Updated: September 19, 2023
At Flow Digital (“Flow”, “we”, “our” or “us”) we respect your privacy and are committed to protecting the personal data we hold about you. This Privacy Policy relates to your use of the Flow mobile application, our website located at [insert URL], and our services [insert as applicable: including Flow Core Wallet] that we may offer from time to time, or otherwise through your interaction with us (collectively, the “Services”).
Please review the following to understand how we process and safeguard personal data about you. By using any of our Services, whether by visiting our website or otherwise, and/or by voluntarily providing personal data to us, you acknowledge that you have read and understand the practices contained in this Privacy Policy. This Privacy Policy may be revised from time to time, so please ensure that you check this Privacy Statement periodically to remain fully informed.
1. PERSONAL DATA WE COLLECT
2. HOW WE COLLECT PERSONAL DATA
3. HOW WE USE PERSONAL DATA
4. WHO WE SHARE PERSONAL DATA WITH
5. LEGAL BASES FOR PROCESSING PERSONAL DATA
6. YOUR RIGHTS REGARDING PERSONAL DATA
- Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
- Your California Privacy RightsYour Nevada Rights
- Your European Union and UK Privacy Rights
7. YOUR CHOICES
- Location Information
-Cookies and Web Tracking
8. PROTECTING PERSONAL DATA
9. RETENTION OF PERSONAL DATA
10. OTHER IMPORTANT INFORMATION SERVICES
- Collection of Personal Data from Children
- Third Party Websites and Services
- Business Transfer
- Do Not Track
- International Use
11. MODIFICATIONS AND UPDATES TO THIS PRIVACY STATEMENT
12. APPLICABILITY OF THIS PRIVACY STATEMENT
13. ADDITIONAL INFORMATION AND ASSISTANCE
1. Personal Data We Collect
We collect information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household (“personal data”). The types of personal data we collect about you depends on your interactions with us and your use of the Services. We may collect the below categories of personal data from our users: internet or other electronic network activity information, including, but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, device information or advertisement.Geolocation data.Inferences drawn from any of the information above to create a profile about an individual reflecting the individual’s preferences, characteristics, and transaction behavior.We will not collect additional categories of personal data other than those categories listed above. If we intend to collect additional categories of personal data, we will provide you with a new notice at or before the time of collection.
2. How We Collect Personal Data
We collect personal data either:
- Directly From You. When you provide it to us directly to perform the Services.
- Automatically or Indirectly From You. For example, through and as a result of your use of and access to the Services. We also collect IP addresses and browser types from the devices you use.
3. How We Use Personal Data
We process personal data for the following purposes:
1. To provide the Services, which includes use of our Services.
2. Developing, improving, operating, providing, predicting, or performing, including maintaining or servicing accounts, enhancing the Services and your experience with them, providing customer service, processing or fulfilling transactions, verifying your identity, and processing payments.
3. Auditing related to a current interaction with the user and concurrent transactions.
4. Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
5. Debugging to identify and repair errors that impair existing intended functionality.
6. Undertaking internal research for technological development and demonstration.
7. Undertaking activities to verify or maintain the quality or safety of the Services owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the Services owned, manufactured, manufactured for, or controlled by us.
8. Complying with applicable laws, regulations, rules and requests of relevant law enforcement and/or other governmental agencies, or for other purposes, as permitted or required by law.
9. As necessary or appropriate to protect the rights, property, and safety of our users, us, and other third parties.
We will not use the personal data we collected for materially different, unrelated, or incompatible purposes without providing you with notice and obtaining your consent.
4. Who We Share Personal Data With
We share personal data with the following categories of third parties:
- Our service providers.
- Our affiliated entities.
- Government agencies or regulators when permitted or required to do so by law; in response to a request from a law enforcement agency or authority or any regulatory authority; and/or to protect the integrity of the Services or our interests, rights, property, or safety, and/or that of our users and others.
We may also share your personal data with our legal advisors; auditors; courts and public authorities; and any acquirer or successor in the event of a corporate sale, merger, reorganization, dissolution, or similar event if any of your personal data is part of the assets we transfer or share in preparation for such a transaction.
