Flockler Privacy Policy

Flockler Commerce, Inc. 1870 The Exchange SE Ste 220, PMB 36051, Atlanta, GA 30339-2171, United States of America is the owner and supplier of the Flockler service (hereinafter jointly referred to: we, us, our, the controller, organisation or company).

Our data protection officer has been appointed and is reachable at privacy@flockler.com.‍

PARAGON d.o.o., Ograje 69, 1370 Logatec, Slovenia, Europe with company reg. no.: 9422676000 is acting as the EEA representative as per Article 27 of the GDPR for our company.

This privacy notice is addressed to our website visitors, customers, Flockler service users and all other individuals who offer their personal data to us in connection with its websites, operations, products and services, as stated in sections 2 and 3 of this notice.

This privacy notice undertakes to explain which personal data we process, to what end we process such data, under which legal grounds, how long the data is kept and under what circumstances we may share or disclose said personal data to third parties.

‍

This privacy notice has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and the free movement of such information and repealing Directive 95/46 / EC (hereinafter the General Data Protection Regulation or the GDPR), the United Kingdom General Data Protection Regulation and the California Consumer Privacy Act that came into force on January 1, 2020 (hereinafter the: CCPA or California Consumer Privacy Act).

All California residents that visit our website, use our products or otherwise interact with our organisation are kindly asked to observe section 5 of this notice which has been prepared in accordance with the California Consumer Privacy Act.

In the case of any conflict or ambiguity between this privacy notice and the provisions of any special privacy notice or data processing information that we might have offered to you in connection with a particular website, product or service, the provision of the latter shall prevail.

For the purposes of this notice, the term “personal data” means any information that relates to, describes or could be used to identify any individual, either directly or indirectly. Unless otherwise stated, other various terms that can be found in this privacy notice and which stem from the GDPR (e.g. processing, controller, processor, etc.) have the same meaning as specified in the GDPR.

In this notice, the word “service” or “Flockler service”, or “product” means the Flockler service which we develop and provide.

unless it is clearly stated that we are referring to a particular service listed above.

In this notice, the word “website/s” shall mean any Flockler owned or operated websites or subsites of websites or web platforms where our products might be available for integration or purchase, unless it is clearly stated that we are referring to a particular website.

In this notice, the word “user” shall mean the natural or legal persons which are acting as registered or unregistered users of a Flockler service (i.e. entities which had obtained a licence from the company for the use of the service (or a feature or subservice of the service) or which are using the service in a capacity that does not require account registration, such as a free trial version).

In this notice, the words “user website” or “user web-store/marketplace/web platform” (hereinafter jointly referred to as the user website) shall mean the website that belongs to a Flockler user where the Flockler service (or a feature/subservice) had been deployed or integrated.

This privacy notice may be updated from time to time in order to better reflect the changes that we might make in relation to our data processing or data protection operations or for other operational and legal reasons.

If this notice is significantly changed, we will publish the news on our website or send the notification as a message within the service or via email to the relevant data subjects that the change might affect. The importance of the change shall dictate the type of notification method used (i.e. sending emails when we would like to implement additional processing purposes which require your explicit consent).

This notice may contain links to websites of third party processors/service providers or individual controllers that may be involved in our processing activities (see section 4.4 of this notice). If you follow a link to any third-party website, please note that the contents of the website may have changed since the link has been added. Please also consider that all third parties have their own privacy policies and that we do not accept any responsibility or liability for their policies or processing of your personal data that is unlawful or goes beyond the scope of our engagement (i.e. beyond the scope of the accepted data processing agreement or similar mechanism we have in place with them).

This notice does not offer insights on how to use our products or services. More information about the functionalities and use of our products and services can be gained by contacting us here.

When: When you visit our websites, we automatically place necessary cookies on your device and place other cookies if we obtain your consent (i.e. through the cookie pop-up).

Data: Necessary cookie data which typically only reveals technical information about your device while other cookies can store (and share) other data as well (see each dedicated website Cookie Policy to learn more).

Purpose: Necessary cookies are essential for the correct functioning of our website and enable key functions like page navigation, display features, page responsiveness, etc., while other “non-necessary” cookies are used (see each dedicated website Cookie Policy to learn more).

