Privacy Policy

Last updated: September 30, 2020

About FLOW

When you use our website or our other digital services, we collect, use and process your personal data. The protection and confidentiality of these personal data is important to us, and we are determined to protect it.

In this Privacy Policy, we explain how we are processing your personal data, what category of personal data these activities involve, the purpose and the legal basis for these processing activities. We also explain when and why your personal data are disclosed to a third party.

We also inform you of your rights related to our processing of your personal data in this Privacy Policy, and any transfer we may make of your personal data.


General statement of applicability of this Privacy Policy 

This Privacy Policy applies to our collection, use and processing of your personal data. We collect, use and process your personal information when you use our service as our customer or potential customer. This includes when you use our websites or other services or communicate with us by phone, e-mail, social media or alike.

Please note that when you interact and/or communicate with any other service provider this Privacy Policy do not apply. You are entitled to contact the relevant provider so as to receive information about the collection, use, processing and protection of your personal data by the corresponding service provider. Your personal data related to interactions with any of these service providers that are sent to or received by us as part of our service is however regulated by this Privacy Policy.

FLOW is the “controller” concerning the processing of your personal information under this Privacy Policy. This means FLOW is responsible for defining the purposes for processing your personal data and also for compliance with the data protection legislation. The address and our contact details can be found at the bottom of this Privacy Policy.


FLOW’s processing of your personal data 

3.1 Introduction 

This Privacy Policy explains how we collect, use and disclose your personal data when you use our service and otherwise interact with us as described below. It explains our data processing activities, their purpose, what category of personal data that these activities involve and the legal basis for these processing activities.

3.2 Customer Support 

FLOW has various forms of customer support in order to help you. For us to be able to provide you with customer support, we will process your personal data to identify you and help you as best we can.

On our website, you will be able to submit a questionnaire form and you can also contact us by phone, via email or letters, or by through social media; and when you communicate with us via any of these means, we will help you with inquiries, questions or feedbacks concerning our services.

Depending on your inquiry, question or feedback, you may be asked to provide additional personal data. After you have contacted Customer Support, we will examine the content of our communication with you. This is to control the quality of the service we have provided to you. For this purpose, your personal data such as your name, contact detail may be processed.

To maintain our service level, we may conduct data testing regarding our websites and mobile applications when an error occurs or when any change is made to our system, and this involves processing your personal data. This enables us to debug (to eliminate technical errors) our systems, to correctly display any changes made by you or us that is relevant to you, and to ensure the proper functioning of these websites and mobile applications.

We also produce reports and statistics by analyzing the data you have provided to us, such as your name and contact details. The purpose is to improve our service and to provide you a better user experience next time when you use our services.

3.3 Marketing

Aiming to help you make the most of the offers provided by us, we will send you or in other ways make you aware of various activities and offers via email, which may include newsletter, unique offers based on your preferences. For this purpose we will process your e-mail address and campaign participation history.

FLOW strives to be as relevant as possible for each customer across different digital channels. If you have visited our website, we may present relevant offers to you on other digital media based on your web clicks. Anonymized IP in cookies will be processed for this purpose. When you visit our website we will use your on-line behavior in order to present relevant offers through our internet portals, e-mail campaign and in other digital media.

You are free to delete your personal data used for marketing by deleting your anonymous user cookies, they are not identifiable to a specific person but will nonetheless be deleted according to industry practice, or by yourself – see chapter 5 of this privacy policy.

The legal basis for processing your personal data is your consent and our legitimate interests to operate and improve our business. Please note that withdrawal of any consent does not affect the lawfulness of the processing that has taken place based on a consent given prior to the withdrawal.


No personal data are disclosed by FLOW 

We do not sell your personal data for marketing purposes to other companies.


Cookies and similar technologies 

When you visit our website or use our mobile applications we collect certain information by automated means using cookies. Cookies are small text files stored on your device when you visit a website. When you first visit a website, a cookie file is sent to your device that identifies your browser

By using cookies you help FLOW improve the functionality of our website. They are important to reduce download time and improve your user experience. The cookie will collect information about how visitors use our websites and thus provide us useful information about how we can provide a better customer experience and improve our services.

If you want to learn more about how behavioral advertising works, see in depth information about cookies and the steps you can take to protect your privacy on the internet on Your Online Choices:


Your rights 

You have the right to request access, rectification, restriction and deletion of your personal data held by us, and to receive a copy of your personal data in a structured machine-readable format.

You also have rights to object to some processing and, where we have asked for your consent to process your data, to withdraw this consent. Where we process your data because we have a legitimate interest in doing so (as explained above), you also have a right to object to this. These rights may be limited in some situations – for example, where we can demonstrate that we have a legal requirement to process your data.

