Updated: May 25, 2018

The protection and security of your information is a top priority for us, Freelance Flow Ltd, and this informs all our business processes. In this privacy policy, we will provide you with an overview of our online offering that are related to privacy and data protection.

In the following, we will explain what information we collect when you use Freelance Flow Ltd's online services and for what purposes we and our affiliated third parties use this information, what rights and choices you have regarding the processing of your information and how to contact us regarding data protection.

1. When does this privacy policy apply?

This privacy policy applies to the online services of Freelance Flow Ltd under the domain, including any subdomains (hereafter called “websites”), as well as our social media sites on Facebook, Twitter and Instagram, hereafter called “social media sites”). Personal data is information that relates to an identified or identifiable person. This includes, but is not limited to, information that could enable your identification, such as your name, telephone number, physical address or e-mail address. We collect and aggregate data for statistical purposes, such as when you visit our website. This data cannot be associated with your person and are not included under the term “personal data”. You can print or save this privacy policy through the standard methods made available by your browser.

2. Persons responsible and points of contact

The processing of your personal information when visiting this website is done in accordance with the EU General Data Protection Regulation (GDPR). The corresponding point of contact:

Data Protection Division, Freelance Flow Ltd
19 Terenure Road East
Dublin 6, Ireland
Telephone: +353 (0) 83 042 1597

If you have any questions concerning data protection in connection with our products or the use of our website, you can contact us at any time.

3. Data processing on our website

3.1. Accessing our website / automatically collected access data

You are able to visit our websites without disclosing any information about your person. We only collect access data that is automatically transferred by your browser. Access data includes, for example:

the IP address of the device used for access, the date and time of access, the address of the visited website and the requesting website, information about the browser and operating system in use and online identifiers (for example device IDs, session IDs).

Processing this access data is necessary to enable a visit to the website and to ensure the long term functionality and security of our systems. This access data is temporarily stored in internal log files for the to create statistical data about the use of our website, to further develop our website based on the usage habits of our visitors (for example, when the number of users accessing the site via mobile devices increases) and to maintain our website in the general administrative sense. The legal basis for this usage is Art. 6 para. 1 lit. b and f of GDPR. The information stored in these log files cannot be tied to your identity – and we only store IP addresses in a shortened, anonymized form. The log files are stored for 30 days and will be archived after subsequent anonymization.

3.2. Contact

You have several different options for contacting us. These include our contact form and our e-mail address. When you get in touch, we process data exclusively for the purpose of communicating with you. The legal basis is Art. 6 para. 1 lit. b of the GDPR. Once your request has been completely processed, the data we have collected through the contact form will be automatically deleted unless we require your request to fulfill our contractual or legal obligations (see the section “storage duration”).

3.3. Orders and Bookings

When you register on our website, we collect the necessary data for executing our contractual agreement:
first and last name, address, telephone number, e-mail address
The legal basis for the afore mentioned processing is Art. 6 para. 1 lit. b of the GDPR, as we have a legitimate interest in providing a simple and user-friendly registration process for our clients. These data points are required for setting up your account and continuing to use our services (see 3.5)

3.4. Payments

When depositing funds through a payment plan, you can choose between various payment options offered by our payments partner MangoPay.For more information regarding MangoPay's processes, please refer to MangoPay's terms of service here. In particular, we have entrusted the following service provider to process these payments:
MangoPay,2 Avenue Amélie, L-1125 Luxembourg

Any information you provide to the afore mentioned service providers will not be forwarded to us by them. The only information we receive is that your payment has been completed. The processing of data by the afore mentioned payment service providers is based on our legitimate interest, according to Art. 6 para. 1 lit. b and f of the GDPR, in providing our clients with comfortable and secure payment.

3.5. Forwarding your data to the service partners you have selected

When you make a payment through our website, we will forward the necessary data to the service provider you are paying. Your contractual relationship for purchasing a service is with your service provider, we merely facilitate communication between you and your service provider. As stated in our general terms of service, this service provider is your direct point of contact.

3.6. Login area for buyers and sellers

You have the possibility to register for our login area so that you are able to enjoy the full functionality of our website. We have highlighted the data you are required to provide. Without these data, registration is not possible. Legal basis for processing is Art. 6 para. 1 lit. b of the GDPR.