Legal basis: We are legally permitted to place necessary cookies on your device without consent, while we shall actively seek your consent before placing all other cookies.

Data retention: Necessary cookie data can either be stored for the duration of your browsing session or longer. See each dedicated website Cookie Policy (typically available to you as a link in the footer of each of our websites) to learn more about the retention period for each cookie.

When: When you choose to reach out to us or contact with us (i.e. by sending an email to an address that belongs to us, submitting a question through a live-chat service on one of our websites or in our Flockler service, reaching out to us through our official email channels or social media platforms, or in communication with our employees/agents or via other means).

Data: We may process any data/information you disclose in your communication (such as your name, email address, billing address, shipping address, products ordered and order number) or which we might already have and require to formulate our response/solve your issue.

Purpose: In order to respond to emails, messages, formal inquiries, proposals, support, troubleshooting and other inbound communication.

Legal basis: We carry out these processing activities because processing might be necessary for the performance of a contract to which the person reaching out to us is a party (e.g. if you have bought a product from us and reach out to us for product related information) or in order to take steps at the request of the data subject prior to entering into a contract (e.g. if‍ you reach out to us with questions about our products prior to placing an order) or on the basis of our legitimate interests.

Data retention: We typically do not keep communication data after responding to you. An exception to the aforementioned can be made if messaging or other communication had been performed through the use of a dedicated service (i.e. email, chat module, etc.), whereby we may keep data in such systems for up to 3 years or any such stipulated and relevant statutory period after having received it.

In certain rare cases, we might keep parts of the data/communication for a longer period, if it is evident that certain data is needed in a legal or other official proceeding that is being carried out.

If such communications took place through platforms such as Facebook, please refer to the data retention periods that Meta Inc. or other platform providers might offer, as data deletion in such circumstances is not solely dependent on us (please see section 4.4 of this notice).

When: When you purchase a product or subscription from us through our websites or the payment check-out modules we employ.

Data: Your contact information (such as your name, email, country, address, billing address, shipping address, telephone number, products ordered, order number, your payment information, such as your credit card number, billing address, holder name, issuing bank, expiry date, and security code (whereby this data is collected by our partners which offer us the relevant check-out module for purchasing our products and is not necessarily shared with us or even visible to us).

Purpose: We use this data in order to legally sell our products to you and send you transactional emails (e.g. order status, invoice, etc.).

‍Your contact and invoice data is shared with our delivery services and your payment information is collected and stored by our third-party payment facilitators on our behalf (such as “Stripe” (see section 4.4 to learn more), whereby these parties may be considered as individual data controllers or processors, as the case may be.

This data may also be processed when we are required to comply with legal requirements and other regulations, especially those governing taxes, invoicing and payments.

Legal basis: Contractual (i.e. the concluded distance sale contract you enter into when you agree to our terms of sale and place your order for a usage license).

Data retention: We may retain a minimised set of the aforementioned data that includes your contact information, payment and shipping information (such as your name, email address, billing address, shipping address, products ordered and order number) until the expiration of the statutory period under which we may be held liable in relation to any possible hidden defects in relation to the services we have provided to you or sold to you. This does not include any data that you might have given us on any other grounds or for any other purposes (i.e. data that we process for marketing purposes based on your consent, other data that relates to your user account, etc.).

We are legally obliged to retain certain transactional data in unminimized form (such as invoicing data) for a minimum of 10 years (depending on the point of sale and the location of the entity that is issuing the invoice).

We may also retain certain data on the grounds of our legitimate interest if we detect reasonable grounds that fraud or attempted fraud had taken place in relation to the sale of our services. Such data shall not be kept longer than necessary in order to assess the situation and take any necessary action.

Our payment facilitation/payment service providers typically do not retain any personal data other than the data that they might have a legal obligation or legitimate interest in retaining (or the data that they already keep in relation to your individual use of their payment/banking services). Please see the relevant privacy policy of the payment facilitation/payment service provider that has been engaged in the sale of our product to find out more.

When: When you purchase a product or service from us or have done so in the past and we deem it necessary to reach out to you with important information or are required to do so under law or as listed for each service in the table in section 3 of this notice.

