Privacy Policy

(Last update: 06.03.2025)

‍

FLOWIT AG (hereinafter: "we", "us") welcomes you to our website www.flowit.ai (hereinafter: "website").

Our policy is to collect only what we need and to process this information solely to provide you with the service for which you have registered.

‍

Note on the applicability of the Swiss Data Protection Act (DSG)

We are subject to both the Swiss Data Protection Act (DPA) and the General Data Protection Regulation (GDPR). For the sake of readability and clarity, these data protection notices mainly refer to the provisions of the GDPR. However, all references to the GDPR also apply mutatis mutandis to the corresponding provisions of the Swiss DPA, insofar as these are applicable. We ensure that all relevant data protection requirements, including those of the Swiss DPA, are complied with.

‍

1. Person responsible

The controller responsible for the processing of personal data on our website within the meaning of the General Data Protection Regulation (hereinafter: "GDPR") is

‍

FLOWIT AG

Kemptpark 12

8310

Switzerland

‍

2. Data Protection Officer

Our appointed data protection officer is:

‍

Kertos

Briennerstrasse 41

80333 Munich

Germany

E-Mail: dsb@kertos.io

‍

3.What is personal data?

Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address or IP address. Information for which we cannot (or only with disproportionate effort) establish a reference to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. the collection, retrieval, use, storage or transmission) always requires a legal basis such as your consent.

‍

4. Data processing on our website

‍

Provision and use of the website

‍

Scope and purpose of data processing

We collect and use our users' personal data only to the extent that this is technically necessary to provide a functional website and our content and services or information.

When you access and use our website, we collect personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

‍

The following information is collected without any action on your part and stored until it is automatically deleted:

IP address of the requesting computer,

Date and time of access,

Name and URL of the retrieved file,

Website from which access is made (referrer URL),

the browser used and, if applicable, the operating system of your computer and the name of your access provider.

We process the aforementioned data for the following purposes:

Ensuring a smooth connection to the website

Ensuring the convenient use of our website

For IT security purposes

‍

Legal basis

Art. 6 para. 1 lit. f GDPR serves as the legal basis. The processing of the aforementioned data is necessary for the provision of a website and to enable secure and convenient use and thus serves to safeguard a legitimate interest of our company.

‍

Storage period and deletion

As soon as the aforementioned data is no longer required to display the website, it is deleted (after 30 days at the latest). The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. The user therefore has no option to object. Further storage takes place in individual cases if this is required by law.

‍

Third parties

We use an external service provider, Amazon Web Services, Inc. (AWS), 410 Terry Avenue North, Seattle, WA 98109-5210, USA (hereinafter referred to as "AWS"), to host the website.

‍

Your personal data will be shared with AWS to provide the hosting services. The server locations of AWS may be located in different regions, including the European Union and the United States. If personal data is transferred to the USA, this is done on the basis of the EU-US Data Privacy Framework in accordance with the adequacy decision of the EU Commission (Art. 45 GDPR). AWS is certified within this framework to ensure an adequate level of data protection.

‍

For more information, please refer to the AWS privacy policy ([https://aws.amazon.com/privacy/](https://aws.amazon.com/privacy/)) or ask us about the concluded data processing agreement (DPA).

‍

Contact by e-mail

Scope and purpose of data processing

On our website, we offer you the opportunity to contact us by e-mail. When you contact us, the personal data you provide, such as title, name, content of the e-mail and your e-mail address, will be processed.

This data is processed by us in order to be able to process your request properly. This data is processed by the service providers we use, which are required, for example, for sending, receiving and storing e-mails.

‍

Legal basis

The data processing described above for the purpose of contacting us is carried out on the basis of Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in being able to process your request. If your request serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis.

‍

Storage period and data deletion

As soon as your inquiry has been processed and the matter has been conclusively clarified, your personal data processed via the contact form will be deleted. Once the inquiry has been completed, the data may remain stored in our CRM system to enable structured management of customer and prospective customer contacts.

The data is stored on the basis of Art. 6 para. 1 lit. b GDPR (fulfillment of contract or pre-contractual measures) or Art. 6 para. 1 lit. f GDPR (legitimate interest in the management of leads and business relationships). You have the right to object to the storage of your data (Art. 21 GDPR).

If data is stored for marketing purposes, we will first obtain your consent (Art. 6 (1) (a) GDPR).

Further storage will only take place if this is required by law.

‍

Contact form

Scope and purpose of data processing

On our website, we offer you the opportunity to contact us via a contact form, e.g. for a consultation. For this purpose, we use "Webflow" from Webflow, Inc. 398 11th St., Floor 2, San Francisco, CA 94103 (hereinafter: "Webflow"). Your personal data is passed on to Webflow in order to provide the services. Webflow's servers are located in the United States, so it is possible that the personal data collected will be transferred to the United States. There is an adequacy decision of the EU Commission for data transfers to the US, the EU-US Data Privacy Framework. "Webflow" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.

