Privacy Policy

This privacy policy, (“Privacy Policy”) and any other document referred to in it, describes the basis on which Lets Flo Limited, (“Flo”) collects and processes information about you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Applicability of this Privacy Policy

This Privacy Policy applies to Flo’s online workplace productivity tools and platform, including the associated Flo mobile and desktop applications (collectively the “Services”), letsflo.co and other Flo websites (collectively the “Websites”) and other interactions (e.g. customer service enquiries, user conferences, etc.) you may have with Flo as our customer or an authorized user.

By visiting our Websites or using our Services you are accepting and consenting to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, do not access or use the Services, Websites or any other aspect of Flo’s business.

Our Websites and Services are not intended for use by children and we do not knowingly collect information relating to children.

Please note:

This Privacy Policy does not apply to any data you provide to us when we process personal data on your behalf as your data processor, as a business to business service provider. including any third-party applications or software that integrate with the Services through the Flo platform (‘Third-Party Services’), or any other third-party products, services or businesses.

A separate agreement (the “Customer Agreement’), governs our use of data when we act as a processor of any messages, files or other content submitted through accounts (collectively, “Customer Data”’) including any third-party applications or software that integrate with the Services through the Flo platform (‘Third-Party Services’), or any other third-party products, services or businesses. The organisation (e.g. your employer or another entity or person) that entered into the Customer Agreement (the “Customer”) is the controller its instance of such services (its “Instance”) and any associated Customer Data. If you have any questions about specific Instance settings and privacy practices, please contact the Customer whose Instance you use. If you have an account, you can check http://Flo.com/account/team for the contact information of your Instance owner(s) and administrator(s). If you have received an invitation to join an Instance but have not yet created an account, you should request assistance from the Customer that sent the invitation.

Data Controller

For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is Lets Flow Limited of Kemp House City Road London EC1V 2NX, England.

Legal Basis for the Processing

We will only use your personal data when the law allows us to.

The law requires us to have a legal basis for collecting and using your personal data. We rely on one or more of the following legal bases:

• Performance of a contract with you.
  Where we need to perform the contract we are about to enter into or have entered into with you.
• Legitimate Interests
  Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example to prevent fraud and enable us to give you the best and most secure customer experience.
• Legal obligation.
  We may use your personal data where it is necessary for compliance with a legal obligation that we are subject to. We will identify the relevant legal obligation when we rely on this legal basis.

To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.

Information we may collect about you

Personal data, or personally identifiable information, means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).

Customers or individuals granted access to an Instance by a Customer (“Authorized Users”) routinely submit Customer Data to Flo when using the Services. Flo may collect and process personal data about Customers and Authorized Users when they use the Services and Websites (“Other Information”) as follows:

1. Instance and account information. To create or update an Instance account, you or a Customer (e.g. your employer) supply Flo with:

• Identity data. includes first name, last name, users name or similar identifier, title, email address, phone number,
• Profile data. includes your password, domain and/or similar account details. For details on Instance creation, click here.
• Financial data: is provided by Customers who purchase a paid version of the Services provide Flo (or its payment processors) with credit card information and banking information and/or
• Contact data: a billing address, email address and telephone numbers.

2. Usage information.

• Transaction data. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way that Authorized Users work. For example, Flo logs the Instances, channels, people, features, content and links that you view or interact with, the types of files shared and what Third-Party Services are used (if any).
• Technical data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
• Device data. Flo collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
• Location data. We receive information from you, your Customer and other third parties that helps us to approximate your location. We may, for example, use a business address submitted by your employer or an IP address received from your browser or device to determine your approximate location. Flo may also collect location information from devices in accordance with the consent process provided by your device.
• Aggregated data. Flo also collects, uses and shares aggregated data such as statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature in order to analyse general trends in how users interact with the website. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.

3. Special category data. Flo may collect, store and/or use some very limited special category data about you. This is limited to details about your race or ethnicity, as we ask about your skin colour when looking for models and you may be required to provide photographs.

   Third-Party Services. A Customer can choose to permit or restrict Third-Party Services for its Instance. Typically, Third-Party Services are software that integrate with our Services, and a Customer can permit its Authorized Users to enable and disable these integrations for its Instance. Flo may also develop and offer Flo applications that connect the Services with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with Flo. For example, if a cloud storage application is enabled to permit files to be imported to an Instance, we may receive the user name and email address of Authorized Users, along with additional information that the application has elected to make available to Flo to facilitate the integration. Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Flo. When a Third-Party Service is enabled, Flo is authorized to connect and access Other Information made available to Flo in accordance with our agreement with the Third-Party Provider and any permission(s) granted by the Customer (including by its Authorized User(s)). We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services.

