Skip to main content

Privacy Statement

Version 1.0 — January 1, 2022


This Privacy Statement explains how Personal Information about our customers and other individuals using our products and services is collected, used and disclosed by Flexn B.V..This Privacy Statement describes our privacy practices in relation to the use of our websites (https://www.flexn.io), our software platform (Flexn) and services offered by us (the "Services"), as well as your choices regarding use, access, storage and correction of Personal Information. It also describes how we collect, use, disclose and otherwise process Personal Information collected in relation to our Services and otherwise in the course of our business activities.


By signing up to our Services and by agreeing to our General Terms and Conditions required to use certain of our Services, you agree to the collection, usage, storage and disclosure of information described in this Privacy Statement. You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. If you choose not to provide data required to provide you with a product or feature, you cannot use that product or feature. Likewise, where we need to collect personal data by law or to enter into or carry out a contract with you, and you do not provide the data, we will not be able to enter into the contract.


Our Services may contain links to other websites or services; and information practices and/or the content of such other websites or services shall be governed by the privacy statements of such other websites or services.


We may change this Privacy Statement from time to time. If we make changes, we will notify you by revising the date at the top of the statement and providing you with additional notifications (such as adding a statement to our homepage or sending you a notification). We encourage you to review the Privacy Statement whenever you use our Services to stay informed about our information practices and the ways you can help protect your privacy.

Personal Information Collection

We only use your personal information to provide you with the Flexn Application or to communicate with you about the services.


With respect to any documents or information you may choose to upload to the Flexn Application, we take the privacy and confidentiality of such documents seriously. We employ industry standard techniques to protect against unauthorized access of data about you that we store, including personal information.


We do not share personal information you have provided to us without your consent, unless:

  • Doing so is appropriate to carry out your own request;
  • We believe it is needed to enforce our Terms of Service, or that it is legally required;
  • We believe it’s needed to detect, prevent, or address fraud, security, or technical issues;
  • Otherwise protect our property, legal rights, or that of others.

As part of our normal business operations, your usage of our Services, our administration of you as a customer and to comply with local laws and regulations we collect your Personal Information. We will not process Personal Information for other purposes than described in this Privacy Statement.

Personal Information You Provide to Us

While using our Services or Products, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. For example, we collect information when you create an account, request customer support or otherwise communicate with us. The types of information we may collect include basic user information (such as your name, email address, telephone number), company information and any other information you choose to provide.


Flexn uses the data we collect to provide you with rich, interactive experiences. In particular, we use data to:

  • Provide our products, which includes updating, securing, and troubleshooting, as well as providing support. It also includes sharing data, when it is required to provide the service or carry out the transactions you request.
  • Improve and develop our products.
  • Personalize our products and make recommendations.
  • Advertise and market to you, which includes sending promotional communications, targeting advertising, and presenting you with relevant offers.
  • We also use the data to operate our business, which includes analyzing our performance or meeting our legal obligations.

Personal Information We Use

For individuals in the European Economic Area, our processing (i.e. use) of your Personal Information is justified on the following legal bases:

  • The processing is necessary to perform an agreement with you or take steps to enter into an agreement at your request;
  • The processing is necessary for us to comply with relevant legal obligations;
  • The processing is in our legitimate interest, and this justified interest prevails over your privacy.

We collect your Personal Information to:

  • Perform our agreement with you and with others;
  • Process, evaluate, and complete certain transactions involving the Services;
  • Operate, evaluate, maintain, improve, customize, and develop the Services (including by monitoring and analyzing trends, access to, and use of the Services for enhancing customer experience, security of our Services, advertising and marketing);
  • Provide you with documentation, communications, or any other services you request;
  • Correspond with you to resolve queries or complaints;
  • Protect and ensure safety of our Intellectual Property Rights;
  • Manage, protect against and investigate fraud, risk exposure, claims, and other liabilities, including but not limited to violation of our contract terms or (international) laws or regulations;
  • Adhere to all our worldwide legal obligations.

Personal Information We Disclose

We operate worldwide and we may share your Personal Information with our affiliated businesses as part of our business operations, administration of the Services and to comply with local laws and regulations. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services. We may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.


We reserve the right to share any information that is not deemed Personal Information or is not otherwise subject to contractual restrictions.


