Privacy Policy

With this privacy policy, we would like to inform you about how we process your data. It applies to all our services, websites, applications, and social media sites. We have tried to keep it as short and comprehensible as possible.


Status: November 11, 2020
Reason: Added Join and MongoDB to the hosting providers

Responsible Entity

FlowSquad GmbH
Salomon-Idler-Str. 30
86159 Augsburg
Germany
info@flowsquad.io

What data we process and why

The following overview shows the categories of data processed by us, the groups of persons affected, and the purposes for which we process your data.

Types of data processed

  • Inventory data (e.g., your name and address)
  • Contact data (e.g., your e-mail address or telephone number)
  • Usage data (e.g., the content you visit on our website)
  • Applicant data (e.g., cover letter, resume, and certificates)
  • Content data (e.g., your messages sent to us)
  • Metadata (e.g., your IP address and browser used)
  • Contract data (e.g., contents and duration of our contracts with you)
  • Payment data (e.g., your bank details and invoices)

Affected groups of people

  • Employees
  • Applicants
  • Contract partner
  • Prospective customers
  • Customers
  • Users

Purposes of processing

  • Range measurement
  • Application processing
  • Security measures
  • Provision of contractual services
  • Reply to your messages and inquiries
  • Deployment of our applications and content

Applicable legal grounds

In the following, you will find a summary of the legal basis to which we refer in the context of this data protection declaration:

  • Consent: Art. 6 para. 1 sentence 1 lit. a GDPR
  • Contractual obligations: Art. 6 para. 1 sentence 1 lit. b GDPR
  • Legal obligations: Art. 6 para. 1 sentence 1 lit. c GDPR
  • Legitimate interests: Art. 6 para. 1 sentence 1 lit. f GDPR

Our security measures

We take extensive state-of-the-art security measures to protect your data adequately. These include, for example, the following precautions:

  • Use of complex and long passwords
  • Multi-factor authentication (e.g., via SMS or one-time password)
  • Encryption during transport (SSL) and storage of data
  • Data access restricted to the necessary extent
  • No collection or storage of data not needed
  • Shortening of the IP address, where possible

In which cases we transfer data to third parties and third countries

In the course of our activities, data is also transferred to other companies or persons, for example to financial institutions (e.g., to process payments) or IT service providers (to provide hosting and similar services). In these cases, we ensure that these companies and persons comply with the legal regulations and treat your data securely. This also includes the conclusion of corresponding contracts.


We take care to process your data as far as possible within the European Union. However, in some cases, it cannot be avoided that some data is transferred to other countries outside the EU. In these cases, we ensure that an adequate level of data protection is provided in these countries or that the security of your data is guaranteed in some other way, for example, by concluding standard contractual clauses approved by the European Commission.

What cookies we use

Cookies are a way to store data in a user's browser, such as their login status. In addition, cookies are also used for range measurement. Cookies can remain stored even after the browser is closed so that you do not have to log in again on your next visit, for example. Below you will find a list of the cookies we use:


_gid
_gat
_ga

These cookies are used by Google Analytics and are only set if you have given your prior consent to the use of cookies. They have a validity period between 60 seconds and 2 years. You can find more detailed information on this topic in Google's privacy policy.

You can revoke your consent once given at any time. Please clickhere to do so.


gatsby-gdpr-google-analytics
gatsby-gdpr-google-analytics-legacy

These cookies store your consent or opt-out of the use of cookies. They are necessary so that the cookie banner is not displayed again each time you visit the site. They have a validity period of 1 year.


GCLB

This cookie is necessary to always end up on the same server, and prevent problems with authentication. It is deleted when you close the browser.


auth0.is.authenticated

This cookie is necessary to store that you are logged in. It has a validity period of 24 hours.


For cookies, to which you must give your consent first, your given consent is the legal basis for the storage. In all other cases, our legitimate interest in the safe and user-friendly operation of our applications and websites or our contractual obligations to provide these services is the legal basis for storage.

How we process data from contractual partners and customers

In the following, you will find information on how we process your data if you are our contractual partner, customer, user, or a prospective customer.

Contractual relationship and customer communication

In the context of contractual relationships or communication with customers (e.g., when you send us an inquiry), we process your data in order to fulfill our obligations, protect our rights, and for legal reasons (e.g., tax purposes).


We delete this data as soon as it is no longer necessary for the aforementioned purpose, and there are no longer any legal storage obligations (e.g., storage of invoices for tax audits). We delete data that has been made available to us within the scope of a contract as agreed in the contract or after the contract has ended.

User account

If you (have to) create a user account in order to use our applications, we store and process your data within the scope of our contractual obligations towards you. This data will be deleted as soon as your account is deleted, we no longer need the data to provide our contractual services, and there are no legal obligations to retain the data.


As part of your registration with us, we will contact you by e-mail if relevant to you or your account. This may include, for example, notices of changes to our privacy policy or terms and conditions, information of failed login attempts, or instructions on how to reset your password.


