1.1. www.flock.com (“Website”) and the mobile apps, web interfaces, APIs, documentation, servers and all other Intellectual Property, software and infrastructure (individually referred to as “Flock Product” and collective as “Flock Suite” are owned, registered and operated by Riva FZC ("Company"), a company, incorporated under the laws of the United Arab Emirates and having its corporate office at F-19, Business Center 1, Business Park. RAKEZ, Ras Al Khaimah, UAE.
1.4. The administrator is the controller for all information related to the teams created by the customer and the users invited to Flock by them. The company is the controller for all the information related to the administrators themselves and for other individuals for whom data is collected directly by us.
For the purposes of this Policy, the key terms are defined as follows:
- ‘Personal Data’ means any information relating to User or identifiable to User; an identifiable to User is one who can be identified, directly or indirectly, in particular by reference to User such as name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and Payment information (including payment card numbers, billing address, and bank account information);
- ‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- ‘Controller’ means the company, or administrator. The administrator is the controller for all information related to the teams created by the customer and the users invited to Flock by them. The company is the controller for all the information related to the administrators themselves;
- ‘Processor’ means a company or third parties engaged by the company. The company is a processor for all data entered into Flock by users.
- ‘Recipient’ means a Company or any legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third party or not. However, public authorities which may receive Personal Data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- ‘Third party’ means a natural or legal person, public authority, agency or body other than the User, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data;
- ‘Consent’ of the User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
- ‘Personal Data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
- ‘Representative’ means a natural or legal person established in the Union who, designated by the controller or processor in writing pursuant to Article 27, represents the controller or processor with regard to their respective obligations under this Regulation;
- ‘Binding corporate rules’ means Personal Data protection policies which are adhered to by a controller or processor established on the territory of a Member State for transfers or a set of transfers of Personal Data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity;
- ‘Sensitive data’ refers to the various categories of Personal Data identified by data privacy laws as requiring special treatment, including in some circumstances the need to obtain explicit consent from User. These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).
- ‘Supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51;
- ‘Supervisory authority concerned’ means a supervisory authority which is concerned by the processing of Personal Data because:
- the controller or processor is established on the territory of the Member State of that supervisory authority;
- Administrators/Users residing in the Member State of that supervisory authority are substantially affected or likely to be substantially affected by the processing; or
- a complaint has been lodged with that supervisory authority;
- ‘Cross-border processing’ means either:
- Processing of Personal Data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or
- Processing of Personal Data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect Users in more than one Member State.
- ‘Relevant and reasoned objection’ means an objection to a draft decision as to whether there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of Users and, where applicable, the free flow of Personal Data within the Union;
2. Information collected from the Administrator/User(s)
2.1. Company protects Personal Data in accordance with applicable laws and our data privacy policies. In addition, Company maintains the appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We collect information directly from administrator, as well as automatically through use of our Website, services through the Flock Suites and, in some cases, from third parties.
2.1.1. Information That Our Customers Give is:
- First and last name;
- Email address(es);
- Physical Address;
- Mobile and other phone number(s);
- Date of birth;
- User Profile photos that you upload
- Organization information;
- Messages exchanged through any Flock Product;
- Files and rich media exchanged through any Flock Product;
- Mobile device information, including, without limitation, device type, ID, model number, operating system, application, and related information;
- Calls placed using any Flock Product;
- Payment information, including credit/debit card or other payment account information (payment information is submitted and payment is processed through a secure connection.);
- MAC and/or IP address;
- Any other required account or other information to utilize the Flock Suite.
Additionally, you provide email accounts, userid or other authentication keys in order to connect to third party plugins that we offer such as google drive, onedrive, dropbox etc. Such authentication information is maintained by us to offer seamless integration.
When you use Flock Suite, you also provide us the contacts that you add into our address book. Such personal data of other individuals is also maintained by us.
When users sign-up for a demo they provide us with:
- Company Name
- Contract Number
- Employee Size
2.1.2. Information Collected Automatically: When User use or interact with our Website and services, we receive and store information generated by activity, like Usage Data, and other information automatically collected from browser or mobile device. This information may include IP address; browser type and version; preferred language; geographic location using IP address, wireless, or Bluetooth technology on device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, through, and from our Website, including date and time. We also may log the length of time of visit and the number of times User visit and use the services. We may assign User one or more unique identifiers to help keep track of future visits.
2.1.3. Information from Other Sources: If we receive any information about User from other sources, we may add it to the information we already have about User. For example, if we receive a list of subscribers to a Flock Product and we note that User is a user of our products and also a subscriber, we may combine that information. Examples of information we may receive from other sources includes updated delivery or payment information which we use to correct our records, purchase or redemption information, customer support or enrollment information, page view, search term and search result information from business partners, and credit or identity information which we use to help prevent and detect fraud.
Further we use Google Analytics for analytics and measurement to understand how our services are used. For example, we analyse data about your visits to our sites to do things like optimise product design.
2.1.4. Information from our website visitors: Our website visitors contact us for more information or request for product demos. For this purpose, we generally request for name, email, company name and contact number.
3. How the collected information will be used
3.1. Lawful Basis of processing
We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.
3.2. Use of Customer Data – We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you.
The information collected by Us when customers use the Website and services, shall be used in the manner described below:
- Facilitate use of the Flock Suite, its upgrades, its replacements and to maintain the Flock Suite.
- Process payment and verify payment information;
- Contact and communicate with Customers and Users with respect to Flock Suite;
- Provide technical service and support, including updates;
- Respond to legal requirements, exercise our legal rights or defend against legal claims, to protect our interests, fight fraud or illegal activity, to enforce our policies, or to protect third party rights, property, or safety.