Where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR").


We are committed to processing personal data in accordance with our obligations as a data “processor” or “subprocessor” under applicable EU data protection laws. If your organization is based in the EU or is otherwise directly or indirectly subject to EU data protection laws, including the GDPR, we have executed, or upon request by your organization will execute, and have otherwise committed to comply with the applicable Standard Contractual Clauses approved by the European Commission related to our processing or subprocessing of personal data in connection with the services we provide to your organization as our customer. For our customers to which such EU data protection laws apply, these requirements include:

  • Processing personal data only in compliance with our customers’ instructions, and promptly informing them if we cannot comply;
  • Promptly notifying our customers if we have any reason to believe that law applicable to us would prevent us from complying with our customers’ processing instructions;
  • Implementing and maintaining specific and appropriate technical and organizational security measures to protect personal data;
  • Promptly notifying our customers about any legally binding request for disclosure of personal data by law enforcement, or any accidental or unauthorized access to any personal data, or any request received by us from an EU-based individual whose personal data we may be processing pursuant to the customers’ instructions;
  • Submitting our data processing facilities to audit by our customers;
  • Providing a copy or summary of the applicable contract between us and our customer to individuals who are unable to obtain such a copy or summary directly from their organization;
  • Obtaining consent from our customers for our use of any service providers who will be processing any personal data; and
  • Ensuring that any such service providers agree in writing to comply with these requirements.
  • We may share Personal Information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case Personal Information held by us about our customers and/or users may be one of the transferred assets.

In accordance with our legal obligations, we may also process Personal Information, subject to a lawful request, to public authorities for law enforcement or national security purposes. Further we may also disclose Personal Information where otherwise required by local law or regulations.

Personal Information We Collect Automatically When You Use our Services

When you access or use our Services we automatically collect information about you, including:

Cookies and Beacons

We (or our affiliates and authorized service providers) may place ‘cookies’ and similar technologies on your computer or mobile device in order to track and collect data regarding your use of our Site and Services. Cookies are small text files that our Site transfers to you and that allow us to permit us to recognize you and obtain data such as how, when and how long you browse pages in our Site. Either we or our affiliates and authorized service providers may also use ‘beacons’, which are small files, sometimes only a pixel in size, embedded onto the pages of our Site. Beacons are used to identify each of our pages in order to be analyzed by our system tools. You can always configure your browser to refuse cookies and beacons.


Your browser or device may include "Do Not Track" functionality. Because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to "Do Not Track" signals. However, you can opt out from the use of cookies and beacons as explained above.

Third Party Services

Our Site and services may also implement hyperlinks to the websites of our commercial partners and other third parties. If you click on such links, you are choosing to visit such websites, and will be redirected thereto. If you click on a third party link, our Policy and Service terms are no longer applicable and your browsing is at your own risk. We are not responsible for the privacy and personal data practices used by such third parties (including any tools, cookies, information or content contained thereinto), and we do not have control over the manner in which such third parties may collect, process, treat or use your personal data. You are strongly advised to check the privacy settings, policies and/or notices applicable to such third party sites and services prior to browsing or using such third party websites and/or services.


In addition, any banner or ad that we may have on our Site does not constitute any endorsement of any third party thereof.

Financial data and information

We use third party payment processing platforms. These platforms will request you to disclose them sensitive personal data (e.g. credit card number, account username and password) in order to complete purchases and operations related to our services. Such third party payment processing platforms are governed by their own safety standards, policies and terms of use. We shall not be liable for their operation, safety or otherwise their functioning. We strongly advise our users to engage in online safety measures in order to protect their financial information, here in the Site and elsewhere. We will not collect or store any sensitive financial data of yours.

Advertising, opt-out

From time to time, we may use Google Analytics, AdWords and/or AdSense tracking codes, along with other third party services (such as remarketing codes) in order to collect marketing analytics about the pages you browse on our Site or when you undertake specific actions through our services. Our advertising and analytics providers may also use cookies, codes and other technologies to help us analyze our users’ patterns. For example, our advertising providers may show you Flexn’s ads on third party websites across the Internet, even after you leave our Site. Using Google and other analytics tools, we learn how to optimize, and serve ads based on a user’s past visits, giving you a better experience. Our third party providers may also use cookies and beacons to track your Internet browsing in order to serve you ads based on what they or us believe to be of your interest. Such information will be processed for purposes of evaluating your browsing activities and consumer preferences.


In order to enforce and uphold your right to privacy, you have the option to elect not to receive this type of advertising from us or third parties, now or in the future. The information generated by Google Analytics is transmitted to and stored by Google and is subject to Google’s privacy policies. To learn more about Google’s partner services and how to opt out of analytics tracking by Google, click here. You can also learn more about opting-out from personalized advertising on the Network Advertising Initiative website located at www.networkadvertising.org. In addition, you may set browser and system preferences for how other third parties serve ads to you.

Personal Information We Use

For individuals in the European Economic Area, our processing (i.e. use) of your Personal Information is justified on the following legal bases:

  • The processing is necessary to perform an agreement with you or take steps to enter into an agreement at your request;
  • The processing is necessary for us to comply with relevant legal obligations;
  • The processing is in our legitimate interest, and this justified interest prevails over your privacy.

We collect your Personal Information to:

  • Perform our agreement with you and with others;
  • Process, evaluate, and complete certain transactions involving the Services;
  • Operate, evaluate, maintain, improve, customize, and develop the Services (including by monitoring and analyzing trends, access to, and use of the Services for enhancing customer experience, security of our Services, advertising and marketing);
  • Provide you with documentation, communications, or any other services you request;
  • Correspond with you to resolve queries or complaints;
  • Protect and ensure safety of our Intellectual Property Rights;
  • Manage, protect against and investigate fraud, risk exposure, claims, and other liabilities, including but not limited to violation of our contract terms or (international) laws or regulations
  • Adhere to all our worldwide legal obligations.

Personal Information We Disclose

We operate worldwide and we may share your Personal Information with our affiliated businesses as part of our business operations, administration of the Services and to comply with local laws and regulations. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing information, products or services to you, in conducting and managing our business, or in managing and improving our Services. We may share your personal data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.


We reserve the right to share any information that is not deemed Personal Information or is not otherwise subject to contractual restrictions.


Where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR").


We are committed to processing personal data in accordance with our obligations as a data “processor” or “subprocessor” under applicable EU data protection laws. If your organization is based in the EU or is otherwise directly or indirectly subject to EU data protection laws, including the GDPR, we have executed, or upon request by your organization will execute, and have otherwise committed to comply with the applicable Standard Contractual Clauses approved by the European Commission related to our processing or subprocessing of personal data in connection with the services we provide to your organization as our customer. For our customers to which such EU data protection laws apply, these requirements include:

  • Processing personal data only in compliance with our customers’ instructions, and promptly informing them if we cannot comply;
  • Promptly notifying our customers if we have any reason to believe that law applicable to us would prevent us from complying with our customers’ processing instructions;
  • Implementing and maintaining specific and appropriate technical and organizational security measures to protect personal data;
  • Promptly notifying our customers about any legally binding request for disclosure of personal data by law enforcement, or any accidental or unauthorized access to any personal data, or any request received by us from an EU-based individual whose personal data we may be processing pursuant to the customers’ instructions;
  • Submitting our data processing facilities to audit by our customers;
  • Providing a copy or summary of the applicable contract between us and our customer to individuals who are unable to obtain such a copy or summary directly from their organization;
  • Obtaining consent from our customers for our use of any service providers who will be processing any personal data; and
  • Ensuring that any such service providers agree in writing to comply with these requirements.
  • We may share Personal Information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case Personal Information held by us about our customers and/or users may be one of the transferred assets.


In accordance with our legal obligations, we may also process Personal Information, subject to a lawful request, to public authorities for law enforcement or national security purposes. Further we may also disclose Personal Information where otherwise required by local law or regulations.

Security

The security of your Personal Information is important to us. We therefore aim to safeguard and protect your Personal Information from unauthorized access, improper use or disclosure, unauthorized modification, or unlawful destruction or accidental loss, and we utilize and maintain certain reasonable processes, systems, and technologies to do so. This also means that our personnel is only allowed to access or process Personal Information if this is reasonably required to do so for work related tasks, to adhere to your request or to fulfill a legal obligation on behalf of us.


