Last Updated: 2023-12-18
Conflict Between this Policy and Laws and Regulations
INFORMATION WE COLLECT
We collect information that personally identifies, relates to, describes, or is capable of being associated with you (“Personal Information”), including:
- Identifiers such as name, email address, IP address, billing address, phone number, device ID;
- Commercial Information such as transaction history, payment method information, content of correspondence with us such as emails, chats, or text messages, crash reports, usage analytics, customer satisfaction surveys;
- User-Created Data such as events, tasks, meeting proposals, reminders, contacts, calendar names, meeting templates, notes; and
- Geolocation Information (approximate).
The specific Personal Information we collect about you may vary based on how you use the Sites and/or Services and your relationship with us such as if you are a user of our products or if you are a contact person for a company with which we do business.
We may retain the content of text messages or other written/electronic communications between you and us. By communicating with us, you consent to our recording and retention of communications.
HOW WE COLLECT INFORMATION
We may ask you to provide us with Personal Information when you communicate with us (online or offline), use the Sites, purchase Services, and at other times. You are not required to provide us your Personal Information; however, if you choose not to provide the requested information, you may not be able to use some or all of the features of the Sites or Services or we may not be able to fulfill your requested interaction.
HOW WE USE AND DISCLOSE INFORMATION
We use Personal Information for general business purposes, such as:
|Categories of Personal Information Processed
|Provide you with access to and use of our Sites and Services
|Process payments, returns, or exchanges
|Service your account and provide support for your use of the Sites and Services
|Conduct surveys or market research
|Design, develop, and improve our Sites and Services
|Market our products to you
|Perform data analytics
|Operate physical security, information security, anti-fraud, and loss prevention programs
|Respond to governmental and other legal requests
|Meet our legal obligations and obtain legal advice
|Perform day-to-day business operations such as accounting and internal reporting
If we collect or process anonymized information from you or about your use of our Sites or Services, we commit that we will not attempt to re-identify the information to make it personally identifiable.
We may from time to time establish a relationship with other businesses to provide services to us which may include corporate affiliates (“Service Providers”), including for:
- Provision of the Sites and Services;
- Facilitating marketing and non-marketing communications;
- Marketing design and development;
- Business analytics (both marketing and non-marketing related);
- IT and network administration and support such as application development and support, crash reporting, data storage and management, website hosting, and data security;
- Promotional event design and administration;
- Payment processing;
- Professional services such as legal and accounting;
- Obtaining legal records;
- Collection of accounts; and
- Day-to-day business operations such as courier services, facilities management, and document destruction.
We only provide our Service Providers with the Personal Information necessary for them to perform these services on our behalf. Each Service Provider is expected to use reasonable security measures appropriate to the nature of the information involved to protect your Personal Information from unauthorized access, use, or disclosure. Service Providers are prohibited from using Personal Information other than as specified by us.
You may also be asked to provide Personal Information directly to a Service Provider. For example, we may connect you with a payment processor and request that you provide Personal Information directly to them.
Additional information about certain Service Providers we use to whom we disclose your Personal Information can be found in our Privacy at Flexibits FAQ.
Third-Party Selling and Targeted Advertising
We do not sell your Personal Information to third parties under any circumstance. We also do not share your Personal Information with third parties for targeted advertising or cross-context behavioral advertising purposes.
We may disclose your Personal Information to third parties upon your request or if you are using a function of our Services that requires such disclosure. For example, we may disclose certain Personal Information if you request that we share a calendar invitation to a third party, we may disclose your approximate geolocation with AccuWeather if your application provides the weather at your location but we will not do so in a way that identifies you, or we may permit you to integrate our Services with Apple Maps.
OTHER PRIVACY AND SECURITY PROVISIONS
We recognize the importance of safeguarding the confidentiality of Personal Information from loss, misuse, or alteration. Accordingly, we employ commercially reasonable administrative, technical, and physical safeguards to protect such Personal Information from unauthorized access, disclosure, and use. Even with these safeguards, no data transmission over the Internet or other network can be guaranteed 100% secure. As a result, while we strive to protect information transmitted on or through our Sites or Services, you do so at your own risk.
Other Websites & App Stores
Please be aware that third-party websites or app stores accessible through the Sites or recommended through our Services may have their own privacy and data collection policies and practices. We are not responsible for any actions, content of websites, or privacy policies of such third parties. You should check the applicable privacy policies of those third parties when providing information.
