• Information and Communications Technology
  • Software
  • Mobile Applications


EU-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 8/12/2018
Next Certification Due Date: 7/4/2024
Data Collected: HR, NON-HR

Swiss-U.S. Data Privacy Framework Framework: Active

Original Certification Date: 8/12/2018
Next Certification Due Date: 7/4/2024
Data Collected: NON-HR

Purpose of Data Collection

User data: Flo Health is based in the United Kingdom (“UK”). Personal data we collect may be transferred to and processed in the UK, under the adequacy decision from the European Commission. Personal data in the European Union (EU) and the United Kingdom is protected by data protection legislation (such as General Data Protection Regulation (GDPR), and UK Data Protection Act 2018), but some other countries may not necessarily have the same standard of protection for your personal data. Flo transfers personal data to some processors in the U.S. Flo has taken appropriate safeguards to require that user’s personal data will remain protected wherever it is transferred outside the European Economic Area (EEA). For transfers to countries without an adequacy decision by the European Commission, Flo has in place supplementary measures which includes: the 2021 European Commission-approved standard contractual clauses with the UK addendum; Transfer Impact Assessments (TIA); other additional safeguards where appropriate, such as industry standard secure encryption methods to protect user data at rest and in transit; and other appropriate contractual and organisational measures. Human resources data: Types of human resources personal data collected: past and present employee data. The purposes and reasons for processing personal data: - In the performance of a contract as employer or client of the services you provided, to ensure legal employer obligations and the requirements of employment law are met - As part of our legal obligation for business accounting, payroll and tax purposes - We process special category personal data as part of our employment obligations, to ensure that any disabilities and health conditions are known so that reasonable accommodations can be provided. On rare occasions we may process personal data in the following situations: - Where it is necessary to use the information for our legitimate interests (or those of a third-party) and employee's interests and fundamental rights do not override those interests - Where we may need to use the information to protect employee's vital interests, or someone else’s vital interests, the use of such information would be limited to life and death situations - Where we need to use the information to carry out a task in the public interest The types of third parties to which we disclose personal data are: Accounting system, Audit services, Authentication provider, Communication provider, Consulting services, Cyprus contractors, Desk reservation system, Engineering analytics tool, Expenses tracking system, Gmail, Google Drive, Insurance services, L&D platform, Learning system provider, Legal services, Medical services, Military services, Options accounting system, Outsourced compliance services, Password manager, Payroll services, Payroll system / HR database, Peer-to-peer recognition service, Pension administration, Policy management system, Provider of Jira and Confluence, Tax services and UK Pension administration.

Privacy Policy

HR Data

Employee Privacy Notice

Employee Privacy Notice

Effective Date: 10/21/2021
Internal Privacy Policy

Internal Privacy Policy

Effective Date: 4/1/2022

Non-HR Data

Document: Privacy Policy

Privacy Policy

Effective Date: 9/14/2022

Verification Method


Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Flo Health, Inc. at:

Sue Khan
Flo Health, Inc.
1013 Centre Road, Suite 403-B
Wilmington, Delaware 19805

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Flo Health, Inc. to your question or complaint, please contact the independent recourse mechanism listed below


Appropriate statutory body with jurisdiction to investigate any claims against Flo Health, Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission