FileFlow BV is responsible for the processing of personal data as described in this privacy statement.

Role of FileFlow BV in the Processing of Personal Data
FileFlow BV can act as either a controller or a processor, depending on the context:

• Controller: For the processing of personal data necessary for our own business operations, such as managing customer relationships, administration, and marketing activities.
• Processor: When we process personal data on behalf of our clients in the context of the services we provide, such as storing and managing images in the FileFlow image bank. In these cases, we act under the instructions of the client, who is the controller, and a data processing agreement applies.

Personal Data We Process
FileFlow BV processes your personal data because you use our services and/or because you have provided this data to us. Below is an overview of the personal data we process:

• First and last name
• Email address
• IP address
• Address details
• Other personal data you actively provide, for example by creating a profile on this website, in correspondence, or by telephone
• Data about your activities on our website
• Internet browser and device type
• Bank account number
• Information derived from Leadinfo

Special and/or Sensitive Personal Data We Process
Our website and/or service does not intend to collect data about website visitors who are under 16 years of age, unless they have permission from a parent or guardian. However, we cannot verify whether a visitor is older than 16. We therefore recommend that parents be involved in their children’s online activities to prevent data from being collected about children without parental consent. If you believe that we have collected personal data about a minor without such consent, please contact us at [email protected], and we will remove this information.

Purposes and Legal Grounds for Processing Personal Data
FileFlow BV processes your personal data for the following purposes:

• Sending our newsletter and/or promotional brochure
• Being able to call or email you if this is necessary to perform our services
• Informing you about changes to our services and products
• Enabling you to create an account
• Handling payments
• Improving our website and services

Legal Grounds for Processing
The processing of your personal data is necessary for the performance of a contract, based on your consent, or to comply with legal obligations.

How Long We Retain Personal Data
FileFlow BV does not retain your personal data any longer than is strictly necessary to achieve the purposes for which it was collected. After the agreement ends, we will first perform a “soft deletion” of your personal data. This means that your data can be recovered for 30 days in case of errors or if you wish to reactivate your account. After this period, your personal data will be permanently deleted (“hard deletion”) within a maximum of three months following the end of the agreement.

Sharing Personal Data with Third Parties
FileFlow BV will not sell your data to third parties and will only provide it if necessary for the performance of our agreement with you or to comply with a legal obligation. We enter into data processing agreements with companies that process your data on our behalf (subprocessors) to ensure the same level of security and confidentiality of your data. A list of subprocessors is available upon request. FileFlow BV remains responsible for these processing activities.

International Data Transfer
FileFlow BV processes your personal data within the European Economic Area (EEA). We store your data on servers located within the EEA, specifically in Ireland. No transfer of your personal data occurs to countries outside the EEA without appropriate safeguards in accordance with the GDPR.

Access to, Modification, or Deletion of Personal Data
You have the right to access, correct, or delete your personal data. In addition, you have the right to withdraw any consent you have given for data processing or to object to the processing of your personal data by FileFlow BV. You also have the right to data portability. You can send a request for access, correction, deletion, or transfer of your personal data, or a request to withdraw your consent or object to the processing of your personal data, to [email protected]. We will respond to your request as soon as possible, but within four weeks.

How We Secure Personal Data
FileFlow BV takes the protection of your data seriously and has implemented various technical and organizational measures to secure your personal data. These measures include encrypted connections (SSL/TLS), two-factor authentication, and regular backups. For more detailed information about our security measures, please refer to our ICO report, which is available upon request.

Data Breach Notification Procedure
If you suspect that a data breach or unauthorized access to your personal data has occurred, please contact us as soon as possible at [email protected] or by telephone at +31 (0)85 4018433. We will investigate your report and, if necessary, take appropriate measures in accordance with applicable laws and regulations.

Liability
For more information about our liability regarding the use of our services and the processing of personal data, we refer you to our General Terms and Conditions and Data Processing Agreement.

Privacy of the Other Party
FileFlow BV complies with the requirements of the GDPR and, where applicable, implements measures to protect the personal data of the other party. A privacy statement is published on FileFlow BV’s website.