Compliance with Laws and Law Enforcement
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose Personal Information and any other information about you to government or law enforcement officials or private parties if, in our discretion, we believe it is necessary or appropriate to respond to legal requests (including court orders, investigative demands, and subpoenas), to protect the safety, property, or rights of ourselves, consumers, or any other third party, to prevent or stop any illegal, unethical, or legally actionable activity, or to comply with law. We have not made any such disclosures in the past twelve months.
We may disclose Personal Information among businesses controlling, controlled by, or under common control with us. If we are merged, acquired, or sold, or in the event of a transfer of some or all of our assets, we may disclose or transfer Personal Information in connection with such transaction. We have not made any such disclosures in the past twelve months.
How Long We Retain Your Data
We retain your Personal Information in accordance with our record retention policies that factor in our business needs, providing reasonable support to you, and our legal, regulatory, tax, and/or accounting obligations. For example, certain Personal Information that we collect in connection with a support ticket, such as attachments to support tickets, are typically retained for no longer than six months. However, purchase and payment history may be retained for longer. If you have particular questions regarding our record retention policies, you may contact us.
The Sites and Services are not intended for children under the age of 18 and we do not knowingly collect Personal Information from children under the age of 18. If we become aware that we have inadvertently received Personal Information from a child under the age of 18, we will delete such information from our records.
ADDITIONAL UNITED STATES PRIVACY RIGHTS
If you are a resident of California, Colorado, Connecticut, Utah, or Virginia you have additional rights to access and control your Personal Information. Exemptions may apply.
Right to Know
You have the right to request twice per 12-month period that we provide you (i) the categories or specific pieces of Personal Information we collected about you; (ii) the categories of sources from which your Personal Information was collected; (iii) the business or commercial purpose(s) for which we collected your Personal Information; (iv) the categories of Third Parties with whom we shared your Personal Information (if any); (v) the categories of Third Parties to whom we sold your Personal Information (if any); and (vi) our business or commercial purposes for selling/sharing Personal Information (if sold or shared). We are not permitted to provide access to specific pieces of Personal Information if the Personal Information is sensitive or creates a high risk of potential harm from disclosure to an unauthorized person such as payment method information. We will not provide specific pieces of Personal Information unless you expressly request them.
Right to Deletion
You have the right to request that we delete any Personal Information we have collected about you. Please understand that we are not required to honor a deletion request if a legal exemption applies such as if we need the information to complete a requested or reasonably anticipated transaction, help ensure security, enable internal uses that are reasonably aligned with your expectations, or comply with legal obligations.
Right to Correction
You may request that we correct information you believe to be inaccurate. When you make your request, please be sure to provide us the specific information that you believe is inaccurate and the correct information. You should also provide us with any documentation you believe supports your proposed correction, and we will take that documentation into consideration. We will only correct the information if we determine, based on the totality of the circumstances, that your correction is more likely than not accurate. We may also choose to delete the allegedly inaccurate information instead of correcting it.
Right to Appeal
You have the right to appeal our decision to deny, in full or in part, your exercise of privacy rights by submitting a request to appeal. If we deny your appeal, we will provide you with a written explanation of the reasons for our decision. If you are not satisfied with our explanation for the denial of your appeal, you may contact your state Attorney General to submit a complaint about the appeal results.
Submitting a Request
You may submit your request(s) by using our online privacy request form or by calling us at 1 (855) 207-7171.
After you submit your request, we may contact you to obtain additional information necessary to verify your identity. For example, we may require you to verify certain information in our files or submit a signed declaration under penalty of perjury verifying your identity. We will not process requests without verifying your identity, so please respond promptly. If you do not timely respond to our requests for information, we may deny your request.
We will process verified Right to Know, Deletion, and Correction requests within 45 days of receipt, subject to any applicable exemptions and extensions permitted by law up to 90 days. We will process verified Appeals within the timeframe prescribed by applicable state law, but generally within 45 days of receipt. If you request access to specific Personal Information and that information creates a high risk of potential harm from disclosure to an unauthorized person, we will withhold that information and replace it with a category identifier and/or redacted information. For example, if we withhold a payment card number, we will inform you that we have a payment card number on file and we may provide you with the card type and the last four digits of the card number. If you have an online account with us, we will provide the response to your request via the online account, otherwise, we will give you the option to choose between mail and electronic delivery. We will retain a copy of your request, including your deletion request, for at least two years as required by law.