5. Legal Bases for Processing Personal Data
We process personal data for, or based on, one or more of the following legal bases:
- Necessary for Performance of a Contract. By using the Services, we will process certain personal data to fulfill our contractual obligations to you.
- Legitimate Interests. We may process personal data for our legitimate interests, including complying with any applicable law, rule or regulation, investigation or remedy; protecting our, our users' or others' rights, property and safety; and detecting and resolving any fraud or security concerns.
- Compliance with Legal Obligations and Protection of Individuals. We may process personal data to comply with our legal obligations, including as required by valid legal process, governmental request, and to protect those individuals who use our Services and others.
- Consent. We may also ask you for your consent to process your personal data. In cases where you provide consent, you may withdraw such consent at any time. However, withdrawing your consent does not affect the lawfulness of any processing based on your consent before your withdrawal.
6. Your Rights Regarding Personal Data
You have certain rights pursuant to the Data Protection Act (Revised) of the Cayman Islands regarding the collection and processing of personal data – including certain fundamental rights of access to personal data. You may exercise these rights, to the extent they apply to you, by contacting us at the information provided at the end of this Privacy Statement, or by following instructions provided in this Privacy Policy or in communications sent to you.
Your rights may vary depending on the laws that apply to you. See “Your California Privacy Rights”, “Your Nevada Privacy Rights”, and “Your European Union and UK Privacy Rights”, for more information about certain legal rights that may apply to you.
a) Accessing, Modifying, Rectifying, and Correcting Collected Personal Data
We strive to maintain the accuracy of any personal data collected from you, and will try to respond promptly to update our records when you tell us the information in our records is not correct. However, we must rely upon you to ensure that the information you provide to us is complete, accurate, and up-to-date, and to inform us of any changes. Please review all of your information carefully before submitting it to us. Please contact us if there are any updates or corrections to your information.Depending on the laws that apply to you, you may obtain from us certain personal data in our records. If you wish to access, review, or make any changes to personal data you have provided to us through the Services, please contact us at the information provided at the end of this Privacy Statement. We reserve the right to deny access as permitted or required by applicable law.
b) Your California Privacy Rights
California’s “Shine the Light” law, permits our users who are California residents to request and obtain from us a list of what personal data (if any) we disclosed to third parties for their own direct marketing purposes in the previous calendar year and the names and addresses of those third parties. Requests may be made only once per year per person, must be sent to the email address below, and are free of charge. However, we do not disclose personal data protected under the “Shine the Light” law to third parties for their own direct marketing purposes.Please note that we do not “sell” or “share” your personal data as those terms are defined by the California Consumer Privacy Act (the “CCPA”), as amended by the California Privacy Rights Act (“CPRA”).
c) Your Nevada Privacy Rights
Nevada law permits our users who are Nevada consumers to request that their personal data not be sold (as defined under applicable Nevada law), even if their personal data is not currently being sold. Requests may be sent to [insert], and are free of charge.
d) Your European Union and UK Privacy Rights
In addition to the above-listed rights, European Union and UK privacy law provides individuals with enhanced rights in respect of their personal data. These rights may include, depending on the circumstances surrounding the processing of personal data:
- The right to object to decisions based on profiling or automated decision-making that produce legal or similarly significant effects on you;
- The right to request restriction of processing of personal data or object to processing of personal data carried out pursuant to (i) a legitimate interest (including, but not limited to, processing for direct marketing purposes) or (ii) performance of a task in the public interest;
- In certain circumstances, the right to data portability, which means that you can request that we provide certain personal data we hold about you in a machine-readable format; and
- In certain circumstances, the right to erasure and/or the right to be forgotten, which means that you can request deletion or removal of certain personal data we process about you.
- The right to lodge a complaint with a supervisory authority located in the jurisdiction of your habitual residence, place of work, or where an alleged violation of law occurred.
Note that we may need to request additional information from you to validate your request. To exercise any of the rights above, please contact us at security@onflow.org
7. Your Choices
You have choices about certain information we collect about you, how we communicate with you, and how we process certain personal data. When you are asked to provide information, you may decline to do so; but if you choose not to provide information that is necessary to provide some of our Services, you may not be able to use those Services. In addition, it is possible to change your browser settings to block the automatic collection of certain information.