4. Contact information. In accordance with the consent process provided by your device or other third-party API, any contact information that an Authorized User chooses to import (such as an address book from a device or API) is collected when using the Services.

5. Marketing and communication data. Flo may collect data on your preferences in receiving marketing from us and our third parties and your communication preferences

6. Failure to provide data. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.

Information we receive from other sources

1. Third-Party data. Flo may receive data about organizations, industries, lists of companies that are customers, website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information that we collect and might include aggregate-level data, such as which IP addresses correspond to postcodes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.

2. Additional information provided to Flo. We also receive Other Information when submitted to our Websites or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in a certification programme or other educational programme hosted by Flo or a vendor, request support, interact with our social media accounts or otherwise communicate with Flo.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively “Information”). However, certain Information is collected automatically and if some Information, such as Instance setup details, is not provided, we may be unable to provide the Services.

Cookies

Flo uses a variety of cookies and similar technologies in our Websites and Services to help us collect Other Information. For more details about how we use these technologies, and your opt-out opportunities and other options, please see our Cookie Policy.

Pixel-Tags

We may use “pixel tags,” which are small graphic files that allow us to monitor the use of the Websites and Services. A pixel tag can collect information such as the IP (Internet Protocol) address of the computer that downloaded the page on which the tag appears; the URL (Uniform Resource Locator) of the page on which the pixel tag appears; the time the page containing the pixel tag was viewed; the type of browser that fetched the pixel tag; and the identification number of any cookie on the computer previously placed by that server. When corresponding with you via HTML capable e-mail, we may use “format sensing” technology, which allows pixel tags to let us know whether you received and opened our e-mail.

Web Beacons

Some of our web pages may contain electronic images known as web beacons (sometimes known as clear gifs) that allow us to count users who have visited these pages. Web beacons collect only limited information which includes a cookie number; time and date of a page view; and a description of the page on which the web beacon resides. We may also carry web beacons placed by third party advertisers. These web beacons do not carry any personal data and are only used to track the effectiveness of a particular campaign.

Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.

How we use information

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below,

We will not sell or rent your personal data to anyone.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we share and disclose information

This section describes how Flo may share and disclose Information it collects and receives as set out below. Please note that Customers determine their own policies and practices for the sharing and disclosure of Information. Flo does not control how they or any other third parties choose to share or disclose Information.

• The Customer’s instructions. Flo may share and disclose Information in accordance with a Customer’s instructions and with appropriate consent, including any applicable terms in the Customer Agreement and the Customer’s use of Services functionality and in compliance with applicable law and legal process. Some sharing at a Customer’s request may incur additional fees.
• Displaying the Services. When an Authorized User submits Information, it may be displayed to other Authorized Users in the same or connected Instances. For example, an Authorized User’s email address may be displayed with their Instance profile.
• Collaborating with others. The Services provide different ways for Authorized Users working in independent Instances to collaborate, such as Flo Connect or email interoperability. Information, such as an Authorized User’s Profile data, may be shared, subject to the policies and practices of the other Instance(s).
• Customer access. Owners, administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Information. This may include, for example, your employer using Service features to export logs of Instance activity, or accessing or modifying your Profile data.
• Third-Party Service Providers and Partners. We may engage third-party companies or individuals as service providers or business partners to process Information and support our business. These third parties are set out in our Third Party Supplier List, shown at the end of this document and may, for example, provide virtual computing and storage services, or we may share business information to develop strategic partnerships with Third-Party Service providers to support our common customers.
• Third-Party Services. Customer may enable or permit Authorized Users to enable Third-Party Services. We require each Third-Party Service to disclose all permissions for information access in the Services, but we do not guarantee that they do so. When enabled, Flo may share Information with Third-Party Services. Third-Party Services are not owned or controlled by Flo and third parties that have been granted access to Information may have their own policies and practices for its collection, use and sharing. Please check the permissions, privacy settings and notices for these Third-Party Services, or contact the provider if you have any questions.
• Forums. The information that you choose to provide in a community forum, including personal data, will be publicly available.
• Corporate affiliates. Flo may share Information with its corporate affiliates, parents and/or subsidiaries.
• Professional advisors. Flo may share Information with professional advisors acting as its service providers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
• Tax Authorities. Flo may share Information with tax authorities, regulators and other authorities who require reporting of processing activities in certain circumstances.
• During a change to Flo’s business. If Flo engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Flo’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding or steps in contemplation of such activities, some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
• Aggregated Data or Anonymous Data. We may disclose or use aggregated or information for any purpose. For example, we may share aggregated or anonymous Information with prospects or partners for business, research or advertising purposes.
• To comply with laws. If we receive a request for information, we may disclose Information if we reasonably believe that disclosure is in accordance with or required by any applicable law, regulation or legal process.
• To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property or safety of Flo, its users or third parties, including enforcing its contracts or policies, or in connection with investigating and preventing illegal activity, fraud or security issues, including to prevent death or imminent bodily harm.
• With consent. Flo may share Information with third parties when we have consent to do so. For Instances registered to corporate entities, Flo may share Information with consent of the Instance primary owner or authorized corporate officer. For Instances created without a formal affiliation, Flo may require user consent. We require all third parties to respect the security of your personal data and to treat it in accordance with applicable law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