Data: We may process any data/information you disclose to us during your purchase (such as your name, email address, billing address, shipping address, products ordered and order number) or which we might already have and need in order to formulate our transactional/essential messages or as listed for each service in the table in section 3 of this notice.

Purpose: To communicate transactional/essential service-/product-related information to you (i.e. notify you that your order had been placed successfully, offer assistance regarding the use of our products, inform you of important product issues, updates and changes to our policies and terms, get in touch with you regarding changes to products and features, etc.) or as listed for each service in the table in section 3 of this notice.

Legal basis: We carry out these processing activities because processing is necessary in order to fulfill the contract that we have concluded with you (i.e. the terms of sale you enter into when purchasing a product from us or the terms of service you accept when registering your account for using our services).

We may also be required to perform the above mentioned data processing because we are required to do so under law (i.e. sending you an invoice) or on the basis of our legitimate interests (i.e. providing functioning and safe products). In certain rare cases, the above stated processing might be performed by us in order to protect your vital interests (or the vital interests of another natural person) (e.g. in case of informing you that we have detected a serious issue with our product that may pose business or other serious risks).

Data retention: We typically do not keep communication data after communicating with you. An exception to the aforementioned can be made if messaging or other communication had been performed through the use of a dedicated service (i.e. email, chat module, etc.), whereby we may keep data in such systems for up to 3 years or any such stipulated and relevant statutory period after the receipt of communication or as listed for each service in the table in section 3 of this notice.

When: When you purchase a product from us through our websites or through other means.‍

Data: Your email address and past purchase history with us, as well as information regarding whether you have opened/clicked on links in our email messages or as listed for each service in the table in section 3 of this notice.

Purpose: Keeping you informed of similar products and services that we offer or as listed for each service in the table in section 3 of this notice.

Legal basis: Our legitimate interests (i.e. under certain EU legislation we are legally allowed to send email marketing messages on an opt-out basis if the recipient's details were originally collected "in the context of a sale", if the entity sending the marketing is the same legal entity that collected the recipient's details initially (i.e. us), the marketing relates to "similar" products and/or services for which the recipient's details were originally obtained, and you as the recipient are given the opportunity, free of charge, to object to our email marketing, both at the time when your details had been collected and in each subsequent communication (i.e. by clicking the “unsubscribe” link that is contained in each of our marketing emails).

Note that we shall not sell or share your email and other related data with any other third party and shall only use it within the service which we use for sending such emails (see section 4.4. for more information).

Data retention: Until we receive your unsubscribe/data deletion request or if you have not opened our marketing emails for more than 3 years or any such stipulated and relevant statutory period whereby your data shall be permanently deleted in all of these cases or as listed for each service in the table in section 3 of this notice.

When: When you’re open to hearing from us and consent to receiving our various email marketing messages (e.g. tips & tricks, surveys, contests, newsletters, new product launch notifications, discounts, etc.) via email from time to time or as listed for each service in the table in section 3 of this notice.

Data: When marketing to an individual, we typically process the individual's email address. We may also process the name of the individual (and potential other information) if this has been explicitly stated next to the input fields where the individual entered said data and consented to the processing or as listed for each service in the table in section 3 of this notice.

Purpose: In order to send newsletters, product waitlist messages, new product launch notifications, discounts, surveys, promotion codes, information on contests and other marketing messages to consenting individuals to their email address or as listed for each service in the table in section 3 of this notice.

Legal basis: We carry out these processing activities on the basis of your consent.‍

To withdraw consent, you can send a free form email to privacy@flockler.com at any time or follow the unsubscribe link included in all of our marketing emails.

Note that we shall not sell or share your email and other related data with any other third party and shall only share it with service providers that we use for sending marketing emails (see section 4.4 for more information).

Data retention: Until we receive your unsubscribe/consent withdrawal or data deletion request or if you have not opened our marketing emails for more than 3 years or any such stipulated and relevant statutory period whereby your data shall be permanently deleted in all of these cases or as listed for each service in the table in section 3 of this notice.

