Skip to content
NEWIntroducing Oneflow AI - Join the waitlist
NEWIntroducing Oneflow AI - Join the waitlist
Get a demo

Privacy notice

Updated March, 2025

Oneflow is committed to respecting your privacy and wants everyone who interacts with us to be confident that we process their personal information respectfully in accordance with applicable privacy legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”).

Under the GDPR, you have the right to receive certain information when we process personal data about you such as what categories of data we process, our purpose and legal ground for the processing, how we share your data, which rights you have and how you proceed to exercise them.

This privacy notice page, which we periodically update to ensure it is accurate and reflects all relevant processing activities, explains how Oneflow collects and uses personal data about two categories of data subjects, namely:

  • our B2B relations; and 
  • visitors to our website and other digital platforms

Cookies:

Oneflow uses cookies when you visit www.oneflow.com, for more information in this regard please see our cookie statement here.

What is personal data?

    Personal data is all kinds of information that can be directly or indirectly linked to a living natural person, for example name, e-mail address, telephone number and IP address.

    Who is the data controller of the personal data processing activities described here?

      This Privacy Notice applies to Oneflow AB reg. no. 556903-2889 with headquarters at Gävlegatan 12A in Stockholm; and its affiliated subsidiaries including Oneflow AB filial i Finland, Oneflow England Ltd., Oneflow Norge AS, Oneflow B.V. and Oneflow SAS (collectively, “Oneflow,” or “we“, “us“, “our“). 

      Contact, questions and complaints

      We regularly review our compliance with this Privacy Notice. Questions, comments and requests regarding this Privacy Notice and your rights are welcomed and should be addressed in the first instance to support@oneflow.com subject: “Privacy”.

      If Oneflow does not satisfactorily answer your question or handle your request, you have the right to send a complaint to the supervisory authority such as the Swedish Authority for Privacy Protection “IMY” (https://www.imy.se/en/) or any other EU national data protection authority (https://www.edpb.europa.eu/about-edpb/about-edpb/members_en). If you are located in the UK or your matter is related to the UK, you can make a complaint with the Information Commissioner’s Office “ICO” (https://ico.org.uk/make-a-complaint/). 

      All Oneflow employees have relevant knowledge on data protection and we have a dedicated data protection team that focuses specifically on ensuring that we process your personal data correctly. 

      Oneflow as a data processor

      Oneflow also processes personal data on behalf of data controllers (mainly applicable to personal data processed by our customers through the Oneflow services) i.e. as a “data processor”. If you want information about how your personal data is processed in these circumstances, we refer you to the applicable data controller such as your employer if you have a question on the processing of your personal data in connection with using the Oneflow platform as part of performing your work duties.

      What are your rights?

      The GDPR provides you with certain specific legal rights that you can enforce against us, a summary of these rights follows below.

      Right of access/extract from our registers. You have the right to be provided with information on what personal data we process about you. Upon your request, we will provide you with information in writing about our processing of your personal data.

      Right to rectification. You have the right to request that we correct any erroneous or incomplete personal data that we process about you.

      Right to erasure of certain data. You have the right to request that we delete your personal data under certain conditions, for example if your personal data is no longer necessary for the purpose for which we collected the data, if the processing is based on your consent and you have withdrawn such consent, if you object to a weighing of legitimate interests we have carried out and support for our legitimate interest is lacking, if your personal data was processed in an unlawful manner or if your personal data has to be deleted in order to fulfil a legal obligation.

      In certain cases, we must save your personal data despite your request, due to mandatory legal requirements such as bookkeeping- and tax legislation, or if we need to keep certain data in our systems in order to establish, enforce or defend a legal claim.

      Right to restriction of processing of your personal data. You have the right to demand a restriction of our processing of your personal data in certain situations. If, for example, you have informed us that personal data we process about you is incorrect and we haven’t yet corrected it, you can request a restriction of our processing until the personal data has been corrected.

      Right to data portability. You have the right to request a copy of the personal data you have provided us with in a structured and machine-readable format. Provided that it is technologically possible – at our discretion – you also have the right to request that we transfer this personal data to another data controller. 

      Right to object to our processing of personal data. You have the right, under certain conditions, to object to our processing of your personal data. This right applies to such processing activities that are based on our legitimate interest as the legal ground. Upon an objection to our processing we may still have to continue certain processing activities relating to your personal data despite such requests if we have compelling legitimate reasons for such processing that outweigh your interests.

      For visitors to our website and other digital platforms

      Purpose and legal ground for the processing of your personal data

      When you visit Oneflow’s website, we use cookies to make our website work as well as possible and to understand at a general level how our visitors interact with the website, as well as facilitate your request for a product demo. The information collected is anonymized and Oneflow does not collect any personal information about you through cookies. Read more in Oneflow’s information about cookies (Cookie Statement) [here].

      When you contact Oneflow through a contact form on our website, we may process your email address, name and any other information submitted by you through such form for the purpose of administering the matter you need help with. Your email address, telephone number and name are processed in order to be able to communicate with you in your matter. The legal basis for the processing is a balancing of interests and is motivated by Oneflow’s legitimate interest in being able to identify you and provide you with support regarding our services.

      When you visit Oneflow’s accounts or pages on social media or digital platforms which is not the Oneflow website (“External Platform”) we, together with such External Platform, process any personal data that you provide to us through reactions, instant messages or comments on our posts/digital content. Oneflow urges visitors not to publish or submit any personal information on/via Oneflow’s External Platforms, and kindly asks you to instead contact our customer service (support@ondeflow.com) if you have any personal questions/questions about a certain customer matter. Read more about how Oneflow processes your personal data if you apply for a job or internship at Oneflow under the section “Careers”. 

      Regarding External Platforms , your personal data is processed within the framework of Oneflow’s user accounts on such External Platform in order for Oneflow to answer any questions or comments that you may have and choose to publish/submit via these External Platforms. The legal basis for such processing is a balancing of your and Oneflow’s interests and is motivated by Oneflow’s legitimate interest in being able to provide information about our services and communicate with the people who want to interact with us via these External Platforms.

      Where is your personal data processed?

      Oneflow’s processing of visitors’ personal data regarding customer service enquiries or booking of a product demo will primarily be processed within the EU/EEA, but may also be transferred to a country outside the EU/EEA, such as the United States, if we use a supplier for such processing who uses servers or sub-suppliers outside the EU/EEA. In such cases, Oneflow takes all appropriate legal, technological and organizational measures to ensure that your personal data is processed safely, and with an adequate level of security comparable to the level of protection offered within the EU/EEA.

      The processing of personal data on External Platforms may take place both outside and within the EU/EEA, depending on the general terms and conditions you have entered into with said External Platform providers.

      Who has access to your personal data?

      Your personal data will never be sold to third parties. Moreover, it will not be passed on or used for purposes other than those specified and described above.

      Oneflow takes all appropriate legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection. This applies both internally at Oneflow and moreover in case your personal data is transferred to or shared with such selected third parties that Oneflow collaborates with for the provision of our website, customer service, and External Platforms. Only individuals who need to process your personal data in accordance with the purposes described above have access to your personal data.

      Oneflow may share your personal information with – or process it with the help of – suppliers hired by us. Such parties can either be personal data processors to Oneflow, i.e. companies that process your personal data on behalf of Oneflow according to our instructions (e.g. providers of IT- and communication services), or independent data controllers who are responsible for their processing of your personal data (e.g. law firms or auditing firms that Oneflow hires and which, in connection with the performance of their assignment, have access to your personal data and processes it in accordance with their procedures and requirements applicable to their business). Oneflow is responsible for any such sharing of your personal data to such third parties for processing to take place in accordance with the GDPR.

      How long is your personal data stored?

      Oneflow only stores your personal data as long as it is necessary in order to carry out the purposes for the processing described above. We have established internal deletion routines, based on the principle that personal data shall not be stored longer than necessary for fulfilling the respective purposes.

      Oneflow stores personal data processed within the framework of your customer service enquiries for up to 365 days. Said storage time is necessary for Oneflow to be able to help you and follow up on your enquiries.

      Oneflow stores personal data processed within the framework of your demo requests for up to 365 days. Said storage time is necessary for Oneflow to be able to help you and follow up on your request.

      Oneflow stores personal information that we process about you through instant messages or comments on digital content related to activities on External Platforms until you choose to delete them. This storage time is necessary for Oneflow to be able to display the reactions and comments you have chosen to leave during the time you want them to be visible. However, Oneflow may remove reactions or comments on our posts if we find them inappropriate or if otherwise necessary to fulfil our obligations under the GDPR or the Swedish law on bulletin board systems (Sw. Lagen om ansvar för elektroniska anslagstavlor (1998:112)).

      For our B2B Relations

      Purposes and legal grounds for the processing of your personal data

      All personal data that is processed about you aims to maintain or establish and administer the business relationship between you and/or the organisation you represent and Oneflow. Oneflow records digital meetings with customer representatives from time to time for the purpose of recording and reviewing the recordings of the meetings for internal note-taking, educational and training purposes inclduing to improve the quality of our customer service. The legal ground for these processing acitivities are Oneflow’s legitimate interest to improve our customer service. 

      You have the right to object to our processing of your personal data in relation to the recorded online meetings. 

      Who has access to your personal data?

