DATA PRIVACY

At Inflo we are committed to protect and respect your privacy in compliance with data protection regulation. Inflo’s systems and data processing mechanisms are designed to comply in accordance with world-renowned data protection regulations such as; Data Protection Act 2018, EU-GDPR, UK-GDPR, and the California Consumer Privacy Act. Please contact a member of Inflo’s Customer Success Team if you would like to verify Inflo’s compliance to a specific data protection regulation. This privacy statement explains when and why we collect personal data, how we use it, the conditions under which we may disclose it to others, and how we keep it secure. This includes personal information, which is information that identifies an individual or relates to an identifiable individual. If you have questions about this policy please contact us.
‍
This Data Privacy Statement relates to use of the Inflo Software Platform, including Inflo Link, as well as any interactions with Inflo through email or other communication means. 

Inflo provides next generation financial analysis technology as a service to support accounting firms’ professional services. Inflo products deliver the ability to extract data from the accounting system of an organisation, providing accountants with a broad range of financial analysis to interpret.

The phares ‘us,’ ‘we’ or ‘our’ will mean Inflo.

All data protection matters are managed at Inflo and enquires can be sent to sayhi@inflosoftware.com

Inflo processes data extracted from accounting systems on your behalf as instructed by you within our agreement. We use this input data to calculate KPIs and statistics which are provided to you and your users. This data is also anonymized, aggregated and used to generate benchmarking statistics, for example, to compare profit margins with businesses in the same industry (end clients are able to opt out of benchmarking when they join Inflo if they do not wish their data to be used in this way). Inflo Ingest is designed to extract only general ledger transaction records based on parameters specified by the user.

Inflo Collaborate also stores files requested from end clients by accounting firms to support accounting procedures. Information shared in this way is specified by the accounting firm.

Information processed by Inflo Ingest and Inflo Collaborate may include personal data where this has been included by end clients in general ledger transaction records (e.g. transaction descriptions) and files (e.g. payroll records). This data is only used to perform our obligations to you under the contract. For this purpose, Inflo acts as the processor of personal data. You should not transfer personal data to us unless you believe it is absolutely necessary.

In addition, we may also capture personal data to:
• Authenticate users on the Inflo platform using cookies and user account information
• Respond to feedback, comments and questions received from you in service-related communication and activities, such as webchat sessions, phone calls, documents, and emails
• Send you information about our company, services, events and activities
• Perform direct marketing activities in cases where legitimate and mutual interest is established, and if the privacy interests of the data subjects do not override this interest. By accepting Inflo’s data privacy statement you consent to receiving marketing communications. You can withdraw this consent at any time by contacting us at sayhi@inflosoftware.com
‍ • Reply to ‘Contact me’ or other web forms you have completed on the Inflo website
• Perform contractual obligations such as order confirmation, invoicing and similar
• Notify you about any disruptions to our services
• Contact you to conduct surveys about your opinion on our services
• Process a job application

For these purposes, Inflo acts as the processor of personal data.

Our legal basis for collecting and using the personal data described above will depend on the personal data concerned and the specific context in which we collect it. However, we will normally collect personal data from you only where we have your consent to do so, where we need the personal data to perform a contract with you, or where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect personal data from you.

Inflo will only use Personal Data when we have your consent obtained by you directly or indirectly via the Accounting Firm, or we have another lawful reason to use, store or process the data.  In the unlikely circumstances, we need to collect special category data, this information will be collected with your explicit consent.  

With communication where we require information to effectively contact you in the future, if you do not give adequate information we may not be able to contact you in the future about events or marketingcommunications.  Where you havevolunteered information or completed an application or survey , the data youchoose to share is at your own risk.

Inflo and our third-party service providers may collect information from a variety of sources that generally fall into three categories: Direct interactions – From your use of and interaction with us through our website and other channels, and other activities such as account creation, submission of registrations and forms, or sales inquiries and transactions. Publicly available data or data from third parties – Data from automated interactions on non-Inflo websites, or other data you may have made publicly available, such as social media posts, or data provided by third-party sources, such as marketing opt-in lists, or data aggregators. Automated interactions – From the use of technologies such as electronic communication protocols, cookies, embedded URLs or pixels, or widgets, buttons and tools. Although Inflo's use of automated interactions may change over time as technology evolves, the following descriptions are designed to provide you with additional detail about Inflo's current approach to information collected from automated interactions.

Electronic Communications
Protocols As is true when you visit most websites and apps, we may automatically receive information from you as part of the communication connection itself, which often consists of network routing information (where you came from), equipment information (browser type), your IP address (which may identify your general geographic location or company), and date and time. We may also automatically receive and record information about your interaction with the website, such as clickstream information (when each Inflo webpage was visited and how much time was spent on the page), or general geo-location data.

