Flowyer LegalTech LLC provides the following information regarding the personal data of business partners that comes into its possession.
Flowyer LegalTech LLC (registered office: Alíz Street 6. Building A, B staircase, 1st floor, door 6, 1117 Budapest, Hungary, tax number: 25556584-4-13; company registration number: 13-09-181128) processes personal data in accordance with this notice, which is acknowledged as essential for finalising the order by reading this notice.
The Data Controller is Flowyer LegalTech LLC.
Flowyer LegalTech LLC has not appointed a Data Protection Officer, as it does not carry out any data processing activities that would necessitate such an appointment.Description and purpose of data processing: Facilitating the business operations of contracting partners and fulfilling contractual rights and obligations, as well as statutory tax and accounting obligations (e.g. bookkeeping, taxation).
Additional purposes include identifying and differentiating business partners (both buyers and suppliers), establishing communication, generating user statistics, managing orders and purchases, fulfilling contractual obligations arising from purchases, and exercising associated rights.
The legal basis for data processing: Performance of a contract / legal obligation (if the name of the contracting party includes the name of a private individual) / legitimate interest (in all other cases).Scope of data processed and their source: If the name of the contracting partner includes the name of a private individual, the processed data includes the name, address, tax number provided for invoicing, the number of licences ordered, and their expiration date.
Additionally, in all cases, the name, email address, phone number, and optionally the position of the private individual acting as a contact person.
Retention period: For accounting documents (primarily invoices and contracts), a minimum of 8 years (if the name of the contracting partner includes the name of a private individual) / 5 years resp. following the last transaction (in all other cases).Data sharing: In the course of daily business operations, recorded personal data may only be accessed by the Data Controller and its subcontractors to the extent necessary for their activities. Personal data may be shared with authorities upon request or as required by law. To fulfil legal obligations, other third parties (e.g., accountants) may also access the data.
The Service Provider uses Google Analytics to measure the traffic of the www.flowyer.eu website. This programme places so-called cookies on the user's computer, which collect user data such as browser and operating system information, the user's IP address, as well as the URL of the entry and exit pages. The system automatically generates statistical data from this information. The Service Provider does not associate these data with other personal information and uses them solely to create traffic statistics.
The Software's servers are operated by Google LLC. Thanks to the Google Cloud Platform, the Software's databases are stored on highly secure and redundant servers in failover mode, physically located in Frankfurt, meeting the highest industry standards for security and availability. The system automatically creates daily backups of all databases, which are retained for 365 days. Prioritising security, the backups are geographically segmented and stored in Belgium. Beyond the high level of physical and software protection, we also ensure that our subscribers' case data are stored in a segmented manner, with each client's data kept in a separate database. For uploaded files, we use a version control system, which is also operated in Frankfurt. Deleted or accidentally overwritten files can be restored for up to 90 days.
7.1. Data subjects are entitled at any time to request information about the personal data we process as specified in this privacy notice, including the purpose, legal basis, and duration of the processing, as well as the recipients or categories of recipients who have received or will receive the data (for all legal bases).
7.2. Data subjects are entitled at any time to request the rectification or supplementation of inaccurate or incomplete personal data (for all legal bases).
7.3. Data subjects are entitled at any time to request that the personal data we hold and process electronically be transferred to them or another data controller in a commonly used format (only for processing based on contractual/legal obligations).
7.4. Data subjects are entitled at any time to request a restriction on the processing of personal data. In case of restriction, personal data, apart from storage, may only be processed with the data subject's consent, or for the establishment, exercise, or defence of legal claims, or to protect the rights of another person. Data subjects may request restriction of data processing if:
» they contest the accuracy of the personal data,
» the processing is unlawful but they oppose the erasure of the personal data,
» the Data Controller no longer needs the personal data for the purpose of processing, but they require it for the establishment, exercise, or defence of legal claims.
The Data Controller will inform the data subject before lifting any restriction on data processing (for all legal bases).
7.5. Data subjects are entitled at any time to request the erasure of personal data (for all legal bases). Personal data will be erased if:
» it is no longer necessary for the purpose for which it was collected or processed,
» the data was processed unlawfully, or
» the Data Controller is obliged to delete the personal data to comply with a legal obligation.
7.6. Data subjects are entitled at any time to object to the processing of their personal data (only for processing based on legitimate interests).
The Data Controller will investigate requests related to data processing within 30 days of receipt, make a decision on their validity, and inform the applicant of the decision in writing.8.1. If you believe that your personal data has not been processed in accordance with this privacy notice, or if you feel that you have been unable to fully exercise your rights, please contact us at the following address:
» Email address: support@flowyer.eu (please include "Data Processing" in the subject line of your email).
8.2. If your rights regarding your personal data have been violated, you may lodge a complaint with the following authority:
Flowyer LegalTech LLC processes personal data solely in the capacity of a data processor (providing hosting services), with the exception of the data provided for the fulfilment of the order and for contact purposes as detailed above. All decisions related to data processing are exclusively made by the data controller business partner (hereinafter referred to as the "Client") who provides personal data in relation to their own clients. The Client assumes liability for any claims made by third parties against Flowyer LegalTech LLC regarding personal data processing or breaches of business confidentiality. Flowyer LegalTech LLC does not make substantive decisions concerning data processing, processes personal data solely according to the Client’s instructions, does not process data for its own purposes, and stores and retains personal data in compliance with the Client’s instructions. Both parties agree that the Client acknowledges and approves the data storage and retention system established by Flowyer LegalTech LLC, while retaining the right to inspect it. Flowyer LegalTech LLC declares that it takes into account the state of the art in determining and applying technical and organisational measures to ensure data security.
The Client may specify actions for Flowyer LegalTech LLC to execute decisions related to data processing to ensure the proper fulfilment of contractual tasks. However, the Client is responsible for the legality of such instructions. Flowyer LegalTech LLC must immediately inform the Client before executing an instruction if it is deemed impractical, unprofessional, or in violation of legal regulations. Flowyer LegalTech LLC may only deviate from the Client’s instructions if mandated by (domestic or EU) law.
Flowyer LegalTech LLC may engage additional data processors. Should it do so, the same data protection obligations will apply to the engaged processor as those stipulated between the Client and Flowyer LegalTech LLC. Flowyer LegalTech LLC ensures that contracts are established with its personnel or parties involved in data processing concerning the confidentiality of personal data.
Flowyer LegalTech LLC is obliged to prevent unauthorised access to the data and to notify the Client without undue delay about any data protection incident, providing detailed information.
If the Client decides not to renew their subscription after it expires, Flowyer LegalTech LLC will provide "read-only" access to the data, allowing the Client to access and copy the data in the same manner as during upload (certain features may include export functionality).
Any disputes arising in relation to the above should be resolved primarily through mutual negotiations. If the dispute cannot be resolved within 30 days of initiating written discussions, the matter may be brought before the competent court with general jurisdiction as determined by Act CXXX of 2016.
