or user profile through a Flow Digital Property, you may log into that profile to update, edit or delete any information contained therein. Information that is retained as a record of an order placed, item shipped, return request, customer service provided, or similar transaction is, by its nature, not editable.
● Information We Acquire in Other Ways. We also acquire other information about you when you interact with the Flow Digital Properties and certain of their features, including user accounts and other accounts, checkouts, questionnaires, panels, and social media features, such as signing into a Flow Digital Property account using your social media sign-in credentials or otherwise interacting with third party social media features that are enabled on the Flow Digital Properties.
This information may be collected by us or our third party partners through log files and may include your city and country location, your IP address, your browser, the type of device you have used to access the Flow Digital Property, URLs that refer you to a Flow Digital Property, date and times of your visits to Flow Digital Properties, information on actions taken while at Flow Digital Properties (such as page views and site navigation patterns), a unique identifier for your browser or device and details of your usage such as your preferences, “pins”, “likes” and “dislikes.”
What Cookies and Other Technologies Does Flow Use?
Cookies can either expire at the end of a session (“Session Cookies”) or be persistent and last through multiple sessions (“Persistent Cookies”). Session Cookies can be helpful for remembering items you put in your shopping cart as you browse a site, or for security reasons when you are providing financial information. Persistent Cookies are stored on your device in between sessions, which allows for your preferences or actions to be remembered and used on a website or mobile app (or in some cases across different websites and/or mobile apps). Persistent Cookies may be helpful in remembering your preferences and choices when using a website or to ensure advertising messages are more relevant to you. Cookies are useful because they allow us to recognize your device and provide you with a high level of service and relevant offers.
Broadly speaking, Cookies placed on your computer or device fall into two categories:
1) First Party Cookies – these are served directly by us to your computer or device and are used only by us to recognize your computer or mobile device when it revisits our website; and
- Third Party Cookies – these are served by our service providers and partners on our website, and can be used by such parties to recognize your computer or mobile device when you use it to visit other websites.
The Flow Digital Properties may use the following types of Cookies for the purposes set out below:
Purpose: These Cookies are essential to provide you with services available through our Site and to enable you to use some of its features. For example, they allow you to log in to secure areas of our Site and help the content of the pages you request load quickly. Without these Cookies, the services that you have asked for cannot be provided, and we only use these Cookies to provide you with those services.
Purpose: These Cookies allow our Site to remember choices you make when you use our Site, such as remembering your currency and language preferences, remembering your log-in details and remembering the changes you make to other parts of our Site which you can customize.The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit our Site.
Analytics and performance Cookies
Purpose: These Cookies are used to collect information about traffic to our Site and how users use our Site. The information gathered via these cookies does not “directly” identify any individual visitor. However, it may render such visitors “indirectly identifiable”. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access our Site. It includes the number of visitors to our Site, the websites that referred them to our Site, the pages that they visited on our Site, what time of day they visited our Site, whether they have visited our Site before, and other similar information. We use this information to help operate our Site more efficiently, to gather broad demographic information and to monitor the level of activity on our Site.
We use Google Analytics for this purpose. Google Analytics uses its own Cookies. It is only used to improve how our Site works. You can find out more information about Google Analytics Cookies here: Click Here.
You can prevent the use of Google Analytics relating to your use of our Site by downloading and installing the browser plugin available via this link.
Targeted and advertising Cookies
Purpose: These Cookies track your browsing habits to enable you to see advertising which is more likely to be of interest to you. These Cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, and with our permission, third party advertisers can place Cookies to enable them to show adverts which will be relevant to your interests while you are on third party websites.
How Can I Disable Cookies?
To limit disclosures and use of personal data - you can typically remove or reject Cookies via your browser settings. In order to do this, follow the instructions provided by your browser (usually located within the “settings”, “help” “tools” or “edit” facility). Many browsers are set to accept Cookies until you change your settings. You can take additional steps to disable or delete similar data, such as Flash Cookies, by modifying the “add-on” settings on your browser. Various browsers may offer their own management tools for access to HTML5 LSOs. However, please note that certain Cookies are required for you to be able to take advantage of some of Flow’s important functions. For example, if you do not allow our cookies, you may not be able to purchase items from one of our checkouts. You may find specific instructions for disabling cookies in some of the popular browsers via the following links: Google Chrome, Safari, Mozilla Firefox, Microsoft Internet Explorer. See also “Does Flow Participate in Online Behavioral Advertising” Section below.
In addition to any Cookies that may be set via our Site, with their permission, we may also set Cookies via our partners’ Flow Digital Properties to assist both them and you in our provision of the Flow Services.
Where Else Does Flow Obtain Data?