When: When you respond/apply to our open job posting as a potential candidate through a dedicated online form or reach out to us for this purpose via email.

Data: The data that we might require as part of your application will be stated next to the job posting or dedicated online application form. We typically consider your general contact details (full name, email address, place of residence, age, nationality) as well as any information you might have included in your resume or CV and the details about your current or past employment or other working experience. We may also process any other information you elect to share with us for this purpose as well as any information you have made public on the Internet (such as your blog, Github or LinkedIn page).

Purpose: In order to evaluate you as a candidate and carry out the necessary hiring procedures and interviews.

Note that we may share the data with external HR firms we might employ to help us with the hiring process (please see section 4.4 of this notice).

Legal basis: We carry out these processing activities on the basis of entering into negotiations for the conclusion of an (employment) or other work contract.

Should you explicitly consent to this, we may keep your data after the conclusion of the hiring process in order to keep you posted of any future job opportunities that may interest you. To withdraw consent, you can send a free form email to privacy@flockler.com at any time or follow the unsubscribe link included in all of our job posting emails.

Data retention: Until the conclusion of the hiring procedure or until we receive your consent withdrawal or data deletion request or if you have not opened our job posting emails for more than 3 years or any such stipulated and relevant statutory period whereby your data shall be permanently deleted in all of these cases.

When: When you sign up or sign in to use our services by providing your email and login credentials or as listed for each service in the table in section 3 of this notice.‍

Data: We process your username/email whilst you are accessing our software application. We may also process certain technical data such as data logs (for technical support purposes) and your account customisation preferences or as listed for each service in the table in section 3 of this notice.

Purpose: Sign-up and sign-in account authorisation as well as account management and security/support purposes so that the user can use the service and its various features.‍

We use the email that is tied to your account in order to offer you password management and restoration capabilities as well as technical and customer support features and in order to communicate essential service-/product-related information to you (i.e. inform you of important product issues, solve an issue you might be having, etc.) or as listed for each service in the table in section 3 of this notice.‍

Legal basis: Contractual (i.e. the Services Agreement the user is required to accept when registering his account).‍

Data retention: Until a user decides to delete his user account or any such stipulated and relevant period listed for each service in the table in section 3 of this notice or as listed for each service in the table in section 3 of this notice.

‍‍Please note: if you consent to this (i.e. click on the “Remember me” button next to our sign-up or log-in module, we may save your username and log-in credentials in order to simplify your next login. This may be either done through the use of a cookie that is installed on your device for this purpose or by similar technical means. If you want us to delete the data that is tied to this feature, please clear your device of any cookies that might be tied to us or contact us at privacy@flockler.com. This data shall be deleted if/when you decide to discontinue using our service or decide to delete your account.

When: When our team develops, tests, debugs, or improves the service, or when internal analytics functionalities (such as churn prediction indicators) are generated as part of the service operation.

Data: As a rule, no customer personal data is shared with external AI tools. AI-assisted development tools are used only on code, documentation, synthetic data, or anonymized/internal datasets.

In limited cases where internal analytics features are used (e.g. identifying customers that are likely to churn), such processing is performed exclusively within our controlled infrastructure. The data used for these purposes may include customer usage patterns, service interaction data, and account-level metadata, but is not disclosed to external AI providers.

We do not use external AI systems to process identifiable customer data, nor do we use such systems for profiling or automated decision-making involving customer data.

Purpose: We use AI-assisted tools to improve development efficiency, code quality, and system reliability.

Where internal analytics (such as churn prediction indicators) are used, the purpose is to better understand service usage, improve customer experience, and proactively address potential service issues. These insights are used as supportive indicators only and do not produce legal or similarly significant effects on users.

Legal basis: Contractual necessity (performance of the service and its continuous improvement) and legitimate interest (ensuring service quality, stability, and user retention, provided such interests are not overridden by the rights and freedoms of users).

Data retention: As no customer personal data is transmitted to external AI providers, no retention applies in that context.

Any internal analytics data used for churn prediction or similar purposes is retained only for as long as necessary to fulfill the purposes described above and in accordance with the retention periods applicable to the underlying customer data categories.

