Privacy Policy

This Privacy Policy explains how Freedom Flow Marketing Sp. z o.o. ("FFM", "we", "us", "our") collects, uses, discloses, and protects your personal data when you visit our website at freedomflowmarketing.com (the "Website") or use our services.

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the California Consumer Privacy Act as amended by the California Privacy Rights Act ("CCPA/CPRA"), and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

2. Personal Data We Collect

We collect the following categories of personal data:

3. Purposes and Legal Bases for Processing

Under the GDPR, we process your personal data based on the following legal bases:

4. Cookies and Tracking Technologies

We use cookies and similar technologies on our Website. For detailed information about the cookies we use, their purposes, and how to manage your preferences, please see our Cookie Policy.

5. Third-Party Service Providers

We share your personal data with the following categories of service providers who process data on our behalf:

• GoHighLevel (HighLevel Inc.) — booking calendar, CRM, and communication platform. Processes contact information and scheduling data.
• Google LLC — Google Analytics (GA4) for website analytics, Google Tag Manager for tag management. Processes device and usage data.
• Meta Platforms Inc. — Meta Pixel for advertising measurement and retargeting. Processes marketing identifiers and usage data.
• Netlify, Inc. — website hosting. Processes server logs and IP addresses.

These providers may transfer data to the United States. Such transfers are safeguarded by Standard Contractual Clauses (SCCs) approved by the European Commission and/or the EU-U.S. Data Privacy Framework, where applicable.

6. International Data Transfers

As we operate in Poland, the United States, and the United Kingdom, your personal data may be transferred internationally. We ensure that all transfers comply with Chapter V of the GDPR through:

• EU-U.S. Data Privacy Framework certification of recipients
• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission, where available

7. Data Retention

We retain your personal data only as long as necessary for the purposes described in this policy:

• Contact and scheduling data: 3 years after your last interaction with us, or for the duration of any contractual relationship plus the applicable statute of limitations.
• Analytics and cookie data: Up to 26 months (Google Analytics default), or until you withdraw consent.
• Legal and accounting records: As required by applicable law (typically 5–7 years).

8. Your Rights Under the GDPR

If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights:

• Right of access — obtain a copy of your personal data we hold.
• Right to rectification — correct inaccurate or incomplete data.
• Right to erasure ("right to be forgotten") — request deletion of your data where there is no compelling reason for continued processing.
• Right to restriction of processing — limit how we use your data in certain circumstances.
• Right to data portability — receive your data in a structured, machine-readable format.
• Right to object — object to processing based on legitimate interest, including profiling.
• Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at office@freedomflowmarketing.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

9. Your Rights Under the CCPA/CPRA (California Residents)

If you are a California resident, the California Consumer Privacy Act (as amended by the CPRA) grants you the following additional rights:

• Right to know — request the categories and specific pieces of personal information we have collected about you.
• Right to delete — request that we delete your personal information, subject to certain exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to opt-out of sale/sharing — direct us not to sell or share your personal information for cross-context behavioral advertising.
• Right to non-discrimination — we will not discriminate against you for exercising your CCPA rights.

Do We Sell or Share Personal Information?

We do not sell your personal information in the traditional sense. However, the use of cookies from Google Analytics and Meta Pixel may constitute "sharing" of personal information for cross-context behavioral advertising under the CCPA/CPRA. You can opt out of this sharing through our cookie consent preferences or by contacting us directly.

How to Submit a Request

California residents may submit requests by emailing office@freedomflowmarketing.com. We will verify your identity before processing the request and respond within 45 days.

10. Children's Privacy

Our Website and services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will promptly delete it.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include HTTPS encryption, access controls, and regular review of our data processing practices.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us: