- Information and Communications Technology
- Mobile Applications
EU-U.S. Data Privacy Framework Framework: Active
Swiss-U.S. Data Privacy Framework Framework: Active
Purpose of Data Collection
User data: Flo Health is based in the United Kingdom (“UK”). Personal data we collect may be transferred to and processed in the UK, under the adequacy decision from the European Commission. Personal data in the European Union (EU) and the United Kingdom is protected by data protection legislation (such as General Data Protection Regulation (GDPR), and UK Data Protection Act 2018), but some other countries may not necessarily have the same standard of protection for your personal data. Flo transfers personal data to some processors in the U.S. Flo has taken appropriate safeguards to require that user’s personal data will remain protected wherever it is transferred outside the European Economic Area (EEA). For transfers to countries without an adequacy decision by the European Commission, Flo has in place supplementary measures which includes: the 2021 European Commission-approved standard contractual clauses with the UK addendum; Transfer Impact Assessments (TIA); other additional safeguards where appropriate, such as industry standard secure encryption methods to protect user data at rest and in transit; and other appropriate contractual and organisational measures. Human resources data: Types of human resources personal data collected: past and present employee data. The purposes and reasons for processing personal data: - In the performance of a contract as employer or client of the services you provided, to ensure legal employer obligations and the requirements of employment law are met - As part of our legal obligation for business accounting, payroll and tax purposes - We process special category personal data as part of our employment obligations, to ensure that any disabilities and health conditions are known so that reasonable accommodations can be provided. On rare occasions we may process personal data in the following situations: - Where it is necessary to use the information for our legitimate interests (or those of a third-party) and employee's interests and fundamental rights do not override those interests - Where we may need to use the information to protect employee's vital interests, or someone else’s vital interests, the use of such information would be limited to life and death situations - Where we need to use the information to carry out a task in the public interest The types of third parties to which we disclose personal data are: Accounting system, Audit services, Authentication provider, Communication provider, Consulting services, Cyprus contractors, Desk reservation system, Engineering analytics tool, Expenses tracking system, Gmail, Google Drive, Insurance services, L&D platform, Learning system provider, Legal services, Medical services, Military services, Options accounting system, Outsourced compliance services, Password manager, Payroll services, Payroll system / HR database, Peer-to-peer recognition service, Pension administration, Policy management system, Provider of Jira and Confluence, Tax services and UK Pension administration.
Employee Privacy Notice
Questions or Complaints?
If you have a question or complaint regarding the covered data, please contact Flo Health, Inc. at:
Wilmington, Delaware 19805
Privacy Shield organizations must respond within 45 days of receiving a complaint.
If you have not received a timely or satisfactory response from Flo Health, Inc. to your question or complaint, please contact the independent recourse mechanism listed below
HR RECOURSE MECHANISM
NON-HR RECOURSE MECHANISM
Appropriate statutory body with jurisdiction to investigate any claims against Flo Health, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission