OpusFlow Privacy Policy

Privacy Policy

Last Updated On 29 July 2024

ProfitFlow B.V. (“ProfitFlow”) is committed to protecting the privacy and personal data of its customers in compliance with the General Data Protection Regulation (GDPR) and other applicable privacy laws. This Privacy Policy explains how we collect, use, store, and protect personal data when visitors and customers (“users”) interact with our website and ERP software application at opusflow.io and app.opusflow.io (“OpusFlow”). It also outlines your rights regarding your personal data and how you can exercise those rights.

By accessing or using OpusFlow, you are consenting to the collection, use, and disclosure of your information in accordance with this Privacy Policy. If you do not consent to the same, please do not access or use OpusFlow.

Data Controller Information

For the purposes of the GDPR and other applicable data protection laws, ProfitFlow is your Data Controller. We are responsible for the collection, processing, storage, and protection of any personal data you provide to us in connection with your use of OpusFlow. Below is our contact information for any business inquiries.

ProfitFlow B.V.

Maagdenburgstraat 5

7421 ZA Deventer

Netherlands

Email: info@opusflow.io

Phone: +31 85 080 6490

If you have any questions or concerns about how we handle your data, please contact our Data Protection Officer (DPO) using the contact information provided below.

Joey Teunissen

j.teunissen@opusflow.io.

Data Processor Role

ProfitFlow acts as a data processor for the customer data uploaded to our app by our users. This means that we process your customer data according to your instructions and privacy policy. If you are the customer of any user of our app, we are merely processing personal data about you on our user’s behalf. If you have any requests about your data privacy rights, please reach out to the applicable user of our app.

The following may apply with respect to our users’ customer data:

  • We assist in the fulfillment of your obligations to respond to data subject requests from your customers.
  • We may engage sub-processors to assist with certain aspects of data processing. We will only use sub-processors that provide adequate safeguards and enter into agreements with them to ensure they comply.
  • We will only transfer data to external regions by complying with approved data transfer mechanisms, including using Standard Contract Clauses where applicable.
  • Your role as a data controller to your customers will not change. You are responsible for determining how your customer data is processed.

The data we collect

As an ERP software provider, we may collect various types of data when you interact with OpusFlow. This may include the following data:

The data you provide:

  • You may provide us with your name, email address, phone number, and company name, size, requirements, and related information.
  • You may provide information about your customers when you use our app.
  • You may also provide us with data about your employees to enable us to add them to your account.
  • You may provide the above data via form submissions or during meetings, including when you book a demo, engage us, contact us, set up an account, and use our app.
  • You are not obligated to provide us with any data but we may be unable to provide OpusFlow without this data.

The data we collect from third-party sources:

We may collect data about you from third-party sources, including from social networking platforms (when you sign in with the Google or Microsoft plugins) and public databases. The data may include your name, contact information, and company information.

The data we automatically collect:

When you access our website or app, we try to make it personal to you. To do this, we collect data such as your device properties (IP address, geolocation, browser type, operating system, etc.) and your interests and preferences, including pages accessed, duration of access, issues encountered, referring website, etc. We collect this data by deploying tracking cookies, beacons, pixels, and similar tracking technologies (see the cookie policy section for more about cookies).

Why we collect your data

We collect your data for the following purposes:

  • To provide, operate, and maintain OpusFlow;
  • To manage your account, registration, authentication, and account settings;
  • To set up a demo meeting with you;
  • To display our app and its capabilities;
  • To learn about your requirements;
  • To respond to your inquiries, provide technical assistance, and improve customer service;
  • To analyze usage data and feedback to enhance OpusFlow features and user experience;
  • To set up an account for you to use our app;
  • To personalize our app to your requirements;
  • To comply with applicable laws;
  • To enforce our Terms and Conditions;
  • To troubleshoot issues you encounter and fix them;
  • To market new app features based on your interests;
  • To protect your data and our app from unauthorized access, breaches, and other security threats; and
  • To perform data analysis and research to improve our business operations and strategies.