‍

If you contact us via this form, the following personal data will be processed:

Name

E-mail address

Phone number

Nationality

Reason for the request

This data is processed by us in order to process your request properly. When using the contact form, your personal data will not be passed on to third parties.

Legal basis

The data processing described above for the purpose of contacting us is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in being able to process your request. If your request serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis.

Storage period and data deletion

As soon as your inquiry has been processed and the matter has been conclusively clarified, your personal data processed via the contact form will be deleted. After completion of the inquiry, the data may remain stored in our CRM system to enable structured management of customer and prospective customer contacts.

If data is stored for marketing purposes, we will first obtain your consent (Art. 6 (1) (a) GDPR).

Further storage will only take place if this is required by law.

‍

Demo booking

Scope and purpose of data processing

On our website, we offer you the opportunity to arrange a product demo via a demo booking form. For this purpose, we use "Calendly" from Calendly, LLC, 271 17th St NW, Atlanta, GA 30363, USA (hereinafter: "Calendly"). Your personal data is passed on to Calendly in order to provide the appointment scheduling service. Calendly's servers are located in the United States, so it is possible that the personal data collected will be transferred to the United States. There is an adequacy decision of the EU Commission for data transfers to the USA, the EU-US Data Privacy Framework. "Calendly" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.

If you book a demo using this form, the following personal data will be processed:

Name
E-mail address
Phone number
Date and time of the desired appointment
Concern or desired focus of the demo

‍

This data is processed by us in order to properly process your request and organize the desired demo. In addition, the data collected for the demo booking will be stored in our CRM system to enable us to manage and track your request. This data may be forwarded to Salesforce (Salesforce, Inc., 415 Mission St, San Francisco, CA 94105, USA). Salesforce is also certified in accordance with the EU-US Data Privacy Framework, meaning that data transfer on the basis of Art. 45 GDPR is permitted.

Legal basis

The data processing described above for the purpose of booking appointments is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in organizing and processing your booking request. If your request serves to prepare the conclusion of a contract, Art. 6 para. 1 lit. b GDPR is an additional legal basis.

Storage period and data deletion

As soon as your booked demo has taken place and the matter has been conclusively processed, your personal data processed via the demo booking form will be deleted. Once the request has been completed, the data may remain stored in our CRM system to enable structured management of customer and prospect contacts.

If data is stored for marketing purposes, we will first obtain your consent (Art. 6 (1) (a) GDPR).

Further storage will only take place if this is required by law.

Captchas

We use the "reCAPTCHA" service on our website, which is provided by Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). When using the service, the following data is transmitted to Google

IP address
Referrer URL
Operating system
Mouse movements/keyboard strokes
Dwell time
Device settings (e.g. language settings or location)

The purpose of "reCAPTCHA" is to recognize whether the user is an automated user or a real person when contacting us via our contact form. The service thus protects against website downtime due to a high number of automated requests. The information is usually forwarded to a Google server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.

The data is

Due to the protection of the website and the associated safeguarding of the provision of the website, we have a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR.

‍

5. Cookies

Scope and purpose of data processing

We use cookies on our website.

A cookie is a piece of information that is stored on your computer when you visit our website and that allows your browser to be reassigned. Cookies store information such as your language settings for the duration of your visit to our website or the entries you make there.

There are different types of cookies. Session cookies are temporary cookies that are stored in the user's Internet browser until the browser window is closed and the session cookies are deleted. Permanent or persistent cookies are used for repeat visits and are stored in the user's browser for a predefined period of time. First-party cookies are set by the website that the user visits. Only this website is authorized to read information from the cookies. Third-party cookies are set by organizations that do not operate the website the user is visiting.

A distinction can also be made between technically necessary, functional and advertising cookies. The former are necessary to ensure basic functions of the website (e.g. saving the language setting). Functional cookies collect information about the user's behavior and whether they receive error messages. Advertising cookies, on the other hand, are used to offer the user customized advertising.

Legal basis

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR due to the purposes of use described, as we have an interest in the user-friendly presentation of our website. If you have given us your consent to the use of functional and advertising cookies on the basis of a notice ("cookie banner") provided by us on the website, the lawfulness of the use is also based on Art. 6 para. 1 sentence 1 lit. a GDPR.

Storage period and data deletion

As soon as the data transmitted to us via the cookies is no longer required to fulfill the purposes described above, this information is deleted. Further storage takes place in individual cases if this is required by law.

