Effective date: March 19, 2019
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
The types of data we may collect include basic user information (such as name, email address, and avatar), company information and other information you choose to provide.
When needed, we collect financial or business information from you, but only in the case of any agreement between parties and for the usage of invoicing, our administration of you as a customer and to comply with local laws and regulations.
When possible, we will not collect financial information from you (such as payment/credit card number, expiration date or security code). All payments to us are handled via third parties, Paddle Ltd (https://paddle.com) and Mollie B.V. (https://mollie.com). We refer to their respective privacy statements: https://paddle.com/gdpr and https://www.mollie.com/en/privacy.
We may also collect information automatically on how the Services is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the parts of our Services that you use, the time and date of your usage, the time spent on those parts, unique device identifiers and other debugging or diagnostic data.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
Examples of Cookies we use:
We may also obtain Personal Information about you from third parties, such as LinkedIn, Facebook, Github, Twitter and other publicly accessible sources.
When you contact us for support or with other customer service requests, we can keep records related to such requests, including any information provided by you related to said requests.
We may use your personal Data to contact you with marketing or promotional materials and other communications related to the Services. If you no longer wish to receive marketing or promotional communications related to the Services, you can use the unsubscribe link in the email or by emailing firstname.lastname@example.org to request us to stop sending you such communications. We process these requests immediately, but at most within two business days.
For individuals in the European Economic Area, our processing of your Personal Data is justified on the following legal bases:
Firstversionist uses the collected data for various purposes:
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Firstversionist and its Services operate worldwide and we may share Personal Data with our affiliated businesses as part of our business operations, administration of the Services and to comply with applicable laws and regulations. We may also appoint third party service providers (operating under our instructions) to assist us in providing information, products or services to you, in managing our business or in managing and improving our Services. We may share your Personal Data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions, obligations and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.
We reserve the right to share any data that is not deemed Personal Data or is not otherwise subject to contractual restrictions.
Firstversionist B.V. may disclose your Personal Data in the good faith belief that such action is necessary to:
Additionally we may share Personal Data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case any Personal Data held by us may be one of the transferred assets.
Where Personal Data is transferred outside of the European Economic Area to our affiliated companies or third party service providers, we will take steps to ensure that your personal information is as well protected as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clause.
We commit to resolve complaints about your Personal Data in adherence to the GDPR. Please email our Data Protection Officer at email@example.com.
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control. Our personnel is only allowed to access or process Personal Data if this is reasonably required to do so for word related tasks, to adhere to any customer requests or to fulfill a legal obligation on behalf of us.
When using our service, you may be supplied with an automatically generated password. This password is not otherwise stored by us or in any way retrievable. We strongly encourage you to change this password regardless, and to use a long password made up of lowercase and uppercase letters, numbers and symbols, that is different from the passwords you use for other services, and that is updated periodically.
Where Personal Data is transferred outside of the European Economic Area to our affiliated companies or third party service providers, we will, as mentioned above, take steps to ensure that your Personal Data is protected by the same level of protection as if it remained in the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clause.
In the case of a data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transferred, stored or otherwise processed by us about our customers, we shall where feasible and not later than 72 hours after having become aware of it, notify the breach to the local supervisory authority, unless the information breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons we will communicate the Personal Data Breach on our security page and via email with the affected natural persons, unless we have already implemented appropriate technical and organizational protection measures (particularly encryption and other measures that render the Personal Data unintelligible to any person not authorised to access it) and those measures are applied to the Personal Data affected by the breach or when we have taken measures that ensure that the high risk to the rights and freedoms of persons is no longer likely to materialize.
Collected Personal Data is in general not stored by us for longer than three years after an active agreement, unless you file a deletion request prior to that. In some circumstances we may retain certain Personal Data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required by a legal process, legal authority or other governmental entity having authority to make the request, for as long as required. In specific circumstances we may also retain certain Personal Data for longer periods of time corresponding to a statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
We may employ third party companies and individuals to facilitate our Services ("Service Providers"), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services are used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Our Services and data are hosted on Digitalocean in European Data centers. Personal Data connected to any active customer accounts is stored on Airtable. This information is only accessible by people authorized to access the data, and usage logs are monitored and audited.
Firstversionist does not store any credit card information on our servers. All automatic payment processing is handled by Paddle or by Mollie.
We use HTTPS and SSL for all our resources, websites and apis that are part of our Services or marketing efforts. This means that all information shared with us or with our Services are securely encrypted during transport.
If you find a security issue or vulnerability please contact us immediately at firstname.lastname@example.org.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Services do not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Based on the GDPR you may have rights available to you in respect of your Personal Data, such as:
In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your Personal Data which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your Personal Data for marketing or promotional purposes, including profiling for marketing or promotional purposes.