Flames Group SRL (the "Flames Group") empower designers worldwide in creating, developing, and promoting their talents. The Flames Group actively operate the Services, which encompass websites, software, mobile services, and applications.
We understand the importance of your information and value your privacy. This Privacy Policy outlines how the Group Companies process personal data in compliance with relevant data protection laws, such as the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable regulations (collectively referred to as "Data Protection Law").
Our Privacy Policy aims to clarify the collection, usage, and control of your information when using our Services. You have the ability to manage the collection, correction, and deletion of your information. Please note that certain third parties may have the capability to identify you across different sites and services over time. However, any processing conducted by these third parties that is not directed by us falls outside the scope of this Privacy Policy. We are not responsible for the privacy policies, content, or security of any linked third-party websites or services. We recommend reviewing the privacy and security policies of each website and service you visit.
We process various types of information based on how you use our Services. To get started, setting up an account is required, and we collect and process your name and email address. Additionally, certain Services may necessitate the collection of additional information. For instance, Flames facilitates connections between its community of designers and individuals/companies seeking their expertise. To enable this, Flames collects payments data and other necessary information to meet legal obligations.
The following table illustrates the types of information we collect and the methods employed for collection. These data categories are collectively referred to as "Your Information."
Information You Provide
Rest assured, at Flames Group, we prioritize transparency and respect for your personal information. We will never collect additional categories of personal information or use the information we already have for unrelated purposes without informing you or obtaining your consent, as may be necessary under Data Protection Law.
Respecting the privacy of sensitive personal data:
While data protection laws acknowledge the necessity for additional safeguarding measures, the GDPR sets clear boundaries on the processing of sensitive personal data, with only a few exceptions allowed. In the EU, sensitive personal data covers a range of information including race, political opinions, religion, trade union membership, biometrics, health, and sexual orientation. It is important to note that different US state laws have their own distinct definitions of sensitive personal data.
At our company, we prioritize the privacy of our users and do not knowingly collect or process sensitive personal data. However, we understand that some individuals may choose to share this information publicly through our Services. For instance, our platform Flames offers a biography section on user profiles, where individuals can freely include any information they wish while adhering to our Terms of Service. Users have complete control over the information they share, and they can modify or remove any sensitive personal data at their discretion.
HOW WE HANDLE YOUR INFORMATION AND THE LEGAL BASIS FOR DOING
Our Services involve the collection and processing of Your Information. To ensure compliance with Data Protection Law, we must establish a legal basis for each processing activity.
In the EU, there are six different bases that allow for the lawful processing of Your Information. In particular, data controllers can process personal data:
By obtaining freely given, specific, informed, and unambiguous consent from a data subject ("Consent").
• When processing is necessary to enter into or fulfill a contract ("Contractual Necessity").
• When processing is necessary to comply with a legal obligation applicable to the data controller ("Legal Obligation").
• Pursuant to the legitimate interests of the data controller, unless these interests are outweighed by the rights and freedoms of individuals ("Legitimate Interests").
According to the CCPA, we are required to inform you about the reasons for which we collect your information:
• Operational Purposes: This includes activities like auditing, security measures, debugging/repairing, short-term uses, providing services, conducting internal research for technical development, maintaining quality and safety, and verifying information. Additionally, Your Information may be used for our operational purposes or other notified purposes that are reasonably necessary and proportionate to achieve those operational goals.
• Commercial Objectives: This entails utilizing Your Information to promote our commercial or economic interests. These interests may cover stimulating others to purchase, rent, lease, join, subscribe to, provide, or exchange products, goods, property, information, or services. It may also involve facilitating or indirectly influencing commercial transactions.
At the core of the Group Companies' data processing practices, they rely on Consent, Contractual Necessity, Legal Obligation, and Legitimate Interests. These serve as the primary foundations for processing Your Information.
Let's dive deeper into the various purposes for which we process this information, the corresponding categories of data we utilize, and the legal basis or other permitted reasons (such as Business Purposes or Commercial Purposes) we rely on. This is essential under the GDPR or other applicable regulations, ensuring transparency in our data processing practices.
Legal Basis: Consent
Our Services are also integrated with social media networks and other platforms (e.g., Facebook, Pinterest, and LinkedIn), allowing seamless information sharing. For example, when interacting with our Service through a social media feature like a plug-in, you have the option to grant us ongoing access to specific information from your social media account. To ensure your preferences are met, we encourage you to review the privacy policy and privacy settings of the relevant social media property before utilizing these features on our Service.