Where we require personal data to comply with legal or contractual obligations, then provision of such data is mandatory. If such data is not provided, then we will not be able to manage our contractual relationship, or to meet obligations placed on us. In all other cases, provision of requested personal data is optional.

Your personal data will be retained in accordance with the provisions of the various subsections of section 3.


Privacy Policies of third parties 

This Privacy Policy only addresses the collection, use and disclosure of personal data by FLOW. Other parties we cooperate with and other websites that may be accessible through this website have their own privacy policies and practices. We encourage you to familiarize yourself with the privacy policies provided by all third parties prior to providing them with information or taking advantage of an offer or promotion. Although we try to cooperate only with third parties that share our high standards and respect for privacy, we are not in any way responsible for the content or the privacy practices employed by other third parties.


Changes and amendments to this policy 

From time to time, we may update or amend this Privacy Policy to reflect new or different privacy practices, without notice to you. We invite you to review the latest version of this Privacy Policy.

We will place a notice on this website and/or otherwise communicate to you when we make material changes to this Privacy Policy. If you do not agree to any of the modified terms, you must discontinue the use of our service and delete your account, where applicable.


How to contact us 

Please contact us if you have any questions or comments about our privacy practices or this Privacy Policy.

You can reach us online at or via mail directed to:

21 Italiana St., disctrict 2, Bucharest,
Romania, 020974


If you have unresolved concerns you also have the right to complain to data protection authorities. The relevant data protection authority will be the Romanian Data Protection Authority.


IT Security & Data Protection Practices


The practices and processes set out in this document may be amended by FLOW from time to time to comply with applicable laws and to reflect improvements of FLOW’s procedures.

FLOW has implemented appropriate technical and organisational measures to ensure necessary and appropriate level of security, both for IT and information security in general and for privacy specifically. We have further implemented routines for regular review of these measures, and our operations, policies, and procedures are reviewed annually to ensure that FLOW meets all standards expected of managed services providers.

Our information security program includes internal policies and procedures which govern crucial security aspects, including but not limited to:

– risk management

– remote access and network management

– physical access and security monitoring

– data classification

– data sharing and storage controls

– service provider engagement and security


In general, FLOW follows industry best practices for the implementation of secured transmission, storage, and disposal of information and of authentication and access controls within media, applications, operating systems, and equipment.

FLOW has also implemented proactive security procedures such as perimeter defense and intrusion prevention systems.


Processing of personal data

FLOW only processes information you agree to give us, and according to applicable laws and regulations.

FLOW only requires the minimum amount of personal information that is necessary to fulfil the purpose of your interaction with us.  We will never sell personal information to third parties.


Investigation and Reporting of Security Incidents

FLOW has a documented internal security incident response plan aligned with GDPR’s personal data breach notification requirements.

A number of incidents or anomalies are handled by FLOW’s staff according to internal procedures and guidelines, thereby giving FLOW security visibility of security threats affecting the company and the company clients. Examples of such reports are phishing, possible mishandling of credentials and inappropriate permissions.


Information Classification and Risk-Based Controls

All information that FLOW processes on behalf of its customers is given the highest levels of protection.


Use of Microsoft products

FLOW extensively utilizes Microsoft productivity, collaboration, management tools, products, and software, thereby benefiting from Microsoft’s extensive investment and experience in the security field. The use of Microsoft products enables FLOW to set appropriate security controls and actions. We use Microsoft security solutions, such as, but not limited to Azure Information Protection, Conditional access policies and multi-factor authentication. All products are configured according to Microsoft Best practices or industry standards, whichever provides the highest level of security.


Logical Security

In addition to adhering to various security best practices, FLOW requires all employees to set up multi-factor authentication on all business accounts. User behaviors are closely monitored and anomalies will result in immediate account lockout.


Data Encryption at rest and in transit

Customer data is encrypted at rest whenever possible.


Security Compliance by FLOW Staff

FLOW takes appropriate steps to ensure compliance with our security measures and standards by our employees and contractors to the extent applicable to their scope of risk and performance, hereunder ensuring that all persons authorized to process customer personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

All employees receive privacy and security training during onboarding as well as on an ongoing basis.


Retention and Deletion

FLOW only retains customer personal data as long as necessary to provide services for our customers and within limits of applicable laws. Once the purpose of retaining personal data expires, FLOW will return or delete personal data to the customer and will only retain a copy of such data if required by law, and to that extent, only the portion of personal data that is necessary.


Ongoing evaluations and improvements

FLOW recognizes that data protection and data security are an important priority for our customers. As such, FLOW continues to monitor legal developments and to improve its practices and processes.


We reserve the right, at our sole discretion, to update, change or replace any part of these terms by posting updates and changes to our website. Please check our website periodically for changes.