This Privacy Policy (“Privacy Policy”) explains how information is collected and used by Deskfirst, Inc. and its subsidiary Deskfirst Ltd. (together, “Deskfirst” or “we”, “us”, “our”).
This Privacy Policy applies Deskfirst’s practices as a Data Controller with respect to the SaaS (the “Service”) that Deskfirst provides to its users.
As background, Deskfirst is a SaaS provider of a cloud collaboration web application that allows multiple users to work simultaneously on a shared workspace with the user experience of the familiar desktop environment (the “Service”).
We are committed to protecting and respecting data privacy. Please read this Privacy Policy carefully.
We collect and process your contact information and billing information when you send us an inquiry or engage us to use our Service.
You may contact us through e-mail at [email protected]. When a representative of a Business wishes to use our Service, we collect that person’s contact details such as full name, email address, and authentication details such as password and username. We will also collect, if necessary, payment information such as credit card or bank account information in order to bill you for additional Services. We refer to this as “Contact Information”.
The Service we provide involves processing the information being uploaded to the Service.
In order to provide the Service to a user, we may process the documents and information being upload to the Service. However, we will not monitor or access your information unless we are obligated to do so under applicable law. We refer to this overall data as “Desktop Data”.
You do not have a legal obligation to provide us with your Contact Information or Desktop Data. However, if you choose to not share this information with us, we may not be able to respond to your inquiry or provide you the Service.
We also collect analytics information about your use of the Service.
When you use our Service, we record and collect certain information about your interaction with the Service, including the IP address from which you access the Service, time and date of access, type of browser used, language used, links clicked, and actions taken while using the Service. We refer to this data as "Analytics Information".
Deskfirst is the data controller of the information described in this Privacy Policy.
Deskfirst is the data controller of all the information explained in this Privacy Policy. We determine the purposes and means of processing that data as part of our Service. We only process such data for the purpose of providing the Service to businesses.
To respond to and handle your inquiry and manage our relationship with the Business
We process your Contact Information to contact you and handle your inquiry, to bill for the Service (if necessary) and manage our engagement with you.
To provide you with the Service
We process Desktop Data in order to give you access to use the Service.
To maintain the Service
We process the Analytics Information to provide, maintain and improve your user experience when accessing our Service. We also will use the Analytics Information for quality assurance and for the development and enhancement of the Service.
To enforce these Terms and comply with applicable law and judicial orders
We will use the Analytics Information and Desktop Data to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce these Terms and take other actions otherwise permitted by law.
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will process information with our service providers helping us to operate our business.
We will process personal information with the assistance of our service providers who assist us with the internal operations of the Service such as Amazon AWS, Auth0, MongoDB, and Cloudflare. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes. These service providers include Amazon Web Services, Inc.
We will share information with competent authorities, if you abuse your right to use the Service, or violate any applicable law.
If you have abused your rights to use the Service, or violated any applicable law, we will share information with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling of the violation or breach.
We will share your information if we are legally required.
We will share information if we are required to do so by a judicial, governmental or regulatory authority.
We will share your Information with third-parties in any event of change in our structure.
If the operation of our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), we will share information only as required to enable the structural change in the operation of the business.
What are cookies?
Cookies are text files, comprised of small amount of data, that are saved on your computer or other device (e.g. smartphone, tablet, etc.) when you use the internet and visit various websites.
The information that the cookies maintain is read by the website you visit, during the session of your visit to the website (these are called ‘session’ cookies), and when you return to visit it again (these are called ‘persistent’ cookies).
We use cookies necessary to operate the Service.
We use cookies for a number of purposes, as briefly explained below:
Necessary. Cookies that are strictly necessary for the functioning of the Service. The Service cannot operate properly without these cookies. You can set your browser to block or alert you about these cookies, but some parts of the Service may not function properly.
Statistics. Analytics cookies that help us understand how you and other users interact with our Service by collecting data that does not directly identifies you.
You can always delete or disable cookies.
You can always delete the cookies saved on your device through the settings of your computer browser or device. You can also disable cookies for future use through the settings of your computer browser or device.
We generally will retain your Contact Information, Usage Information and Analytics Information for as long you or your Business use the Service and/or did not request to delete your account.
We will retain Contact Information, Usage Information and Analytics Information for the duration needed to support our ordinary business activities in providing the Service to you and your business. As long as you did not request us to delete your account we may retain some of your information such as your credentials. Nevertheless, we will retain financial transaction information about bills and charges for the extended period required for financial bookkeeping purposes.
We implement measures to secure your Information.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. These include encryption for data in transit and at rest, using industry-leading security solutions, such as Auth0 to manage user authentication flows, and Cloudflare to enforce many other security practices. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure personal information, it is not guaranteed, and you cannot expect that the Service will be immune from information security risks.
We will internationally transfer information in accordance with applicable data protection laws.
If we transfer your personal data for processing at locations outside your jurisdiction, we will abide by data transfer rules applicable to these situations.
Deskfirst is the data controller.
The following is the contact information of Deskfirst, the data controller:
Deskfirst, Inc.
730 Arizona Ave, Suite 206, Santa Monica, CA 90401
Email: [email protected]
Legal basis under EU law for processing your personal data.
The legal basis under EU law for processing your Contact Information for the purpose of responding to and handling your inquiry is our legitimate interest in responding to your inquiry.
The legal basis under EU law for processing Contact Information to bill for the Service and manage our engagement with you is our legitimate interests in receiving the payments due for the Service and administering our relationship with the users.
The legal basis under EU law for processing Usage Information to give you access to the Service is your and our legitimate interests in providing the Service you’ve signed up for.
The legal basis under EU law for processing Analytics Information is our legitimate interest in maintaining, developing and enhancing the Service.
The legal basis under EU law for processing your Analytics Information for the purpose of handling instances of abusive use of the Service is our legitimate interests in defending and enforcing against violations and breaches that are harmful to our business.
The legal basis under EU law for processing your information with authorities or where we are legally required to share it, is our legitimate interests in complying with mandatory legal requirements imposed on us.
The legal basis under EU law for processing your information in the event of a change in our corporate structure is our legitimate interests in our business continuity.
You have certain rights to access, update or delete information, obtain a copy of your information, and object or restrict certain data processing activities.
If you are in the EU, you have the following rights under the GDPR:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
Right to Object, based on your particular situation, to use your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise of defense of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict the processing of your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and request instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Privacy Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you object to us processing your data and we have no compelling legitimate grounds to override your objection, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.
If you wish to exercise any of your EU rights, please contact us at:
[email protected]
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. Where we are not able to provide you the information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work or place of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If we change this Privacy Policy, we will make efforts to proactively notify you of such changes.
From time to time, we may change this Privacy Policy. If we do so, we will make efforts to proactively notify you of such changes. In any event, the latest version of the Privacy Policy will be accessible on our website here.
Last Update: August 7th, 2022