We rely on the services of third parties to manage our customers' credentials, provide login screens, and perform authentication. Below you will find the authentication providers we use:


Auth0
Auth0, Inc., 10800 NE 8th Street, Suite 600, Bellevue, WA 98004, USA
Further information is available athttps://auth0.com/privacy/

Range measurement and analyses

To further develop our services, we conduct analyses of how our website and applications are used. As far as possible, we carry out these effects anonymously or pseudonymized. The legal grounds for this are our legitimate interest and your consent.


In the following, you will find the analytics providers we use:


Google
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Further information is available athttps://policies.google.com/privacy

Videoconferences and webinars

We use the services of third-party providers to conduct video conferences and webinars. The respective data protection regulations and terms of use of these services apply. Below you will find the services we use.


Microsoft Teams
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Further information is available athttps://privacy.microsoft.com/privacystatement


Zoom
Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA
Further information is available athttps://zoom.us/privacy


If we ask you for your consent to record meetings (e.g., webinars), your consent is considered the necessary legal ground. Otherwise, our legitimate interests in secure and efficient communication with you are considered the legal basis.

Provision of services

To be able to provide our services, we rely on the services of various hosting providers. These may collect your data in order to prevent misuse of their services. This includes, for example, server log files and access data, e.g., to be able to block spam e-mails and DDoS attacks.


The data is deleted as soon as it is no longer essential for the above-mentioned purposes. The legal basis for processing and storage is our legitimate interests and our contractual obligations to you.


This data may include the address and name of the pages and files you have requested, the date and time of the requests, the type, and version of your browser and operating system, the website visited immediately before (referrer), and your IP address.


In the following, you will find the hosting providers we use:


Google
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Further information is available athttps://policies.google.com/privacy


Netlify
Netlify, Inc., 2325 3rd Street, Suite 215, San Francisco, California 94107, USA
Further information is available athttps://www.netlify.com/privacy/


Microsoft
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA
Further information is available athttps://privacy.microsoft.com/privacystatement


Adobe
Adobe, Inc., 345 Park Avenue, San Jose, CA 95110-2704, USA
Further information is available athttps://www.adobe.com/privacy/policies/adobe-fonts.html


Join
JOIN Solutions AG, Landsgemeindeplatz 6, 9043 Trogen, Switzerland
Further information is available athttps://join.com/privacy


MongoDB
MongoDB, Inc., 1633 Broadway, 38th Floor, New York, NY 10019, USA
Further information is available athttps://www.mongodb.com/legal/privacy-policy

How we process data from applicants

To assess your suitability for our vacancies, we collect various data from you during the application process. You can provide us with this data by e-mail, post, or via an application portal we use.


We use this data to check your qualifications and to verify whether you are a suitable candidate. In the event of a successful application, the data will be further used within the scope of the employment relationship in order to comply with our contractual and legal obligations. Otherwise, we will delete your data no later than 6 months after the end of the application process.


This period is necessary in order to be able to answer possible questions regarding the application process (equal treatment of applicants, etc.). The legal grounds for the storage and processing of this data are our contractual and legal obligations.


If you agree to be included in an applicant pool, we will continue to store your data based on your consent in order to be able to contact you if necessary. You can revoke this consent at any time.

Our social media appearances

We have set up separate pages for our company on various social platforms where we provide news and other information. The data protection regulations and terms and conditions provided by the platform apply in each case. The following is an overview of the social platforms we use.


XING
New Work SE, Dammtorstrasse 30, 20354 Hamburg, Germany
Further information is available athttps://privacy.xing.com/


LinkedIn
LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Further information is available athttps://www.linkedin.com/legal/privacy-policy


Twitter
Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland
Further information is available athttps://twitter.com/privacy


Medium
A Medium Corporation, P.O. Box 602, San Francisco, CA 94104, USA
Further information is available athttps://policy.medium.com/medium-privacy-policy-f03bf92035c9


GitHub
GitHub B.V., Vijzelstraat 68-72, 1017 HL Amsterdam, The Netherlands
Further information is available athttps://docs.github.com/github/site-policy/github-privacy-statement


Slack
Slack Technologies, Inc., 500 Howard Street, San Francisco, CA 94105, USA
Further information is available athttps://slack.com/privacy-policy


We process your data on these platforms only to answer your inquiries or to fulfill our contractual obligations. The legal basis for this is our contractual obligations towards you.

Your rights

Under the GDPR, you have various rights as a data subject:

Right of objection
You have the right to object to the processing of your data on the basis of our legitimate interests if there are reasons arising from your individual situation.

Right of revocation of consent
You have the right to revoke your consent at any time.

Right of access to your personal data
You have the right to ask us to confirm whether we process certain data about you. In addition, you can request a copy of your data we process at any time.

Right of rectification
You have the right to complete or correct your data stored by us if it is incorrect or incomplete.

Right to cancellation and limitation of processing
You have the right to demand that we delete your data immediately. If legal or other obligations do not allow us to do so, you can demand a limitation on the processing of your data.

Right to data transferability
You have the right to receive your data stored with us in a structured, common, and machine-readable format or to request that it be transferred to another data controller.

Complaint to the supervisory authority
You have the right to file a complaint with a supervisory authority in the member state in which you usually reside, work or suspect a violation if you believe that we are violating the GDPR by processing your data.