Thank you for entrusting FirstOfficer.io with your financial data and your personal information. Holding onto your private information is a serious responsibility and this policy explains how we’re handling it.
This policy was last modified at: May 21, 2018
Please also see our GDPR Page. There you can find the Data Processing Agreement (DPA) that explains in detail how we handle your customers’ personal data and can make personal data requests.
If you’re here to report a security or data issue, please email to our Data Protection Officer: email@example.com
Note! due to GDPR compliancy process, we have disabled all analytics & tracking until the DPAs and/or IP Address anonymization is at place. We will remove this notice when those are back again.
FirstOfficer.io is run by Turbine Room Ltd (“we”, “FirstOfficer.io”).
We never sell personal data and we carry out all processing in strict compliance with the EU General Data Protection Regulation (GDPR) as well as the laws of Finland, where Turbine Room Ltd is incorporated.
We honestly want to collect as little data about you as possible.
FirstOfficer.io provides its service by pulling information about your customers and finances from third party services. To enable this, you need to authenticate to these services through FirstOfficer.io. As you do that, we collect the credentials needed to access that third party service and its data. All credentials are stored encrypted.
When you register an account for the service, we collect information to properly identify, communicate with and charge you as a customer. This information may include, but is not limited to, your name, email, company name and credit card number. Credit card numbers are never stored in our servers – they are securely transmitted and stored with the payment provider (Stripe).
We also collect anonymous data from every visitor of the website to monitor traffic, collect statistics and fix bugs. This includes information about your location, browser and times of visit.
a. We use the information that we collect to operate and maintain our sites and the FirstOfficer.io service and to respond to your questions and concerns.
b. If you have given your consent, we use the information that we collect to send you marketing communications in our newsletter.
c. We also use the information that we collect to improve our website and service.
b. Non-personally identifiable information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns of FirstOfficer.io service. To better understand and serve the customers of FirstOfficer.io, we may conduct research based on the information provided to us. The research is compiled on aggregate basis and does not identify you personally. This data may be shared with agents and business partners. It may also be used in marketing purposes and to describe our service.
c. Instances where we are required to share your information: We will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement; to enforce our Terms of Service or to protect the security or integrity of our Service; and/or to exercise or protect the rights, property, or personal safety of FirstOfficer.io, our users or others. Please see our Data Request Policy
d. When the ownership changes: We own rights to the FirstOfficer.io service and website, but retain rights to the data that you store to FirstOfficer.io. We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets. You will be notified via email and/or a prominent notice on our site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
f. Testimonials: We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
g. We may hire other companies and employ and contract with people and other entities that perform certain tasks on our behalf. Examples of such functions include accounting, maintaining databases and processing payments. When we employ anyone to perform a function of this nature, we only provide them with the information that they need to perform their specific function.
Our GDPR Page has a full listing of third parties that we use. There you can also find our DPA, which explains how we process your customers’ personal data as a GDPR Data Processor.
We have created a Data Request Policy, which we use when individuals want to use their GDPR right to review, change or delete their data.
If you have an account in FirstOfficer.io, we will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
If you are a visitor to the FirstOfficer.io or other Turbine Room Ltd sites we will retain your information for as long as necessary but no longer than one (1) year after your last visit to our site.
Our company Turbine Room Ltd runs FirstOfficer.io from Finland (EU). Our databases and file systems that contain your customers’ personal data are located in the EU (Ireland).
Privacy Shield is not used in the EU, it’s for U.S. businesses. The EU-wide Data Protection Directive and General Data Protection Regulation (GDPR) mandates that we handle your data in a Privacy Shield compatible way. We are also bound by Finnish Personal Data Act.
However, some of our partners do move your own personal data to US, when you browse FirstOfficer.io.
We have checked that all our partners who move your data to US either have a Privacy Shield at place or we have signed an agreement with them that bounds them to follow Standard Contractual Clauses.
Please review our dedicated page to learn more about our approach to GDPR.
Turbine Room Ltd is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to FirstOfficer.io or guarantee that your information on the FirstOfficer Service may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.
When you enter sensitive information (such as log in credentials) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.
If you have any questions about security on our Site, you can contact us at email@example.com
We use an outside help platform, and a credit card processing company to bill you if you purchase services. These companies do not retain, share, store or use personally identifiable information for any other purposes.
Please report any suspected data breaches to: firstname.lastname@example.org
We have automatic monitoring for data breaches at place and we will notice all customers by email if their data is compromised. You don’t need to subscribe to a separate breach notification list.
Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.
Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.
We may use Remarketing with Google Analytics to advertise on third party sites to you after you visited our Site. We and our third party vendors, like Google, use first party cookies (such as the Google Analytics cookie) and third party cookies (such as the PerfectAudience cookie) to inform, optimize and serve ads based on your past visits to our Site.
You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.
Protecting the privacy of young children is especially important.
For that reason, we do not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at email@example.com
We want to encourage young entrepreneurs, but unfortunately the GDPR forces us to set an age limit. If you are under 16 years old, you are not allowed to subscribe to the service.
We will use your email address to communicate with you, if you’ve said that’s okay, and only for the reasons you’ve said that’s okay.
There are a couple of exceptions:
As a part of the service, we may send you report emails containing financial figures. You can opt out from receiving these emails.
You’ll also be sent a monthly payment receipt that you can not opt out.
Plus, you cannot opt out from security breach notifications if you use the service.
Turbine Room Lts