Privacy Policy

1. Introduction

Flowko ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website flowko.io and use our automation services.

This policy complies with the EU General Data Protection Regulation (GDPR) and applies to all personal data we process about you.

2. Data Controller

3. Information We Collect

3.1 Information You Provide

• Contact information (name, email address, phone number)
• Company information (business name, industry, size)
• Communication preferences
• Technical requirements and project details
• Payment information (processed securely through third-party processors)

3.2 Information Automatically Collected

• IP address and location data
• Browser type and version
• Device information
• Website usage patterns and analytics
• Cookies and similar tracking technologies

4. How We Use Your Information

4.1 Service Delivery (Legal Basis: Contract Performance)

• Providing automation consultations and development services
• Project management and communication
• Technical support and maintenance
• Billing and payment processing

4.2 Business Operations (Legal Basis: Legitimate Interest)

• Website analytics and improvement
• Security monitoring and fraud prevention
• Business development and service enhancement

4.3 Marketing (Legal Basis: Consent)

• Sending newsletters and automation insights
• Promoting relevant services and case studies
• Event invitations and webinars

5. Data Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties except:

5.1 Service Providers

• Website hosting (securely with EU providers)
• Payment processors (for payment processing only)
• Email providers (for sending agreed communications)
• Analytics tools (Google Analytics with IP anonymization)

5.2 Legal Requirements

• When required by law
• To protect our rights or property
• In good faith to prevent criminal activity

6. Data Security

We have implemented appropriate technical and organizational measures to safeguard your personal data against unauthorized access, alteration, disclosure, or destruction.

These measures include:

• SSL encryption for all web communications
• Secure data storage with encryption
• Regular security audits and updates
• Limited access rights to authorized personnel only
• Security protocols for data handling

7. Your GDPR Rights

Under GDPR, you have the following rights:

• Access: Request copies of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we process your data
• Portability: Receive your data in a structured format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: For marketing communications at any time

To exercise these rights, contact us at info@flowko.io. We will respond within 30 days.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

9. International Transfers

Your data is primarily processed within the EU. In cases where we use third-party services from third countries (e.g., Google Analytics), we ensure appropriate safeguards:

All transfers are conducted in compliance with GDPR and Slovenian data protection law.

• EU Standard Contractual Clauses
• EU Adequacy Decisions
• Certification schemes (Privacy Shield successors)

10. Automated Decision Making

We do not engage in automated decision-making or profiling that could significantly affect you.

All important decisions are made with direct human involvement.

11. Policy Updates

We may update this policy occasionally. We will notify you of material changes via email or website notice.

Please review this policy regularly for the latest information on our data protection practices.

12. Contact Us

For privacy-related questions or to exercise your rights:

You also have the right to lodge a complaint with the relevant supervisory authority if you believe your data protection rights have been violated.