Thank you for entrusting FirstOfficer.io with your financial data and your personal information. Holding onto your private information is a serious responsibility and this policy explains how we’re handling it.

This policy was last modified at: Mar 3, 2020

Please also see our GDPR Page. There you can find the Data Processing Agreement (DPA) that explains in detail how we handle your customers’ personal data and can make personal data requests.

If you’re here to report a security or data issue, please email to our Data Protection Officer: dpo@firstofficer.io

Note! due to GDPR compliancy process, we have disabled all analytics & tracking until the DPAs and/or IP Address anonymization is at place. We will remove this notice when those are back again.

Executive Summary

FirstOfficer.io is run by 1216321 BC Ltd (“we”, “FirstOfficer.io”).

We never sell personal data and we carry out all processing in strict compliance with the EU General Data Protection Regulation (GDPR) as well as the laws of British Columbia, where 1216321 BC Ltd is incorporated.

  • We store data in EU and use only GDPR-compliant third party services.
  • We don’t share any information about your finances with anyone, unless you explicitly allow us to do so
  • We do share individuals’ own personal data through data requests using the process described in our Data Request Policy. When we do, we don’t reveal your data
  • We use secure SSL connections
  • We don’t store credit card numbers on our servers
  • We encrypt 3rd party API tokens and generally make sure that your data is safe and encrypted at rest
  • We collect statistical data about your application usage to improve the service – this data is shared with the providers of statistics services we use
  • We may share data with law enforcement on special conditions, like when fraud or other crime is suspected

We collect your information only with your consent. We only collect the minimum amount of personal information that is necessary to fulfil the purpose of FirstOfficer.io services. We don’t sell it to third parties. We only use it as this Privacy Policy describes.

What information we collect

We honestly want to collect as little data about you as possible.

FirstOfficer.io provides its service by pulling information about your customers and finances from third party services. To enable this, you need to authenticate to these services through FirstOfficer.io. As you do that, we collect the credentials needed to access that third party service and its data. All credentials are stored encrypted.

When you register an account for the service, we collect information to properly identify, communicate with and charge you as a customer. This information may include, but is not limited to, your name, email, company name and credit card number. Credit card numbers are never stored in our servers – they are securely transmitted and stored with the payment provider (Stripe).

We also collect anonymous data from every visitor of the website to monitor traffic, collect statistics and fix bugs. This includes information about your location, browser and times of visit.

How we use your information

a. We use the information that we collect to operate and maintain our sites and the FirstOfficer.io service and to respond to your questions and concerns.

b. If you have given your consent, we use the information that we collect to send you marketing communications in our newsletter.

c. We also use the information that we collect to improve our website and service.

How we share your information

a. Your personally identifiable information: We will not rent or sell your personally identifiable information to others. We may store personal information in locations outside the direct control of FirstOfficer.io, for instance, on servers or databases co-located with hosting providers. Any personally identifiable information you elect to make publicly available on our sites, such as posting comments on our blog page, will be available to others. Our blog is managed by a third party application that may require you to register to post a comment. We do not have access or control of the information posted to the blog. You will need to contact or login into the third party application if you want the personal information that was posted to the comments section removed. To learn how the third party application uses your information, please review their privacy policy.

b. Non-personally identifiable information: We may share non-personally identifiable information (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help us understand the usage patterns of FirstOfficer.io service. To better understand and serve the customers of FirstOfficer.io, we may conduct research based on the information provided to us. The research is compiled on aggregate basis and does not identify you personally. This data may be shared with agents and business partners. It may also be used in marketing purposes and to describe our service.

c. Instances where we are required to share your information: We will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if we reasonably believe that such action is necessary to comply with the law and the reasonable requests of law enforcement; to enforce our Terms of Service or to protect the security or integrity of our Service; and/or to exercise or protect the rights, property, or personal safety of FirstOfficer.io, our users or others. Please see our Data Request Policy

d. When the ownership changes: We own rights to the FirstOfficer.io service and website, but retain rights to the data that you store to FirstOfficer.io. We might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, personal data may be part of the transferred assets. You will be notified via email and/or a prominent notice on our site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

f. Testimonials: We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at dpo@firstofficer.io.

g. We may hire other companies and employ and contract with people and other entities that perform certain tasks on our behalf. Examples of such functions include accounting, maintaining databases and processing payments. When we employ anyone to perform a function of this nature, we only provide them with the information that they need to perform their specific function.

