Privacy notice


Updated September 17th, 2020

We care about your privacy

Oneflow applies and adheres to prevailing regulatory frameworks pertaining to the processing of personal data. 

This page explains how Oneflow AB (“Oneflow”) collects and uses personal data about two categories of data subjects, namely:

  • our B2B relations; and 
  • visitors to our website and other digital platforms

Oneflow reserves the right to make changes to this Privacy Notice. Any such changes will be published on www.oneflow.com.

Latest update to this Privacy Notice was made on: 2020-09-15.

Cookies:

Oneflow uses cookies when you visit www.oneflow.com, for more information in this regard please see our cookie statement [here].

  • What is personal data?

Personal data is all kind of information that can be directly or indirectly linked to a living natural person, for example name, e-mail address, telephone number and IP address. 

  • Who controls your personal data (data controller)?

The data controller for the processing of personal data described in this privacy notice is:

Oneflow AB, reg.no. 556903-2989

Hudiksvallsgatan 8, 113 30 Stockholm

Mail: security@Oneflow.com

All Oneflow employees have basic knowledge on data protection and we have a dedicated data protection team that focuses specifically on ensuring that we process your personal data correctly. 

Oneflow as a data processor

Oneflow also processes personal data on behalf of data controllers (mainly applicable to personal data processed by our customers through the Oneflow services) i.e. as a “data processor”. If you want information about how your personal data is processed in these circumstances, we refer you to the applicable data controller as they are responsible for the processing of personal data in such regard.

  • What are your rights?

The GDPR provides you with certain specific legal rights that you can enforce against us, a summary of these rights follows below.

Right of access/extract from our registers. You have the right to be provided with information on what personal data we process about you. Upon your request, we will provide you with information in writing about our processing of your personal data.

Right to rectification. You have the right to request that we correct any erroneous or incomplete personal data that we process about you.

Right to erasure of certain data. You have the right to request that we delete your personal data under certain conditions, for example if your personal data is no longer necessary for the purpose for which we collected the data, if the processing is based on your consent and you have withdrawn such consent, if you object to a weighing of legitimate interests we have carried out and support for our legitimate interest is lacking, if your personal data was processed in an unlawful manner or if your personal data has to be deleted in order to fulfil a legal obligation.

In certain cases, we must save your personal data despite your request, due to mandatory legal requirements such as bookkeeping- and tax legislation, or if we need to keep certain data in our systems in order to establish, enforce or defend a legal claim.

Right to restriction of processing of your personal data. You have the right to demand a restriction of our processing of your personal data in certain situations. If, for example, you have informed us that personal data we process about you is incorrect and we haven’t yet corrected it, you can request a restriction of our processing until the personal data has been corrected.

Right to data portability. You have the right to request a copy of the personal data you have provided us with in a structured and machine-readable format. Provided that it is technologically possible – at our discretion – you also have the right to request that we transfer this personal data to another data controller. 

Right to object to our processing of personal data. You have the right, under certain conditions, to object to our processing of your personal data. This right applies to such processing activities that are based on our legitimate interest as the legal ground. Upon an objection to our processing we may still have to continue certain processing activities relating to your personal data despite such requests if we have compelling legitimate reasons for such processing that outweigh your interests.

  • Contact, questions and complaints

If you have any questions regarding our processing of your personal data, or if you would like to invoke any of your rights – please contact us at security@Oneflow.com.

If you have a complaint regarding Oneflow’s processing of your personal data, you have the right to submit such complaint to a Data Protection Authority (e.g. Datainspektionen in Sweden (www.datainspektionen.se) or any other Data Protection Authority within the EU). 

For visitors to our website and other digital platforms

  • Purpose and legal ground for the processing of your personal data

When you visit Oneflow’s website, we use cookies to make our website work as well as possible and to understand at a general level how our visitors interact with the website, as well as facilitate your request for a product demo. The information collected is anonymized and Oneflow does not collect any personal information about you through cookies. Read more in Oneflow’s information about cookies (Cookie Statement) [here].

When you contact Oneflow through a contact form on our website, we may process your email address, name and any other information submitted by you through such form for the purpose of administering the matter you need help with. Your email address, telephone number and name are processed in order to be able to communicate with you in your matter. The legal basis for the processing is a balancing of interests and is motivated by Oneflow’s legitimate interest in being able to identify you and provide you with support regarding our services.

When you visit Oneflow on Facebook, we, together with Facebook, process any personal data that you provide to us through reactions, instant messages or comments on our posts. Oneflow urges visitors not to publish or submit any personal information on/via Oneflow’s Facebook page, and kindly asks you to instead contact our customer service if you have any personal questions/questions about a certain customer matter.

