Our approach to Data Protection and Privacy

Flowcase processes personal data on behalf of our clients. Keeping this data safe while staying compliant with EU and other privacy regulations is our top priority.

Data Processing Agreement

This regulates the relationship between you (our client) as a Data Controller and us (Flowcase) as a Data Processor

Our Culture and Employees

We have a dedicated Data Protection Officer and employee security training to ensure awareness of everything you’ll find on this page

Internal Audit Procedures

We have thorough internal audit procedures, including exception handling, which we review regularly

Information Security Policy

Including strict access policy and a data classification policy. We boast ISO 27001 and SOC 2 Type II certifications

Data Portability

  • We only process personal data within the EU/EEA
  • All personal data, including backups, will be deleted within 3 months after a user is deleted
  • We only store personal data within the EU (Ireland and Germany)
  • We strictly limit the number of subprocessors

Data Privacy

  • Your employees can access, rectify and delete their personal information by accessing the Flowcase tool
  • Your administrators can download personal data via built-in functionality and provide this to any of your employees who might request this

Data Protection Policy

Our Data Protection Policy details principles, organization and responsibility, management review, privacy by design, event handling, internal control and other relevant aspects that shall be applied to all processing of personal data in CV Partner.

View our Privacy and Cookie Policy

Some of our security controls:

  • Secure Development and Operations Policy
  • Access Control Policy
  • Information Classification Policy
  • Regular Penetration Testing
  • Internal Audits Automatic routines for applying Security Patches
  • Screening of new Employees
  • Incident Management and Reporting
  • Clear Desk and Clear Screen policy
  • Encryption in transit and at rest
What we recommend our clients do
  • Sign the data processing agreement with Flowcase
  • Inform your employees of the processing
  • Provide a dedicated contact person for privacy issues
  • Implement routines (manual or automatic) for deleting users (and their personal data) if/when they leave
  • Ensure legitimate legal basis for the data you process (usually “Contract”, such as employment agreements with your employees)