PhixFlow Ltd. is committed to protecting the personal data of individuals. This policy statement describes how PhixFlow Ltd. collects and uses personal data from individuals using the www.phixflow.com website ("the Website"), and individuals' rights in relation to the processing of this data.
In this policy statement, use of "PhixFlow", "we" or "us" refers to PhixFlow Ltd.
Data we collect
PhixFlow Ltd. may collect data about you through a number of means as you use the Website.
Data you submit
You may provide personal data to us through forms on the Website or by sending us details by post, phone, email or some other means. You may do this, when, for example, you:
- Request marketing material, a demo or other information from us.
- Subscribe to any newsletters or weblogs that we may publish.
- Take part in any discussion forums that we may host.
- Register for any services we may offer on the Website.
- Take part in any surveys, quizzes or competitions.
- Submit a Curriculum Vitae.
- Send us feedback.
Other data we collect
Other data about you may be collected as you use the Website.
In common with almost every website, our web server will automatically collect information when you use the Website. This information is recorded in log files on the web server. This information may include your IP address, the address of the web page you were on before you visited the Website, the type of browser you are using, settings of that browser, the date and time that you used services on the Website, your language preferences and cookie data.
We may collect information about the device you are using to access the Website, including the type of device, the operating system it is using, settings of the device including time zone settings, and approximate location.
We may collection information about your location, based on personal information you provide us, device information, or from third party analytics tools. Any location information collected from your device is controlled by the consent process provided by your device.
From time to time, we may add information received from third parties, such as data from analytics providers like Google, some of whom may be based outside of the EU.
PhixFlow Ltd. will never use your data for anything beyond the stated purpose when you provide the data, and the permissions you grant us.
How we store your data
PhixFlow Ltd. will store your data on secure servers hosted either in our own offices or in secure data centres operated by third party infrastructure providers. All transfers of your data will be made using secure means.
We may transfer personal information about you outside the European Economic Area (EEA). Any transfers will be carried out under one of the accepted methods for transfer of personal information outside of the EEA: European Commission: Data transfers outside the EU
Specifically, any such transfers we perform to a country outside of the EEA will be governed by one or more of the following safeguards:
- Adequacy: European Commission: Adequacy of the protection of personal data in non-EU countries
- Binding Corporate Rules: European Commission: Binding Corporate Rules
- Model contact clauses: European Commission: Model contracts for the transfer of personal data to third countries
- EU-US Privacy Shield: European Commission: EU-US Privacy Shield
Our basis for processing your data
We will establish, for each processing activity, the lawful basis on which we will carry out the activity. These lawful bases are part of the General Data Protection Regulation (GDPR).
For each processing activity, one of the following legal bases will be used:
- Consent: you have given us consent to perform the processing activity, using the personal information you have provided for this activity.
- Legitimate interests: the processing is of a clear benefit to you; the impact on your privacy is limited; the activity is something you would reasonably expect us to do with the personal information you have supplied to us.
- Legal obligation: the processing is necessary for us to comply with the law.
- Contract: the processing is necessary for us to fulfill our contractual obligations to you, or because you have asked us to do something before you enter into a contract with us.
We will process personal information supplied to us by users of the the Website in carrying out the following activities:
- Sending marketing material.
- Responding to requests for further information, product demonstrations and other general queries about any of our products or services.
- Sending out any newsletters or weblogs to which users have subscribed.
- To provide any industry white papers or other studies which users have requested.
- To allow users to take part in any discussion forums that we may host.
- To support users in the use of the services we may host on the Website.
- To process the answers to any quizzes, surveys or competitions we might hold.
- To process any Curriculum Vitae submitted, through our recruitment process.
- Responding to complaints or other feedback.
For each activity, as stated in Our basis for processing your data, a lawful basis appropriate to the activity will be established. If not stated on the Website when you provide your personal information, you can request information about the lawful basis being used to support each activity (see Contact us).
Our Website is not intended for use by children under the age of 18. We do not knowingly collect personal information from children under the age of 18.
How long we store your data
We will retain your personal information for as long as is necessary to serve the purpose for which it was collected. This purpose may include the need to satisfy any legal or regulatory requirements that apply.
In some cases (depending on the lawful basis on which the data is being processed) you can request that your data is deleted. See Your rights.
In some cases we may anonymise your data (so that it can no longer identify you) for the purpose of gathering statistics. In this case, we may use this data indefinitely without further notice from you.
You can exercise certain rights in relation to the personal information we hold about you. Which rights apply depend on the lawful basis of each processing activity for which you have supplied personal information.
Full details of which rights each lawful basis provides are given in the General Data Protection Regulation (GDPR).
Full details of each of these rights are given in the General Data Protection Regulation, but in summary these are:
- The right to be informed: You have the right to ask what personal information we hold about you, what we are using it for, how long we retain it, and with whom we may share it.
- The right of access: You have the right to ask us for a copy of the personal information we hold about you. This is commonly known as a "subject access request".
- The right to rectification: You have the right to ask us to amend or update the personal information we hold about you.
- The right to erasure: You may have the right to ask us to delete some or all of the personal information we hold about you. This is commonly known as the "right to be forgotten".
- The right to restrict processing: You may have the right to ask us to restrict or suspend processing of some of all of the personal information we hold about you.
- The right to data portability: You may have the right to move, copy or transfer the personal information we hold about you to another service, without hindrance from PhixFlow Ltd.
- The right to object: You may have the right to object to the processing of the personal information we hold about you.
- Rights in relation to automated decision making and profiling: You have the right to be told about any automated decision making or profiling we perform based on the personal information we hold about you, and request details on the rules involved in such decision making, and the significance of any decisions that might be made by any such automated decision making or profiling.
- Right to Withdraw Consent: Where you have provided consent to process your personal information, you have the the right to withdraw your consent for this processing to be carried out. In such cases, we may no longer be able to continue to provide you with the service requested. We may also be required by law or regulation to retain your personal information for some time after you have withdrawn consent.
If you contact us to exercise any of your rights, we are entitled to request that you demonstrate that you are who you say you are; this may include providing copies of identifying documentation.
Disclosure of your personal data
Depending on what personal information you have provided us, and for what purposes, we may share it in the following ways:
- With law enforcement, regulatory and other government agencies, or with professional bodies, if this is required by law or regulatory compliance.
- With professional advisers, for example, law firms, if we believe that sharing your information in this way is necessary to protect and defend the rights, property or personal safety of PhixFlow Ltd., the Website or its users.
- With third party event organisers if you request attendance at or other involvement in an event hosted by a third party. We will make this clear at the point at which you provide your personal information.
- With third party publishers if you request materials that are provided by a third party publisher. We will make this clear at the point at which you provide your personal information.
- With third party service providers who undertake processing on our behalf, such as provision of infrastructure, administration and analytics. With each third party service provider we share only the minimum personal data required for them to be able to carry out the services for which we have engaged them. With each third party service provider we enter into agreements that govern how they will treat personal data, including security measures, support for the rights of individuals over their data and implementation of data retention policies.
Links to third party sites
Any such third party websites will be governed by their own privacy policies, and they may collect personal information from you in accordance with those policies. We encourage you to check the details of these privacy policies in respect of the personal information they may be collecting from you. We do not accept any responsibility or liability for these privacy policies.
You also have the right to lodge a complaint with your local data protection regulator. In the UK, this is the Information Commissioner's Office: Information Commissioner's Office
St. John's Innovation Centre
Cambridge, CB4 0WS