We may retain certain analytical indicators for a limited period where necessary to improve service performance or investigate anomalies, provided that such retention is proportionate and limited to what is strictly necessary.

When: When you connect your YouTube (Google) account.

Data: we access and process the following data through the YouTube Data API, on a read-only basis: (i) the basic Google account information needed to authenticate you and establish the connection; (ii) your YouTube channel information (such as the channel identifier and name) and the channels and playlists that your account is able to access, so that you can select the content you wish to display; and (iii) the publicly available metadata of the videos you choose to display, such as video identifiers, titles, descriptions, thumbnails, publication dates, the associated channel name and publicly available statistics (for example view counts). Flockler does not request, collect or store your YouTube login credentials.

Purpose: We use this data solely to provide the user-facing features that you have selected — namely to retrieve, periodically refresh and display the YouTube content you have chosen within your Flockler feeds and layouts, and to keep that content up to date. We do not sell this data, and we do not disclose it to third parties except (a) to our processors and subprocessors strictly to the extent necessary to operate the Flockler service on our behalf, and (b) where required to comply with applicable law. The subprocessors we engage are listed as set out in section 4.4 of this notice.

Limited Use. Flockler's use and transfer of information received from YouTube API Services and other Google APIs adheres to the YouTube API Services Terms of Service and the Google API Services User Data Policy, including the Limited Use requirements. In particular: we use this data only to provide or improve the user-facing features that you have explicitly approved; we do not transfer or sell this data to third parties, other than as necessary to provide or improve those features, to comply with applicable law, or in connection with a merger, acquisition or sale of assets (with notice to affected users); we do not use this data to serve advertisements; and we do not use this data to develop, improve or train generalised or non-personalised artificial intelligence or machine-learning models.

Data retention: We retain YouTube data and any associated authorisation tokens only for as long as necessary to provide the features you have set up — that is, for as long as the relevant feed remains active — and we refresh it in line with the YouTube API Services policies. You can disconnect a YouTube account or remove a YouTube feed within the Flockler service at any time, which stops any further processing and removes the stored YouTube content associated with it. You may also request deletion of YouTube data that we hold by contacting us using the contact details set out in this notice. In addition to our own deletion process, you can revoke Flockler's access to your Google and YouTube data at any time via the Google security settings page at https://security.google.com/settings/security/permissions.

Direct interactions

‍You may give us information about you by filling in forms or by communicating with us by phone, email or otherwise. This includes information you might provide when creating an account in order to use our service or when obtaining a licence to use our service, subscribe to our newsletter, search for a product online with a tracking cookie from our partners installed on your device, placing an order through our website or its check-out module, entering one of our competitions, promotions or surveys and when reporting a problem or a bug in our service.

Automated technologies or interactions

‍As you interact with our website, we may automatically collect technical data about your device, browsing actions and patterns by using cookies and other similar technologies as specified above in section 2 of this notice and in our dedicated Cookie Policies on our service related websites.

We may also receive information that relates to you (or another third party individual) if such information had been tied to texts or other data that had been inputted into our service or otherwise collected by our bot on a particular channel.

Third parties or publicly available sources

‍We may receive information about you if you visit other websites that place tracking cookies from our partners on your device (see each of our dedicated Cookie Policies on our service related websites to find out more). You may also post some of your information publicly online.

This may also be the case if someone else had filed for criminal or other legal procedures to be instituted against us by local or international law enforcement agencies or other tax and regulatory bodies, which might therefore contact our organisation for additional details (e.g. when data from our database would have to be presented as evidence in criminal or civil proceedings, otherwise our organisation would suffer material and irreparable damages). Note that we shall only fulfill such requests if specifically required by local or international law and shall adhere to anonymizing or at least minimising any personal data that we are required to share.

In the above stated cases we will always strive to fulfill the request with full transparency, except in cases where this might not be possible as (in accordance with a particular request of an authorised body) notifying the public of such request might endanger the proceedings at hand.

Our legitimate interests can also include instances where we process your personal data for our own internal business purposes and commercial interests, such as our own marketing activities (i.e. sending you marketing emails when you are our past customer unless consent is required under applicable laws, as described in point 2. of this notice), and offering additional customer and technical support or collecting analytical data or analysing data in instances where we legitimately deem that fraud had taken place.