- Location Information. If you want to limit or prevent our ability to receive location information from you, you can deny or remove the permission for certain Services to access location information or deactivate location services on your device. Please refer to your device manufacturer or operating system instructions for instructions on how to do this.
- Cookies and Web Tracking. Cookies are files with a small amount of data that are commonly used as anonymous unique identifiers. These are sent to your browser from the websites that you visit and are stored on your device’s internal memory. Our Services do not use these cookies explicitly. However, the Services, such as our mobile app, may use third-party code and libraries that use cookies to collect information and improve their services. You have the option to either accept or refuse these cookies and know when a cookie is being sent to your device. If you choose to refuse our cookies, you may not be able to use some portions of our Services.
8. Protection of Personal Data
We use reasonable and appropriate physical, technical, and organizational safeguards designed to promote the security of our systems and protect the confidentiality, integrity, availability, and resilience of personal data. Those safeguards include: (i) the encryption of personal data where we deem appropriate; (ii) taking steps to ensure personal data is backed up and remains available in the event of a security incident; and (iii) periodic testing, assessment, and evaluation of the effectiveness of our safeguards.However, no method of safeguarding information is completely secure. While we use measures designed to protect personal data, we cannot guarantee that our safeguards will be effective or sufficient. In addition, you should be aware that Internet data transmission is not always secure, and we cannot warrant that information you transmit utilizing the Services is or will be secure.
9. Retention of Personal Data We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or regulatory requirements. To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We will not keep your personal data for longer than is necessary and following the end of the relevant retention period, we will delete or anonymize your personal data.
10. Other Important Information
- Links to Other Sites. Our Services may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that we do not operate these external sites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. This Privacy Policy does not apply to any third party services; please refer to the policies for such third party services for information about how they collect, use, and process personal data.
- Children’s Privacy. These Services do not address anyone under the age of 18. We do not knowingly collect personal data from children under 18. In the case we discover that a child under 18 has provided us with personal data, we immediately delete this from our servers. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us so that we will be able to take the necessary actions. By using the Services, you represent that you are 18 years of age or older.
- Business Transfer. We may, in the future, sell or otherwise transfer some or all of our business, operations or assets to a third party, whether by merger, acquisition or otherwise. Personal data we obtain from or about you via the Services may be disclosed to any potential or actual third party acquirers and may be among those assets transferred.
- Do Not Track. We currently do not use any cross-site tracking technologies and do not currently process or comply with any web browser’s “do not track” signal or similar mechanisms.
- International Use. Your personal data will be stored and/or processed in the United States. By your use of the Services, you acknowledge that we will transfer your data to, and store your personal data in the United States, which may have different data protection rules than in your country, and personal data may become accessible as permitted by law in the above countries, including to law enforcement and/or national security authorities in the those countries. For transfers of data into and out of the United Kingdom or European Economic Area, pursuant to Article 46 of the General Data Protection Regulation (“GDPR”), we use data transfer agreements subject to EU-approved standard contractual clauses.
11. Changes to This Privacy Policy
This Privacy Policy replaces all previous disclosures we may have provided to you about our information practices with respect to the Services. We reserve the right, at any time, to modify, alter, and/or update this Privacy Policy, and any such modifications, alterations, or updates will be effective upon our posting of the revised Privacy Policy. We will use reasonable efforts to notify you in the event material changes are made to our processing activities and/or this Privacy Policy, such as by posting a notice on the Services or sending you an email. Your continued use of the Services following our posting of any revised Privacy Policy will constitute your acknowledgement of the amended Privacy Policy.
12. Applicability of this Privacy Policy
This Privacy Policy is subject to the Terms of Service, located at [insert hyperlink], that govern your use of the Services. This Privacy Policy applies regardless of the means used to access or provide information through the Services.
This Privacy Policy does not apply to information from or about you collected by any third party services, applications, or advertisements associated with, or websites linked from, the Services. The collection or receipt of your information by such third parties is subject to their own privacy policies, statements, and practices, and under no circumstances are we responsible or liable for any third party’s compliance therewith.
13. Additional Information and Assistance
If you have any questions or concerns about this Privacy Policy and/or how we process personal data, please contact us at security@onflow.org