This Notice concerns the EU, UK and Swiss residents and explains how Flo Health, Inc. (“Company” or “we” or “us”) stores and transfers overseas Personal Data from our users (“you”) in connection with:
- the Flo fem ® mobile application,
- flo.health website ("Website"),
- courses.flo.health (“Courses”),
- reg.flo.health, web application and related services (“Web services”)
(all collectively, the “App”).
We reserve the right to and may change this Notice from time to time. If we make any material changes, we will notify you through the App, or by presenting you with a new version of this Notice. Your continued use of the App after the effective date of an updated version of the Notice will indicate your acceptance of the Notice as modified.
The Company complies with the EU - U.S. Privacy Shield Framework and Swiss - U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles.
The Company is based in the United States, and Personal Data we collect is governed by U.S. law. Please be advised that U.S. law and laws of other countries may not offer the same protections as the law of your jurisdiction.
In addition, you agree that Personal Data collected may be stored and processed in Canada and the United States, where the Company rents servers, or in any other country in which the Company or its affiliates, subsidiaries or agents maintain facilities, and by using the App, you consent to any such transfer of Personal Data outside of your country.
Please bear in mind that we may transfer your Personal Data to the United States whose data protection is not deemed adequate under applicable data protection law.
However, we comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU and Switzerland to the United States. We have certified to the Department of Commerce that we adhere to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles (the “Principles”), the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit privacyshield.gov.
Complaints and Dispute Resolution. In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of your Personal Data. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact us at dpo@flo.healthor at the mailing address:
Flo Health Inc.
541 Jefferson Ave Ste 100, Redwood City, CA 94063-1700
We have further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit the following link for more information or to file a complaint. The services of JAMS are provided at no cost to you.
Arbitration. You may also be able to invoke binding arbitration for unresolved complaints but prior to initiating such arbitration, a resident of a European country (including Switzerland) participating in the Privacy Shield must first: (1) contact us and afford us the opportunity to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department of Commerce (either directly or through a European Data Protection Authority) and afford the Department of Commerce time to attempt to resolve the issue. If such a resident invokes binding arbitration, each party shall be responsible for its own attorney’s fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only impose individual-specific, non-monetary, equitable relief necessary to remedy any violation of the Privacy Shield Principles with respect to the resident. The arbitration option may not be invoked if the individual’s same claimed violation of the Principles (1) has previously been subject to binding arbitration; (2) was the subject of a final judgment entered in a court action to which the individual was a party; or (3) was previously settled by the parties.
U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
Onward Personal Data transfers. In the context of an onward data transfer we have responsibility for the processing of Personal Data we receive under the Privacy Shield. We remain liable under the Principles if our processor processes such Personal Data in a manner inconsistent with the Principles and applicable laws, unless we prove that we are not responsible for the event giving rise to the damage. For any onward transfer we commit to execute a formal agreement with any receiving party or processor acting on our behalf.
If we receive Personal Data subject to our certification under the Privacy Shield and then transfer it to a third-party service provider acting as an agent on our behalf, we have certain liability under the Privacy Shield if both (i) the agent processes the Personal Data in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.