Forums

Any information that you post to areas of the Websites or Services that is viewable by others (for example, to a blog, forum or chat-room) will not be treated as proprietary, private, or confidential. We have no obligation to monitor such posts to the Websites or Services or to exercise any editorial control over such posts; however, we reserve the right to review such posts and to remove any material that, in our judgment, is not appropriate. Posting, transmitting, promoting, using, distributing or storing content that could subject us to any legal liability, whether in tort or otherwise, or that is in violation of any applicable law or regulation, or otherwise contrary to commonly accepted community standards, is prohibited, including without limitation information and material protected by copyright, trademark, trade secret, nondisclosure or confidentiality agreements, or other intellectual property rights.

Data retention

We will only retain personal data for as long as reasonably necessary to fulfil the purposes for which it was provided or collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation in respect of our relationship with you, to comply with law enforcement requests, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfil your request to “unsubscribe” from further messages from us.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Under UK law we have to keep basic information about our customers (including Contact Data, Identity Data, Financial Data and Transaction Data) for 6 years after they cease being customers for tax purposes.

This will be for as long as we provide access to the Websites or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. After you have closed your account or ceased using the Services as set out below.

In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) after your account has been closed and we may use this for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Websites or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

Also: Depending on the Services you have subscribed for, the Customer may be able to customize its retention settings and apply those customized settings at the Instance level, channel level or other level. The Customer may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or de-identification of certain associated Other Information.

Data Security

Flo takes security of data very seriously. Flo works hard to protect Information that you provide from loss, misuse and unauthorized access or disclosure. These steps take into account the sensitivity of the Information that we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, Flo cannot guarantee that Information during transmission through the Internet

or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others. When you click a link to a third-party site, you will be leaving our Website, and we don’t control or endorse what is on third-party sites.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example all information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Third Party Links

Our Websites and Services may, from time to time, contain links to and from the websites, plugins and applications of our partner networks, advertisers and affiliates. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. Please note that these third party websites, plugins and applications have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these third party websites, plugins or applications.

Age limitations

To the extent prohibited by applicable law, Flo does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.

International data transfers

Our Services and Websites are global and your Information may be stored and processed in any country where we have operations, our staff are located. When we share your personal data within our Group this will involve transferring your personal data to our overseas offices in, insert countries. We may transfer your personal data to service providers that carry out certain functions on our behalf. This may involve transferring personal data outside your country of residence to countries which have laws that do not provide the same level of data protection as your country of residence. When we share your personal data with our service providers, who are identified in our Third Party Supplier List, this will involve transferring your personal data to the countries set out in the Third Party Supplier List for each service provider.

European Data

When we transfer UK, EU or Swiss personal data to countries whose laws do not provide the same level of data protection as the UK, the EU or Switzerland, we always ensure that a similar degree of protection is afforded to your data by ensuring that one of the following applicable safeguards is in place:

We will only transfer UK personal data outside of the UK to: (i) countries deemed by the ICO to provide an adequate level of protection for UK personal data; or (ii) entities located outside of the UK with whom standard contractual terms approved for use in the UK which give the transferred personal data the same protection as it has in the UK have been entered into, for example the International Data Transfer Addendum, (IDTA) to the European Commission’s standard contractual clauses for international data transfers or binding corporate rules (BCRs); or (iii) entities located in the USA certified under the UK Extension to the EU-U.S. DPF; or (iv) any entity located outside of the UK that is subject to any other transfer mechanism, bespoke contract, approved code of conduct or certification scheme approved by the ICO.