- Our clients or other partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.
- Publicly-available sources such as open government databases or other data in the public domain.
- Social networks when you reference our Flow or one of our hashtags.
We are not responsible for the accuracy of any information provided by third parties or third party policies or practices.
How Does Flow Use Your Information?
How Does Flow Share Your Information?
- Marketplaces and Partners Involved in Your Transactions. Depending on how you interact with Flow, you may make purchases that involve third parties. For example, you may make a purchase that involves a third-party website or marketplace. In such a situation, you may initially view products on that website or marketplace and Flow is facilitating the order or otherwise involved. If this is the case, it will be very clear to you that a third party is involved in your transaction. And, if so, we will share your personal information with that third party.
- Flow’s Protection. We will disclose your personal information as required by law, when we believe that disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, or legal process, to enforce or apply our Terms & Conditions and other agreements and to protect the rights of Flow.
- Business Transition. In the event Flow goes through a business transition, such as a merger with or acquisition by another company, sale of all or a portion of our assets or brands, your personal information will likely be among the assets transferred.
- You Otherwise Consent. We may, of course, share your information in other ways that you specifically consent to.
- Aggregated Content. We may also share “aggregated/blinded” information with our merchant partners, PR agencies, advertising agencies, and other third parties. By “aggregated/blinded” information we mean, information from multiple users that contains only zip codes, purchasing amounts, products, brands, categories, merchants involved, timing of transactions/usage and frequency of usage – with no other private information or personally identifying information included.
In addition, in the event of a merger, acquisition, reorganization, bankruptcy, or other similar events, certain information in our possession may be transferred to our successor or assign.
Does Flow Participate in Online Behavioral Advertising?
Flow does not deliver third party online advertisements on the owned and operated Flow Digital Properties but we advertise our services on others' websites. We may use the analytics information from the Flow Digital Properties for retargeting and remarketing campaigns. Please familiarize yourself with those website operators' or network advertisers' privacy policies to understand their practices relating to advertising, including what type of information they may collect about your Internet usage. Some advertising networks we may use may be members of the Network Advertising Initiative (NAI) or the European Interactive Digital Advertising Alliance (EDAA). Individuals may opt-out of targeted advertising delivered by NAI or EDAA member ad networks by using tools provided visiting http://www.networkadvertising.org/ and http://www.youronlinechoices.eu/ respectively. If you wish to opt-out of receiving ads targeted to you based on your preferences, you may do so by clicking here. Please note that this does not opt you out of being served non-targeted advertising. You will continue to receive generic, non-targeted ads.
How Does Flow Handle, Store and Secure Your Information?
We take the security of your data very seriously at Flow. We use a variety of current technologies and processes to protect your data, including encryption at both the storage and transport level. However, please note that no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security.The security of your password is key to the security of your data. We recommend that you do not share, reuse, or store any of the passwords you may have set up with any of Flow’s retail partners with anyone else.
What You Should Understand About Third-Party Advertisers and Links to Other Digital Properties?
Does Flow Transfer Your Data Cross Border?
Are Children Allowed to Use Flow?
Flow does not allow anyone under the age of 18 to take part in any of its services. If you are under the age of 18, you must stop using the Flow Digital Properties and taking part in its services now. To be clear, but not to limit what you are not allowed to do, if you are under 18, you may not make purchases from Flow or any of its partners, you may not click through to any of our partners’ websites, and you may not take part in any surveys, panels or the like.
What are the Terms & Conditions and Dispute Resolution?
How to Contact Us:
Flow Commerce Inc.
2 Hudson Place
Hoboken, NJ 07030
PROVISIONS SPECIFIC TO EUROPEAN USERS
Who is the Controller of your Personal Data?
What is Personal Data?
The GDPR definition of ‘personal data’ can be found here. Essentially, it boils down to: information about an individual, from which that individual is either directly identified or can be indirectly identified.It does not include anonymous information (i.e., information where the identity of individual has been permanently removed).However, it does include ‘indirect identifiers’ or ‘pseudonymous data’ (i.e., information which alone doesn’t identify an individual but, when combined with certain additional and reasonably accessible information, could be attributed to a particular individual).
What Personal Data do these “Provisions Specific to European Users” apply to?
They apply to any European User’s Personal Data that we process as a Controller (see the “When will Flow be the Controller?” subsection above). This is because, where we process Personal Data as a Processor of our Retail Partners we are bound by both the GDPR and our agreements with those Retail Partners to process your Personal Data only under their instructions.
What Personal Data do we collect?
We may collect, use, store and transfer different kinds of Personal Data about you which we have grouped together follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth, gender, driver’s license numbers, CPF numbers or other national identifiers, and passport information.
