At Inflo we are committed to protect and respect your privacy in compliance with the EU’s General Data Protection Regulation (GDPR). This privacy statement explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others and how we keep it secure. This Privacy Statement applies to the use of the subscription services provided by us to you via the platform.
Who are we?
Inflo provides next generation financial analysis technology as a service to support accounting firms’ audit and consultancy services. Inflo products include the ability to extract data from the accounting system of an organization, providing accountants with a broad range of financial analysis to interpret.
Why do we collect and use personal data?
Inflo processes data extracted from accounting systems (“customer input data”) on your behalf as instructed by you within the contract. We use this customer input data to calculate KPIs and statistics which are provided to you and your users. This data is also anonymised and aggregated, before being stored for benchmarking purposes. For example, to compare profit margins with businesses in the same industry (customers are able to opt out of benchmarking when they join Inflo if they do not wish their data to be used in this way.)
Customer input data may include personal data, such as data about sole traders within Income and Receivables ledgers; data about employees within Employee Salaries ledgers; and data about company directors within Related Parties, Intercompany and Director Loans ledgers. Personal data may also be entered in comments fields by users at the point customer input data is uploaded to the Inflo platform. This data is only used to perform our obligations to you under the contract.
In addition to personal data processed within customer input data, we may also capture personal data to:
- Authenticate users on the Inflo platform using cookies and user account information;
- Respond to feedback, comments and questions received from you in service-related communication and activities, such as webchat sessions, phone calls, documents, and emails;
- Send you information about our company, services, events and activities;
- Perform direct marketing activities in cases where legitimate and mutual interest is established, and if the privacy interests of the data subjects do not override this interest;
- Reply to a ‘Contact me’ or other web forms you have completed on the Inflo website;
- Perform contractual obligations such as order confirmation, invoicing and similar;
- Notify you about any disruptions to our services;
- Contact you to conduct surveys about your opinion on our services; and
- Process a job application.
How do we protect your data?
Inflo has in place strong technical and organisational measures to protect against unauthorised, unlawful or accidental processing, destruction, loss, alteration, disclosure of, or access to personal data. These measures are certified to the International Standard on Information Security Management (ISO 27001).
Data is stored and processed on Microsoft’s Azure Cloud Platform and Azure Cloud Services which are also certified to ISO 27001, as well as the Code of Practice for Protection of Personally Identifiable Information in Public Clouds (ISO 27018). Microsoft Azure acts as a sub-processor of data in providing these services.
All client input data is encrypted, whether in transit or at rest, using a combination of Azure’s Storage Service Encryption (SSE) and Hypertext Transport Protocol over secure socket layer (SSL), which uses Extended Validation (EV) SSL certification. A minimum of 128-bit AES is used for encryption at rest, 256-bit AES for transmission and 4096-bit RSA.
Inflo employees processing data are subject to a duty of confidence and we perform data protection impact assessments as required to ensure that all customer data is appropriately protected.
We will inform you within five business days if any personal data processed is lost, destroyed, damaged, corrupted, becomes unusable or is otherwise subject to unauthorised or unlawful processing.
Where do we store your data?
For UK firms, all data and files are processed in Microsoft Azure’s North Europe secure data centres. These servers are replicated and backed up in Microsoft Azure’s West Europe data centres. All data and files are held and stored in compliance with European data protection directives, laws and regulations.
If we or the sub-processor should have the need to process personal data outside the EU/EEA area, such processing must be in accordance with the EU Privacy Shield Framework, EU Standard Contractual Clauses for transfer to third countries, or another specifically stated lawful basis for the transfer of personal data to a third country. We will always ask for your prior written consent if there is a need to process data outside the EU/EEA area.
How long do we keep your personal data?
We store personal data for as long as necessary to fulfil the purpose for which the personal data was collected, while also considering our need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. For these reasons we store data for a period of seven years from the point in time at which an instance of an Inflo software module (“Inflo room”) is archived. When the personal data that we have collected is no longer required, we will delete it in a secure manner.
What rights do you have?
You have the following rights with respect to your personal data:
- the right to request a copy of your personal data that Inflo holds about you;
- the right to request that Inflo corrects your personal data if inaccurate or out of date;
- the right to request that your personal data is deleted when it is no longer necessary for Inflo to retain such data;
- the right to withdraw any consent to personal data processing at any time. For example, your consent to receive e-marketing communications;
- the right to request that Inflo provides you with your personal data in a portable and commonly used format for transfer to another party;
- the right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal data; and
- the right to object to the processing of personal data, in case data processing has been based on legitimate interest and/or direct marketing.
If you wish to make such a request, this can be submitted to sayhi@Inflosoftware.com and we will respond within 5 days of receipt.
Do we share your data with anyone?
We do not share, sell, rent, or trade your information with any third parties without your consent, except in the following cases.
- If required by law:
We will disclose your personal information if required by law or if we, as a company, reasonably believe that disclosure is necessary to protect our company’s rights and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.
- Use of sub-contractors (sub-processors):
Changes to this Privacy Statement
Inflo reserves the right to amend this Privacy Statement at any time. The applicable version will always be found on our website. We encourage you to check this Privacy Statement occasionally to ensure that you are happy with any changes.
Who can you complain to?
Inflo is registered with the Information Commissioner’s Office (ICO) in the UK: www.ico.org.uk