We will only transfer EU personal data outside of the EEA to: (i) countries deemed by the European Commission to provide an adequate level of protection for EU personal data; or (ii) entities located outside of the EEA with whom standard contractual terms approved for use in the EU which give the transferred personal data the same protection as it has in the EU have been entered into, for example the European Commission’s standard contractual clauses for international data transfers, (EU SCCs) or binding corporate rules (BCRs); or (iii) entities located in the USA certified under the EU-U.S. DPF; or (iv) any entity located outside of the EEA that is subject to any other transfer mechanism, bespoke contract, approved code of conduct or certification scheme approved by the European Commission.

We will only transfer Swiss personal data outside of Switzerland to: (i) countries deemed by the Swiss Data Protection Authority to provide an adequate level of protection for Swiss personal data; or (ii) entities located outside of Switzerland with whom standard contractual terms approved for use in Switzerland which give the transferred personal data the same protection as it has in Switzerland have been entered into, for example the European Commission’s standard contractual clauses for international data transfers, (EU SCCs) or binding corporate rules (BCRs); or (iii) entities located in the USA certified under the Swiss-U.S. DPF; or (iv) any entity located outside of Switzerland that is subject to any other transfer mechanism, bespoke contract, approved code of conduct or certification scheme approved by the Swiss Data Protection Authority.

To obtain a copy of any of the above these contractual safeguards, please contact us as set out at the end of this Privacy Policy.

Please note that our Websites and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Websites or Services from outside the EEA, Switzerland or the UK. This means that where you chose to post your personal data on our Websites or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your personal data outside of the EEA, Switzerland or the UK may be deemed to have occurred.

Your Legal Rights

You have a number of rights under Data Protection Law, in relation to your personal date. You have the right to:

• Request access to your personal data (commonly known as a “subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request rectification or deletion of personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request rectification of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in one of the following scenarios: (i) if you want us to establish the data’s accuracy; (ii) where our use of the data is unlawful but you do not want us to erase it; (iii) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.
• Request a transfer of your personal data (data portability) to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Object any time to the processing of your personal data for direct marketing purposes.
• Withdraw consent at any time where we are relying on consent to process your personal data as the legal basis for using your data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the above rights, please contact us as set out at the end of this Privacy Policy.

We will try to respond to all legitimate requests within 30 days and will deal with requests we receive from you, in accordance with the provisions of Data Protection Law. Occasionally it could take us longer, if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Marketing Communications

Marketing: We may use your Identity, Contact, Technical, Usage and Profile data to form a view on what we think you may want or need, or what may be of interest to you so that we can send you relevant marketing communications. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

Direct Marketing from us: We will send you marketing communications if you “opt in” to receive marketing emails when registering on our Websites or within the Services, or if you have enquired about, or purchased any of our goods or services from us and you have not opted out of receiving such marketing.

Third Party Marketing: We will obtain your express opt-in consent before we share your personal data with any third party for their own direct marketing purposes.

Opt out of Marketing: Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. You will however still received service related communications that are essential for administrative or customer service purposes, for example relating to orders, billing, updates, checking that your contact details are up to date and support issues.

Please note that where we send push notifications from time to time in order to update you about any service updates, events and promotions we may be running, if you no longer wish to receive these communications, please disable these in the settings on your device.

Complaints

Our intention is to meet the highest standards when collecting and using personal data. For this reason, we take complaints we receive very seriously. We encourage users to notify us if they think that our collection or use of personal data is unfair, misleading or inappropriate. If you have any complaints about our use of your personal data, please contact us as set out at the end of this Privacy Policy or you have the right to make a complaint to your local data protection supervisory authority.

For UK individuals: The Information Commissioner’s Office at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Telephone: 0303 123 1113

Fax: 01625 524510

Our EU representative is Data Rep

Address: 77 Camden Street Lower, Dublin, D02 XE80, Ireland

Email: contact@datarep.uk

Age of Users

Our Websites and the Services are not intended for and shall not be used by anyone under the age of 16.

Changes to this Privacy Policy

Flo may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our services or business. We will post changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Flo will provide additional notice, via email or through the Services.

If you disagree with any changes made to this Privacy Policy, you should deactivate your Services account. Please contact the Customer if you wish to request the removal of Personal Data under their control.

This Privacy Policy was last updated 4th of November 2024 and this version replaces any other Privacy Policy previously applicable from this date.

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us, for example a new address or email address.

Contacting Flo

Please also feel free to contact Flo if you have any questions about this Privacy Policy or Flo’s practices or if you are seeking to exercise any of your statutory rights. You may contact us at privacy@letsflo.co or via our postal address below:

Lets Flo Limited Kemp House City Road London EC1V 2NX
England

Third Party Supplier List