Cookies
Inflo's server will check your browser’s web request to see if there are "cookies" previously set by our electronic channels. A cookie is a small piece of information sent by a web server to store on a web browser so it can later be read back from that browser. Cookies may collect information, including a unique identifier, user preferences, profile information, membership information, and general usage and volume statistical information. Cookies may also be used to collect individualised website use data, provide electronic channel personalisation, or conduct and measure the effectiveness of advertising in accordance with this Policy. Some cookies may remain on users' computers after they leave the website. While the majority are set to expire within 1-24 months of your last visit to the website that set the cookie, others may not expire because of their nature, like cookies that remember opt-out preferences. Your browser may provide you with information and control over cookies. You can set your browser to alert you when a cookie is being used, and accept or reject the cookie. You can also set your browser to refuse all cookies or accept only cookies returned to the originating servers. Users can generally disable the cookie feature on their browser without affecting their ability to use the site, except in some cases where cookies are used as an essential security feature necessary for transaction completion. Cookies, however, are important to the proper functioning of a site, and disabling them may degrade your experience and interfere with website features and customisations. We may engage one or more third party service providers to track and analyse both individualised usage and volume statistical information from interactions with electronic channels. The service provider(s) set cookies on behalf of Inflo. We also use other third-party cookies to provide advertising and personalisation services in accordance with this Policy, and to track the performance of Inflo advertisements on their websites and Inflo e-mails. You may access or change your cookie preferences at any time.

Embedded URLs
Inflo may use a tracking technique that employs embedded URLs to allow use of the electronic channels without cookies. Embedded URLs allow limited information to follow you as you navigate electronic channels, but are not associated with personal information and are not used beyond the session.

Embedded Pixels and Similar Technologies
On electronic channels, Inflo and its service providers may use embedded pixel technologies for the purposes of identifying unique user visits (as opposed to aggregate hits), and for advertising purposes. In addition, embedded pixels or other technologies may be used in emails and our online display advertising to provide information on when the e-mail or ad was opened to track marketing campaign responsiveness. Information collected using these technologies may be associated with the recipient's e-mail address.

Widgets, Buttons, and Tools
Our electronic channels may include widgets, which are interactive mini-programs that run on our site to provide specific services from another company (e.g., links to bookmarked sites), along with buttons or other tools that link to other companies' services (e.g., a "Like" button or third-party map). The widget, button or tool may collect and automatically send personal information, such as your e-mail address, or Other Information (such as your browser information, or IP address), to a third party. Cookies may also be set or used by the widgets, buttons or tools to enable them to function properly or for other purposes, which may include advertising. Information collected or used by a widget, button or tool, including cookie settings and preferences, is governed by the privacy policy of the company that created it.

Physical Location
We may collect the physical location of your device and use it to provide you with personalized location-based services or content. In some instances, you may be permitted to allow or deny such use of your device's location, but if you choose to deny such use, we may not be able to provide you with the applicable personalized services or content.

Inflo has in place strong technical and organizational measures to protect against unauthorized, unlawful or accidental processing, destruction, loss, alteration, disclosure of, or access to personal data. Inflo’s approach to information security has been certified to the International Standard on Information Security Management (ISO 27001).

Data is stored and processed on Microsoft’s Azure Cloud Platform and Azure Cloud Services which are also certified to ISO 27001, as well as the Code of Practice for Protection of Personally Identifiable Information in Public Clouds (ISO 27018). Microsoft Azure acts as a sub-processor of data in providing these services.

All client input data is encrypted, whether in transit or at rest, using a combination of Azure’s Storage Service Encryption (SSE) and Hypertext Transport Protocol over certified secure socket layer (SSL). A minimum of 256-bit AES is used for encryption at rest and transmission.

Inflo employees processing data are subject to a duty of confidence and we perform data protection risk assessments as required to ensure that all customer data is appropriately protected.

We will inform you within five business days if any personal data processed is lost, destroyed, damaged, corrupted, becomes unusable or is otherwise subject to unauthorized or unlawful processing.

All data and files are processed, replicated and backed up in Microsoft Azure’s secure data centres which are located within the following locations:
‍
amer.inflosoftware.com
‍Data Centers: Americas – Toronto (Primary) / Quebec City (Backup)

‍apc.inflosoftware.com
Data Centers: Asia-Pacific – New South Wales (Primary) / Victoria (Backup)

‍emea.inflosoftware.com
‍Data Centers: Europe, Middle East & Africa – Ireland (Primary) / Netherlands (Backup)

‍us.inflosoftware.com
Data Centers: United States – Washington (Primary) / Wyoming (Backup)

All data and files are held and stored in compliance with local data protection directives, laws and regulations within these regions.