Our legal basis for data collection

We rely on the following legal basis/grounds when we process your data:

  • Contractual Necessity: We process your data to fulfill our contractual obligations to you and provide you with OpusFlow and its functionalities. This includes managing your account and providing customer support services.
  • Legitimate Interests: In some cases, we process your data to pursue our legitimate interests in a way that balances our needs with your privacy rights. This includes improving and maintaining OpusFlow, including our website and app, to ensure optimal performance and security; providing you with relevant information about OpusFlow updates, features, and services; analyzing user trends to understand how our website and software are being used and identifying areas for improvement; and preventing fraud and protecting the security of OpusFlow.
  • Consent: For specific purposes, we may request your explicit consent to collect and use your data. This could be for sending marketing communications or processing certain types of sensitive data. You have the right to withdraw your consent at any time.
  • Legal Obligation: We may process your data to comply with legal and regulatory obligations, such as maintaining records, preventing fraud, and responding to lawful requests from authorities.

Cookies and Similar Technologies

We may use cookies on our website to gather technical information about visitors and make certain website features function.

  • Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners to make their websites work or to work more efficiently, as well as to provide reporting information.
  • In addition to cookies, we may also use other tracking technologies that collect or store information on your device in a similar way. These may include web beacons, pixels, tags, and scripts. These technologies are often used in conjunction with cookies to gather data about your browsing activity and interactions with our website.
  • Cookies broadly fall into two categories in terms of their duration: session cookies, which expire when you close your browser, and persistent cookies, which remain on your device until their expiry dates or are deleted by you.
  • The types of cookies we use and their purposes include:
  1. Necessary Cookies: These cookies are essential for the operation of our website. They enable you to navigate our website and use its features. Without these cookies, the services you have asked for cannot be provided. They enable features like account login, secure area access, and remembering your consent preferences.
  2. Functional Cookies: These cookies are responsible for the performance of certain functions such as feedback collection and third-party features.
  3. Performance Cookies: These are cookies that help us to determine how our website and its features are performing. It helps us to deliver a better user experience.
  4. Analytical cookies: These cookies are used to understand how visitors interact with our website. This helps us to improve the user experience and optimize website performance. These cookies are used to collect technical information like the number of visitors, pages visited, and time spent on our website. We use analytics tools like Google Analytics and Microsoft Clarity for this purpose. In most cases, these tools collect this data anonymously – except for Google Analytics, which may also collect the user IP address. You can opt out of Google Analytics tracking here.
  5. Advertising cookies: We may also use cookies from third-party service providers for marketing automation and advertising purposes. These cookies collect information about your browsing habits across different websites to provide targeted advertising.
  • You have several options regarding cookies. You can consent to the use of all cookies by clicking the cookie banner at the footer of our website and managing your preferences. You can also adjust your browser settings to block or delete cookies altogether. Please note that disabling cookies may limit your ability to use certain features of our website.
  • For more information about cookies and similar tracking technologies, you can visit https://allaboutcookies.org/.

Interest-Based Advertising

We work with (or may in the future work with) ad companies and network advertisers to market OpusFlow on other websites, apps, and similar platforms and help us to gather the effectiveness of our adverts. They may set cookies, beacons, and analytics tools to track your activity across our website and different websites and devices to build a profile of your interests. We may also share information about your interests, likes, and behaviors on our website with these companies. They may then use the data gathered to remarket OpusFlow to you when you visit their websites and other platforms. The data used in interest-based advertising is mostly anonymous but it may also include your device IP address. However, you may still opt out of advertisements that are based on your interests. If you are based in the Netherlands or anywhere in the EU or EEA, click here to learn more or opt out. Users can generally learn more and opt out by using the following links:

Please note that while you can opt out of interest-based advertising, it will not generally prevent you from seeing adverts. It will only prevent adverts from the data gathered about you.

Newsletter Marketing

At your consent, we may send you marketing emails about offers, new features, and promotions relating to OpusFlow. We may obtain consent for email marketing when users submit their email addresses in the subscription form on our website, download our Whitepaper, or sign a quotation from us. If you no longer wish to receive marketing emails from ProfitFlow, you can always opt out at any time by using the unsubscribe button at the footer (bottom) of our emails.

Google OAuth

We utilize Google OAuth services to provide specific functionalities within our app, which require access to sensitive and restricted scopes about your Google account. To enhance your user experience, we request access to certain Google OAuth permissions, specifically your emails (termed the "Sensitive and Restricted Scopes"). These permissions allow us to (i) view and display your emails within a project in the app, helping you manage communications efficiently; and (ii) Send emails as you from within the app to streamline your workflow and improve project management.

