Privacy Policy

This privacy policy, (“Privacy Policy”) and any other document referred to in it, describes the basis on which Lets Flo LTD, (“Flo”) collects and processes information about you. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

Applicability of this Privacy Policy

This Privacy Policy applies to Flo’s online workplace productivity tools and platform, including the associated Flo mobile and desktop applications (collectively the “Services”), letsflo.co and other Flo websites (collectively the “Websites”) and other interactions (e.g. customer service enquiries, user conferences, etc.) you may have with Flo as our customer or an authorized user.

By visiting our Websites or using our Services you are accepting and consenting to the practices described in this Privacy Policy. If you do not agree with the terms of this Privacy Policy, do not access or use the Services, Websites or any other aspect of Flo’s business.

Please note:

This Privacy Policy does not apply to any data you provide to us when we process personal data on your behalf as your data processor, as a business to business service provider. including any third-party applications or software that integrate with the Services through the Flo platform (‘Third-Party Services’), or any other third-party products, services or businesses.

A separate agreement (the “Customer Agreement’), governs our use of data when we act as a processor of any messages, files or other content submitted through accounts (collectively, “Customer Data”’) including any third-party applications or software that integrate with the Services through the Flo platform (‘Third-Party Services’), or any other third-party products, services or businesses. The organisation (e.g. your employer or another entity or person) that entered into the Customer Agreement (the “Customer”) is the controller its instance of such services (its “Workspace”) and any associated Customer Data. If you have any questions about specific Workspace settings and privacy practices, please contact the Customer whose Workspace you use. If you have an account, you can check support@letsflo.co for the contact information of your Workspace owner(s) and administrator(s). If you have received an invitation to join a Workspace but have not yet created an account, you should request assistance from the Customer that sent the invitation.

Data Controller

For the purposes of EU and UK data protection laws and any applicable national implementing laws, regulations and secondary legislation relating to the processing of personal data (together “Data Protection Law”), the data controller is Lets Flo LTD of Kemp House City Road London EC1V 2NX, England.

Legal Basis for the Processing

We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:

To fulfil our contractual obligations to you.
Where it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
To comply with a legal obligation.

To the extent we process your personal data for any other purposes, we ask for your consent in advance or require that our partners obtain such consent.

Information we may collect about you

Personal data, or personally identifiable information, means any information about an individual from which that individual can be identified. It does not include data where the identity has been removed (anonymous data).

Customers or individuals granted access to a Workspace by a Customer (“Authorized Users”) routinely submit Customer Data to Flo when using the Services. Flo may collect and process personal data about Customers and Authorized Users when they use the Services and Websites (“Other Information”) as follows:

Workspace and account information. To create or update a Workspace account, you or a Customer (e.g. your employer) supply Flo with:
- Identity data. includes first name, last name, users name or similar identifier, title, email address, phone number,
- Profile data. includes your password, domain and/or similar account details.
- Financial data: is provided by Customers who purchase a paid version of the Services provide Flo (or its payment processors) with credit card information and banking information and/or
- Contact data: a billing address, email address and telephone numbers.
Usage information.
- Transaction data. When an Authorized User interacts with the Services, metadata is generated that provides additional context about the way that Authorized Users work. For example, Flo logs the Workspaces, channels, people, features, content and links that you view or interact with, the types of files shared and what Third-Party Services are used (if any).
- Technical data. As with most websites and technology services delivered over the Internet, our servers automatically collect information when you access or use our Websites or Services and record it in log files. This log data may include the Internet Protocol (IP) address, the address of the web page visited before using the Website or Services, browser type and settings, the date and time the Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Device data. Flo collects information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
- Location data. We receive information from you, your Customer and other third parties that helps us to approximate your location. We may, for example, use a business address submitted by your employer or an IP address received from your browser or device to determine your approximate location. Flo may also collect location information from devices in accordance with the consent process provided by your device.
- Aggregated data. Flo also collects, use and share statistical or demographic data for any purpose. This Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.
Special category data. Flo may collect, store and/or use some very limited special category data about you. This is limited to details about your race or ethnicity, as we ask about your skin colour when looking for models and you may be required to provide photographs.
Third-Party Services. A Customer can choose to permit or restrict Third-Party Services for its Workspace. Typically, Third-Party Services are software that integrate with our Services, and a Customer can permit its Authorized Users to enable and disable these integrations for its Workspace. Flo may also develop and offer Flo applications that connect the Services with a Third-Party Service. Once enabled, the provider of a Third-Party Service may share certain information with Flo. For example, if a cloud storage application is enabled to permit files to be imported to a Workspace, we may receive the user name and email address of Authorized Users, along with additional information that the application has elected to make available to Flo to facilitate the integration. Authorized Users should check the privacy settings and notices in these Third-Party Services to understand what data may be disclosed to Flo. When a Third-Party Service is enabled, Flo is authorized to connect and access Other Information made available to Flo in accordance with our agreement with the Third-Party Provider and any permission(s) granted by the Customer (including by its Authorized User(s)). We do not, however, receive or store passwords for any of these Third-Party Services when connecting them to the Services.
Contact information. In accordance with the consent process provided by your device or other third-party API, any contact information that an Authorized User chooses to import (such as an address book from a device or API) is collected when using the Services.
Marketing and communication data. Flo may collect data on your preferences in receiving marketing from us and our third parties and your communication preferences

