Privacy Policy

Privacy Policy

Website Privacy & Cookie Policy (GDPR)

Flow Postproduction
Last updated: 29/08/2025
Version: 2.0

Table of Contents

  1. Who We Are
  2. Personal Data We Process
  3. Purposes and Legal Bases
  4. Recipients and Processors
  5. International Transfers
  6. Retention Periods
  7. Cookies and Similar Technologies
  8. Your Rights
  9. Children’s Privacy
  10. Automated Decision-Making
  11. Complaints
  12. Security
  13. Changes to This Policy
  14. Cookie Table

 

1. Who We Are

This policy explains how Flow Postproduction BV (“we”/”us”) processes personal data when you use our website https://flow-postproduction.com. We act as the data controller under the EU General Data Protection Regulation (GDPR).

Controller contact:
Flow Postproduction BV
Paleisstraat 147, 2018 Antwerp, Belgium
Company number: 0553.756.568
Email: info@flow-postproduction.com
Tel.: +32 499 25 81 18

Privacy contact:
Managing Director – Jules Debrock

2. Personal Data We Process

We only process personal data that is necessary to operate our website and respond to your requests:

  • Technical and usage data: IP address, browser/device data, pages viewed, timestamps, and other analytics data collected via server logs and cookies (see §7 and §14).
  • Contact data: When you email us using the contact details on our site, we process your name, contact details, and the content of your message.
  • Job application data: When you apply for vacancies published on our site, we process your application materials. Applications are collected via email or external channels; this policy applies to any data you send us.
  • Portfolio/showreel content: Our website displays our work portfolio which may incidentally contain personal data of individuals featured in our productions. This content is carefully reviewed before publication.

3. Purposes and Legal Bases

We process your personal data for the following purposes and on the following legal bases:

  • Website functionality and security (essential cookies, server logs) – based on our legitimate interests in providing a functional and secure website (Art. 6(1)(f) GDPR) and, where strictly necessary, to deliver the service you request (Art. 6(1)(b) GDPR).

Legitimate interest assessment: We have balanced our interest in website security and functionality against your privacy rights and determined that these essential functions do not override your fundamental rights, as they involve minimal data collection necessary for basic website operation.

  • Communications – to respond to your emails and enquiries, based on taking pre-contractual steps at your request or performing a contract with you (Art. 6(1)(b) GDPR) and our legitimate interests in business communications (Art. 6(1)(f) GDPR).
  • Video playback (Vimeo embeds) – based on your consent for non-essential cookies and our legitimate interests in providing media content (Art. 6(1)(a)/(f) GDPR). We implement a two-click solution for Vimeo content (see §7 for details).
  • Analytics – based on your consent (Art. 6(1)(a) GDPR) to improve our website and user experience.

4. Recipients and Processors

We share data only with service providers acting on our instructions and with whom we have data processing agreements, such as:

  • Website hosting: Combell (servers in Belgium)
  • Content management: WordPress
  • Video hosting: Vimeo
  • Analytics: Google Analytics (with IP anonymization)

Public authorities may receive data when legally required. We carefully select our service providers and regularly review their data protection practices.

5. International Transfers

We aim to process data within the European Economic Area (EEA). If a service provider processes personal data outside the EEA (e.g., Vimeo, Google), we ensure appropriate safeguards such as:

  • An adequacy decision by the European Commission for the recipient country
  • EU Standard Contractual Clauses (SCCs)
  • Where applicable, supplementary measures as recommended by the European Data Protection Board

You can request detailed information about these safeguards by contacting our privacy contact listed in §1.

6. Retention Periods

We retain personal data only as long as necessary for the purposes described or to comply with legal obligations:

  • Server logs: 30 days for security and troubleshooting
  • Contact form submissions: 1 year after last communication
  • Job applications: 6 months after the position is filled (unless you consent to longer retention)
  • Analytics data: 14 months in an anonymized form

7. Cookies and Similar Technologies

Our website uses cookies and similar technologies. We categorize cookies as follows:

  • Strictly necessary cookies: These cookies are essential for the website to function properly and cannot be disabled. They do not store any personally identifiable information and are placed without consent.
  • Preference cookies: These cookies enable enhanced functionality and personalization. They may be set by us or third-party providers whose services we have added to our pages.
  • Analytics cookies: These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.
  • Marketing cookies: These cookies track visitors across websites to display relevant advertisements.
  • Third-party content cookies: Cookies set by services like Vimeo when you interact with embedded content.

We place strictly necessary cookies without consent. All other cookies (analytics, marketing, or third-party player cookies) are used only with your prior consent via our cookie banner. Our cookie banner provides clear options to:

  • Accept all cookies
  • Reject all but essential cookies
  • Manage preferences (granular consent)

You can change or withdraw your consent at any time via the cookie settings link in the footer of our site.

Two-click solution for Vimeo: To protect your privacy, we implement a two-click solution for Vimeo videos. When you first visit a page with embedded Vimeo content, you’ll see a placeholder image instead of the actual video. No connection to Vimeo servers is established at this point. Only when you actively click on the placeholder to play the video will the connection to Vimeo be established and cookies set (subject to your consent settings).

8. Your Rights

Under the GDPR, you have the following rights:

  • Right to access: You can request copies of your personal data.
  • Right to rectification: You can request correction of inaccurate or incomplete data.
  • Right to erasure: You can request deletion of your personal data under certain conditions.
  • Right to restrict processing: You can request limiting how we use your data.
  • Right to object: You can object to our processing based on legitimate interests.
  • Right to data portability: You can request transfer of your data in a machine-readable format.
  • Right to withdraw consent: You can withdraw previously given consent at any time.

To exercise these rights, please contact our privacy contact listed in §1. We will respond to your request within one month. This period may be extended by two additional months if necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt of your request.

We may need to verify your identity before responding to your request. If we decline to act on your request, we will explain why and inform you of your right to complain to the supervisory authority.

9. Children’s Privacy

Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us, and we will take steps to delete such information.

10. Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you based on the personal data we collect through our website.

11. Complaints

You can lodge a complaint with the Belgian Data Protection Authority (GBA):

Gegevensbeschermingsautoriteit
Drukpersstraat 35, 1000 Brussels
Tel: +32 (0)2 274 48 00
Email: contact@apd-gba.be
Website: https://www.gegevensbeschermingsautoriteit.be/

12. Security

We take appropriate technical and organizational measures to protect personal data, including:

  • Secure hosting in Belgium (Combell)
  • Access controls and authentication systems
  • Encrypted connections (HTTPS)
  • Regular security updates and patches
  • Staff training on data protection
  • Regular security assessments

13. Changes to This Policy

We may update this policy from time to time to reflect changes in our practices or legal requirements. The latest version will always be available on this page, with the “Last updated” date at the top. Significant changes will be announced through a notice on our website.

For more information about the cookies used by third parties like Vimeo, please refer to their respective privacy policies: