Privacy Policy for Deskfirst

This Privacy Policy (“Privacy Policy”) explains how information is collected and used by Deskfirst, Inc. and its subsidiaries (together, “Deskfirst” or “we”, “us”, “our”).

This Privacy Policy applies Deskfirst’s practices as a Data Controller with respect to the Software as a Service (SaaS) that Deskfirst provides to its users.

As background, Deskfirst is a SaaS provider of a cloud collaboration web application that allows multiple users to work simultaneously on a shared workspace with the user experience of the familiar desktop environment (the “Service”).

We are committed to protecting and respecting data privacy. Please read this Privacy Policy carefully.

PERSONAL DATA PROCESSED

Contact and billing Information

We collect and process your contact information and billing information when you engage us to use our Service or send us an inquiry.

You may contact us through the Service web forms, website forms, chat, and e-mails, including at [email protected]. When you or a representative of a business wishes to use our Service, we collect that person’s contact details such as full name, email address, and authentication details such as password and username and if the person engages our service through a third party provides account, such as Google, its language preferences and profile picture. We will also collect, if necessary, payment information such as credit card or bank account information in order to bill you for additional Services, and inquiry information, such as your company name, your requirements, and the content of your message. We refer to this as “Contact Information”.

Web Desktop(s)

A Web Desktop (in short "Desktop") means the User’s web-based workspace offered by Deskfirst as part of the Service.‍

‍
Desktop Data

The Service we provide involves processing the information being uploaded to the Service.

In order to provide the Service to a user, we may process the content, documents, and information being uploaded or provided to the Service. However, we will not access your information unless we are obligated to do so under applicable law. We refer to this overall data as “Desktop Data”.

You do not have a legal obligation to provide us with your Contact Information or Desktop Data. However, if you choose to not share this information with us, we may not be able to respond to your inquiry or provide you with the Service.

Please use discretion when providing Desktop Data that includes personal information of you or others. YOU ARE SOLELY LIABLE FOR PROTECTING THIRD PARTIES’ AND YOUR OWN PRIVACY, AND FOR OBTAINING THE PRIOR CONSENT OF INDIVIDUALS WHOSE PERSONAL INFORMATION IS INCLUDED IN YOUR CONTENT. WE WILL NOT BEAR LIABILITY FOR ANY DAMAGES THAT MIGHT INCUR YOU OR TO THIRD PARTIES AS A RESULT OF THE PROCESSING OF PERSONAL INFORMATION.

Engagement Data

We collect data related to your interactions within Desktops, including timestamps of access to Desktops and files, duration of activities such as file views, downloads, and other operations. This information may be available to the respective Desktop owners and managers to provide insights into collaboration patterns and assist in workspace management. We refer to this data collectively as "Engagement Data".

‍Analytics Information

We also collect analytics information about your use of the Service. When you use our Service, we record and collect certain information about your interaction with the Service, including the IP address from which you access the Service, time and date of access, type of browser used, the language used, links clicked, usage information, and actions taken while using the Service. Once you sign up to the Service we will use third party cookies such as Google Analytics to collect such data. We refer to this data collevtively as "Analytics Information".

DATA CONTROLLER

Deskfirst is the data controller for the information collected via our Service.

Deskfirst is the data controller for the purposes of the information we collect via the Service. We determine the purposes and means of processing that data as part of our Service. We only process such data for the purpose of providing you with the Service.

HOW WE PROCESS PERSONAL DATA

To respond to and handle your inquiry and manage our relationship with you.

We process your Contact Information to contact you and handle your inquiry, to bill for the Service (if necessary) and manage our engagement with you.

To provide you with the Service.

We process your Desktop Data, Engagement Data, and Contact Information to provide you with the Service, including facilitating collaboration within Desktops and allowing other users to invite you to the Service.

To contact you with administrative messages relating to the Service.

We will use your Contact Information to contact you regarding administrative subjects related to the Service, this Policy, and our Terms, such as updates related to the Service, support, and maintenance. You will not be able to opt out of receiving certain administrative messages which are integral to your use (like password resets, billing notices, etc.).

To maintain the Service.

We process the Analytics Information to provide, maintain and improve your user experience when accessing our Service. We also will use the Analytics Information for quality assurance and for the development and enhancement of the Service.

To enforce these Terms and comply with applicable law and judicial orders.

We will use the Analytics Information and Desktop Data to prevent fraud, resolve disputes, troubleshoot problems, assist with any investigations, enforce these Terms and take other actions otherwise permitted by law.