Our GDPR Page has a full listing of third parties that we use. There you can also find our DPA, which explains how we process your customers’ personal data as a GDPR Data Processor.

How you can access and control the information we collect

We have created a Data Request Policy, which we use when individuals want to use their GDPR right to review, change or delete their data.

Data retention and deletion

If you have an account in FirstOfficer.io, we will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

If you are a visitor to the FirstOfficer.io or other Turbine Room Ltd sites we will retain your information for as long as necessary but no longer than one (1) year after your last visit to our site.

Privacy shield and international data transfers

Our company 1216321 BC Ltd runs FirstOfficer.io from Canada. Our databases and file systems that contain your customers’ personal data are located in the United States.

Privacy Shield is not used in the EU, it’s for U.S. businesses. The EU-wide Data Protection Directive and General Data Protection Regulation (GDPR) mandates that we handle your data in a Privacy Shield compatible way. We are also bound by Finnish Personal Data Act.

However, some of our partners do move your own personal data to US, when you browse FirstOfficer.io.

We have checked that all our partners who move your data to US either have a Privacy Shield at place or we have signed an agreement with them that bounds them to follow Standard Contractual Clauses.

GDPR

Please review our dedicated page to learn more about our approach to GDPR.

How we protect your information

1216321 BC Ltd is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to FirstOfficer.io or guarantee that your information on the FirstOfficer Service may not be accessed, disclosed, altered or destroyed by breach of any of our industry standard physical, technical or managerial safeguards.

When you enter sensitive information (such as log in credentials) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). No method of transmission over the Internet or method of electronic storage, is 100% secure, however. Therefore, we cannot guarantee its absolute security.

If you have any questions about security on our Site, you can contact us at dpo@firstofficer.io

We use an outside help platform, and a credit card processing company to bill you if you purchase services. These companies do not retain, share, store or use personally identifiable information for any other purposes.

Data breaches

Please report any suspected data breaches to: dpo@firstofficer.io

We have automatic monitoring for data breaches at place and we will notice all customers by email if their data is compromised. You don’t need to subscribe to a separate breach notification list.

Cookies and tracking

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and stored on your computer’s hard drive.

Like many sites, we use “cookies” to collect information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Site.

We may use Remarketing with Google Analytics to advertise on third party sites to you after you visited our Site. We and our third party vendors, like Google, use first party cookies (such as the Google Analytics cookie) and third party cookies (such as the PerfectAudience cookie) to inform, optimize and serve ads based on your past visits to our Site.

You can opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also recommends installing the Google Analytics Opt-out Browser Add-on for your browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

Children’s Privacy

Protecting the privacy of young children is especially important.

For that reason, we do not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 13, please contact us at dpo@firstofficer.io

We want to encourage young entrepreneurs, but unfortunately the GDPR forces us to set an age limit. If you are under 16 years old, you are not allowed to subscribe to the service.

How we communicate with you

We will use your email address to communicate with you, if you’ve said that’s okay, and only for the reasons you’ve said that’s okay.

There are a couple of exceptions:

As a part of the service, we may send you report emails containing financial figures. You can opt out from receiving these emails.

You’ll also be sent a monthly payment receipt that you can not opt out.

Plus, you cannot opt out from security breach notifications if you use the service.

Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on the Site. You are advised to review this Privacy Policy periodically for any changes.

Contacting FirstOfficer.io

FirstOfficer by
1216321 BC Ltd
3-775 Central Spur Road
Victoria BC
CANADA