3.7. Newsletter and advertising mailings

You have the possibility to sign up for our newsletter, in which we regularly inform you about news regarding our offers and promotions. When you sign up for our newsletter, we use the so-called double opt-in procedure. This means that we will only send you newsletters by e-mail after you, by clicking a link in our notification e-mail, have confirmed that you are the owner of the given e-mail address. If you confirm your e-mail address, we will save your e-mail address, the time of registration and the IP address used for registration until you unsubscribe from the newsletter. The sole purpose of storing this information is to provide you with the newsletter and to prove your registration. You can unsubscribe from the newsletter at any time. A corresponding unsubscribe link can be found in every newsletter. A notification sent to the contact details mentioned above or in the newsletter (for example, via e-mail or by mail) is also sufficient. The legal basis for the processing is your consent in accordance with Art. 6 para. 1 lit. a of the GDPR. In addition, we also send out advertising mailings in connection with our services to you. The legal basis for this data processing is Art. 6 para. 1 lit. f of the GDPR, based on our interest in existing customer advertising. For the dispatch of our newsletter and our advertising mailings, we work together with service providers to whom we, among other things, send your e-mail address and the circumstances of your newsletter registration in order to be able to send you the newsletter and advertising mailings (for example, MailChimp of The Rocket Science Group LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA). Additionally, our newsletter and advertising mailings will to a small extent adapt to the individual needs of our customers. On the basis of the booking data collected from you, we adapt, for example, the language settings in our mailings or indicate bookable additional services. The disclosure of data to our service providers in connection with newsletter distribution and advertising mailings is based on our legitimate interest in advertising our services to our customers in an interest-based manner. In our newsletters, we use commercially common technologies that measure the interaction with the newsletters (for example, the opening of e-mails, clicked links). We use this data in pseudonymous form for the purpose of general statistical evaluations as well as for the optimization and further development of our content and customer communication. This is done with the help of small graphics that are embedded in the newsletter (so-called pixels). These data are collected exclusively in pseudonymous form and are also not linked with your other personal information. Legal basis for this is our aforementioned legitimate interest in accordance with Art. 6 para. 1 lit. f of the GDPR. Through our newsletter, we aim to share content relevant to our customers and to better understand what readers are actually interested in. If you do not want to have your usage behavior analyzed, you can unsubscribe from the newsletter or deactivate graphics in your e-mail program. The data for the interaction with our newsletters are stored in pseudonymous form for 30 days and subsequently completely anonymized.

3.8. Cookies usage

Some of our services necessitate the use of so-called cookies. A cookie is a small text file that is stored by the browser on your device. Cookies are not used to run programs or to download viruses onto your computer. The main purpose of our cookies is to provide you with a customized offer and to make the use of our services as time-saving as possible. Most browsers are set to accept cookies by default. You can however change your browser settings to refuse cookies or to only save them with prior consent. If you disable cookies, this will mean that some of our services will not work properly for you. We use cookies, in particular, for log in authentication, for load distribution, to save your language settings and to note that you have seen certain information placed on our website – so that it will not be displayed again the next time you visit the website. Through this, we want to enable a more comfortable and individualized use of our website. These services are based on our afore mentioned legitimate interests, legal basis is Art. 6 para. 1 lit. f of the GDPR. Additionally, we use cookies and similar technologies (such as web beacons) from partners for analysis and marketing purposes. This will be described in more detail in the following sections.

3.9. Use of cookies and similar technologies for analysis

To improve our website, we make use of cookies and similar technologies (such as web beacons) to statistically collect and analyze general usage patterns based on access data. We also use analysis services to evaluate the use of our various marketing channels. The legal basis for the data processing described in the following section is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in the needs-based design and continuous optimization of our website.

In the following list of technologies we use, you will also find information on the possible contradictions with regard to our analysis measures using a so-called opt-out cookie. Please note that after deleting all cookies in your browser or later use of another browser and/or profile, an opt-out cookie must be set once again. We, in particular, make use of the following services: Google Analytics of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) to analyze and improve our website based on your user behavior. However, your IP address is shortened before the usage statistics are evaluated and no conclusions can be made about your identity. For this purpose, Google Analytics has been enhanced on our website with the code “anonymizeIP” to secure the anonymous collection of IP addresses. You can prevent Google from processing these data by installing a browser add-on provided by Google. As an alternative to a browser add-on or if you access our website from a mobile device, please use this opt-out link. You will find further information on data processing through this service in the Privacy Policy of Google Analytics. Pingdom of Solarwinds Inc., 7171 Southwest Parkway, Bldg 400, Austin, Texas 78735. You can prevent data processing by pressing the following button: OPT-OUT. Further information on data processing through this service can be found in the Privacy Policy of Solarwinds.