WHO PROCESSES YOUR DATA

We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.

We will process information with our service providers helping us to operate our business.

We will process personal information with the assistance of our service providers who assist us with the internal operations of the Service such as Amazon AWS, Auth0, MongoDB, Stripe, and Cloudflare. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes.

We will share your Desktop Data with other users you choose to share it with.

At your choice, and in accordance with your preferences, we will share your Desktop Data with other users via an email invitation, a sharable link, or as otherwise supported by our service. 

We will share information with our payment processors to process your payment for our Service.

We share your Contact Information with our payment processor, Stripe, in the course of your use of their payment services. Please note that Stripe is a separate and independent controller of such information and may use it for its own purposes as detailed in Stripe’s privacy policy available at: https://stripe.com/privacy.  

We may share your Engagement Data with Desktop owners and managers.

Engagement Data may be shared with the respective Desktop owners and managers to provide insights into collaboration patterns and assist in workspace management.

We will share information with competent authorities, if you abuse your right to use the Service, or violate any applicable law.

If you have abused your rights to use the Service or violated any applicable law, we will share information with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation or breach.

We will share your information if we are legally required.

We will share information if we are required to do so by a judicial, governmental or regulatory authority.

We will share your Information with third-parties in any event of a change in our structure.

If the operation of our business is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), we will share information only as required to enable the structural change in the operation of the business.

COOKIES

What are Cookies?

Cookies are text files, comprised of a small amount of data, that are saved on your computer or other devices (e.g. smartphone, tablet, etc.) when you use the internet and visit various websites.

The information that the Cookies maintain is read by the website you visit, during the session of your visit to the website (these are called ‘session’ Cookies), and when you return to visit it again (these are called ‘persistent’ Cookies). We also use techniques called web beacons and web pixels for purposes similar to the use of Cookies.

We use an add-on to provide you detailed information about the Cookies and enable you to control the use of Cookies.

We use an add-on to provide you more detailed information about the Cookies we use and their purpose. It also enables you to control the use of Cookies. You can click on the add-on icon to access it. You can change your mind at any time by enabling or disabling certain Cookies or categories of Cookies. However, you cannot disable the ‘necessary’ Cookies because the Service cannot operate without them, or Statistics Cookies after you sign up to the Service. By enabling Cookies or by signing up to the Service, you give your consent to collect the data they are intended for.

We use Cookies necessary to operate the Service.

We use Cookies for a number of purposes, as briefly explained below.

Necessary. Cookies that are strictly necessary for the functioning of the Service. The Service cannot operate properly without these Cookies. You can set your browser to block or alert you about these Cookies, but some parts of the Service may not function properly.

Statistics. Statistics Cookies (also referred to as Analytics Cookies) collect data on how users interact with our website and Service, without directly identifying them. This information helps us improve our website and Service.

Affiliate. Affiliate Cookies track referrals from our affiliate partners, helping us attribute sales to them and enabling us to offer special discounts to users referred through affiliate links. Enabling these cookies is essential to ensure you receive referral discounts.

You can always delete or disable Cookies.

You can always delete the Cookies saved on your device through the settings of your computer browser or device. You can also disable Cookies for future use through the settings of your computer browser or device.

SECURITY AND DATA RETENTION

We generally will retain your Contact Information and Analytics Information for as long you or your business use the Service and/or did not request to delete your account.

We will retain Contact Information, Engagement Data, and Analytics Information for the duration needed to support our ordinary business activities in providing the Service to you and your business. As long as you did not request us to delete your account we may retain some of your information such as your credentials. Nevertheless, we will retain financial transaction information about bills and charges for the extended period required for financial bookkeeping purposes.

We implement measures to secure your Information.

We implement measures to reduce the risks of damage, loss of information, and unauthorized access or use of information. These include encryption for data in transit and at rest, using industry-leading security solutions. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure personal information, it is not guaranteed, and you cannot expect that the Service will be immune from information security risks, data loss, and data corruption cases. You can find more information about our security practices at https://www.deskfirst.com/security-practices.

INTERNATIONAL DATA TRANSFERS

We will internationally transfer information in accordance with applicable data protection laws.

Information we collect from you will be processed within the EU, except specific information we process with our service providers in the US, such as Auth0 and Google Analytics.