Where consent has been withdrawn, we shall delete/anonymize any data we or our processors/service providers have kept on the basis of your consent.

Additionally, every effort will be made to remove relevant personal data from products/marketing campaigns and other distributions. However, this may not be possible in some situations, and in such cases, certain personal data that cannot be removed or otherwise anonymized may still appear in publications, products and other media already in use or circulation.

Unless otherwise stated, we generally keep personal data for as long as it is listed under each “Data retention” section of each processing activity described in the points of section 3.

As a rule, we generally store data for as long as it is necessary to fulfill the purpose for which the data had been collected, or for as long as legal obligation or regulation requires us to keep the data. After that, the data is deleted or anonymized, as mentioned above.

Please also note that our processors (see section 4.4.3 below) may retain certain data for up to 30 days after we receive and execute your account/data deletion request, after which the data will be hard deleted and unrecoverable (please refer to their privacy policies to learn more).

We may store data even after receiving a data deletion request as mentioned above, if legitimate interest or relevant laws allow us to do this (i.e. in order to negate a users capabilities of accessing the service after he has not paid the corresponding licensing and other fees, when a civil action exists in relation to which we might need this data in the course of the proceedings, etc.)

Our organisation undertakes to immediately remove any unnecessary data or data for which it has no legal grounds for processing/storing or regarding which the data retention periods have been exceeded.

Your personal data is processed by individual employees of our organisation or our external collaborators (hereinafter: “employees”). Employees of our organisation process only the personal data that they need for their work, but they can also share it with each other if their work tasks and the internal rules of our organisation allow them to do so. All of our employees are committed to confidentiality and the protection of personal data.

Based on certain corporate events or changes in the ownership or structure of our organisation (i.e. our company being acquired) your data may also be shared with our subsidiaries or affiliate companies (both present and future). This includes instances such as corporate divestitures, mergers, consolidations, acquisitions, reorganizations, or any other situation involving the transfer or disposal of our business or assets, as well as the business or assets of our affiliates or subsidiaries. This may also apply in the context of bankruptcy or similar proceedings.

Cookie providers: We use third party necessary, analytical and advertising cookie providers which are listed in our dedicated Cookie Policy.

Payment facilitators: We use payment facilitators such as “Stripe” and “PayPal”.

‍

Our email messaging provider: We use HelpScout, Intercom and Customer.io services to send all of our transactional or marketing emails. We may also use a cookie consent management platform provider on our websites in order to obtain your cookie consent and input your contact and order information/invoices/delivery location data into the service (see the relevant parts of section 2 of this notice to learn more).

Our storage provider: Our services are built on and partially provided by AWS, whereby you might be sharing your contact and order information/payment information as well as other potential information with AWS and their partners when purchasing products or otherwise interacting with our services (see the relevant parts of section 3 of this notice to learn more).

To obtain a detailed list of all of our processors/service providers, which data they process, the purposes we employ their processing/services for, as well as how we keep your data safe when engaging them, feel free to reach out to us at privacy@flockler.com.‍

c) Other companies or individual consultants we may engage or cooperate with in the provision of our services that may need access to certain parts of your data

• Consultants who cooperate with our organisation on the basis of relevant business and data processing agreements so that they can provide us with their accounting, legal, marketing, HR and other consulting services.
• External IT system maintenance providers and/or platform/service developers who cooperate with our organisation on the basis of relevant business cooperation and data processing agreements that may gain limited access to our back-end or databases.

To gain more information on other apps and plugins we might use in connection with the Flockler service please reach out to us at privacy@flockler.com.‍

As stated above, many of our processors/service providers have their place of business registered in the USA (or in other non-EEA countries where the GDPR is not applicable or where the requirements of the GDPR are not adequately reflected in national privacy laws, as the case may be) (hereinafter: “third countries”).

As stated above, we thereby regularly engage contractual processors/service who may process personal data on our behalf in third countries, whereby we only do so with the appropriate safeguards in place so that your data is safe and your data subject rights are respected.

