Privacy Policy
Deskfirst Privacy Policy
Introduction
Welcome to Deskfirst, a software-as-a-service (SaaS) platform that provides shared digital workspaces for business collaboration (the “Service”).
This Privacy Policy (“Policy”) explains how information about you, a prospect who has been granted access to a workspace (“Invitee”) or if you decided to register to the Service and set-up an account (“User”, and collectively “you”), is collected and used by the Service, which is developed and operated by Deskfirst Inc. and its subsidiaries (“Deskfirst” or “we”, “us”, “our”), when we operate as a data controller.
If you are a user who has been granted access to the Service by an organization that purchased a license under the Deskfirst Service Agreement pursuant to an executed Order Form (“Enterprise User”), we process your personal data on behalf of your organization (“Customer”), as described in our Data Processing Addendum.
You have the right to review the personal information we collect and use about you and the right to request correction of your personal information.
The Service is not directed to users under the age of 18. We do not knowingly collect information or data from children under the age of 18 or knowingly allow minors under the age of 18 to use the Service.
This Policy may be amended from time to time. We will post any change to this Policy on our Service at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions, comments or concerns regarding this Policy or our processing of your personal information, please contact us at [email protected].
What we collect and why
When you directly register to and use our Service or through a third-party provider.
Purposes: Providing you with the functionality of the Service, updates (Product updates, tips, reminders, contacting you regarding administrative issues related to the Services, this Policy, our Terms, support and maintenance.
Categories of information processed: Contact Details such as full name, email address, and authentication details such as password and username. if the engagement is made through a third party provide account, such as a Google account, the User’s language preferences and profile picture will be collected. inquiry information, such as a User’s company name, requirements, and the content of its message. You will not be able to opt out of receiving certain administrative messages which are integral to your use (like password resets, billing notices, etc.).
When you subscribe to our Service
Purposes: Providing you with the functionality of the Service you requested, such as Subscriptions.
Categories of information processed: Full name and certain billing information and data that you have provided the third party payment processors – such as your billing address and an indication of successful billing.
Uploading or sharing content through the Service
Purposes: Providing you with the functionality of the Service.
Categories of information processed: Content such as documents, and information being uploaded or provided to the Service. We will not access your content unless we are obligated to do so under applicable law.
Contacting us with an inquiry through our email or online contact form
Purposes: Responding to your inquiry, our business development.
Categories of information processed: Company name, your email address, the subject of your inquiry and the text of your message.
When you provide us with your feedback and reviews
Purposes: Responding to your feedback and reviews, our business development.
Categories of information processed: Email address, full name, username and the feedback or review.
Collection of Engagement Data
Purposes: Providing the Users with data related to Invitees’ interactions within the workspace.
Categories of information processed: Information such as Timestamps of access to Desktops and files, duration of activities such as file views, downloads, and other operations.
Use of cookies & analytics tools on the Service
Purposes: Facilitate a Service feature that the user specifically requested, Analyze the Service usage to evaluate and improve its performance, improve user experience on the Service, inform and serve personalized ads more relevant to user interests.
Categories of information processed: IP address from which you access the Service, time and date of access, type of device and browser used, language used, links clicked via a mouse or a touch screen, and actions taken while using the Service.
Job Applications
Purposes: Handling application for a position at Deskfirst. Information about applicants will be kept private and will only be used for internal recruitment purposes, including identifying applicants, evaluating their applications, making hiring and employment decisions, performing background checks on applicants, and contacting them via telephone or in writing.
Categories of information processed: CVs and contact information.
Registering for the Service is not mandatory. You do not have a legal obligation to provide the information that we request. However, if you choose not to provide this information to us, we may not be able to process your feedback and content, respond to your inquiry and you may not be able to use some of our Service functionalities.
YOU ARE SOLELY LIABLE FOR PROTECTING THIRD PARTIES’ AND YOUR OWN PRIVACY, AND FOR OBTAINING THE PRIOR CONSENT OF INDIVIDUALS’ WHOSE PERSONAL INFORMATION IS INCLUDED IN THE CONTENT. WE WILL NOT BEAR LIABILITY FOR ANY DAMAGES THAT MIGHT INCUR TO YOU OR TO THIRD PARTIES AS A RESULT OF THE PUBLICATION OF PERSONAL INFORMATION.
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- Directly from you when you register to our Service and through your third party provider, such as Google, or when provided to us through our email and our online contact form.
- From our service providers helping us to operate the Service.
- Through the device you use to access our Service, including through third party cookies and analytics tools, such as Google Analytics and our Internal analytics services.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.
We will share your information with our service providers who assist us with the internal operations of the Service. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes
Purposes: Operating the Service and our business.
