Privacy Policy


Who we are

We are Flowd – a marketing agency based in Manchester, UK. We provide marketing services to a global client base. The majority of our data processing is that of publicly available contact details that we use to identify relevant sales prospects for clients. We take privacy very seriously, and are always available to address privacy concerns via the contact details below.

Our website address is:

By email to our Data Protection Officer –

1. What personal data we collect and why we collect it


When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: After approval of your comment, your profile picture is visible to the public in the context of your comment.


If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

When you submit a contact form on, the details are sent via email to a member of the Flowd team, to be reviewed. Upon reviewing, a member of staff may contact to to book a call in. Your details are kept and stored securely internally, and not shared to any 3rd parties. You may request Flowd to delete all stored data about you.


If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.


How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

2. GDPR/Legal

What is GDPR?

The General Data Protection Regulation (EU) (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR’s primary aim is to enhance individuals’ control and rights over their personal data and to simplify the regulatory environment for international business. The regulation contains provisions and requirements related to the processing of personal data of individuals who are located in the EEA, and applies to any enterprise—regardless of its location and the data subjects’ citizenship or residence—that is processing the personal information of individuals inside the EEA.

Flowd’s Compliance

In addition to appointing a compliance officer to oversee our adherence to the rules, Flowd have utilized 3rd party compliance expertise to audit and advise on best practice. This allows us to assure clients that GDPR best practices are strictly observed wherever possible, at all times.

Flowd’s relationship with you

It’s important to note that both Flowd and the client (you) have responsibility at all times to adhere to GDPR guidelines. Even though Flowd is the service provider, we are both responsible for choosing who to target, what data to use and collect, and the messages we send out. We outline some of our data practises in our service agreement.

Are Flowd’s campaigns GDPR compliant?

Due to the nature of Flowd’s outreach and campaigns, which are strictly B2B, highly-targeted, and highly relevant, they are naturally GDPR compliant. As we conduct B2B outreach only, PECR allows email marketing, provided it is relevant, and has the option for the recipient to opt-out. GDPR always applies and also pertains to the collection and storage of data. We take great care operationally to ensure that data is collected and stored properly. We also conduct an in-depth assessment of a client’s product, service, or offering to ensure that when paired with our outreach, all GDPR and PECR guidelines are met. A crucial part of this assessment is the Legitimate Interest Assessment (LIA). This is essentially a short  series of questions we ask in our onboarding process to determine 3 main points.

  1. Identifying a key interest of both you and the prospects. It’s important that we’re delivering relevant emails to prospects that have a reason to be interested in your service, product, or offering. This can include commercial interest, personal interest, or broader societal interest. Things like increasing revenue are common.

  1. Show that the data processing is necessary to achieve it. For Flowd’s outreach, we believe this is necessary to deliver the most efficient, safe, and successful outreach.

  1. Balance it against the prospect’s personal freedoms, expectations, and rights. Would the prospect expect to be contacted in this way? Would an individual with a public Linkedin profile and job role expect to be messaged about a product or service that could benefit them or their business?

If Flowd determines that your planned campaign/outreach would not meet these criteria for LIA within the scope of GDPR, we cannot support the activity subject to GDPR guidelines.

PECR and sending of B2B messages

In the UK, GDPR controls the storage and processing of personal data. Sending messages is actually regulated under the Privacy and Electronic communications Regulations (PECR). This tells us the requirements for business communication: “You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). Flowd include opt-out options in our outreach so that recipients can block further contact should they be unhappy with being contacted.

Flowd Employees

All Flowd employees undergo GDPR, PECR, and compliance training. Every employee understands the importance of compliance for both Flowd and clients, and we also make sure employees are aware of the consequences associated with failure to comply.

Your responsibilities as a client

Flowd takes detailed care to ensure all regulatory guidelines and rules are adhered to, However, as a client, you have the responsibility to follow the relevant regulatory frameworks in your country and alert Flowd if you see changes that need to be made. It is not possible for Flowd to constantly monitor all aforementioned frameworks in all countries at the same time, and this is why you the client are crucial in ensuring compliance.


Flowd has worked tirelessly to develop an operational framework that ensures good practice and data privacy compliance across the board for clients. All of our outreach is naturally compliant, and our hyper-personalization specific to each prospect is further proof that the emails are relevant, specific, and respect the rights and expectations of the recipient individual.

Back to the website