Privacy Policy

FLOWFACTOR is committed to your privacy and proper handling of your personal data. We therefore put every effort to plainly and clearly explain which personal data we collect, what purpose they will serve and what your rights are in this respect.  

Last updated: 26 May 2026 (Version 2.0)

1. Who we are

In this policy "we", "us", or "FlowFactor" means:

FlowFactor NV
Veldkant 33A, 2550 Kontich, Belgium
Secondary office: Bellevue 5, 9050 Ghent, Belgium
Company number: BE 0675.558.874
Email: hello@flowfactor.be

For all privacy-related questions, requests or complaints, contact us at hello@flowfactor.be.

FlowFactor has not appointed a formal Data Protection Officer (DPO), as we are not legally required to do so under Art. 37 GDPR. All privacy questions are handled directly by our team.

2. Scope of this policy

This policy covers:

  • Your visits to www.flowfactor.be and all sub-pages
  • Any forms you complete on our website (contact, demo request, job application, newsletter signup)
  • Email and phone communication with us
  • Your participation in our events, webinars, or trainings
  • Job applications and recruitment activities
  • Our use of marketing platforms (LinkedIn, Google Ads, etc.) in connection with our website

This policy does not cover third-party websites we may link to. Those sites have their own privacy policies.

3. What data we collect and why

3.1 When you visit our website

We collect technical and usage data automatically through cookies and similar technologies (see our Cookies Statement for the full list): IP address (anonymised), browser type, OS, device, pages visited, time on site, click paths, referral source, approximate location (country/region).

Legal basis: Your consent (Art. 6.1.a GDPR) via our cookie banner. Essential cookies operate on the basis of our legitimate interest in providing a functional website (Art. 6.1.f GDPR).

3.2 When you fill in a contact or demo form

We collect: name, email, company, role, phone (if provided), message content, date and source of submission. We use this to respond to your request and manage potential collaboration via our CRM.

Legal basis: Pre-contractual measures at your request (Art. 6.1.b GDPR) or your consent (Art. 6.1.a GDPR).

3.3 When you apply for a job

We collect: name, contact details, CV, cover letter, work history, education, certifications, references (with your consent), and notes from interviews to evaluate fit for the role.

Legal basis: Pre-contractual measures (Art. 6.1.b GDPR) and our legitimate interest in hiring qualified candidates (Art. 6.1.f GDPR).

3.4 Newsletter / Insights subscriptions

If you subscribe, we process your email address, name (if provided) and engagement data (opens, clicks). Legal basis: your explicit opt-in consent (Art. 6.1.a GDPR). You can unsubscribe via the link in every email or by emailing hello@flowfactor.be.

3.5 Marketing and advertising

We use LinkedIn and Google Ads for B2B marketing. We may receive anonymous identifiers and click/conversion data to measure ad effectiveness. We do not buy or sell personal data. Legal basis: your consent via the cookie banner.

3.6 Client relationships

When you become a FlowFactor client, separate confidentiality and data processing agreements apply. This policy covers the marketing-website context only.

4. Who we share your data with (data processors)

We work with carefully selected service providers ("processors") who help us run our business. Each has signed a Data Processing Agreement (DPA) with us. Our main processors:

  • Webflow Inc. (USA) - Website hosting. Transfer: EU-US Data Privacy Framework + SCCs
  • Google LLC (USA) - Analytics, Tag Manager, Ads. Transfer: EU-US Data Privacy Framework
  • LinkedIn Corporation (USA) - B2B advertising, Insight Tag. Transfer: EU-US Data Privacy Framework
  • Google Workspace (USA) - Business email and collaboration. Transfer: EU-US Data Privacy Framework
  • Pipedrive (EU - Estonia) - CRM / lead management. EU processor, no transfer mechanism needed

We never sell or rent your data to third parties.

5. International data transfers

Some of our processors are based outside the European Economic Area (EEA), primarily in the United States. We rely on the following safeguards:

  • EU-US Data Privacy Framework for transfers to certified US companies (Google, LinkedIn, Webflow). Approved by the European Commission in July 2023, providing essentially equivalent protection to EU law.
  • Standard Contractual Clauses (SCCs) approved by the European Commission, where the Data Privacy Framework does not apply.
  • Additional technical measures such as IP anonymisation in Google Analytics, where appropriate.