Information we receive from other sources

Third-Party data. Flo may receive data about organizations, industries, lists of companies that are customers, website visitors, marketing campaigns and other matters related to our business from parent corporation(s), affiliates and subsidiaries, our partners or others that we use to make our own information better or more useful. This data may be combined with Other Information that we collect and might include aggregate-level data, such as which IP addresses correspond to postcodes or countries. Or it might be more specific: for example, how well an online marketing or email campaign performed.
Additional information provided to Flo. We also receive Other Information when submitted to our Websites or in other ways, such as if you participate in a focus group, contest, activity or event, apply for a job, enroll in a certification programme or other educational programme hosted by Flo or a vendor, request support, interact with our social media accounts or otherwise communicate with Flo.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively “Information”). However, certain Information is collected automatically and if some Information, such as Workspace setup details, is not provided, we may be unable to provide the Services.

Cookies

Flo uses a variety of cookies and similar technologies in our Websites and Services to help us collect Other Information. For more details about how we use these technologies, and your opt-out opportunities and other options, please see our Cookie Policy.

Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the “Preferences” or “Settings” page of your web browser.

How we use information

We have set out below, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful basis depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below,

Flo uses Other Information as follows:

Service suggestions based on historical use and predictive models, or identify organizational trends and insights to customize a Services experience or create new productivity features and products.

If Information is aggregated or de-identified so that it is no longer reasonably associated with an identified or identifiable natural person, Flo may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data”.

Purpose/Activity	Type of Other Information	Lawful basis for processing
To register you as a new Customer or Authorized User	Identity, Contact, Finance, Profile and Special Category data	Performance of a contract with you or the Customer
To process and deliver your order including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us	Identity, Contact, Financial, Transaction, Marketing and communications data and Special Category data.	Performance of a contract with you Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: (a) Notifying you about changes to our terms, this Privacy Policy and the Websites or Services (b) Asking you to leave a review or take a survey	Identity, Contact, Profile, Marketing and communications data.	Performance of a contract with you Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
To enable you to partake in a prize draw, competition or complete a survey	Identity, Contact, Profile, Usage data, Marketing and communications data.	Performance of a contract with you Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
To administer and protect our business and our Websites (including troubleshooting, data analysis, testing, system maintenance, support, updates, reporting and hosting of data)	Identity, Contact, Technical, Device, Location and Transaction data.	Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganization or group restructuring exercise) Necessary to comply with a legal obligation
To deliver relevant Website and Services content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Identity, Contact, Profile, Usage, Marketing and communications data, Technical, Device, Location, Transaction, and Aggregated data.	Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)
To use data analytics to improve our Website and Services, marketing, customer relationships and experiences	Technical, Usage, Aggregated, Device, Location and Transaction data.	Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
To make suggestions and recommendations to you about goods or services that may be of interest to you	Identity, Contact, Technical, Usage, Profile, Location, Transaction, Aggregated and Marketing and communications data.	Necessary for our legitimate interests (to develop our Services and grow our business)
To develop and provide search, learning and productivity tools and additional features: (a) To improve search functionality. (b) To help determine and rank the relevance of content, channels or expertise to an Authorized User. (c) To make Services or Third-Party Service suggestions based on historical use and predictive models. (d) To identify organizational trends and insights to customize a Services experience. (e) To create new productivity features and products.	Usage, Marketing and communications data, Technical, Device, Location, Transaction and Aggregated data	Necessary for our legitimate interests to make the Services as useful as possible for specific Workspaces and Authorized Users.

We will not sell or rent your personal data to anyone.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

How we share and disclose information

This section describes how Flo may share and disclose Information it collects and receives as set out below. Please note that Customers determine their own policies and practices for the sharing and disclosure of Information. Flo does not control how they or any other third parties choose to share or disclose Information.