3.10. Google Tag Manager

Our website uses the Google Tag Manager, a service of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). The Tag Manager is used to manage tracking tools and other services, so-called website tags. A tag is an element that is stored in the source code of our website in order to record, for example, predefined usage data. The Google Tag Manager does not require the use of cookies. The Google Tag Manager ensures that the usage data needed by our partners (see data processing procedures described above) are forwarded to them. Some of the data are processed on a Google server in the US. In the event that personal data are transferred to the US, Google has submitted to the EU-US Privacy Shield. The legal basis is Art. 6 para. 1 lit. f of the GDPR, based on our legitimate interest in integrating and managing several tags on our website in an uncomplicated manner. For more information, see Google’s information about the Tag Manager.

4. Cooperation with partners

While we only process data that we receive directly from you, we also work together with various cooperation partners who provide us with prospects for our products. We will only process personal data that we permissibly receive (for example, on the basis of contracts or your consent) from our cooperation partners.

5. Disclosure of data

The data collected by us will only be passed on if:

  • you have given your explicit consent in accordance with Art. 6 para. 1. lit. a of the GDPR, especially in context with 3.5. of this statement (see above)
  • the disclosure in accordance with Art. 6 para. 1 lit. f of the GDPR is necessary in order to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • we are legally obliged in accordance with Art. 6 para. 1 lit. c of the GDPR to disclosure or
  • this is permitted by law and, in accordance with Art. 6 para. 1 lit. b of the GDPR, is required for the execution of contractual relationships with you or for the execution of precontractual measures, which will be carried out upon your request.

Part of the data processing can be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include data centers that store our website and our databases, IT service providers that maintain our systems as well as consulting firms. If we pass on data to our service providers, they may use the data exclusively for the fulfillment of their tasks. The service providers have been carefully selected and commissioned by us. The providers are contractually bound by our instructions, they have appropriate technical and organizational measures in effect in order to protect the rights of the persons concerned and are regularly monitored by us. In addition, the data may be passed on in connection with official inquires, court orders and legal proceedings if they are necessary for legal prosecution or enforcement.

6. Storage duration

Principally, we only store personal information for as long as it is necessary to fulfill the contractual or statutory obligations for which we have collected the data. Thereafter, we immediately delete the information, unless we need the data for purposes of proof for civil law claims or due to statutory retention obligations. For evidence purposes, we must keep contractual data for another three years starting from the end of the year in which the business relationship with you ends. Any claims become statute-barred after the legal limitation period, earliest at this point in time. Even after this period, we still need to store some of your data for accounting purposes. We are required to do so by legal requirements on documentation that may arise from the Irish Commercial Code, the Fiscal Code, the Banking Act, the Money Laundering Act and the Securities Trading Act. The time periods specified there for retention of documents are two to ten years.

7. Your rights

You have the right to request information about the processing of your personal data by us at any time. We will explain the data processing and provide you with an overview of the data stored about you as part of the provision of information. If data stored with us are incorrect or no longer up to date, you have the right to have this information corrected. Furthermore, you have the right to request the deletion of your data. Should the deletion in exceptional cases not be possible due to other legal provisions, the data will be blocked so that they are only available for this legal purpose. Furthermore, you may also have the processing of your data restricted, for example, if you believe the data we have stored are incorrect. You also have the right to data portability, meaning that we would send you a digital copy of the personal data you have provided upon your request. To exercise your rights as described here, you can contact us at any time using the aforementioned contact details. This is also the case if you wish to receive copies of warranties to prove an adequate level of data protection. In addition, you have the right to object to data processing based on Art. 6 para. 1 lit. e or f of the GDPR. Finally, you have the right to file a complaint with the data protection authority responsible for our supervision. You may exercise this right before a supervisory authority in the member state in which you are staying, working or in the place of the alleged violation. In Berlin, the responsible supervisory authority is:

Data Protection Commission für 21 Fitzwilliam Square South, Dublin 2, D02 RD28 Dublin.

9. Data security

We maintain updated technical measures to guarantee data security and, in particular, to protect your personal data from dangers during data transfers as well as from the acquisition of data by third parties. These measures are adjusted and updated to the newest technological standards for each of them. In order to secure the personal information you provide via our website, we use Transport Layer Security (TLS), which encrypts the information you enter.

10. Changes to the privacy policy

From time to time, we may update this privacy policy, for example, when we make changes to our website or if the legal or regulatory requirements change.