Examples of Third parties involved: Amazon AWS, Auth0, MongoDB, Stripe, Cloudflare and other LLM AI providers, subject to additional Policies such as:
https://aws.amazon.com/privacy/, https://auth0.com/docs/secure/data-privacy-and-compliance,
https://www.mongodb.com/legal/privacy/privacy-policy,
https://www.cloudflare.com/privacypolicy/.
Job Applications
Purposes: Handling application for a position at Deskfirst.
Examples of Third parties involved: Recruiting third-party cloud services, such as LinkedIn and Freshteam by Freshworks (see Freshworks Privacy Notice). Applicants who use LinkedIn are bound also to LinkedIn terms of service and privacy policy, as registered LinkedIn users.
We will share your content with other Users and Invitees on the Service if you choose to do so
Providing Purposes: you with the functionality of the Service At your choice, and in accordance with your preference.
Examples of Third parties involved: Other Users and Invitees of the Service.
We will share your Engagement Data other Users of the Service
Purposes: Performance of our contract with the applicable User.
Examples of Third parties involved: The User who invited the Invitee.
If you abused your rights to use the Service or violated any applicable law while doing business with us
Purposes: Responding to, handling, and mitigating suspected violations of law in connection with our business.
Examples of Third parties involved: Competent authorities, legal counsels, and advisors.
If a judicial, governmental, or regulatory authority requires us to disclose your information
Purposes: Complying with a binding request from a competent authority.
Examples of Third parties involved: Competent authorities.
If the operation of the Service or our business is organized within a different framework, or through another legal structure or entity
Purposes: Enabling a structural change in the operation of the Service and our business.
Examples of Third parties involved: The target entity of the merger or acquisition, legal counsels, and advisors.
Data retention and security
We retain your information for as long as needed to operate the Service, and thereafter as needed for record-keeping matters.
We will retain your information for as long as needed to operate the Service. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements. The overall period of retention is approximately 7 years.
Deskfirst may retain the information provided by job applicants even after the position has been filled or closed so that we can re-consider them for other employment opportunities, or, if an applicant is hired, for additional employment or business purposes. If you previously submitted your job application information to us, and now wish to access it, update it or have it deleted (if we still have it), please contact us at [email protected].
We implement measures to secure your information
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information, as further detailed in Deskfirst Trust Center - https://trust.deskfirst.com. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks.
Additional information for individuals in the EU or UK
Controller
Deskfirst Inc. is the data controller of the personal information collected via the Service. If you are an Enterprise User or an Invitee of an Enterprise User, Deskfirst is the data processor for the personal information it processes on the Customer behalf, as described in our Data Processing Addendum [ADD HYPERLINK], and Such Customer or Enterprise Use is the data controller.
Deskfirst Inc.
850 NEW BURTON RD STE 201, Dover, DE, 19904, US.
International data transfers
To facilitate processing your information through the Service and by our service providers, we will transfer your information to countries outside the EU or the UK. We do so to countries or organizations which are recognized by the European commission as having adequate protection for personal data, or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
Legal basis for processing your personal data
Registering to and using our Service or through a third-party provider
Legal Basis: Our legitimate interests in providing you with the Service you requested, contacting you regarding administrative issues and updates related to the Services, this Policy, our Terms, support and maintenance.
When you subscribe to our Service
Legal Basis: Our legitimate interest in providing you with the subscription, and performance of our contract with you.
Uploading or sharing content through the Service
Legal Basis: Performance of a contract with you to provide the Service, our legitimate interests in for providing you with the functionality of the Service.
Responding to your inquiry
Legal Basis: Our legitimate interest in responding to your inquiry and our business development.
When you provide us with your feedback and reviews
Legal Basis: Our legitimate interest in developing and enhancing our business and the Service, responding to your feedback or reviews.
Engagement Data
Legal Basis: Performance of a contract with the applicable User.
Use of cookies on the Service
Legal Basis: Our legitimate interests in providing you with the Service functionality you requested.
Responding to, handling, and mitigating suspected violations of law in connection with our business
Legal Basis: Legitimate interests in defending and enforcing against violations and breaches that are harmful to our business.
Complying with a binding request from a competent authority
Legal Basis: Legitimate interest in complying with mandatory legal requirements imposed on us.
Enabling a structural change in the operation of the Service and our business
Legal Basis: Legitimate interests in our business continuity.
Job Applicants
Legal Basis: Our legitimate interest in recruitment of new job applicants.
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
Right to Access and receive a copy of your personal information that we process.
Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
Right to easily and at any time withdraw your consent to the use of non-essential cookies on our Service. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.
Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you with information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work or place of alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.
California and Delaware “do not track” Disclosures.
We do not monitor or respond to Do Not Track browser requests. Please ensure to change any settings of your browser and/or our Service, whenever you wish cookies to cease.