YOUR RIGHTS
Data Protection Laws around the world, such as the GDPR and the CCPA, empower users with certain rights regarding the use of their personal data by companies. Our Group Companies fully support these laws and provide users with the ability to access, modify, and delete the Information You Provide. We have implemented systems that allow you to exercise your rights concerning Automatically-Collected Information and Information Others Provide, including the right to object to or restrict the processing of your personal data.
To exercise any of your rights, please contact the relevant company using the information provided below. Alternatively, you can easily update or correct certain information, such as your Basic Account Information and email preferences, by accessing your account settings page.
You have the freedom to:
• Choose not to Submit Information: You have the option to decline submitting Personal Information through the Service, which may result in the unavailability of certain services.
• Update Account Information: You can easily update or correct your account information and email preferences by logging in to your account settings page.
• Unsubscribe from marketing emails: To unsubscribe from a specific newsletter, simply click the "unsubscribe" link at the bottom of the email newsletter. Occasionally, we may include messages from advertisers or partners in our newsletters, or send dedicated newsletters and marketing messages on their behalf. Your opt-out choices may be shared with third parties to ensure compliance with applicable laws and respect your preferences.
• Allowing cookies: Some browsers can be configured to notify you when you receive cookies or provide options to restrict or disable them. However, please note that disabling cookies may impact certain features of the Service that utilize cookies to enhance functionality. Please refer to our Cookie Policy for more information. Additionally, please be aware that our Services do not respond to browser's do-not-track requests.
• Managing local shared objects: We may utilize other forms of local storage that function similarly to browser cookies but are stored in different locations on your computer, such as Flash cookies placed through the Adobe Flash plug-in. Your browser may offer options to disable HTML5 local storage or delete information stored in it. For detailed instructions on deleting information contained in "local shared objects" or adjusting related preferences, please visit this link: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
• Withdrawing Your Consent: If we process Your Information based on your consent, you have the right to change your mind and withdraw your consent at any time. Please note that withdrawing consent may result in the inability to provide certain services, such as device linking or specific advertising, that rely on your consent.
EU Residents
Under the GDPR, you have the following rights which may be subject to restrictions under local law: (i) the right to withdraw consent to processing where consent is the basis of processing; (ii) the right to access your personal information and certain other supplementary information, under certain conditions; (iii) the right to object to processing that is based on our legitimate interests, under certain conditions; (iv) the right to have your personal information deleted, under certain conditions; (v) the right to request that we restrict processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, processing is no longer necessary, are processing, or believe your personal information is inaccurate; (vi) the right to receive your personal information in a structured, commonly used, and machine-readable format, under certain conditions; (vii) the right to object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you, under certain conditions; (viii) the right to file a complaint with a data protection authorities.
California Residents
The CCPA provides California residents with specific rights regarding their personal information. This section outlines your CCPA rights and provides guidance on how to exercise those rights.
You have the right to request specific information about your personal data. Once we confirm your request, we will disclose:
• Categories of personal information collected, sold, or disclosed.
• Sources of the personal information collected.
• Purpose for collecting or selling the personal information.
• Third parties with whom we share the personal information.
• Specific pieces of personal information collected (data portability request).
Deletion Request Rights:
You can request the deletion of your personal information, with some exceptions. We will delete it once we confirm your request, unless we need to retain it for specific reasons:
- Completing transactions or providing requested services.
- Ensuring security and preventing illegal activity.
- Debugging products.
- Exercising free speech or complying with the law.
- Internal uses aligned with consumer expectations or legal obligations.
Minors' User Content
Individuals under the age of 18 in California can easily delete or remove publicly available User-Generated Content using the same deletion or removal procedures described above, or through other methods provided by the Services. If you have any questions about removing your User-Generated Content or if you would like additional assistance with deletion, feel free to contact us via email at hey@flames.design. We are committed to promptly deleting your information, although we cannot ensure complete removal of the content or information posted through the Services.
To exercise your access, data portability, and deletion rights, simply submit a verifiable consumer request to us by emailing hey@flames.design. You, or an authorized person registered with the California Secretary of State, may make such a request regarding your personal information. It's also possible to make a verifiable consumer request on behalf of your minor child. Please note that you can make a verifiable consumer request for access or data portability up to twice within a 12-month period. In order to process your request, please provide sufficient information that allows us to reasonably verify your identity. Additionally, describe your request with enough detail to ensure we fully understand, evaluate, and respond to it promptly.