- Contact Data includes billing address, shipping address, email address and telephone numbers.
- Financial Data includes payment card details.
- Transaction Data includes details about payments you make in respect of your purchases of Retail Partners’ goods.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and geolocation, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Site.
- Usage Data includes information about how you use our Site and offerings.
Marketing and Communications Data includes your preferences in receiving marketing from us, our Retail Partners, and other third parties and your general communication preferences.
Our Purposes and “legal bases” for processing your Personal Data?
Where we act as a Controller of Personal Data, the GDPR requires us to ensure that we have a “legal basis” for that use. We typically rely on one of the following legal bases in respect of our processing of your Personal Data:
- Where we need to perform the contract we are about to enter into or have entered into with you (“Contractual Necessity”).
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (“Legitimate Interests”).
- Where we need to comply with a legal or regulatory obligation (“Compliance with Law”).
Generally we do not rely on “consent” as a legal basis for using your Personal Data.Please note that where we act as a Processor of a Retail Partner, it is that Retail Partner’s responsibility to ensure that they have a valid legal basis for their processing of your Personal Data (including any processing we carry out on their behalf).We have set out below, in a table format which of the legal bases we rely on in respect of the relevant Purposes for which we use your Personal Data, as well as what those purposes are.Where more than one legal basis is listed in the below, if you want details about the specific legal basis we are relying on to process your Personal Data in a specific circumstance, please contact us using the details in the “How to Contact Us” section above.
We have put in place what we consider to be appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed.In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business “need to know”. They will only use or access your Personal Data on our instructions and they are subject to a duty of confidentiality.We have put in place procedures to deal with any suspected ‘personal data breach’ and will notify you and any applicable regulator of a breach affecting your Personal Data where we are legally required to do so.
Your Legal Rights
Under certain circumstances, you have rights under the GDPR in relation to your Personal Data. These rights are described below:
- Request access to your Personal Data. This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
- Request correction of the Personal Data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
- Request erasure of your Personal Data. This enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below).
- Object to processing of your Personal Data. This right exists where we are relying on a Legitimate Interest and there is something about your particular situation, which makes you want to object to processing on this ground. Additionally you have the absolute right to object to the processing of your personal data if it is for direct marketing purposes.
- Request the restriction of processing of your Personal Data. This enables you to ask us to suspend the processing of Personal Data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your Personal Data. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. This right only applies to automated information that we process based on your consent or Contractual Necessity.
Please note that where we act as a Processor of a Retail Partner if you make a request in respect of any of the above directly to Flow, we will: (a) let the relevant Retail Partner (i.e., the one whose goods you purchased and who is the Controller of your Personal Data) know that you have made this request; (b) pass on your details to that Retail Partner; and (c) send you the necessary contact information for that Retail Partner so that you can make that request to them directly. Where we can, and where the law permits, we will also assist that Retail Partner in complying with any request you make to them.No Fee Usually Required.You will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.What We May Need From You.We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.Time Limit to Respond.We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.Complaints.In addition to your right to complain to us directly at the details in the “How to Contact Us” section above, if you feel your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority, which for the UK, is the Information Commissioner’s Office.
Special Categories of Personal Data
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences. Please do not provide us with any such information.
What happens if you fail to provide any necessary Personal Data?
Where we need to collect Personal Data for the purposes of Compliance with Law, or due to Contractual Necessity, if you fail to provide that Personal Data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example: (1) we may not be able to fulfil your order without the required Personal Data; or (2) attempting to process your order without your Personal Data may put us in breach of our legal obligations).
How do we deal with Anonymous Information of our European Users?
How do we share your Personal Data?
For more information on how, and with whom, we may share your Personal Data with third parties, please see the “How Does Flow Share Your Information?” above.
We will only retain your Personal Data for as long as necessary to fulfil the purposes we collected it (see the “Our Purposes and “legal bases” for processing your Personal Data?” section above) for, including for the purposes of satisfying any legal, accounting, or reporting requirements.To determine the appropriate retention period for Personal Data, we consider:
- the amount, nature, and sensitivity of the Personal Data we hold;
- the potential risk of harm from unauthorized use or disclosure of your Personal Data;
- the purposes for which we process your Personal Data and whether we can achieve those purposes through other means; and
- any applicable legal or regulatory requirements.
Flow complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States.For more information on this framework and how it applies to, and protects you, please see the section titled “Does Flow Transfer Your Data Cross Border? above.
Third party sources
For more information on the third party sources from which we may collect your Personal Data, please see the “Information We Acquire in Other Ways” subsection above. Please note that none of these third party sources of your Personal Data are publicly available.