Privacy Policy
Effective Date: March 28, 2026
This Privacy Policy explains how FLEXVERA (“we,” “us,” or “our”) collects, uses, shares, and protects your personal data when you visit our website (https://flexvera.com/), use our services, or interact with us. It is designed to comply with the General Data Protection Regulation (GDPR) for European Union (EU) and European Economic Area (EEA) users, and the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) for California residents, as well as other applicable data protection laws in the United States.
By accessing or using our Services, you consent to the collection, use, and sharing of your information as described in this Policy. If you do not agree, please do not use our Services.
H4: 1. Data Controller Contact Information
We are the data controller responsible for your personal data. You can contact us regarding privacy matters at:
- Email: flexverateam@outlook.com
- Address: [Insert Physical Address, if applicable]
- Representative: [Insert Name/Title, if applicable]
We have appointed a Data Protection Officer (DPO) to oversee compliance with data protection laws. If you have questions about this Policy or our data practices, please contact our DPO at the above email address.
H4: 2. Personal Data We Collect
We collect and process the following categories of personal data to provide and improve our Services:
A. Data You Provide Directly
- Identity Data: Name, email address, phone number, billing/shipping address.
- Account Data: Username, password, account preferences.
- Transaction Data: Payment details (processed securely by third-party providers), order history, purchase preferences.
- Communication Data: Emails, messages, feedback, and support interactions.
B. Data We Collect Automatically
When you visit our website, we may collect:
- Usage Data: IP address, browser type, device information (e.g., operating system, screen resolution), pages visited, time spent on site, and click-through behavior.
- Cookie Data: Information stored via cookies and similar tracking technologies (see Section 7 for details).
C. Data from Third Parties
We may receive limited personal data from trusted third parties, such as:
- Payment Processors: To verify transactions and process orders.
- Analytics Providers: To understand website traffic and user behavior.
- Social Media Platforms: If you create an account or interact with us via social media (e.g., Facebook, Instagram).
H4: 3. Purposes for Collecting Personal Data
We collect and use your personal data for the following legitimate purposes, in compliance with GDPR Article 6 and CCPA/CPRA requirements:
表格
| Purpose | Legal Basis (GDPR) | CCPA/CPRA Purpose |
|---|---|---|
| To process and fulfill your orders, including shipping and delivery. | Contract Performance (Art. 6(1)(b)) | Provide services, process transactions |
| To create and manage your user account, including password reset and order tracking. | Contract Performance (Art. 6(1)(b)) | Provide services, manage account |
| To provide customer support, respond to inquiries, and resolve issues. | Legitimate Interests (Art. 6(1)(f)) | Provide support, maintain service |
| To send transactional emails (e.g., order confirmations, shipping updates) and marketing communications (with your consent). | Consent (Art. 6(1)(a)) / Legitimate Interests | Send marketing, communicate offers |
| To analyze website usage, improve our Services, and personalize your experience. | Legitimate Interests (Art. 6(1)(f)) | Improve services, analytics |
| To prevent fraud, ensure security, and comply with legal obligations. | Legal Obligation (Art. 6(1)(c)) / Legitimate Interests | Ensure security, prevent fraud |
| To comply with applicable laws, regulations, and legal requests. | Legal Obligation (Art. 6(1)(c)) | Comply with legal obligations |
H4: 4. Sharing of Personal Data
We may share your personal data with third parties only for the purposes outlined in this Policy, and in compliance with data protection laws. We do not sell your personal data for monetary consideration, as defined by CCPA/CPRA.
Categories of Third Parties
- Service Providers: Companies that assist us with order fulfillment, payment processing, analytics, email marketing, and website hosting. These include:
- Payment processors (e.g., Stripe, PayPal)
- Shipping carriers (e.g., USPS, DHL)
- Analytics tools (e.g., Google Analytics)
- Email service providers (e.g., Klaviyo)
- Cloud hosting providers (e.g., Shopify, AWS)
- Legal Authorities: When required by law, court order, or government request.
- Business Partners: With your explicit consent, for joint marketing or co-branded services.
Data Protection Safeguards
All third parties are contractually required to:
- Process your data only as instructed by us.
- Maintain appropriate security measures to protect your data.
- Not use your data for their own purposes without permission.
- Comply with GDPR and CCPA/CPRA requirements.