Following decision C-311/18 (Schrems II) of the CJEU and the fall of the EU-US Privacy Shield we have reached out to our US-based processors/service providers and decided on alternative safeguards on a case-by-case basis in accordance with the guidance of the European Data Protection Board.

Where we could not put in place such appropriate safeguards (such as standard contractual clauses, data encryption, automated data deletion intervals, etc.), we ask for your specific consent before processing/sharing your data or have engaged third party service provider, which have self-certified under the “Data Privacy Framework” (https://www.dataprivacyframework.gov). More details on third country service providers and the measures taken to ensure your rights can be found in section 4.4 of this notice.

In addition to the purposes and providers listed in sections 2, 3 and section 4.4 of this notice, your data may also effectively be considered as transferred (i.e. disclosed) in the following situations, where we might have legitimate interests in buying/selling our assets in connection with entities that are registered in third countries:

• If we sell or buy any business or assets, we may disclose your personal data to the prospective seller or buyer of such business or assets that may be registered in a third country (whereby we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organisation). Please note that we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organisation and shall never disclose any data in this way if the processing of such data had been carried out on the basis of your explicit consent.
• If all or a substantial part of our assets are acquired by a third party that may be registered in a third country whereby our assets may include parts of your data. Please note that we shall only do so if all applicable confidentiality and security requirements are offered to us by any potential buyer and their organisation and shall never disclose any data in this way if the processing of such data had been carried out on the basis of your explicit consent.

Your data may also effectively be considered as transferred (i.e. disclosed) if we are required on the basis of EU law or the law of a Member State to disclose or share your personal data with an international organisation / public authority or other entity that might be registered in a third country, whereby we are required to do so to comply with a legal obligation.

Right of access

You have the right to obtain confirmation from us on whether personal data or personally identifiable information is being processed by us or our processors/service providers and the right to obtain a copy of your personal data that is being processed.

Right to rectification

You have the right to request the rectification of inaccurate personal data and to have incomplete data completed.

Right of objection

You have the right to object to the processing of your personal data for compelling and legitimate reasons relating to your particular situation, except in cases where legal provisions expressly provide for that processing. You also have the right to object/opt out of the processing of your personal data for direct marketing purposes by clicking on the unsubscribe link at the bottom of our marketing emails or by contacting us at privacy@flockler.com.

Right to data portability

‍You have the right to receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, and have the right to transmit it to other data controllers without hindrance. This right only exists if the processing is based on your consent or a contract and the processing is carried out by automated means.

Right to restrict data processing

‍You have the right to request the restriction of processing your personal data in certain cases.

Right of erasure (“right to be forgotten”)

‍You may request to erase your personal data if (i) it is no longer necessary for the purposes for which we had collected it, (ii) you have withdrawn your consent and no other legal ground for processing exists, (iii) you objected and no overriding legitimate grounds for processing exist, (iv) the processing is unlawful, or (v) erasure is required to comply with a legal obligation.‍

Right to refuse or withdraw consent

‍In case we request your consent for processing, you are free to refuse it and can withdraw it at any time without any adverse negative consequences by contacting us at privacy@flockler.com. The lawfulness of any processing of your personal data that occurred prior to the withdrawal of your consent will not be affected.

Automated decision-making

‍Under the GDPR you have the right not to be subject to decisions based solely on automated processing and have the right to be given more information about why any such decision has been made. Note that this is currently not applicable to our processing activities (see 4.8 of this notice).

Right to lodge a complaint with a supervisory authority

‍If you believe that the processing of personal data performed in connection with you by our organisation as the controller violates personal data protection regulations, you may, without prejudice to any other (administrative or other) remedy, lodge a complaint with the supervisory authority, in particular in the country where you have your habitual residence, your place of work or where the infringement is alleged to have taken place.

In the Republic of Slovenia (the country where the EEA representative entity of the controller (namely Paragon d.o.o.) is located, the authority is the:

• Information Commissioner (Informacijski pooblaščenec), Dunajska 22, 1000 Ljubljana, Slovenia, EU, email: gp.ip@ip-rs.com, phone: +38612309730, website: www.ip-rs.com.

‍A list of other EU supervisory authorities and their contact information can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en#.