The information we transfer from within Europe to other jurisdictions outside Europe, will be transferred using adequate safeguards consistent with those determined by the EU Commission and the UK Information Commissioner’s Office (ICO).

If we transfer your personal data for processing at locations outside your jurisdiction, we will abide by data transfer rules applicable to these situations.

ADDITIONAL INFORMATION FOR INDIVIDUALS IN THE EUROPEAN ECONOMIC AREA OR THE UK

Deskfirst is the data controller.

The following is the contact information of Deskfirst, the data controller:

Deskfirst, Inc.

850 NEW BURTON RD STE 201, Dover, DE, 19904.

Email: [email protected]

Legal basis under EU/EEA law for processing your personal data.

The legal basis for processing your Contact Information for the purpose of responding to and handling your inquiry is our legitimate interest in responding to your inquiry.

The legal basis for processing your Contact Information and Desktop Data, and sharing your Desktop Data, is our performance of a contract with you and our legitimate interests in providing you with the Service, including allowing other users to invite you to the Service, and administering our relationship with the users.

The legal basis for processing and sharing your Contact Information to bill you for the Service and to manage our engagement with you is our performance of a contract with you, our legitimate interests in receiving the payments due for the Service, and in administering our relationship with the users.

The legal basis for processing and sharing your Engagement Data with Desktop owners and managers is our legitimate interest in enhancing collaboration and managing shared workspaces effectively.

The legal basis for processing Analytics Information is our legitimate interest in maintaining, developing and enhancing the Service.

The legal basis for processing your Analytics Information for the purpose of handling instances of abusive use of the Service is our legitimate interests in defending and enforcing against violations and breaches that are harmful to our business.

The legal basis for processing your information with authorities, or where we are legally required to share it, is our legitimate interests in complying with mandatory legal requirements imposed on us.

The legal basis for processing your information in the event of a change in our corporate structure is our legitimate interests in our business continuity.

You have certain rights to access, update or delete your information, withdraw your consent, obtain a copy of your information, and object or restrict certain data processing activities.

If you are in the EU or the UK, you have the following rights under the GDPR:

Right to Access your personal data that we process and receive a copy of it.

Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.

Right to Withdraw your consent where processing your data is based on consent. Such withdrawal of consent will not impact the data processed on that basis before the withdrawal of your consent.

Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.

Right to Object, based on your particular situation, to use your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment and exercise of defense of legal claims.

Right to Restrict the processing of your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and request instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Privacy Policy, but you require them to establish, exercise or defense relating to legal claims, or if you object to processing, pending the verification whether our legitimate grounds for processing override yours.

Right to be Forgotten. Under certain circumstances, such as when you object to us processing your data and we have no compelling legitimate grounds to override your objection, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation that we are subject to under laws in EU Member States or for the establishment, exercise or defense of legal claims.

If you wish to exercise any of these rights, please contact us at [email protected].

We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. If we are not able to provide you with the information that you have asked for, we will explain the reason for this.

You have a right to submit a complaint to the relevant supervisory data protection authority.

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence, place of work, or place of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.

If you are in the UK, you can lodge a complaint to Information Commissioner’s Office (ICO) pursuant to the instructions provided here.

JOB APPLICATIONS

We may collect information provided to us by job applicants when they apply for a position at Deskfirst. Applicants are welcome to send us their CVs and contact information, for job openings we may publish. We maintain, process, and store this information in Israel, in the applied position’s location(s), and through our recruiting third-party cloud services, such as LinkedIn and Freshteam by Freshworks (see Freshworks Privacy Notice). Applicants who use LinkedIn are bound also to LinkedIn terms of service and privacy policy, as registered LinkedIn users.

Information about applicants will be kept private and will only be used for internal recruitment purposes, including identifying applicants, evaluating their applications, making hiring and employment decisions, performing background checks on applicants, and contacting them via telephone or in writing.

You do not have any legal obligation to provide us with your job application information. However, not doing so will not allow us to process your job application.

Deskfirst may retain the information provided by job applicants even after the position has been filled or closed so that we can re-consider them for other employment opportunities, or, if an applicant is hired, for additional employment or business purposes. If you previously submitted your job application information to us, and now wish to access it, update it or have it deleted (if we still have it), please contact us at [email protected].

CHANGES TO THIS PRIVACY NOTICE

From time to time, we may change this Privacy Policy. If we do so, we will make efforts to proactively notify you of such changes through either email, the Service, or our website. In any event, the latest version of the Privacy Policy will be accessible on our website here.