Privacy policy
This Privacy Policy (the “Privacy Policy”) is intended to inform you about our practices regarding the collection and use of your data that you may submit to us through our website http://wflow.com/ (the “Website”) and/or the app wflow.com Scanner (collectively the “Platforms”) and when using our services as advertised on the Platforms (the “Services”). Please read the Privacy Policy carefully!
wflow.com
wflow.com Czech Republic s.r.o.
Pobřežní 34
186 00 Praha 8
IČO: 072 12 241
Contact:
+420 734 114 334
support@wflow.com
sales@wflow.com
(A) This Privacy Policy was last modified on 21.11.2022 and may be sporadically updated to reflect changes in legislation, so please review it now and then. You can always find the most recent version on our Website at http://wflow.com/en/privacy-policy. If we make substantial changes, we will try to provide at least a 30-day notice prior to any changes taking effect. What constitutes a substantial change will be determined at our sole discretion. By continuing to access or use our Platforms or Services after those revisions become effective, you agree to be bound by the revised terms. If you do not agree to the new terms, please stop using the Platforms.
(B) We process your data with due care, in accordance with all applicable laws and regulations, including the regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (the “GDPR”).
(C) The Privacy Policy only covers data processing carried out by us. The Privacy Policy does not address, and we are not responsible for, the privacy practices of any other parties.
1. Who processes your personal data?
1.1 Your personal data are being processed by our company wflow.com Czech Republic s.r.o., ID No.: 072 12 241, with its registered office at Pobřežní 658/34, Karlín, 186 00 Prague 8, registered in the Commercial Register maintained by the Municipal Court in Prague, File No.: C 295488 (the “Controller“, “we”, “us” or “our”).
1.2 To learn more about personal data management or if you have any other questions, you're welcome to contact us at info@wflow.com.
2. What personal data are processed?
The subjects of personal data processing according to this Privacy Policy are persons representing our Customers, as defined in our Terms of Service, who are legal persons (the "Representative"), as well as all other Users of the Account on our Platforms (collectively the “Users” or “you” ). We may collect the following types of information about Users:
2.1. Personal Data
We may collect and process your name, email address, telephone number and other data provided by you voluntarily when you use our Services.
2.2. Technical Information
We and/or our authorised external service providers (e.g., Google, LLC - Google Analytics) may automatically collect technical data when you visit or interact with our Services. Technical data may include, in particular, the URL of the website you visited before visiting our Website, the time and date of user visits, surfing habits, IP address, the browser name, the type of computer or device accessing our Services, time spent on the Website and other similar technical information (the “Technical Data”). In a limited number of cases, it is possible to use technical data and identify you by them as an individual, thus making them personal data according to applicable legal regulations; however, we never use technical data to identify you as an individual.
2.3. User Data
When you have registered on our Platforms, we start collecting data from the devices and applications associated with your Account, which may include personal data relating to you, to your accounts or to third parties, including information about your devices used by accounts, websites and applications that your accounts use (collectively, the “User Data”).
2.4. Anonymised data provide aggregated analytics and statistics from the Platform
When you have used our Platform and Services, we may anonymise and aggregate these analytics and statistics generated from using the Platforms (the “Insights”). Insights may be used for research and development purposes. Unlike Technical Data, Insights are anonymous and it is not possible to identify you as an individual.
3. What are the purposes and legal basis for processing your personal data?
3.1. We process your personal data in order to:
3.1.1. carry out the agreement existing between us and the Customer based on the Customer’s decision to use our Services
This purpose includes mainly the following processing activities:
opening an Account on our Platforms;
informing you about any updates and new features of our Services (including changes in the pricing model);
notifying you about the updates of our Terms of Service, Cookie Policy, and this Privacy Policy;
responding to you in relation to any queries you may have with respect to our Services;
resolving potential agreement-related troubleshoot problems and disputes.
We process your name, email address, and other data provided by you voluntarily when you use our Services (i.e., when you created an Account on our Website) for this purpose.
Legal basis for such processing: the performance of a contract in accordance with Article 6 (1) (b) of GDPR.
3.1.2. improve our Platforms and Services
We may recognize and count the number of visitors to our Website and record anonymous visits for the purpose of improving our Website and Services.
We process the Technical Data (as defined above) for this purpose on the following legal basis: legitimate interest of the Controller in accordance with Article 6 (1) (f) of GDPR.
3.1.3. market our Services
We may market to you our current or future Services only if you subscribe to the newsletter at our Website or give us your consent to send you updates when creating an Account on our Website and thus provide us your consent with the processing of your email address for the marketing purposes.
We process your email address on the following legal basis: your consent in accordance with Article 6 (1) (a) of GDPR.
You can stop direct marketing communications from us by clicking the “Unsubscribe from newsletter” link in any email communication that we send you.
3.1.4. keep our Platforms safe
We may monitor usage of the Platforms. The purpose of this collection and processing is to safeguard against abuse of the Platforms and prevent serious misuse from Users.
We process this usage data for this purpose on the following legal basis: legitimate interest of the Controller in accordance with Article 6 (1) (f) of GDPR.
4. Customer as a controller and Wflow as a processor
4.1. In relation to some personal data processed via the Platforms, e.g. personal data of subjects that are mined from the uploaded documents, Wflow acts as a processor.
4.2. The legal basis of such processing may be the performance of a contract between the Customer and a third party in accordance with Article 6 (1) (b) of GDPR, the compliance with a legal obligation of the Customer in accordance with Article 6 (1) (c) of GDPR, or a legitimate interest of the Customer in accordance with Article 6 (1) (f) of GDPR.
4.3. The categories of personal data concerned may be: identification data (e.g. first name, last name, address, ID No.), contact data (e.g. email, phone, address), data on the relationship to the third party (function, workplace).
4.4. The Customer, as the controller, is responsible for ensuring that it has a legal basis for the processing and that the subjects are provided with full information about the processing of the data it carries out through the Platforms. The information provided in this Section 4 is of a general and informative nature only, and its accuracy and completeness are not guaranteed.
5. Who are recipients of your personal data?
5.1. We only share your personal data within our organisation.
5.2. We do not share your personal data with any recipients outside of the Controller unless one of the following circumstances applies:
5.2.1. it is necessary to provide our Services to you
To the extent that our external service providers (sub-processors) need access to your personal data to help us perform our Services for you, we have taken the appropriate contractual and organisational measures to ensure that your personal data are processed in accordance with all applicable laws and regulations.
Below is a non-exclusive list of our sub-processors for compliance:
Rossum Ltd, UK
PDF GENERATOR API (Actual Reports OÜ)
The list of these sub-processors may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Services.
5.2.2. It is necessary for legal reasons
We may share your personal data with recipients outside the Controller if we have a good-faith belief that access to and use of your personal data is reasonably necessary to: (i) meet any applicable law, regulation, and/or court order; (ii) detect, prevent, or otherwise address fraud, security or technical issues; and/or (iii) protect the interests, properties or safety of the Controller, our users or the public as far as in accordance with the law. When possible, we will inform you about such processing.
5.2.3. it is needed to improve our Services
In order to improve our Platforms and Services we may use third-party providers listed below to help us collect and analyze Technical Data.
Below is a non-exclusive list of our sub-processors:
Google Analytics (Google LLC)
Smartlook (Smartlook.com, s.r.o.)
Intercom (Intercom, Inc.)
The list of these sub-processors may change from time to time as we change or remove some of the providers listed above and/or put in place other providers to assist us in providing the Services.