FlowTwo is committed to safeguarding the privacy and rights of citizens and customers of FlowTwo’s services.
FlowTwo is a data processor, providing hosting- and backup-services for organisations’ websites. Delivering that service entails management of personal data about website visitors. We realize the great responsibility that follows from this, and will here share how we comply with applicable legislation including, but not limited to, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data (“GDPR”).
The Policy is shared publicly on our homepage www.flowtwo.com.
Scope and acceptance
The Policy describes data processing activities carried out by FlowTwo, based on the instructions between FlowTwo and its customers. The customers are data controllers, and FlowTwo functions as data processor.
As data controllers, it is the responsibility of customers to FlowTwo to gather informed consent from website visitors. FlowTwo only process data, which the data controllers guarantee has been procured in a legal manner.
Whose data we process
FlowTwo process data about website visitors on the websites they host. In the section “What personal data we process”, you can find information about the specific data elements we process.
FlowTwo as a data processor
FlowTwo does not determine the purpose and means of processing personal data. Therefore, FlowTwo is not acting as data controller, but only data processor. The customers of FlowTwo are data controllers to whom FlowTwo provides a service.
FlowTwo delivers hosting- and backup-services for organisations’ websites. As hosting-supplier, FlowTwo processes the data that the organisation, who owns the website, chooses to gather and store. FlowTwo does not collect any additional personal data, besides logging IP-addresses of users that try to demand access with an incorrect password.
Why we process personal data
FlowTwo process personal data in order to deliver hosting- and backup-services to organisations.
What personal data we process
In delivering the hosting- and backup-services, these types of personal data might occur in FlowTwo’s database:
- Phone numbers
- E-mail addresses
- Order history
- Communication between user and data controller
- Other data that has been made possible to submit through the website.
If this “other” entails types of personal data not included in the list above, the data controller is asked to let FlowTwo know.
How we share personal data
FlowTwo will not share personal information with any third party who intends to use the data for marketing purposes. We will only share personal information in the following contexts:
- Associated services: Customers choosing additional data processing providers can ask FlowTwo to share its data with that service provider. FlowTwo will only export personal data on instruction from the data controller.
- Public Authorities: The police and other authorities may demand the handover of personal information from FlowTwo. In that event, FlowTwo will only hand over the data if there is a court order to do so.
Any person has the right to request a copy of their personal data in FlowTwo possession. The request has to go through the organisation whose website was visited. FlowTwo will deliver the requested data to the data controller within 72 hours.
In the event of a person wishing to correct information or opt-out of marketing communication, we again refer to FlowTwo’s customers.
Any person has the right to request to be forgotten. The request has to go through the organisation whose website was visited. FlowTwo will carry out the forget-process within 72 hours, and will have deleted all information from backups after nine months.
Disclosure of information
FlowTwo may disclose your information if we are subject to an obligation to forward or share data in order to comply with a legal obligation. Disclosure may also take place as instructed by a court of law or another authority, or to protect the trademarks, rights, property or security of FlowTwo. This entails the exchange of information with other companies and organisations for the purpose of protection against fraud.
Data security and retention
How we keep personal data secure
FlowTwo utilize reasonable and appropriate physical, technical and administrative procedures and measures to safeguard the information we possess.
More specifically, FlowTwo:
- guarantee a safe operating environment, allowing only employees and trusted partners access to personal data,
- encrypt payment information using industry-standard encryption methods, and
- FlowTwo uses iTadel, located in Aarhus, Denmark as the physical location for the data we store. Furthermore, backups of the stored data are kept in Dropbox, and backups of hosted websites are placed on a server in Denmark.
How long we store personal data
FlowTwo only stores personal data for as long as it is necessary for the data controller’s stated purpose, or until the contract with the data controller terminates, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
When the personal data we possess in no longer required, related to the above stated, it will be deleted from our systems, however not from backup files, which are kept for nine months before deleted. In the event that backup files are used to recover lost information, the personal data previously deleted will be removed from the restored version of the system.
Subcontractors and export of personal data
In the event that FlowTwo intends to use subcontractors, customers whose data would be processed by that subcontractor will be asked for acceptance in due time. FlowTwo will only export data to subcontractors on instruction from the customer. In that case, FlowTwo is still responsible for the privacy and rights of citizens’ data.
Changes to this Policy
In the event that changes are made to this Policy, the revised Policy will replace this Policy on FlowTwo’s homepage with an updated revision date. Everyone whose data is being processed by FlowTwo are encouraged to review the Policy regularly.
In the event of significant changes being made to this Policy or the practice followed by FlowTwo, customers will be notified directly.
How to contact us