To this end, our organisation has also adopted appropriate internal processes and set up various measures (e.g. assigning, using and changing passwords, locking premises, offices, server and workstation locations, regularly updating software and upgrading security-critical components, the physical protection of materials/data carriers containing personal data in specially designated places, the training of employees, etc.). Our organisation also demands these security commitments from its contractual processors.

As a business subject to the CCPA, we have not sold any personal data in the last 12 months from the last update of this notice.

Under the CCPA, businesses are also required to disclose whether they sell or share personal data, whereby the sharing of personal data may include giving access to personally identifiable information (such as your IP or device ID) to third parties in the context of cross-site behavioural advertising by using cookies or similar technologies.

Based on your cookie/browser/analytics preferences when visiting our website and/or using our services (and potentially on our partners websites), we may have disclosed personal information that relates to your device/browser identifiers and internet activity data to our third party advertisers in connection with showing you targeted advertisements across the web. Please see our dedicated cookie policy to learn when this might had been applicable and what data had been collected or shared and with whom.

When you visit our websites with the Global Privacy Control (GPC) opt-out preference signal enabled in your browser, we will respect your choice of opt-ing out of our analytical and marketing activities and wont share your data as described above.

California law also mandates that we specify the categories of personal data that are disclosed for our specific "business purposes." These purposes include situations when we engage third parties as subprocessors in the provision of our services to you (see section 4.4.3 of this notice).

In connection with our business purposes and when offering you our services, we may have disclosed the following categories of personal data if the relevant underlying situation arose during our interactions (e.g. if you had consented to our use of cookies, if you had purchased products or services from us, if we engage third parties for billing and accounting purposes in relation to you as our customer, if you have volunteered the information during signup or when negotiating a sale with our representatives, as the case may be):

• Identifiers;
• Commercial information
• Internet activity;
• Financial information;
• Professional and employment-related information;
• Geolocation data;
• Audio and visual data;
• In limited circumstances where allowed by law, information that may be protected characteristics under California or United States law; and
• Inferences drawn from any of the above information categories.

Right to know (i.e. request disclosure of any personal information we have collected about you).

You have the right to request the disclosure of the categories of personal information we have collected from you, along with the categories of sources from which they have been collected, the purpose of their collection, the categories of third parties with whom we have shared your personal information (“Categories Report”), and the specific pieces of personal information that have been collected (“Specific Pieces Report”).

You may request that we disclose which personal information we have collected, used, shared, or sold in relation to you, and why we have collected, used, shared, or sold that information. Specifically, you may request that we disclose:

• The categories of personal information collected.
• Specific pieces of personal information collected.
• The categories of sources from which we have collected the personal information.
• The purposes for which we have used the personal information.
• The categories of third parties with whom we have shared the personal information.
• The categories of information that we sell or disclose to third parties.‍

We shall provide you this information for the 12-month period preceding your request. We shall provide you this information free of charge.

To request the above stated information, please send your request to privacy@flockler.com. Please allow 45 days for our response. For your protection and the protection of all of our users, we may ask you to provide proof of identity before we can oblige such a request.

Right to delete (i.e. request deletion of any personal information that we have collected from you).

After we have verified your request to delete your personal information, we shall delete it from our servers/records and direct any of our processors/service providers to delete your personal information from their servers/records, except when certain exemptions from the relevant parts of the CCPA are applicable (e.g. in cases where the personal information is necessary so that we may continue to provide our services and when the data do not contain any personally identifiable information) and in order to detect security incidents, to identify and repair errors that impair existing intended functionalities of our products and services.

Right to opt out (of the sale of your personal information).

‍You may request that we stop selling your personal information, whereby this is currently not applicable as we do not currently sell any personal information.

The right to non-discrimination (when exercising your CCPA rights).

‍We will not discriminate against you in any manner prohibited by applicable law for exercising your CCPA rights (as listed above).

Information on how CA residents may contact us in order to exercise their rights

‍If you wish to opt-out from any of our data sharing activities, please reach out to us at privacy@flockler.com. You can also exercise any other rights under the CCPA via this email or by contacting us through our phone number +1 212 321 0632.