We are here to assist you! To ensure the security of your personal information, we kindly ask you to verify your identity and authority to make the request. Rest assured that making a verifiable request does not necessitate creating an account with us. Once verified, we will be more than happy to respond promptly and provide you with the requested personal information.
Response Timing and Format
We strive to respond promptly to verifiable consumer requests, typically within 45 days of receipt. If you have an account with us, we will deliver our written response directly to that account. Alternatively, if you do not have an account, we will deliver our written response to you either by mail or electronically, depending on your preference. Our disclosures will specifically cover the 12-month period preceding the receipt of your verifiable consumer request. In the event that we are unable to fulfill your request, we will provide you with clear reasons for such inability. When it comes to data portability requests, we will select a format that allows for easy use and transmission of your personal information. Rest assured, we do not charge a fee to process or respond to verifiable consumer requests unless they are excessive, repetitive, or unfounded. Should a fee be necessary, we will provide you with an estimate prior to completing your request.
Opt-Out and Opt-In Rights for Personal Information Sales
As per the CCPA, we do not engage in the sale of your information.
Non-Discrimination
We support and respect your CCPA rights. We are committed to:
• Providing you with goods or services without discrimination.
• Offering fair and equal prices for goods or services, including discounts and benefits, without any penalties.
• Ensuring consistent and high-quality goods or services.
• Informing you about potential price variations or quality differences for goods or services.
DATA SECURITY AND DATA BREACH
We prioritize the integrity and security of Your Information and implement robust technical and organizational security measures to safeguard Your Information from any unauthorized access, loss, or alteration.
Our Group Companies adhere to widely accepted industry standards to protect the personal data provided to us. We employ various security measures, including physical safeguards such as server access restrictions, IT measures like encryption, and controlled access to your information through approvals and passwords, ensuring it is accessible on a need-to-know basis.
Depending on the Group Company and the Service in question, your account information is secured with a password. It is your responsibility to select a strong password and periodically update it while keeping it confidential. You also have control over the access to your email communications from our Group Companies and can take additional security measures, such as signing out after using our Services.
These measures cannot fully guarantee the security of any information you transmit to our company. However, we strive to protect your information on our Services and minimize the risk of unauthorized access, disclosure, alteration, or destruction through our technical and organizational safeguards. Please note that changes to the functionality of our Group Companies' distributors, like social networks, may impact your privacy settings. It's important to understand that we do not control the functionality or security measures of any third party.
DATA RETENTION
We will keep personal data for as long as necessary to provide our Services, based on the purposes for which the data is processed. The storage periods are determined on a case-by-case basis and depend on various factors, including:
- The type of information and its processing purpose
- Any legal requirements for data retention, including obligations and statutory limitations for potential legal claims or investigations
- Whether the data is needed for Trust & Safety purposes. For instance, if users violate our Terms of Service, we may terminate their account and restrict their access to our Services to safeguard other users. In such situations, it may be necessary to retain certain personal data, even after account termination.
After terminating or deactivating your User account, we will retain the Information You Provide for a reasonable time for backup, archival, contract performance and enforcement, or audit purposes. This retention will be limited to the necessary duration and will only include accurate and relevant information for our use. Additionally, any information contained in your communications to other Users or posted to public or semi-public areas of the Service will be retained indefinitely after the termination or deactivation of your User account. However, we will solely keep this information on the Services where it was posted and refrain from using it for any other purpose.
PRIVACY POLICY CHANGES
As the Flames Group continues to grow, the manner in which we process data will evolve over time. We will update this policy from time to time to reflect changing practices and will notify you of any material changes in the following ways: i) we will send an email to the address provided to us upon sign-up to our Services, or ii) we will post a notification on the relevant Group Company’s site or app.
FURTHER INFORMATION AND COMPLAINTS
For further information about this Privacy Policy and/or the processing of your personal data by or on behalf of any members of the Flames Group, please contact us using the information provided below.
For users based in the EEA, you have the right to lodge a complaint with your competent data protection supervisory authority. The contact details of each supervisory authority are available on the European Data Protection Board’s website.
Notwithstanding this right, we request that you contact us in the first instance to give us the opportunity to address any concerns that you may have.
If you have any questions about this Privacy Policy or data protection queries regarding any of the Group Companies or Services, please feel free to reach out to Flames Group's Data Protection Officer at hey@flames.design. We are here to assist you.