  • We ensure that any data accessed through Google OAuth is handled with the utmost care and in accordance with our privacy and security standards.
  • We only request the minimum permissions necessary to provide the required functionalities.
  • The data accessed via Google OAuth is used solely for displaying emails within the project and sending emails on your behalf. It is not used for any other purpose.
  • You have control over the OAuth permissions granted to us. You can review and revoke these permissions at any time through your Google Account settings.
  • We implement robust security measures to protect the data accessed via Google OAuth, including data encryption, secure storage, and limited access.

Disclosure of data

We do not disclose or share your data except to the parties or circumstances described below:

  • Service Providers: We may share your data with third-party service providers who perform services on our behalf. These services may include, without limitation, data hosting and storage, customer relationship management, analytics and performance monitoring, marketing, appointment booking, and website and account security. Our service providers are obligated to keep the data shared with them confidential and only for the purpose it was shared with them.
  • Legal Requirements: We may disclose personal data to law enforcement and public offices if required to do so by law or in response to valid requests by public authorities, such as to comply with any legal obligation, including court orders, government regulations, or law enforcement requests or to protect and defend our rights, property, or safety, and that of our users or the public.
  • Business Transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will provide notice before your data is transferred and becomes subject to a different Privacy Policy.
  • With Your Consent: We may disclose your data for any other purpose with your explicit consent.

Security of data

ProfitFlow ensures the maximum security of your data. We take your privacy seriously and implement a range of measures to protect it. Our security measures include the following:

  • All our employees and third-party service providers are required to sign confidentiality agreements to ensure your data is handled with the utmost care and confidentiality.
  • We use multi-factor authentication to enhance the security of user accounts, ensuring that only authorized individuals can access sensitive information.
  • We employ Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols to encrypt data transmitted between our servers and your browser, protecting it from interception and tampering.
  • Customer data is only accessible internally with explicit approval from the customer, ensuring that access to sensitive information is tightly controlled and monitored.
  • Our authentication services undergo regular Service Organization Control (SOC2) audits, providing independent validation that our security practices meet rigorous standards for protecting data.
  • We comply with the General Data Protection Regulation (GDPR) and have Data Processing Agreements (DPAs) in place for our authentication services, ensuring that your data is processed lawfully and transparently.
  • We maintain full audited logs for each system and record the actions performed by actors. These logs are regularly reviewed to detect and respond to any suspicious activity promptly.
  • We use a Web Application Firewall to protect our services from common web-based attacks, such as SQL injection, cross-site scripting (XSS), and other vulnerabilities.
  • We continuously monitor our security practices and regularly update our security measures to adapt to evolving threats. Our commitment to maintaining high standards of data protection ensures that your data is secure with us.

While we take extensive measures to protect your data, it is also important for you to take steps to secure your own information. This includes using strong passwords, enabling multi-factor authentication where available, and being cautious about sharing your personal information.

Retention of data

We retain data about active users of our app for as long as their account is active. This information may include your profile data, preferences, and other relevant information needed for the app to function.

If you choose to deactivate your account or request a deletion of your data (or we close your account after a period of inactivity), we delete your data within 120 days of your request. This retention period helps us with audit, tax, accounting, and compliance with applicable laws. We may be required to retain personal data for longer periods to comply with our legal obligations, resolve disputes, prevent any legal claims, and enforce our terms and conditions agreement. In that case, the data will be retained for the duration required by law.

We may retain aggregated and other automatically collected, anonymous data for a longer duration to access trends, improve OpusFlow, and make informed decisions. This data will be used internally and not associated with any external activities.

International transfer of data

We operate primarily in the Netherlands where your data is transferred and processed from. However, we may use entities located in other regions, including outside the EU, EEA, and the UK. This means that we may share and transfer your data outside of the EU, including the United States and other locations where our third-party service providers operate from.

Whenever we transfer personal data outside the EU, we ensure that appropriate safeguards are in place to protect your data in compliance with applicable data protection laws. These safeguards include those approved by the European Commission, including Standard Contractual Clauses and Binding Corporate Rules.

User data rights

You have the following rights in addition to the other rights provided under this Privacy Policy. These rights are subject to those afforded by your location laws.