The Customer’s instructions. Flo may share and disclose Information in accordance with a Customer’s instructions and with appropriate consent, including any applicable terms in the Customer Agreement and the Customer’s use of Services functionality and in compliance with applicable law and legal process. Some sharing at a Customer’s request may incur additional fees.
Displaying the Services. When an Authorized User submits Information, it may be displayed to other Authorized Users in the same or connected Workspaces. For example, an Authorized User’s email address may be displayed with their Workspace profile.
Collaborating with others. The Services provide different ways for Authorized Users working in independent Workspaces to collaborate, such as Flo Connect or email interoperability. Information, such as an Authorized User’s Profile data, may be shared, subject to the policies and practices of the other Workspace(s).
Customer access. Owners, administrators, Authorized Users and other Customer representatives and personnel may be able to access, modify or restrict access to Information. This may include, for example, your employer using Service features to export logs of Workspace activity, or accessing or modifying your Profile data.
Third-Party Service Providers and Partners. We may engage third-party companies or individuals as service providers or business partners to process Information and support our business. These third parties are set out in our Third Party Supplier List and may, for example, provide virtual computing and storage services, or we may share business information to develop strategic partnerships with Third-Party Service providers to support our common customers.
Third-Party Services. Customer may enable or permit Authorized Users to enable Third-Party Services. We require each Third-Party Service to disclose all permissions for information access in the Services, but we do not guarantee that they do so. When enabled, Flo may share Information with Third-Party Services. Third-Party Services are not owned or controlled by Flo and third parties that have been granted access to Information may have their own policies and practices for its collection, use and sharing. Please check the permissions, privacy settings and notices for these Third-Party Services, or contact the provider if you have any questions.
Forums. The information that you choose to provide in a community forum, including personal data, will be publicly available.
Corporate affiliates. Flo may share Information with its corporate affiliates, parents and/or subsidiaries.
Professional advisors. Flo may share Information with professional advisors acting as its service providers – including lawyers, bankers, auditors, and insurers who provide consultancy, banking, legal, insurance and accounting services.
Tax Authorities. Flo may share Information with tax authorities, regulators and other authorities who require reporting of processing activities in certain circumstances.
During a change to Flo’s business. If Flo engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Flo’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding or steps in contemplation of such activities, some or all Information may be shared or transferred, subject to standard confidentiality arrangements.
Aggregated Data or Anonymous Data. We may disclose or use aggregated or Information for any purpose. For example, we may share aggregated or anonymous Information with prospects or partners for business, research or advertising purposes.
To comply with laws. If we receive a request for information, we may disclose Information if we reasonably believe that disclosure is in accordance with or required by any applicable law, regulation or legal process.
To enforce our rights, prevent fraud and for safety. To protect and defend the rights, property or safety of Flo, its users or third parties, including enforcing its contracts or policies, or in connection with investigating and preventing illegal activity, fraud or security issues, including to prevent death or imminent bodily harm.
With consent. Flo may share Information with third parties when we have consent to do so. For workspaces registered to corporate entities, Flo may share Information with consent of the workspace primary owner or authorized corporate officer. For workplaces created without a formal affiliation, Flo may require user consent.

Data retention

We retain personal data for as long as reasonably necessary to fulfil the purposes for which it was provided or collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint, if we reasonably believe there is a prospect of litigation in respect of our relationship with you, to comply with law enforcement requests, maintain security, prevent fraud and abuse, resolve disputes, enforce our legal agreements, or fulfil your request to “unsubscribe” from further messages from us.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

This will be for as long as we provide access to the Websites or Services to you, your account with us remains open or any period set out in any relevant contract you have with us. After you have closed your account or ceased using the Services as set out below.

We will retain some anonymised information after your account has been closed and we may use this for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

Please note: After you have closed your account or deleted information from your account, any information you have shared with others will remain visible. We do not control data that other users may have copied from the Websites or Services. Your profile may continue to be displayed in the services of others (e.g. search engine results) until they refresh their cache.

Also: Depending on the Services you have subscribed for, the Customer may be able to customize its retention settings and apply those customized settings at the Workspace level, channel level or other level. The Customer may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by the Customer may result in the deletion and/or
de-identification of certain associated Other Information.