H4: 5. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law.
Retention Periods
- Account Data: Retained for as long as your account is active, plus 3 years after inactivity for security and record-keeping.
- Transaction Data: Retained for 7 years to comply with tax and legal obligations.
- Usage Data: Retained for 24 months for analytics and improvement purposes.
- Marketing Consent: Retained until you withdraw consent or unsubscribe.
When your data is no longer needed, we will securely delete or anonymize it, or archive it in compliance with data protection laws.
H4: 6. Your Data Protection Rights
You have the following rights under GDPR and CCPA/CPRA regarding your personal data:
GDPR Rights
- Right of Access: Request a copy of the personal data we hold about you.
- Right to Rectification: Request correction of inaccurate or incomplete data.
- Right to Erasure (“Right to be Forgotten”): Request deletion of your personal data, where permitted by law.
- Right to Restrict Processing: Request that we limit the processing of your data in certain circumstances.
- Right to Data Portability: Request that we transfer your data to another organization or to you, in a machine-readable format.
- Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
CCPA/CPRA Rights (for California Residents)
- Right to Know: Request details about the personal data we collect, use, share, or sell.
- Right to Delete: Request deletion of your personal data.
- Right to Opt-Out: Opt out of the sale of your personal data (we do not sell data for monetary consideration).
- Right to Non-Discrimination: Not receive discriminatory treatment for exercising your privacy rights.
How to Exercise Your Rights
To exercise any of these rights, please contact us at flexverateam@outlook.com. We will respond to your request within 30 days, as required by law. We may verify your identity before processing your request to protect your privacy.
H4: 7. Cookies and Similar Technologies
We use cookies and similar tracking technologies (e.g., web beacons, pixel tags) to enhance your browsing experience, analyze website traffic, and personalize content.
Types of Cookies We Use
表格
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Required for website functionality (e.g., login, cart storage). | Session |
| Analytics Cookies | Collect data on website usage to improve performance (e.g., Google Analytics). | Up to 24 months |
| Preference Cookies | Remember your settings (e.g., language, region). | Up to 12 months |
| Marketing Cookies | Deliver personalized ads and track conversions (e.g., social media pixels). | Up to 12 months |
Cookie Consent
By using our website, you consent to the use of cookies as described in this Policy. You can manage your cookie preferences through your browser settings or our cookie consent banner. Please note that disabling essential cookies may limit your ability to use certain features of our website.
H4: 8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: Data in transit is encrypted using TLS 1.2+; data at rest is encrypted using industry-standard algorithms.
- Access Controls: Role-based access to user data and regular access reviews.
- Security Audits: Regular third-party security assessments and penetration testing.
- Employee Training: Mandatory data protection training for all staff.
- Incident Response: A documented process to handle data breaches and notify affected users within 72 hours, as required by GDPR.
While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we will take all reasonable steps to protect your information.
H4: 9. Children’s Privacy
Our Services are not directed to individuals under the age of 16 (GDPR) or 13 (CCPA/CPRA). We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately at flexverateam@outlook.com, and we will delete the information promptly.
H4: 10. International Data Transfers
Your personal data may be transferred to and processed in countries outside the EU/EEA and California, including the United States. We ensure that such transfers comply with data protection laws by:
- Using standard contractual clauses (SCCs) approved by the European Commission.
- Ensuring that third-party service providers are located in countries with adequate data protection laws (e.g., via Privacy Shield for US companies, where applicable).
- Implementing additional safeguards for transfers to countries with lower levels of protection.
H4: 11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:
- Posting the revised Policy on our website with the updated “Last Updated” date.
- Sending an email notification to users who have provided an email address, if required by law.
Your continued use of our Services after the effective date of the revised Policy constitutes your acceptance of the changes.
H4: 12. Complaints
If you have concerns about how we handle your personal data, please contact us first at flexverateam@outlook.com. We will investigate and respond to your complaint promptly.
You also have the right to lodge a complaint with your local data protection supervisory authority (e.g., the Information Commissioner’s Office in the UK, CNIL in France) if you are not satisfied with our response.
H4: 13. Contact Us
For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:
- Email: flexverateam@outlook.com
Thank you for trusting FLEXVERA with your personal data. We are committed to protecting your privacy and ensuring compliance with all applicable laws.