Updated: 26th November, 2024
This Privacy Notice does not apply to the processing of your personal data when you are using the Flowcase Application. For the processing activity using the Flowcase Application, Flowcase is the Data Processor.
Flowcase respects and values your privacy. We will only collect and use personal data in ways that are necessary and consistent with your rights and our obligations under Applicable Privacy Laws.
This Privacy Notice satisfies the notice requirements under the obligations and conditions set by Applicable Privacy Laws, such as EU General Data Protection Regulation (2016/679), Australia’s Privacy Act 1988, New Zealand’s Privacy Act 2020, UK GDPR, Canada’s Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA) and US state’s data protection laws.
Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. We are responsible for making decisions about how your personal data is processed. If you do not agree with our policies and practices, please do not use our website. If you still have any questions or concerns, please contact us at privacy@flowcase.com.
2. What personal data do we process?
3. Where do we receive your personal data from?
4. Processing activities, legal basis, types of personal data and retention?
6. Whom do we share your personal data with?
7. When do we transfer your personal data outside your region?
8. Our security and privacy efforts
11. Changes to this Privacy Notice
This Privacy Notice applies to our processing of any and all data processed by us in relation to performing our business operations and the use of our website.
When the company you represent, are an employee, contractor or consultant of, or otherwise is connected to (“Your Company”) signs up for and lets you use the Application, Flowcase processes personal data about you (“Application User”) as a data processor on behalf of Your Company. For information about how Your Company processes your personal data, or to exercise your rights, please contact Your Company or refer to the Application for the applicable privacy notice. You may additionally fall under any or all of the groups listed above in this Privacy Notice. For the groups 1-4 listed below, Flowcase is the Data Controller. This use of your personal data is what’s described in this Privacy Notice.
This Privacy Notice for Flowcase, describes how and why we might access, collect, store, use, and/or share ("process") your personal data when you:
Please note that this Privacy Notice does not apply to any websites that are linked to from our website (whether we provide those links or whether they are shared by other users). When you engage and communicate with us through other websites and platforms, such as e.g. LinkedIn, we have no control over how your data is collected, stored or used by the provider of these websites or platforms, and we advise you to read the privacy policies of any such websites before providing any data.
Personal data is information that alone or in addition to other personal data can identify a natural person. It is further information that can be directly or indirectly linked to a natural person. Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means.
Flowcase may process the following categories of personal data about you:
The examples listed in each category above are provided as examples and are not intended to be exhaustive. This list includes, but is not limited to, the specified categories and examples, and additional categories, personal data and/or information may apply.
We do not intend to process sensitive personal data about you. Do not, by any means, disclose, provide or otherwise make available information or data to us that consist of or involve special categories of personal data.
We do not intend to process personal data about minors. Do not, by any means, disclose, provide or otherwise make available personal data to us that involves personal data about minors.
If you want more information about which exact sources we have received your personal data from, you can always contact us. You will find our contact details below.
This section describes:
If you are located in Canada, this paragraph applies to you. Where we refer to our legal basis as any other than consent per GDPR, the applicable legal basis for our processing of your data is so-called “implied consent”. We have concluded that in relation to your interaction and use of any service, either provided directly from Flowcase or a third party, together with personal data provided you about how your data is processed, the parties with whom personal data will be shared, the purposes of the processing and the consequences of such, it is sufficient to be considered a consent under PIPEDA.
When you visit our website, it may place, store, access or retrieve information in your browser, mostly in the form of cookies. This information may be about you, your preferences or your device and is used to facilitate and improve your experience of our website and to provide and improve our products and services. We have carefully chosen these cookies and have taken steps to ensure that your privacy is protected and respected at all times.
The information does not usually identify you directly but can provide you with a more customized user experience. You can choose not to allow certain types of cookies. If you block certain types of cookies, it may affect your experience on the website and the services we can offer.
Please read our Cookie Policy for more information, available on the bottom on our website, by clicking on “consent preferences”.
We may share your data with third-party vendors, Your Company, service providers, contractors, agents or other third-parties (“Third Parties”) who perform service for us or on our behalf and require access to such information. This means that they cannot do anything with your personal data unless we have instructed them to do so. They also commit to protect the data they process on our behalf and to retain it for the period we instruct.
In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.
We may, from time to time, expand or reduce our business, and this may involve the sale and/or the transfer of control of all or part of our business. Your personal data may, where it is relevant to any part of our business so transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Notice, be permitted to use the data for the purposes for which it was originally collected by us, unless otherwise agreed in a contract to which you are a party.
The categories of Third Parties that may have access to your data for the processing activities stated in this Privacy Notice, are such of ad networks, communication & collaboration tools, data analytics services, affiliate marketing programs, performance monitoring tools, sales & marketing tools, customer relation management tools, retargeting platforms, social networks, website hosting service providers, business affiliates or partners.
We always strive to process your personal data within the EU/EEA area.
When using our Application Service, including the personal data stored in the Application, your data is hosted in the EU/EEA. Please refer to our Privacy Notice available in the Application outlining the processing activities when you or Your Company have access to and use our Application.
For the processing activities outlined in this Policy, some or all of your data may be stored or transferred outside of the EU/ EEA. If we do store or transfer data outside the EEA, it is based on adequate transfer mechanisms, and we will take all reasonable steps to ensure that your data is processed as safely and securely as it would be within the EEA and under the GDPR.