You can request a copy of these safeguards by emailing hello@flowfactor.be.

6. How long we keep your data

  • Contact form submissions: 24 months from last contact
  • Demo request data: 24 months from last contact
  • CV and application data (rejected candidates): 2 years after the recruitment decision (extendable with your consent)
  • CV and application data (talent pool, with consent): 2 years, then opt-in renewal
  • Newsletter subscriber data: Until you unsubscribe, then deleted within 30 days
  • Website analytics (aggregated): 26 months (Google Analytics 4 default)
  • Marketing cookies: As described in our Cookies Statement (typically 30-90 days)
  • Client contract data: 10 years after end of contract (Belgian commercial law)
  • Tax/accounting records: 7 years (Belgian tax law)

Where data is no longer needed for the original purpose, we either delete it securely or anonymise it for statistical purposes only.

7. Your rights

Under GDPR you have the following rights:

  • Access (Art. 15) - Ask for a copy of the personal data we hold about you
  • Rectification (Art. 16) - Correct inaccurate or incomplete data
  • Erasure / "right to be forgotten" (Art. 17) - Ask us to delete your data (subject to legal limits)
  • Restriction (Art. 18) - Ask us to limit how we use your data
  • Portability (Art. 20) - Receive your data in a machine-readable format
  • Objection (Art. 21) - Object to processing based on legitimate interest
  • Withdraw consent (Art. 7.3) - Withdraw consent at any time (does not affect past lawful processing)
  • Object to direct marketing - Stop receiving marketing emails or ads
  • Not be subject to automated decisions (Art. 22) - We do not currently make automated decisions with legal effects

How to exercise your rights

Email hello@flowfactor.be with the right you want to exercise, your name and (if possible) an email address we already have on file so we can verify your identity, and any relevant details.

We will respond within one month (extendable by two more months for complex requests). Exercising your rights is free of charge unless your request is manifestly unfounded or excessive.

8. Complaints

If you believe we are not handling your data correctly, please contact us first at hello@flowfactor.be - we want to fix any issues.

You also always have the right to file a complaint with the Belgian Data Protection Authority:

Gegevensbeschermingsautoriteit (GBA) / Autorité de protection des données (APD)
Drukpersstraat 35, 1000 Brussels, Belgium
Phone: +32 2 274 48 00
Email: contact@apd-gba.be
Website: www.gegevensbeschermingsautoriteit.be

9. Security

We take appropriate technical and organisational measures to protect your data, including:

  • Encrypted transmission (HTTPS/TLS)
  • Encrypted storage where appropriate
  • Access controls and authentication for our systems
  • Regular security reviews and updates
  • Employee training on data protection
  • Incident response procedures (in case of a data breach, we notify the GBA within 72 hours where required)
  • Vendor due diligence and Data Processing Agreements

No system is 100% secure, but we work continuously to reduce risk.

10. Profiling and automated decision-making

We do not currently make decisions about you that are based solely on automated processing and that have legal or similarly significant effects on you (as referred to in Art. 22 GDPR).

We do use analytics and aggregated reporting to understand which content is useful to our audience, but this does not involve individual profiling decisions.

11. Minors

Our website and services are intended for B2B professionals. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a minor, please contact us so we can delete it.

12. Changes to this policy

We may update this privacy policy from time to time - for example when we add new tools, when laws change, or when we improve our practices.

When we update this policy, we will change the version number and "Last updated" date at the top, and communicate material changes via our website (and, where relevant, by email). You can always find the latest version at flowfactor.be/privacy-policy.

Version history

  • v2.0 - 26 May 2026: Complete restructure: added rights, retention periods, international transfers, processor list, security section, complaint procedure
  • v1.1 - 08/09/2023: Minor corrections
  • v1.0 - Initial policy

13. Questions?

Privacy is complex. If anything in this policy is unclear or you want to know more about how we handle your specific situation, just email hello@flowfactor.be - we'll get back to you within a week.