Configuration of the browser settings

Most browsers are set to accept cookies by default. However, you can configure your browser so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if you deactivate cookies via your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser or to display the storage period. It is also possible to set your browser to notify you before cookies are stored. As the various browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the configuration options.

‍

Cookielist

fs-consent | www.flowit.ai | 1 week

fs-consent-ad_personalization | www.flowit.ai | 1 week

fs-consent-ad_storage | www.flowit.ai | 1 week

fs-consent-ad_user_data | www.flowit.ai | 1 week

fs-consent-analytics_storage | www.flowit.ai | 1 week

fs-consent-functionality_storage | www.flowit.ai | 1 week

fs-consent-personalization_storage | www.flowit.ai | 1 week

fs-consent-security_storage | www.flowit.ai | 1 week

fs-consent-updated | www.flowit.ai | 1 week

‍

6. Analysis

We use tracking and analysis tools to ensure the continuous optimization and needs-based design of our website. With the help of tracking measures, we are also able to statistically record the use of our website by visitors and to further develop our online offer for you with the help of the knowledge gained. If you have given us your consent to the use of cookies by means of a notice ("cookie banner") provided by us on the website, the lawfulness of the use is also governed by Art. 6 para. 1 sentence 1 lit. a GDPR. The following description of the tracking and analysis tools also shows the respective processing purposes and the data processed.

‍

Google Analytics

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Analytics uses "cookies" (see § 5) and similar tracking methods such as device fingerprinting.

The information stored in these cookies, e.g. about the time, place and frequency of your use of this website, is generally forwarded to a Google server in the USA and stored there. For data transfers to the USA, there is an adequacy decision by the EU Commission, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR. When using Google Analytics, it cannot be ruled out that the cookies set by Google Analytics may also collect other personal data in addition to the IP address. We would like to point out that Google may transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.

Google will use the information generated by the cookie on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can generally prevent the storage of cookies by setting your browser software accordingly. However, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can revoke your consent to the processing and transfer to third countries at any time in the "Cookiebot" consent tool. This does not affect the lawfulness of the previous processing.

‍

Google Tag

This website uses Google Tag Manager, which is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). Google Tag Manager enables the management of website tags. When you visit the website, an HTTP request is sent to Google. This transmits device information (such as your IP address) to Google and within a Google server in the USA. There is an adequacy decision by the EU Commission for data transfers to the USA, the EU-U.S. Data Privacy Framework. "Google" is certified within this framework, which is why such transfers are based on the legal basis of Art. 45 GDPR.

‍

Hotjar

This site uses the analysis tool "Hotjar", which is provided by Hotjar Ltd, Dragonara Business Centre, 5th Floor, Dragonara Road, Paceville St Julian's STJ 3141, Malta (hereinafter: "Hotjar"). With the help of Hotjar, we can read which content on our website is accessed and how often. The movement, clicking and scrolling behavior of users can be tracked and thus also how users interact with the website. To fulfill its function, Hotjar uses "cookies" (§ 5) and other tracking technologies. You can generally prevent the storage of cookies by setting your browser software accordingly (Do-Not-Track). Hotjar states that it does not sell any personal data to third parties. In order to fulfill its function, Hotjar uses "cookies" (§ 5) and other tracking technologies.

You can find more information on data protection at Hotjar at: https://help.hotjar.com/hc/en-us/sections/360007966773-Data-Privacy

‍

7. E-mail marketing

On our website, you have the option of registering for our e-mail newsletter. To send and manage the newsletter, we use Salesforce, provided by Salesforce, Inc, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA (hereinafter: ‘Salesforce’). In order to provide you with the e-mail newsletter, we collect your e-mail address. By subscribing to the e-mail newsletter, you consent to us forwarding your e-mail address to ‘Salesforce’, which will result in it being transmitted to a server in the USA. ‘Salesforce’ has Binding Corporate Rules (BCRs) that have been approved by European data protection authorities to ensure the protection of personal data. These BCRs provide appropriate safeguards for the transfer of personal data in accordance with Art. 46 GDPR. You can unsubscribe from the email newsletter at any time. To do so, you can send us an email or use the contact form on our website. Further information on data protection at ‘Salesforce’ can be found at: https://www.salesforce.com/de/company/privacy/.

‍

8. Recipients of personal data

Within our company, only those persons have access to your personal data who need it for the purposes stated in each case. Your personal data will only be passed on to external recipients if we are legally entitled to do so or if you have given your consent. Below you will find an overview of the respective recipients:

‍

Data Processors: Group companies or external service providers, e.g. in the areas of technical infrastructure and processing, maintenance and payment processing, which are carefully selected and monitored. The processors may only use the data in accordance with our instructions.