Flowcase is based in both the EU/EEA, including the UK and Canada. The European Commission has recognized both the UK and Canada as providing adequate protection of personal data for third country transfer in terms of EU GDPR. Flowcase, including all its subsidiaries and locations, including the personnel, are bound by the same strict policies and processes as the headquarters based in Norway.
For the purposes stated in this Privacy Notice, some of our suppliers and their subcontractors process your personal data outside the EU/EEA. We also use suppliers whose parent company, or whose subcontractor’s parent company, is based outside the EU/EEA. In these cases, we have considered the risk that the personal data may be disclosed to countries outside the EU/EEA. In cases where another recipient of your personal data is based outside the EU/EEA, this will also mean that your personal data is transferred outside the EU/EEA.
When we, or one of our suppliers, transfer your personal data outside the EU/EEA, we will ensure that we use a safeguard recognized by the GDPR to enable the transfer. We use the following safeguards:
When your personal data is transferred outside the EU/EEA, we also implement appropriate technical and organizational safeguards, to protect the personal data in case of a disclosure. Exactly which protective measures we implement depends on what is technically feasible, and sufficiently effective, for the particular transfer.
If you want more information about the cases in which your personal data is transferred outside the EU/EEA; where it’s transferred to; the safeguards recognized by the GDPR that we use for transfers of your personal data; or the protective measures that are implemented, you can always contact us. You will find our contact details in Section 10 below.
Data security and privacy is of great importance to us. Flowcase is both ISO-certified and has acquired SOC2 Type 2 approved attestation report.
We have implemented appropriate and reasonable technical and organizational security measures, designed to protect the security and privacy of any personal data we process.
You can also request access to our Trust-page at https://trust.flowcase.com, where more information about our security controls and practices are provided, including our certifications and attestations. Further extensive (confidential) security documentation can be provided upon request. Please contact security@flowcase.com.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to us data via the internet.
Depending on your location of residence, such as US states, European Economic Area (EEA), United Kingdom (UK), Switzerland and Canada, you have certain rights that allow you greater access to and control over your personal data. We will consider and act upon any request, regardless where you are residing.
Under EU General Data Protection Regulation (2016/679), you have the following rights:
To exercise your rights, you can contact us by submitting a data subject access request by emailing us at privacy@flowcase.com, or by referring to the contact details at the bottom of this Privacy Notice.
Under certain US state data protection laws, you can designate an authorized agent to make a request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits applicable groups of data subjects in relation to this Privacy Notice who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal data (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal data in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your data subject access detailed above.
Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. We will only use personal data provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and for security or fraud-prevention purposes.
Flowcase consists of CV Partner AS, including subsidiaries CV Partner Ltd., CV Partner ApS, CV Partner Oy and CV Partner Canada Inc. When we refer to Flowcase, “we”, “us” or otherwise similar, we mean all or any employee, contractor or otherwise authorized person that will have access to your information.
Application consists of our SaaS solution, typically identified as www.”yourcompany”.flowcase.com.
Applicable Privacy Laws are any and all privacy laws that governs our processing of personal data, such as EU General Data Protection Regulation (2016/679)
We may change this Privacy Notice from time to time as we deem necessary or as may be required by law. The updated version will be indicated by an updated date at the top of this Privacy Notice. Any changes will be immediately posted on our website, and you are responsible for keeping yourself updated on any changes. When you use our website, take part in any of the activities outlined in this Policy or in any way interact with us or our website, you will be deemed to have accepted the terms of this Privacy Notice.
If you have any questions regarding how we are processing your Personal Data or any questions regarding this Privacy Notice, you can contact us at privacy@flowcase.com.
We have appointed our Compliance Manager to be our representative Data Protection Officer. You can contact this person by the email detailed above.
Privacy Violation
If you believe that our processing of personal data violates applicable privacy laws, you have the right to complain to the supervisory authority, but we kindly ask you to contact us first or subsequently at privacy@flowcase.com for us to review and implement necessary and immediate measures to prevent further harm.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal data, you have the right to complain to your Member State data protection authority or UK data protection authority. If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner. If you are located in Australia or New Zealand, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand’s Privacy Principles to the Office of New Zealand Privacy Commissioner.
As a Norwegian entity, the Norwegian Data Protection Authority is the relevant authority for CV Partner’s processing of personal data. The supervisory authority in Norway is the Datatilsynet. You can find information on how to contact the authority on this website: www.datatilsynet.no.
Under certain US state data protection laws, if we decline to take action regarding your data subject request, you may appeal our decision by emailing us at privacy@flowcase.com. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If your appeal is denied, you may submit a complaint to your state attorney general.
If we uncover any personal data breach where your personal data is compromised, and it is likely to result in a high risk to your rights and freedoms, we will take reasonable steps to inform you without undue delay and in compliance with GDPR Article 34.
This Policy applies to our use of any and all data collected by us in relation to performing our business, providing our services, the use of our website and our application. Please read this Privacy Policy carefully and ensure that you understand it. If you have any questions with regard to the Policy or our processing of personal data, please contact us (contact information is provided at the bottom of this page).
The data controller for the personal data being processed as described in this Policy is:
Flowcase AS, a limited company registered in Norway under business reg. no. 932 614 286 whose registered address is Akersgata 49, 0180 Oslo, Norway. More contact information is provided at the bottom of this page.
Our data protection officer is Marte Eriksen who can be contacted at privacy@flowcase.com