Privacy Notice

General Information

In line with our legal obligations, Flo Health Inc. collects your data only to the extent it is required to fulfil precise purposes related to our business.

This privacy notice tells you what to expect us to do with your personal information when you make contact with us through our landing pages in relation to our Employee Benefits Program.

Controller’s Contact Details

Flo Health Inc. is the controller for the personal information we process, unless otherwise stated.

There are many ways you can contact us, including by, email and post.

Our postal address:            

Flo Health Inc.
541 Jefferson Ave Ste 100
Redwood City, CA 94063-1700

We can be contacted by email at support@flo.health or dpo@flo.health

Data Protection Officer’s Details

Our Data Protection Officer is Susanne Schumacher. You can contact her at dpo@flo.health or via our postal address. Please mark the envelope ‘Data Protection Officer’.

Your Data Protection Rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances. 

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated. 

You are not required to pay a charge for exercising your rights. We have one month to respond to you.
Please contact us at support@flo.health or dpo@flo.health if you wish to make a request.

Sharing Your Information

We will not share your information with any third parties for the purposes of direct marketing.

We use HubSpot as a third party data processor who provide elements of services for us. We have contracts in place with our data processors including HubSpot. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct. 

You can find out more about HubSpot and their privacy practices here.

We may also share your data with any of our global offices, which means our subsidiaries. You can find out about our subsidiaries here.

Information We Collect Directly From You

When you interact with our landing page, we may collect the following information from you should you choose to provide it:

Personal Information

  • your full name
  • company name
  • company size
  • email address
  • phone number (optional)
  • job title (optional)

Location Information:

  • IP address;
  • Time zone;
  • Information about your mobile service provider.

To collect this information, we may also send cookies to your mobile device or computer or engage other tracking technologies. See more in our cookie policy.

We may also collect information about you indirectly through our website.  You can read more about this in our website privacy policy.

How We Use Your Data

We use information you provide as described above in the following ways:

  • To provide you with information related to the Flo Employee Benefits Program.
  • To contact you in order to discuss the Flo Employee Benefits Program.

Our Legal Basis

Our legal basis for processing your data is legitimate interest. This means that we will only use your data as you expect us to do, that is, to respond to your queries and to provide further information about our employee benefit program which we think may be of interest to you. 

Security

The security of your personal information is important to us. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. You can read more about our security practices here.

Storage 

Your data will be stored in the United States. We participate in and have certified our compliance with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Frameworks. You can read more about the privacy shield framework here.  

For customers in the EEA

The European Court of Justice has declared the EU-US Privacy Shield, which we like many companies had previously relied on to ensure a sufficient level of data protection, to be invalid. We have entered into Standard Contractual Clauses with all non-EU vendors of data processing tools (data processors) to ensure an adequate level of data protection in accordance with Art 46(2)(c) GDPR.

However, the Standard Contractual Clauses do not bind the governmental bodies of the non-EU country in which our processor operates. In some cases, governments may have powers of surveillance that run contrary to EU law data protection principles. Therefore, there is a risk that a processor might be forced by law to act against the obligations contained in the Standard Contractual Clauses and hand over personal information to local government officials, with limited rights for Flo and you as an individual to seek legal help against such actions.

We manage this risk by ensuring our processors are subject to robust due diligence procedures. We do not work with processors based in countries where we are concerned about the rule of law with respect to privacy. 

We continue to closely observe regulatory developments and best practice in this area. In the meantime, some non-EU processors, and in particular US-based processors, are a vital part of our service and we cannot provide our service to you without using such processors as described in this privacy notice.

Retention

We will store your information for as long as you want to hear from us.  You can unsubscribe from our mailing list at any time. You can also ask us to delete your information by sending your request to support@flo.health or dpo@flo.health.

Changes to this Notice

We reserve the right to and may change this Privacy Notice from time to time. If we make any material changes, we will notify you by email (sent to the email address specified) or by presenting you with a new version of this Privacy Notice and please check regularly for updates.