Public authorities: Authorities and state institutions, such as tax authorities, public prosecutors or courts, to which we (must) transfer personal data, e.g. to fulfill legal obligations or to protect legitimate interests

‍

9. PlugIns

Our presence in social networks and platforms serves to actively communicate with our customers and interested parties.

‍

LinkedIn

A link to our company page on the social network "LinkedIn" of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, is therefore integrated on our website. Based on the data transmitted to the respective service via the social plugin, the service may be able to assign you to your account with it.

Before you click on the link, no data is transmitted directly to LinkedIn. Only when you click on the button will data be transmitted. By doing so, you leave our website and establish a direct connection between your browser and the LinkedIn servers. Information on the data that is subsequently collected by LinkedIn can be found at: https://de.linkedin.com/legal/privacy-policy

‍

YouTube

Our website also contains a link to our company page on the video platform "YouTube", which is provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland and Google, LLC 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

No data is transmitted directly to Google before you click on the link. Only when you click on the button will data be transmitted. By doing so, you leave our website and establish a direct connection between your browser and Google's servers. Information on the data that is subsequently collected by Google can be found at: https://policies.google.com/privacy

‍

Facebook

Our website also contains a link to our company page on the social network "Facebook", which is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Before you click on the link, no data is transmitted directly to Meta Platforms Ireland Limited. Only when you click on the button will data be transmitted. By doing so, you leave our website and establish a direct connection between your browser and Meta's servers. Information on the data that is subsequently collected by Facebook can be found at: https://de-de.facebook.com/privacy/policy/.

‍

Instagram

Our website also contains a link to our company page on the social network "Instagram", which is provided by Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.

Before you click on the link, no data is transmitted directly to Meta Platforms Ireland Limited. Only when you click on the button will data be transmitted. By doing so, you leave our website and establish a direct connection between your browser and Google's servers. Information on the data that is subsequently collected by Instagram can be found at: https://privacycenter.instagram.com/policy

‍

10. International data transfer

We process your data mainly within the European Union (EU) and the European Economic Area (EEA). However, some of our service providers may be located outside the EEA in so-called "third countries". The General Data Protection Regulation sets high requirements for the transfer of personal data to third countries. All our data recipients must meet these requirements. Before we transfer your data to a service provider in a third country, each service provider is first checked for its level of data protection. A service provider is only selected if it can demonstrate an adequate level of data protection outside the EEA. Regardless of whether our service providers are based within the EEA or in third countries, each service provider must conclude a contract with us for processing on behalf. Additional requirements must be met for service providers outside the EEA. In accordance with Art. 44 ff. GDPR, personal data may be transferred to service providers who meet at least one of the following requirements

The European Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada).

Standard contractual clauses have been included in our contract with the data recipient (including any additional measures if necessary).

Further appropriate safeguards pursuant to Art. 46 GDPR provided (e.g. Binding Corporate Rules).

In special exceptional cases pursuant to Art. 49 GDPR

‍

10. Data security and security measures

We undertake to treat your personal data confidentially. In order to prevent manipulation, loss or misuse of your data stored by us, we take extensive technical and organizational security precautions, which are regularly reviewed and adapted to technical progress.

However, we would like to point out that due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures may not be observed by other persons or institutions outside our area of responsibility. In particular, unencrypted data - e.g. when transmitted by e-mail - can be viewed by third parties. We have no technical influence over this. It is your responsibility as a user to protect the data you provide against misuse by means of encryption or other means.

‍

11. Storage of the data

The personal data of the data subject will be deleted or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

‍

12. Rights of the data subject

With regard to your personal data, you have the following legal rights vis-à-vis us:

Right of Access

You have the right to request confirmation as to whether we are processing personal data concerning you. If this is the case, you have the right to information about this personal data and to further information, e.g. about the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

Right to Rectification

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

Right to Erasure ("right to be forgotten")

You have the right to request erasure if the processing is not necessary. This is the case, for example, if your data is no longer required for the original purposes, if you have revoked your declaration of consent under data protection law or if the data has been processed unlawfully.

Right to restriction of processing

You have the right to restrict processing, e.g. if you believe that the personal data is incorrect.

Right to data potability

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you. In the case of direct advertising, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.

Right to withdraw your consent under data protection law

If the processing of your personal data is based on your consent, you can withdraw this consent at any time with effect for the future. This does not affect the lawfulness of the processing carried out up to the point of withdrawal.

‍

Notwithstanding these rights, you have the right to lodge a complaint with a supervisory authority at any time if you believe that the processing of your personal data violates data protection regulations.

‍

13. Change history

‍

19.12.2024 | Version 1.0

First version of the revised data protection notice in the new format

‍

30.01.2025 | Version 1.1

Adjustment of registered office

‍

06.03.2025 | Version 1.2

E-Mail Marketing Tool replaced