      Oneflow may process your personal data with the help of suppliers hired by us. Such parties are personal data processors to Oneflow i.e. companies that process your personal data on behalf of Oneflow according to our instructions. It is Oneflow’s responsibility to ensure that any sharing of your personal data to such third parties is done in accordance with the GDPR.

      Personal data collected through the recordings of online meetings will only be processed within the EU/EEA. 

      How is your personal data collected?

      You can directly or indirectly give us information about yourself in a number of different ways, such as when you send us an e-mail, submit a request through our website, get in touch by phone, attend a meeting with us or if you meet one of our representatives and give them your contact information (e.g. business card ). Oneflow may also collect personal information about your employer in connection with entering into an agreement between Oneflow and the organisation you represent, such as if you appear as company signatory or are given as the contact person for a certain contract or for a certain matter. We could also collect certain information about you by other means, such as through external partners providing us with your contact information or searches for “contact person / function at company X”.

      Which type of personal data is processed?

      The categories of personal data that we typically process about you are e-mail address, name, telephone number, workplace and title. If your organisation has a customer relationship with Oneflow, we also process data related to such customer relationship such as customer number, password for customer account, notes/events and transaction data relating to the account, invoicing data, payment information and information relating to signed agreement and credit checks conducted (where applicable). 

      If you have a business relationship with us as a sole trader, your personal identity number, account number and residential address/invoicing address may be processed in addition to the information specified above if this is required in order for Oneflow to be able to identify you as a customer or fulfil other purposes for the processing.

      Which are the purposes and legal grounds for the processing?

      The purposes for our processing of your personal data are that we must be able to communicate with you in order to maintain or establish a business relationship with you and/or the organisation that you represent and, where necessary, to complete and administer the contractual relationship with your employer, manage the Oneflow customer account, invoices/payments and communicate with you within the framework of the contractual relationship. In relevant cases, we also need to process your data with the aim of meeting our legal obligations, such as in accordance with accounting-, tax- and bookkeeping laws. 

      Our legal basis for the processing is our legitimate interests in administering our customer relations and communicating with you in such regard in your professional capacity. If you have a business relationship with us as a sole trader, our legal basis could also be our contract with you or the organization that you represent (where relevant). The processing activities required for our bookkeeping and accounting or to manage legal matters are carried out with Oneflow’s legal obligations as the legal basis.

      Where is your personal data processed?

      Oneflow’s processing of your personal data will primarily be processed within the EU/EEA but may also be transferred to a country outside the EU/EEA, such as the United States, if we use a supplier for the processing who uses servers or sub-suppliers outside the EU/EEA. In such cases, Oneflow takes all appropriate legal, technological and organizational measures to ensure that your personal data is processed safely, and with an adequate level of security comparable to the level of protection offered within the EU/EEA.

      Who has access to your personal data?

      Your personal data will never be sold to third parties. Moreover, it will not be passed on or used for purposes other than those specified and described above.

      Oneflow takes all appropriate legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection. This applies both internally at Oneflow and moreover in case your personal data is transferred to or shared with such selected third parties that Oneflow collaborates with for the provision of our website, customer service and External Platforms. Only individuals who need to process your personal data in accordance with the purposes described above have access to your personal data.

      Oneflow may share your personal information with – or process it with the help of – suppliers hired by us. Such parties can either be personal data processors to Oneflow, i.e. companies that process your personal data on behalf of Oneflow according to our instructions (e.g. providers of IT- and communication services), or independent data controllers who are responsible for their processing of your personal data (e.g. law firms or auditing firms that Oneflow hires and which, in connection with the performance of their assignment, have access to your personal data and processes it in accordance with their procedures and requirements applicable to their business). Oneflow is responsible for any such sharing of your personal data to such third parties for processing takes place in accordance with the GDPR.

      How long is your personal data stored?

      Oneflow only stores your personal data as long as it is necessary in order to carry out the purposes for the processing described above. We have established internal deletion routines, based on the principle that personal data shall not be stored longer than necessary for fulfilling the respective purposes.The recordings of the online meetings are stored as long as it is necessary in order to carry out the purposes for the processing described above, and for a maximum period of 365 days.

      Oneflow process personal data about our business relations for as long as we have an active business relation with you and thereafter a maximum of 365 after the business relationship has ended (or earlier if you have been replaced by another contact person/representative or otherwise announced that you no longer want us to process your personal data). When the business relationship terminates or when we otherwise decide that your personal data will no longer be stored for the purposes specified above, personal data will be deleted (or anonymized), except for such data that we are required by law to save for a longer time period (e.g. by virtue of tax-, bookkeeping- or accounting legislation). After your personal data has been deleted as described above, your name and contact information may continue to appear in archived agreements and related documentation in cases where Oneflow is obliged to save such material in accordance with law or other legal obligations.