Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate, disclose and make use of personal information.
FirstOfficer.io is operated from Finland, EU. Privacy Shield certificates are not used in the EU, they are for U.S. businesses. The EU-wide Data Protection Directive and General Data Protection Regulation (GDPR) mandates that we handle your data in a Privacy Shield compatible way. There is a transition period that ends in May 2018. We are also bound by Finnish Personal Data Act.
At the moment we comply to GDPR requirements when we handle your customer data.
However, when we handle your personal data, we use non-EU based services that do not yet have Privacy Shield certificate: Stripe for collecting payments and GetVero for life-cycle emails. However, Stripe does employ European Commission’s Standard Contractual Clauses that make personal data transfers legal.
This chapter explains how we handle the private data you have collected about your customers.
Both the Privacy Shield and GDPR require that notice should be given to the persons whose data gets collected. No data should be collected without person's consent. Person should have access to the data that has been collected about them.
It is your responsibility to gain your EU-based customers consent and notice them about the data collection. We will never contact your customers, but if they contact us, we are bound by the law to let them see the personal data collected about them. However, to protect you, we will require proof of identity.
We store all the data in U.S. servers using only Privacy Shield certified service providers. FirstOfficer.io is not moving any personal information from EU to U.S. We store data that has already moved to U.S. by you.
FirstOfficer.io provides its service by pulling information about your customers and finances from third party services. To enable this, you need to authenticate to these services through FirstOfficer.io. As you do that, we collect the credentials needed access that third party service and its data. All credentials are stored encrypted.
When you register an account for the service, we collect information to properly identify, communicate with and charge you as a customer. This information includes your email, company name and credit card number. Credit card numbers are never stored in our servers - they are securely transmitted and stored with the payment provider (Stripe).
We also collect anonymous data from every visitor of the website to monitor traffic, collect statistics and fix bugs. This includes information about your location, browser and times of visit.
All transfers of data are done over secure connections.
We use your personal information to provide you the service and to communicate with you. You may receive promotional emails relating to FirstOfficer.io. You may receive emails regarding your use of the FirstOfficer.io website and service. The service may send you report emails containing financial figures, but never customer emails. You can opt out from receiving all of these emails - however, you'll be sent a monthly payment receipt that you can not opt out.
The financial and customer data that we receive from third party services is kept confidential. Data is never shared between accounts or with public.
Please note that if you choose to share data, like inviting your accountant, team or advisors to view your data through FirstOfficer.io, we are not responsible for any violations.
FirstOfficer.io is operated from Finland, EU. If you are visiting the website and service from outside Finland, you agree to any processing of personal information according to this policy.
To better understand and serve the customers of FirstOfficer.io, we may conduct research based on the information provided to us. The research is compiled on aggregate basis and does not identify you personally. This data may be shared with agents and business partners. It may also be used in marketing purposes to describe our service.
We don't share personal information you have provided us without your consent, unless:
We currenly use MailChimp/Mandrill and Google Analytics, and share following data:
We may hire other companies and employ and contract with people and other entities that perform certain tasks on our behalf. Examples of such functions include accounting, maintaining databases and processing payments. When we employ anyone to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
We own rights to the FirstOfficer.io service and website, but retain rights to the data that you store to FirstOfficer.io. We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets.
To keep your personal data accurate, current, and complete, please contact firstname.lastname@example.org.