GDPR Compliance
This page explains how Flinque Technologies Private Limited (Flinque, we, us) approaches the UK GDPR and EU GDPR. It is a summary of our commitments and works alongside our Privacy Policy. It is not legal advice and should be confirmed with counsel before publishing.
1. Our commitment
We are committed to handling personal data lawfully, fairly plus transparently. This page sets out how the GDPR principles apply across the Flinque platform plus our free tools, plus how we support our customers in meeting their own obligations.
2. Controller and processor roles
Our role depends on the data:
- For personal data about our own users, such as account plus billing data, we act as a controller. Our handling of that data is described in the Privacy Policy.
- For personal data that customers process through the platform as part of their campaigns, we generally act as a processor on the customer's instructions. [CONFIRM these roles with counsel, including for creator data.]
3. Lawful bases
Where the GDPR applies, we rely on one or more of these lawful bases:
- Contract, to deliver the service you have signed up for.
- Legitimate interests, balanced against your rights, for security, improvement plus limited marketing.
- Consent, for example for certain cookies or marketing.
- Legal obligation, where the law requires processing.
4. Your rights as a data subject
Under the GDPR you have the right to access, rectification, erasure, restriction, portability plus objection, along with the right to withdraw consent where we rely on it. You can exercise these rights by contacting [email protected]. We will respond within the timeframe the law requires, normally one month.
5. Data processing agreement
If you are a customer who processes personal data through Flinque, a data processing agreement is available at [LINK TO DPA] or on request from [email protected]. The DPA sets out the terms on which we process personal data on your behalf, including security, sub-processing plus assistance with data subject requests.
6. Sub-processors
We use a limited set of sub-processors to deliver the service, such as hosting, analytics plus payment providers. A current list, with the purpose plus location of each, is maintained at [LINK TO SUB-PROCESSOR LIST]. We require sub-processors to provide appropriate safeguards by contract.
7. International transfers
Where we transfer personal data outside the UK or the European Economic Area, we use an approved safeguard such as standard contractual clauses, the UK addendum or an adequacy decision. Details of the mechanisms we rely on are available at [LINK OR CONTACT]. [CONFIRM mechanisms with counsel.]
8. Security
We maintain technical plus organisational measures designed to protect personal data, including [SUMMARY OF MEASURES, e.g. encryption in transit, access controls, monitoring]. We review these measures periodically as part of our security programme.
9. Breach notification
If a personal data breach is likely to result in a risk to people's rights, we will notify the relevant supervisory authority without undue delay plus, where required, within 72 hours of becoming aware of it. We will also inform affected customers in line with our obligations plus any data processing agreement.
10. Contact and complaints
For any GDPR question or request, contact Flinque Technologies Private Limited at [email protected]. [IF A DATA PROTECTION OFFICER OR EU/UK REPRESENTATIVE IS APPOINTED, ADD DETAILS HERE.] You also have the right to lodge a complaint with your local supervisory authority, such as your local data protection authority in the EU or EEA (or the UK Information Commissioner’s Office for UK residents).