  • Right to be informed: You have the right to know the data we are processing about you and why. You can do this by reviewing the data we collect section of this Privacy Policy. Users in California can also contact us to request the categories of information we have collected, the sources, uses, and list of third parties we have shared it with in the past 12 calendar months. Users can generally exercise this right by reaching out to the representative assigned to them or emailing info@opusflow.io.
  • Right to data portability: You can request a copy of the personal data we have about you in a machine-readable format and transfer it to another service provider. You can make a request at info@opusflow.io.
  • Right to correct: You can request to correct any data you feel is inaccurate about you or your organization. You can request to edit your data by contacting us or our representatives.
  • Right to delete: Subject to our data retention policy, as defined in the “Retention of data” section above, you can request to delete your personal data at any time by reaching out to our representatives or info@opusflow.io.
  • Right to opt out of sale: We do not engage in practices regarded as the sale or sharing of data for monetary consideration. However, we may share data with third parties to help us market OpusFlow. As already highlighted, you may opt out of this sharing by using the cookie banner. California users can additionally opt out by reaching out to us at info@opusflow.io. Users in Nevada who have purchased our service can reach out to us to opt out of any future sale of their email address or any other personal data for monetary consideration.
  • Right to restrict processing: You have the right, under certain circumstances, to request that we restrict the processing of certain personal data.
  • Right to object: You have the right to object to the processing of certain personal data (for example, if we market with your information).
  • Right to withdraw permissions: In circumstances where we have obtained data based on your permission (for example, where you allow us access to your gallery, camera, or location), you can update it by using the settings function on your device.
  • Right to Withdraw Consent: If you have given us consent to process your data, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal**.**
  • Right to non-discrimination: You have the right to exercise any of your rights under this Privacy Policy without discrimination.
  • Right to report: If you believe that we are not processing your data as described under this Privacy Policy, you may be able to report us to any data protection or privacy authority applicable to your jurisdiction. For example, if you are in the Netherlands, you can report us to the Autoriteit Persoonsgegevens. Likewise, users in the UK can report to the Information Commissioner’s Office (ICO).

Where applicable, we may ask you to verify your identity before granting some of the rights above. This may be for the protection and safety of our community, and if we are unable to verify you or applicable law prohibits it, we may reject your request.

Global Privacy Control (GPC)

Global Privacy Control (GPC) is a browser-based setting or extension that enables users to signal their privacy preferences, specifically regarding the sale and sharing of their data, across the websites they visit. When enabled, GPC sends a signal to websites informing them of the user's preference to opt out of data sharing.

ProfitFlow recognizes and honors GPC signals as part of our commitment to user privacy. When we detect a GPC signal from your browser, we will automatically respect your preference by opting you out of any data sharing that we may engage in, to the extent required by applicable laws and modify our data processing activities to align with your GPC preferences, ensuring that your data is not shared or sold in ways that conflict with your expressed wishes.

Do Not Track signals

The Do Not Track is a similar browser feature to the GPC. We do not currently respond to Do Not Track signals due to the inconsistency among industry participants.

Children Privacy

OpusFlow is not targeted at individuals below 18 years of age. We do not knowingly collect or solicit personal data from individuals under 18 years of age. By accessing our website and using our software, you warrant that you are at least 18 years of age. If you are a company representative, you must be at least 18 years of age to act on the company’s behalf. If we become aware that an individual below 18 years of age submits personal data to us, we will take steps to delete the data from our database.

Third-Party Links

Our website may contain links and content from third-party services. Such links and content are not governed by this Privacy Policy. The policies that govern them are available on the respective providers of the links and content. Please endeavour to review them when you access such links and content. We are not responsible for the privacy practices of any external websites, software, or apps you link to from OpusFlow.

Changes to this Privacy Policy

We may modify this Privacy Policy at any time without any prior notice to you and will post the revised Privacy Policy on OpusFlow. We may notify you of changes via your email address, your account, or any of the OpusFlow interfaces. The revised Privacy Policy will be effective immediately after the revised version is posted on this page, which shall be indicated by the Last Updated date above. Your continued access or use of OpusFlow after such time will constitute your acceptance of the revised Privacy Policy. We therefore recommend that you periodically review this page.