If you are an authorized agent submitting a request on behalf of another person, you must provide a copy of a lawful power of attorney or a written signed authorization from the consumer along with proof of your identity. You may provide this documentation via email to [email protected] after submitting the request. We may contact you and the person on whose behalf you claim to act to verify your identity, the person’s identity, and your authorization to act on the person’s behalf.
California “Do Not Track” Disclosure
Do Not Track is a web browser privacy preference that causes the web browser to broadcast a signal to websites requesting that a user’s activity not be tracked. If Do Not Track is enabled, we do not collect information about your use of our Sites.
ADDITIONAL INFORMATION FOR PERSONS LOCATED IN THE EUROPEAN ECONOMIC AREA, SWITZERLAND, OR THE UNITED KINGDOM
Flexibits informs you below in accordance with Art. 12, 13 GDPR about the processing of personal data by the Fantastical and Cardhop services as well as about your respective privacy rights.
You will find a list of personal data processed by Flexibits in the sections "What personal information do we collect?" and "What data is sent to Flexibits when using Fantastical Openings?". The purpose of processing is to provide the Flexibits services and all functions of our specific services. In addition, Flexibits may process your location to provide weather forecasts and location-specific information. Flexibits also collects data about your use of Flexibits services in order to continuously develop and improve its services.
The legal bases for data processing are:
- Art. 6 para. 1 lit. b GDPR, where processing is required to make the provision of the services to you possible at all;
- Art. 6 para. 1 lit. c GDPR, to the extent that Flexibits is legally obliged to retain certain data or provide it to authorities;
- Art. 6 para. 1 lit. a GDPR, in cases where Flexibits asks you for your consent to certain data processing;
- Art. 6 para. 1 lit. f GDPR, insofar as the processing of personal data is necessary for the legitimate interests of Flexibits and your rights and freedoms do not prevail.
When using Flexibits services, personal data is transferred to servers located in the USA. The legal basis for this transfer is the standard contractual clauses of the EU Commission agreed between you and Flexibits. Flexibits maintains comprehensive measures to protect your data.
Your data will be stored as long as you maintain your accounts. As soon as you delete data or your account, Flexibits will also delete your data from its servers. There may be short delays for technical reasons. We must retain certain data, such as invoices, for a longer period due to retention obligations under tax law.
Providing your data is neither legally nor contractually required. However, it is possible that Flexibits will not be able to provide you with its services or individual services if you do not provide certain data.
Automated decision-making, in particular profiling, does not take place.
Under the conditions of the statutory provisions of the General Data Protection Regulation, you have the following rights as a data subject:
- Access pursuant to Art. 15 GDPR to the personal data stored about you in the form of meaningful information on the details of the processing and a copy of your data;
- Rectification in accordance with Art. 16 GDPR of incorrect or incomplete data stored by Flexibits;
- Erasure pursuant to Art. 17 GDPR of data stored by Flexibits, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
- Restriction of processing in accordance with Art. 18 GDPR if the accuracy of the data is disputed, the processing is unlawful, Flexibits no longer needs the data and you refuse to delete it because you need it to assert, exercise or defend legal claims or you have lodged an objection to the processing in accordance with Art. 21 GDPR.
- Data portability pursuant to Art. 20 GDPR, insofar as you have provided Flexibits with personal data on the basis of consent pursuant to Art. 6 para. 1 lit. a GDPR or on the basis of a contract pursuant to Art. 6 para. 1 lit. b GDPR and these have been processed by Flexibits using automated procedures. You will receive your data in a structured, commonly used and machine-readable format or Flexibits will transmit the data directly to another controller if this is technically feasible.
- Objection pursuant to Art. 21 GDPR to the processing of your personal data, insofar as this is carried out on the basis of Art. 6 para. 1 lit. e, f GDPR and there are reasons for this arising from your particular situation or the objection is directed against direct advertising. The right to object does not exist if overriding, compelling legitimate grounds for the processing can be demonstrated or the processing is carried out for the establishment, exercise or defense of legal claims. If the right to object does not exist for individual processing operations, this is indicated there.
- Withdrawal of your consent in accordance with Art. 7 para. 3 GDPR with effect for the future.
- Complaint pursuant to Art. 77 GDPR to a supervisory authority if you believe that the processing of your personal data violates the GDPR. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or the registered office of the EU representative of Flexibits.
Controller within the meaning of Art. 4 No. 7 GDPR is
223 Wall Street #238
Huntington NY, NY 11743
You can reach our EU representative at the following contact details:
FX Data UG (haftungsbeschränkt)