Please remember that no method of transmission over the internet, or method of electronic storage, is 100% secure or error-free. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control.


Transferring Personal Information: As also mentioned above, where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the GDPR.


Personal Information Breach: In the case of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Information transmitted, stored, or otherwise processed by us about our customers and/or users, we shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the Personal Information breach to the local supervisory authority, unless the Personal Information breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Information breach is likely to result in a high risk to the rights and freedoms of natural persons we shall communicate the Personal Information breach without undue delay on our security page, unless we have already i) implemented appropriate technical and organizational protection measures, and those measures are applied to the Personal Information affected by the breach, in particular those that render the Personal Information unintelligible to any person who is not authorized to access it, such as encryption, or ii) we have taken subsequent measures which ensure that the high risk to the rights and freedoms of natural persons is no longer likely to materialize.

Retention of Personal Information

In general the collected Personal Information is not stored by us for longer than five years, unless you do a prior deletion request. However, in some circumstances, we may retain certain Personal Information for other periods of time, for instance where we are required to do so in accordance with legal, tax, and accounting requirements, or if required by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required. In specific circumstances, we may also retain certain Personal Information for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges.

Children

The Services are not for use by children under the age of 16 years and we do not knowingly collect, store, share, or use Personal Information of children under 16 years. If you are under the age of 16 years, please do not provide any Personal Information, even if prompted by the Services to do so. If you are under the age of 16 years and you have provided Personal Information, please ask your parent(s) or guardian(s) to notify us and we will delete all such Personal Information.

Your EU Rights

Based on the GDPR you may have rights available to you in respect of your Personal Information, such as:

  • To obtain a copy of your Personal Information together with information about how and on what basis that Personal Information is processed;
  • To rectify inaccurate Personal Information (including the right to have incomplete Personal Information completed);
  • To delete your Personal Information (where it is no longer necessary in relation to the purposes for which it was collected or processed). We strive to anonymize your Personal Information within 30 days after your deletion request;
  • To restrict processing of your Personal Information under certain circumstances.
  • To port your Personal Information in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of an agreement with you;
  • To withdraw your consent to our processing of your Personal Information (where that processing is based on your consent);
  • To obtain, or see a copy of the appropriate safeguards under which your Personal Information is transferred to a third country or international organization outside of the European Economic Area; and
  • To lodge a complaint with your local supervisory authority for data protection.


In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your Personal Information which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your Personal Information for marketing or promotional purposes, including profiling for marketing or promotional purposes.


In relation to all of these rights or if you have any questions about this Privacy Statement, please send an email to support@flexn.io.


Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

Privacy Shield

Flexn adheres to the principles of the EU-U.S. and Swiss-U.S. Privacy Shield frameworks, although Flexn does not rely on the EU-U.S. Privacy Shield Framework as a legal basis for transfers of personal data in light of the judgment of the Court of Justice of the EU in Case C-311/18. To learn more, visit the U.S. Department of Commerce’s Privacy Shield website.


Where Personal Information is transferred outside the European Economic Area to our affiliated companies or to third party service providers, we will take steps to ensure that your Personal Information is protected by the same level of protection as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clauses, or by relying on certification schemes such as the Privacy Shield. We contractually require agents, service providers, and affiliates who may process Personal Information related to the Services to provide the same level of protection for Personal Information as required under the European Union General Data Protection Regulation ("GDPR").


In compliance with the Privacy Shield Principles, Flexn commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Flexn at:support@flexn.io.


Flexn has further committed to refer unresolved Privacy Shield complaints to Jams ADR, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.jamsadr.com/eu-us-privacy-shield for more information or to file a complaint. The services of Jams ADR are provided at no cost to you. If your complaint still remains unresolved, then you have the right to invoke binding arbitration by the Privacy Shield Panel upon written notice to Flexn at:support@flexn.io.


We may share Personal Information with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case Personal Information held by us about our customers and/or users may be one of the transferred assets.


In accordance with our legal obligations and our privacy statement, we may also process Personal Information, subject to a lawful request, to public authorities for law enforcement or national security purposes. Further we may also disclose Personal Information where otherwise required by local law or regulations.