- Customize and/or tailor the Flock Suite and user experience, which may include displaying information based on their search or content from other users.
- Responding to our customer on queries and support issues
Responding to our Customer’s end users on queries and support issues
As part of our contractual agreements with our customers, we also provide their end users with support on queries and technical support. In doing so, we act as processors for our customers and any data collected from such end users is collected on behalf of our customers.
When you give you consent to us for contacting you for marketing purposes by signing up for our blog, demo of Flock or during an event that you attend.
3.4. Users under 16 years of age
4. Disclosure of Personal Information
The following categories of recipients will most likely receive your data in order for us to provide services to you
- Third Party Data Center Services such as AWS
- Third Party SMTP Services such as Sendgrid
- Third Party helpdesk applications/tools for troubleshooting
- Salesforce CRM /Hubspot for direct marketing
- Third party Service Providers
4.2. We may also disclose certain information to third parties solely to help diagnose technical problems, to customers of the Flock Suite, and improve the quality of the services provided by us through the Flock Suite.
4.3. We reserve the right to disclose any personal information as required by law or to respond to legal process, to protect our customer, to protect lives, to maintain the security of our products, and to protect the rights or property of the Company and when we believe, at our sole discretion that disclosure is necessary to protect our rights, protect someone from injury and/or to comply with a judicial proceeding, court order, or legal process served on the Company.
4.4. We also share data with the Company-controlled affiliates and subsidiaries, with vendors working on our behalf.
4.5. When a User accepts the invite to join a team in Flock, to access Flock services, the administrator of the team would: (i) control and administrator Flock services account and (ii) access and process data, including the Contents of communications and files.
5. Cross Border Data Transfers
Since we are an international company, your data will be processed outside of the EU region. Your data will be processed within Third Party Data Centers in USA. Some countries where we process data may not have as protective laws as your own country and there are risks associated with such transfer.
Personal Data we collected may be transferred or be accessible internationally throughout Company’s business and between our entities and affiliates. Any such transfers throughout Company’s business take place in accordance with the applicable data privacy laws. It also means that rights stay the same no matter where data are processed by Company.
6. Customers’ Rights with respect to Processing Personal Data
Customers are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
- Request access to the Personal Data: This right entitles customers to know whether We hold Personal Data about them and, if we do, to obtain information on and a copy of that Personal Data.
- Request a rectification of Personal Data: This right entitles customers to have Personal Data be corrected if it is inaccurate or incomplete.
- Object to the Processing of Personal Data: This right entitles Customer to request that Company no longer Processes Personal Data.
- Request the erasure of Personal Data: This right entitles Customer to request the erasure of Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
- Request the restriction of the processing of Personal Data: This right entitles Customer to request that Company only processes Personal Data in limited circumstances, including with consent.
- Request portability of Personal Data: This right entitles Customer to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that administrators have provided to Company, or request Company to transmit such Personal Data to another data controller.
As a user, you would need to submit a request via your administrator to request for deletion, opt-out or to receive a copy of your data. If we receive a request directly from you, the same will be forward to the administrator for your team for approval.
To the extent that the processing of Personal Data is based on Consent, Customers have the right to withdraw such Consent at any time by contacting Company’s Data Privacy Officer. Please note that this will not affect Company’s right to process Personal Data obtained prior to the withdrawal of consent, or its right to continue parts of the processing based on other legal basis other than consent.
7.2. We may use third party cookies to track visitor behaviour and to improve the quality of our services. However, such cookies will not store any kind of personal information, nor will such information be disclosed to any third party.
7.3. These cookies are intended to be automatically cleared or deleted when the User quits the browser application. User are encouraged to use the “clear cookies” functionality of browser to ensure such clearing / deletion, since it is impossible for us to guarantee, predict or provide for the behaviour of system. User have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Users browser and other choices may impact experiences with our products.
7.4. The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal development and maintenance of the Flock Suite and to retarget and remarket Flock Suite and our partner products to User.
8. Third Party Links
8.1. We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the User’s use of them, or the information practices of their operators.
9. Data Security Procedures
9.1. We maintain organizational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake to protect any kind of personal sensitive information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
We adopt market leading security measures to protect Personal Data.
9.2. Regarding use of our Websites, User should understand that the open nature of the internet is such that information and Personal Data flows over networks connecting User to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
10. Retention of Information
10.1. We will retain Personal Data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria:
- We retain Data as long as we have an ongoing relationship with our Customer. Once our customers choose to close their accounts, the information is deleted within 30 days of such closure. When you decide to close your account, we delete all personal information about you including any user generated content.
- We will only keep the data while account is active or for as long as needed to provide services.
- We retain data for as long as needed in order to comply with our legal and contractual obligations.
11.1. If the Customer wishes to opt- out of receiving non-essential (promotional, marketing-related) communications from us, after setting up an account, they may choose to do so by making such preference changes within the application or contacting us at email@example.com
12. Governing Law
You may contact us at our mailing address below:
Riva FZC, Business Center,
Business Park, RAK Economic Zone,
Ras Al Khaimah, United Arab Emirates
Please write to us at firstname.lastname@example.org if:
- Customers and visitors have a general question about how Company protects Personal Data.
- Customers and visitors wish to exercise rights in relation to Personal Data rights.
- Customers and visitors wish to make a complaint about Company’s use of data.
You can contact our Data Privacy Officer at email@example.com.
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If, despite our commitment and efforts to protect Personal Data, you believe that your data privacy rights have been violated, We encourage and welcome customer to come to Company first to seek resolution of any complaint. Customers have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Company with a competent court.