When you visit Oneflow on Twitter, Oneflow, together with Twitter, processes any personal information you provide to us through reactions, instant messages or comments on our posts. Oneflow urges visitors not to publish or submit any personal information on/via Oneflow’s Twitter, and kindly asks you to instead contact our customer service if you have any personal questions/questions about a certain customer matter.

When you visit Oneflow on LinkedIn, Oneflow, together with LinkedIn, processes any personal information you provide to us through reactions, instant messages or comments on our posts. Read more about how Oneflow processes your personal data if you apply for a job or internship at Oneflow under the section “Careers”. Oneflow urges visitors not to publish or submit any personal information on/via Oneflow’s LinkedIn, and kindly asks you to instead contact our customer service if you have any personal questions/questions about a certain customer matter.

When you visit Oneflow on YouTube, we, together with YouTube, process any personal data that you provide to us through reactions, instant messages or comments on our posts and videos. Oneflow urges visitors not to publish or submit any personal information on/via Oneflow’s YouTube page, and kindly asks you to instead contact our customer service if you have any personal questions/questions about a certain customer matter.

Regarding digital platforms, other than Oneflow’s webpage, your personal data is processed within the framework of Oneflow’s user accounts on Facebook, Twitter, LinkedIn and YouTube in order for Oneflow to answer any questions or comments that you may have and choose to publish/submit via these platforms. The legal basis for such processing is a balancing of your and Oneflow’s interests and is motivated by Oneflow’s legitimate interest in being able to provide information about our services and communicate with the people who want to interact with us via these platforms.

  • Where is your personal data processed?

Oneflow’s processing of visitors’ personal data regarding customer service enquiries or booking of a product demo will primarily be processed within the EU/EEA, but may also be transferred to a country outside the EU/EEA, such as the United States, if we use a supplier for such processing who uses servers or sub-suppliers outside the EU/EEA. In such cases, Oneflow takes all appropriate legal, technological and organizational measures to ensure that your personal data is processed safely, and with an adequate level of security comparable to the level of protection offered within the EU/EEA.

The processing of personal data on Facebook, Twitter, LinkedIn and YouTube can take place both outside and within the EU/EEA, depending on the general terms and conditions you have entered into with said digital platform providers.

  • Who has access to your personal data?

Your personal data will never be sold to third parties. Moreover, it will not be passed on or used for purposes other than those specified and described above.

Oneflow takes all appropriate legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection. This applies both internally at Oneflow and moreover in case your personal data is transferred to or shared with such selected third parties that Oneflow collaborates with for the provision of our website, customer service, Facebook-, Twitter-, LinkedIn- and YouTube page. Only individuals who need to process your personal data in accordance with the purposes described above have access to your personal data.

Oneflow may share your personal information with – or process it with the help of – suppliers hired by us. Such parties can either be personal data processors to Oneflow, i.e. companies that process your personal data on behalf of Oneflow according to our instructions (e.g. providers of IT- and communication services), or independent data controllers who are responsible for their processing of your personal data (e.g. law firms or auditing firms that Oneflow hires and which, in connection with the performance of their assignment, have access to your personal data and processes it in accordance with their procedures and requirements applicable to their business). Oneflow is responsible for any such sharing of your personal data to such third parties for processing takes place in accordance with the GDPR.

  • How long is your personal data stored?

Oneflow only stores your personal data as long as it is necessary in order to carry out the purposes for the processing described above. We have established internal deletion routines, based on the principle that personal data shall not be stored longer than necessary for fulfilling the respective purposes.

Oneflow stores personal data processed within the framework of your customer service enquiries for up to 365 days. Said storage time is necessary for Oneflow to be able to help you and follow up on your enquiries.

Oneflow stores personal data processed within the framework of your demo requests for up to 365 days. Said storage time is necessary for Oneflow to be able to help you and follow up on your request.

Oneflow stores personal information that we process about you through instant messages or comments on Facebook, Twitter, LinkedIn and Youtube. Reactions and comments on our public posts are saved until you choose to delete them. This storage time is necessary for Oneflow to be able to display the reactions and comments you have chosen to leave during the time you want them to be visible. However, Oneflow may remove reactions or comments on our posts if we find them inappropriate or if otherwise necessary to fulfil our obligations under the GDPR or the Swedish law on bulletin board systems (Sw. Lagen om ansvar för elektroniska anslagstavlor (1998:112)).