To facilitate our global operations, we allow access to information processed in any region by Inflo employees located in the United Kingdom for the purposes described in this policy. We have taken appropriate safeguards to require that your Personal data will remain protected in these circumstances.

If we or our sub-processor should have the need to process personal data outside your region, such processing must be in accordance with relevant regulations e.g. EU-US Privacy Shield Framework. Inflo will make use of the EU’s Standard Contractual Clauses for transfer to third countries, or another specifically stated lawful basis for the transfer of personal data to a third country. Throughout the world, Inflo ensures a level of data protection at least as protective as that required in the European Economic Area. We will always ask for your prior written consent if there is a need to transfer data outside your region.

We store personal data for as long as necessary to fulfil the purpose for which the personal data was collected, while considering the need to answer your queries or resolve possible problems, to comply with legal requirements under applicable laws, to attend to any legal claims/complaints, and for safeguarding purposes. For these reasons we store data for a period of seven years from the point in time at which an instance of an Inflo software module (“Inflo room”) is archived. When the personal data that we have collected is no longer required, we will delete it in a secure manner.

Data subjects have the following rights with respect to personal information:

• The right to request a copy of the personal information that Inflo hold about you,
• The right to request that Inflo correct your personal information if it is inaccurate or out of date,
• The right to request that your personal information is deleted when it is no longer necessary for us to retain such data,
• The right to withdraw any consent to personal information processing at any time. For example, your consent to receive e-marketing communications,
• The right to request that Inflo provide you with your personal information in a portable and commonly used format for transfer to another party,
• The right to request a restriction on further data processing, in case there is a dispute in relation to the accuracy or processing of your personal information, and
• The right to object to the processing of personal information, in the case that processing has been based on legitimate interest and/or direct marketing.

If you wish to make a request to exercise any of these rights, this can be submitted to sayhi@Inflosoftware.com and Inflo will respond within 5 days of receipt.

We will inform you within five business days if any personal information processed is lost, destroyed, damaged, corrupted, becomes unusable or is otherwise subject to unauthorised or unlawful processing. In the event that we receive any complaint, notice or communication (from either a data protection regulator or a data subject) which relates directly or indirectly to the processing of personal information or to either party's compliance with data protection legislation, we shall notify you without undue delay and we shall provide you and the regulator (if applicable) with full co-operation and assistance in relation to any such complaint, notice or communication.

We do not share, sell, rent, or trade your information with any third parties without your consent, except in the following cases.

To confirm eligibility to access services and benefits:
Where additional services and benefits are offered to members of professional bodies, affiliations or other organizations as part of member partnership schemes, we will share your membership information with these organizations to confirm eligibility. We may also use this information to provide management information to these organizations on the performance of membership schemes.

‍If required by law: we will disclose your personal data if required by law and/or to comply with a judicial proceeding, court order or legal process. However, we will do what we can to ensure that your privacy rights continue to be protected.
‍To protect our rights: we will disclose your personal data if we reasonably believe that disclosure is necessary to protect our rights and/or that of our affiliates, you or others. This includes the health and safety of employees and visitors, physical and online operations, property, intellectual rights, and privacy.
‍In using sub-contractors: Inflo uses Microsoft Azure – a recognized, industry-leading hosting provider – to process accounting data and files within hosted systems and databases on our behalf as a sub-processor. We are responsible for making sure they commit themselves to adhere to our data privacy policy and applicable data protection legislation. Inflo retains full control of this data.

We also use third-party service providers (processors) to store and process the data for which Inflo acts as a controller, and may need to share your information with them to provide information, products or services to you. Examples include performing statistical analysis on your use of the our services or interactions on our website, providing marketing assistance, and processing credit card payments. These service providers are prohibited from using your personal data except for these purposes, and they are required to maintain the confidentiality of your information and adopt no less protection for Personal Data than those set out in this policy.

Inflo reserves the right to amend and/or update this Privacy Statement at any time. The applicable version will always be found on our website. We encourage you to check this Privacy Statement occasionally to ensure that you are happy with any changes. By using any part of the Inflo software platform you agree to the privacy and security measures as set out in this policy.

Inflo  is registered with the Information Commissioner’s Office (ICO) in the  UK: www.ico.org.uk
‍ICO  registration Number ZA210621
Company  Registration Number 09912744