Data Security

Flo takes security of data very seriously. Flo works hard to protect Information that you provide from loss, misuse and unauthorized access or disclosure. These steps take into account the sensitivity of the Information that we collect, process and store, and the current state of technology. Given the nature of communications and information processing technology, Flo cannot guarantee that Information during transmission through the Internet or while stored on our systems or otherwise in our care will be absolutely safe from intrusion by others. When you click a link to a third-party site, you will be leaving our Website, and we don’t control or endorse what is on third-party sites.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. For example all information you provide to us is stored on our secure servers. Any credit card information or payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of the Site or Services, you are responsible for keeping this password confidential. We ask you not to share any password with anyone. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Links to other websites

Our Websites and Services may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Age limitations

To the extent prohibited by applicable law, Flo does not allow use of our Services and Websites by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will take steps to delete such information.

International data transfers

Our Services and Websites are global and your Information may be stored and processed in any country where we have operations, our staff are located or where we engage service providers engaged in, among other things, the fulfilment of your order, the processing of your payment details or the provision of support services. This will involve a transfer of your Information to countries outside of your country of residence, where data protection rules are different from those of your country of residence. Flo will ensure compliance with the requirements of the applicable laws in the respective jurisdiction in line with Flo’s obligations.

Processing of your personal data will involve a transfer of data to countries outside the European Economic Area (“EEA“), Switzerland or the UK.

We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this Privacy Policy. In particular this means that your personal data will only be transferred to a country that provides an adequate level of protection (for example, where the European Commission or the UK Data Protection Authority, (“ICO”) has determined that a country provides an adequate level of protection) or where the recipient is bound by standard contractual clauses according to conditions provided by the European Commission or ICO.

Our Websites and Services are accessible via the internet and may potentially be accessed by anyone around the world. Other users may access the Websites or Services from outside the EEA, Switzerland or the UK. This means that where you chose to post your personal data on our Websites or within the Services, it could be accessed from anywhere around the world and therefore a transfer of your personal data outside of the EEA, Switzerland or the UK may be deemed to have occurred.

Your Rights

You have the right under Data Protection Law, free of charge, to request:

Access to your personal data.
Rectification or deletion of your personal data.
A restriction on the processing of your personal data.
Object to the processing of your personal data.
A transfer of your personal data (data portability) in a structured, machine readable and commonly used format.
Withdraw your consent to us processing your personal data, at any time.

If you wish to exercise any of the above rights, please contact us as set out at the end of this Privacy Policy. We will respond to such queries within 30 days and deal with requests we receive from you, in accordance with the provisions of Data Protection Law. Occasionally it could take us longer, if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Marketing Communications

Marketing: We may use your Identity, Contact, Technical, Usage and Profile data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).

Promotional Offers from us: We will send you marketing emails if you “opt in” to receive marketing emails when registering on our Websites or within the Services, or if you have enquired about, or purchased any of our goods or services from us and you have not opted out of receiving such marketing.

Third Party Marketing: We will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.

Opt out: Please note that, if you change your mind about being sent marketing emails you can “opt out” at any time by clicking the “unsubscribe” link at the bottom of any marketing email. Once you “opt out”, you will no longer receive any marketing emails from us. We will continue to communicate with you regarding your service billing and support via email and where we send push notifications from time to time in order to update you about any service updates, events and promotions we may be running. If you no longer wish to receive these communications, please disable these in the settings on your device.

Complaints

Our intention is to meet the highest standards when collecting and using personal data. For this reason, we take complaints we receive very seriously. We encourage users to notify us if they think that our collection or use of personal data is unfair, misleading or inappropriate. If you have any complaints about our use of your personal data, please contact us as set out at the end of this Privacy Policy or contact your local data protection supervisory authority.

For UK individuals: The Information Commissioner’s Office at, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, England.

Telephone: 0303 123 1113
Fax: 01625 524510

Our EU representative is Data Rep

Address: 77 Camden Street Lower, Dublin, D02 XE80, Ireland

Email: contact@datarep.uk

Changes to this Privacy Policy

Flo may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our services or business. We will post changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, Flo will provide additional notice, such as via email or through the Services.

If you disagree with any changes made to this Privacy Policy, you should deactivate your Services account. Please contact the Customer if you wish to request the removal of Personal Data under their control.

This Privacy Policy was last updated 22 November 2022 and this version replaces any other Privacy Policy previously applicable from this date.

Contacting Flo

Please also feel free to contact Flo if you have any questions about this Privacy Policy or Flo’s practices or if you are seeking to exercise any of your statutory rights. You may contact us at privacy@letsflo.co or via our postal address below:

Lets Flo LTD
Kemp House
City Road
London
EC1V 2NX
England

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	1 year 1 month 4 days	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.