Privacy Policy

Introduction

eFlow Processing SRL ("we", "our", "us") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and disclose personal information about you when you use our services and interact with our website, services, and business activities.

1. Nature of Our Activities

eFlow Processing SRL operates as:

• a commercial introducer connecting merchants with third-party service providers (including payment service providers), and
• a software provider offering tools such as monitoring and chargeback alerting.

Our services are intended for business users and not for consumers.

‍We do not provide payment services, do not process transactions, and do not handle or store payment funds or full payment card data.

eFlow does not act as a data processor on behalf of payment service providers.

We do not collect or process financial account data.

2. Identify of the Data Controller

The data controller responsible for your personal data is:

eFlow Processing SRL
Chemin de la Haillette 5
4280 Hannut
Belgium
Email: antoine.allard@eflow.com

3. Data We Collect

We collect and process only data relevant to our actual activities:

3.1. Business and Identification Data

The data controller responsible for your personal data is eFlow Processing SRL. If you have any questions or concerns regarding the processing of your personal data, you can contact us at:

• Name
• Company name
• Email address
• Phone number
• Professional details relevant to enrollment and qualification

3.2. Commercial and Relationship Data

• Information necessary to assess your business needs
• Communication history
• Partnership or referral-related data

3.3. Technical Data

We collect and process only data relevant to our actual activities:

• IP address
• Browser type and version
• Device and operating system
• Website usage data

3.4. Software Usage Data

• Interaction with our tools
• Alerts configuration
• Performance and diagnostic data

4. Data We Do Not Collect or Process

For the avoidance of doubt:

• We do not process payment transactions
• We do not handle or store payment funds
• We do not collect or store full payment card details
• We are not a payment service provider within the meaning of Payment Services Directive 2 (PSD2)

Any payment-related data is processed directly by third-party providers with whom you contract independently and directly.

5. Purposes of Processing

We process personal data strictly for the following purposes:

• Business Relationship management (enrollment, communication, support)
• Merchant qualification and introduction to relevant third-party partners
• Referral and commission management
• Provision and improvement of software tools
• Compliance with legal obligations
• Fraud prevention and platform security

6. Legal Basis for Processing

We rely on the following legal bases:

• Contractual necessity
• Legitimate interests
• Legal obligations
• Consent (where required)

7. Data Sharing

We may share personal data only in limited and justified circumstances:

7.1. Introduction to Partners

We may share relevant business contact data with third-party providers solely to facilitate introductions, and only where:

• It is relevant to your request or profile
• It is necessary for business matching

7.2. Service Providers

We may use third-party providers for:

• Hosting
• IT infrastructure
• Analytics
• Communication tools

7.3. Legal obligations

We may disclose data where required by law or competent authorities.

8. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Transfers to jurisdictions recognized as providing adequate protection

9. Data Retention

We retain personal data only as long as necessary:

• Business relationship data: duration of the relationship + up to 5 years
• Contractual and billing data: up to 7 years
• Technical and usage data: limited retention based on operational necessity

10. Data Security

We implement appropriate technical and organizational measures, including:

• access controls
• data minimization
• encryption where appropriate
• system monitoring and security measures

11. Your rights

Under the General Data Protection Regulation, you have the right to:

• Access your data
• Rectify inaccurate data
• Request erasure
• Restrict processing
• Object to processing
• Request data portability
• Withdraw consent at any time

You may exercise your rights by contacting:
antoine.allard@eflow.com

We will respond within one month in accordance with applicable law.

12. Complaints

If you have any concerns or complaints regarding our privacy practices, you have the right to contact the relevant supervisory authority. In Belgium, the supervisory authority is:

• Belgian Data Protection Authority (DPA)
• Address: Rue de la Presse 35, 1000 Brussels, Belgium
• Website: https://www.dataprotectionauthority.be/
• Phone: +32 (0)2 274 48 00
• Email: contact@apd-gba.be

13. Cookies and Tracking

Our website may use cookies or similar technologies for:

• essential website functionality
• analytics and performance

Where required, we obtain your consent before placing non-essential cookies.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.Any changes will be published on this page with an updated revision date.

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated revision date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.