For our B2B Relations

  • Purposes and legal grounds for the processing of your personal data

All personal data that is processed about you aims to maintain or establish and administer the business relationship between you and/or the organisation you represent and Oneflow.  

How is your personal data collected?

You can directly or indirectly give us information about yourself in a number of different ways, such as when you send us an e-mail, submit a request through our website, get in touch by phone or if you meet one of our representatives and give them your contact information (e.g. business card ). Oneflow may also collect personal information about your employer in connection with entering into an agreement between Oneflow and the organisation you represent, such as if you appear as company signatory or are given as the contact person for a certain contract or for a certain matter. We could also collect certain information about you by other means, such as through searches for “contact person / function at company X”. 

Which type of personal data is processed?

The categories of personal data that we typically process about you are e-mail address, name, telephone number, workplace and title. If your organisation has a customer relationship with Oneflow, we also process data related to such customer relationship such as customer number, password for customer account, notes/events and transaction data relating to the account, invoicing data, payment information and information relating to signed agreement and credit checks conducted (where applicable).

If you have a business relationship with us as a sole trader, your personal identity number, account number and residential address/invoicing address may be processed in addition to the information specified above if this is required in order for Oneflow to be able to identify you as a customer or fulfil other purposes for the processing.

Which are the purposes and legal grounds for the processing?

The purposes for our processing of your personal data are that we must be able to communicate with you in order to maintain or establish a business relationship with you and/or the organisation that you represent and, where necessary, to complete and administer the contractual relationship with your employer, manage the Oneflow customer account, invoices/payments and communicate with you within the framework of the contractual relationship. In relevant cases, we also need to process your data with the aim of meeting our legal obligations, such as in accordance with accounting-, tax- and bookkeeping laws. 

Our legal basis for the processing is our legitimate interests in administering our customer relations and communicating with you in such regard in your professional capacity. If you have a business relationship with us as a sole trader, our legal basis could also be our contract with you or the organization that you represent (where relevant). The processing activities required for our bookkeeping and accounting or to manage legal matters are carried out with Oneflow’s legal obligations as the legal basis.

  • Where is your personal data processed?

Oneflow’s processing of your personal data will primarily be processed within the EU/EEA but may also be transferred to a country outside the EU/EEA, such as the United States, if we use a supplier for the processing who uses servers or sub-suppliers outside the EU/EEA. In such cases, Oneflow takes all appropriate legal, technological and organizational measures to ensure that your personal data is processed safely, and with an adequate level of security comparable to the level of protection offered within the EU/EEA.

  • Who has access to your personal data?

Your personal data will never be sold to third parties. Moreover, it will not be passed on or used for purposes other than those specified and described above.

Oneflow takes all appropriate legal, technical and organizational measures to ensure that your personal data is handled securely and with an adequate level of protection. This applies both internally at Oneflow and moreover in case your personal data is transferred to or shared with such selected third parties that Oneflow collaborates with for the provision of our website, customer service, Facebook-, Twitter-, LinkedIn- and YouTube page. Only individuals who need to process your personal data in accordance with the purposes described above have access to your personal data.

Oneflow may share your personal information with – or process it with the help of – suppliers hired by us. Such parties can either be personal data processors to Oneflow, i.e. companies that process your personal data on behalf of Oneflow according to our instructions (e.g. providers of IT- and communication services), or independent data controllers who are responsible for their processing of your personal data (e.g. law firms or auditing firms that Oneflow hires and which, in connection with the performance of their assignment, have access to your personal data and processes it in accordance with their procedures and requirements applicable to their business). Oneflow is responsible for any such sharing of your personal data to such third parties for processing takes place in accordance with the GDPR.

  • How long is your personal data stored?

Oneflow only stores your personal data as long as it is necessary in order to carry out the purposes for the processing described above. We have established internal deletion routines, based on the principle that personal data shall not be stored longer than necessary for fulfilling the respective purposes.

Oneflow process personal data about our business relations for as long as we have an active business relation with you and thereafter a maximum of 365 after the business relationship has ended (or earlier if you have been replaced by another contact person/representative or otherwise announced that you no longer want us to process your personal data). When the business relationship terminates or when we otherwise decide that your personal data will no longer be stored for the purposes specified above, personal data will be deleted (or anonymized), except for such data that we are required by law to save for a longer  time period (e.g. by virtue of tax-, bookkeeping- or accounting legislation). After your personal data has been deleted as described above, your name and contact information may continue to appear in archived agreements and related documentation in cases where Oneflow is obliged to save such material in accordance with law or other legal obligations.