Privacy Policy

FloPro Limited (referred to in this policy as FloPro, we, us, or our) is a technology consulting and business automation company registered in Jamaica, with our principal place of business at 161 Constant Spring Road, Kingston, Jamaica.

This Privacy Policy explains how we collect, use, share, and protect personal information when you:

• Visit our website at floproltd.com (the "Website");
• Engage us as a client for consulting or automation services;
• Use our multi-channel communications platform (the "Platform") as a customer; or
• Interact with one of our customers through a channel we operate on their behalf, such as WhatsApp, SMS, or email.

We process personal information in accordance with the Data Protection Act 2020 of Jamaica, the European Union General Data Protection Regulation (GDPR) where applicable, and other applicable data protection laws.

We act in two distinct capacities under data protection law, and which capacity applies depends on the context in which we are processing your information.

2.1 As a Data Controller. When we collect and use information directly — for example, from visitors to the Website, from prospective and active clients, and from our employees and contractors — we are the Data Controller. In these contexts, we determine the purposes and means of processing.

2.2 As a Data Processor. When we operate the Platform on behalf of our business customers, those customers are the Data Controllers of the end-user data that flows through the Platform — for example, a car-rental company's customers sending WhatsApp messages to that company. In those contexts, we act as a Data Processor. We process this data only on the customer's documented instructions and only for the purposes set out in our agreement with them. We do not use it for our own purposes.

If you are an end-user communicating with one of our customers, please consult that business's own privacy policy for the full details of how your data is used. We will assist that business in responding to any requests you make.

3.1 From Website visitors. IP address, browser type and version, device information, pages visited, referring URL, approximate location derived from IP, and any information you submit through contact forms.

3.2 From clients and prospective clients. Business contact information (name, role, email address, phone number), business name, billing information, and information shared during the course of our engagement — including project files and account credentials that you provide for integration purposes.

3.3 From end-users via the Platform (as a Data Processor). Names, phone numbers, email addresses, message content, attachments, timestamps, conversation metadata, delivery status, and any other information end-users share with our customer through the channels we operate.

3.4 From third parties. We receive information from communications providers (including Meta's WhatsApp Business Platform, SMS gateways, and email infrastructure providers) that is necessary to deliver messages and receive replies. We may also receive information from our customers' integrated systems (for example, CRM, ticketing, or e-commerce platforms) where they have authorised such integration.

We use the information we collect for the following purposes:

• To operate, maintain, secure, and improve the Website and the Platform.
• To respond to enquiries and provide consulting and automation services.
• To deliver the messaging functionality our customers have contracted from us — acting as a Data Processor on their instructions.
• To bill customers and collect payment for our services.
• To detect, prevent, and respond to fraud, abuse, security incidents, and policy violations.
• To comply with applicable legal and regulatory obligations.
• To send service-related communications such as account notifications, security alerts, and policy updates.

We do not use end-user data processed through the Platform for our own purposes, including marketing, advertising, or training general-purpose AI models. We do not sell personal information to any third party.

Where the GDPR or a similar regime applies to our processing, we rely on the following legal bases:

• Performance of a contract — to provide services to our clients and to operate the Platform.
• Legitimate interests — to run, secure, and improve our business and our services, including fraud prevention and aggregated analytics. Where we rely on legitimate interests, we have assessed that our interests do not override your rights and freedoms.
• Consent — where required, including for optional cookies and marketing communications. You may withdraw your consent at any time.
• Legal obligation — to comply with tax, accounting, and other applicable laws.

FloPro operates a multi-channel communications platform that integrates with Meta's WhatsApp Business Platform in the capacity of a Tech Provider. When our customers use this integration:

• Our customers maintain their own WhatsApp Business Accounts and are the Data Controllers of the messages and metadata exchanged through them.
• We process WhatsApp Business Solution Data strictly on our customers' instructions and only to provide the services they have requested from us, in accordance with WhatsApp's Business Solution Terms.
• We do not use WhatsApp Business Solution Data for our own purposes, including profile building, advertising, or training general-purpose AI models.
• We maintain administrative, physical, and technical safeguards designed to meet or exceed industry standards for the protection of this data.
• Meta's own WhatsApp Privacy Policy governs Meta's processing of WhatsApp data and is available at whatsapp.com/legal/privacy-policy.

End-users communicating with one of our customers through WhatsApp should consult that customer's privacy policy for the full details of how their information is used.

We share personal information only as necessary to provide our services or as required by law. The categories of recipient are:

• Communications providers — including Meta's WhatsApp Business Platform, SMS gateways, and email infrastructure providers, to deliver and receive messages on our customers' behalf.
• Infrastructure providers — cloud hosting, database, and storage providers that host the Platform under contracts requiring appropriate confidentiality and security.
• Payment processors — for billing and credit top-ups.
• Professional advisers — including accountants, lawyers, and auditors, subject to confidentiality obligations.
• Law enforcement and regulators — where we are legally required to disclose information, or where disclosure is necessary to protect the rights, property, or safety of FloPro, our customers, or others.
• Business transfer — if FloPro is involved in a merger, acquisition, or sale of assets, personal information may be transferred subject to standard confidentiality protections.

We require all third parties to whom we disclose personal information to use it only for the purposes we authorise and to maintain appropriate security measures.

We retain personal information for as long as necessary to provide our services, comply with legal obligations, resolve disputes, and enforce our agreements. Specifically:

• Website analytics data — up to 24 months.
• Client account and billing records — for the duration of the relationship and for seven years afterwards, to meet Jamaican tax and accounting requirements.
• End-user messaging data processed on behalf of customers — retained per the customer's contracted retention period, after which it is deleted or anonymised.

You may request earlier deletion in line with the rights described in Section 11.

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, disclosure, alteration, and destruction. These include encryption in transit and at rest, access controls, role-based permissions, regular security reviews, and contractual obligations on our service providers.

No system is completely secure, and we cannot guarantee absolute security. In the event of a personal data breach affecting your information, we will notify you and the relevant authorities where required by law.

Subject to applicable law, you have the following rights in relation to personal information we hold about you:

• The right to access your information.
• The right to request correction of inaccurate information.
• The right to request deletion of your information.
• The right to object to or restrict certain processing.
• The right to data portability.
• The right to withdraw consent where processing is based on consent.
• The right to lodge a complaint with a supervisory authority — in Jamaica, the Office of the Information Commissioner.

To exercise any of these rights, contact us at [email protected]. If you are an end-user whose information is processed on the Platform on behalf of one of our customers, please direct your request to that customer in the first instance; we will assist them in fulfilling your request.