Last Updated: August 10, 2020
Your use of the Site following the posting of such changes or revised statement shall constitute your acceptance of any changes in our privacy practices, and you expressly waive any right to receiving notice of such changes except where your affirmative consent is required. We encourage you to periodically review this Policy whenever you visit our Site to make sure that you understand how any personal information you provide will be used.
What Information does this Policy Apply to?
This Policy applies to personal data we process in connection with the Site and the FirmoBase Service. Personal data means information that can be directly or indirectly associated with you by reference to an identifier, such as a name, an email address, an identification number, or other information by which you can be identified using reasonable means.
Personal data includes information we receive:
- From you when you create a user account for the FirmoBase Service;
- Through your use of the FirmoBase Service and through contributions by the community of users;
- In email, text, and other electronic messages between you and FirmoBase or the Site.
- When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy; and
- Through any other site or application operated by FirmoBase or one of its affiliates that contains a link to this Policy.
Data Privacy Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
If you are a resident of the European Economic Area, you have the following rights with respect to your personal data:
- Right of Access – a right to understand the nature and extent of how your data is processed;
- Right to be Rectification – a right to request correction of inaccurate data;
- Right to Erasure – a right to request erasure of personal data in some circumstances, commonly referred to as the “Right to be Forgotten”;
- Right to Restriction of Processing – a right to limit how your personal data is processed;
- Right to Data Portability – a right to receive personal data and transfer information to another controller;
- Right to Object – a right to object to processing of your personal data based on your circumstances and a right to object to direct marketing; and
- Right to Freedom from Automated Decision-making – a right not to be subject to decision-making based solely on automated processing, including profiling, that produces legal or similarly significant effects.
To the extent possible, users will receive equal service and price regardless of whether they exercise their privacy rights under the GDPR. FirmoBase does not sell the personal data of its users.
You may contact us regarding these rights by writing to email@example.com.
How Do We Use the Information That You Provide to Us?
Broadly speaking, we use personal information for purposes of administering and expanding our business activities, providing customer service, making available other products and services to our users and prospective customers, to allow you to participate in interactive features on our Site, and to fulfill any other purpose for which you provide the personal information.
Specifically, we process your personal data for the following purposes:
- User Accounts. We use your information to provide a specific user account that allows you to access the resources available on the FirmoBase Service. Your user account also allows you to customize your experience and manage your personal data. If you download the FirmoBase application onto a smartphone, we will generate a unique identifier for your application and will pre-register you on our system, which allows us to customize your experience before you create a user account.
- Email Subscriptions. We use your email address and any stated subscription preferences to provide you with email content that we believe will be of interest to you. If you choose to sign up for an email newsletter, we will send the newsletter to the email address you register with us. If you wish to unsubscribe from the newsletter, you may do so by using the unsubscribe link in the newsletter.
- Customer Support. We use your information to provide support in the event you request assistance. This information includes emails, SMS messages, and other methods of communication you use to provide us with details about any issues you may be experiencing with the respect to the FirmoBase Service. We may also use information relating to your support request to improve the FirmoBase Service.
- Service Content. Users may post reviews, comments, and other content; send messages and other communications; and submit suggestions, ideas, comments, questions, or other information. All of these materials are referred to as Content. We may process your personal data in connection with your posting or sharing of Content. For example, comments or messages you send may include your name, photograph, or other personal data. We may also further process any Content to anonymize the Content to protect the privacy of our users and promote our business interests and services using the anonymized Content. We may edit Content to eliminate identifying information.
- Direct Marketing. Occasionally, we may use the information we collect to notify you about new services and special offers we think you will find valuable. You may notify us at any time if you do not wish to receive these offers by emailing us at firstname.lastname@example.org. Our goal is to only provide you with materials that are of interest to you.
- Profiling for Relevant Content. We may use the information we have collected from you to enable us to present content that we believe will be of interest to you. We profile customer interests based on information you provide to us directly and information developed based on your use of the FirmoBase Service. For example, we may use your searches on the FirmoBase Service to improve the quality of the results we provide to you.
- Detecting and Preventing Fraud. We use your information to monitor for potentially fraudulent activities committed using the FirmoBase Service.
- Legal Claims. We may disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims on behalf of FirmoBase, whether in court proceedings or in an administrative or out-of-court procedure.
- Published Information. FirmoBase may use your personal data, including your name, photograph, profile, and likeness in connection with any other information provided or expressed by you using the FirmoBase Service to promote its business interests and services. If you do not wish for FirmoBase to use your personal data in connection with any other information provided or expressed by you using the FirmoBase Service, please email us at email@example.com.
- Third-Party Advertising. Our advertising processor places ads that they believe will be of interest to you. Users are identified solely using a hashed identifier and no other personal data is available to the advertising processor. If you do not wish for the advertisements you receive to be tailored to fit your interests, please email us at firstname.lastname@example.org.
- Legal Obligations. In addition to the specific bases for disclosure of personal data set forth in this section, we may process or disclose your personal data where such processing or disclosure is necessary for compliance with a legal obligation to which we are subject. To the extent we are legally required to disclose information to law enforcement, we will comply with such requests. We will not otherwise voluntarily disclose your information.
Lawful Bases for Processing
Legitimate Interests. For purposes 1 – 11, processing of your personal data is necessary for the legitimate interests pursued by FirmoBase. FirmoBase values your fundamental rights and freedoms and carefully evaluates protection of your personal data with respect to such processing. FirmoBase will not engage in processing pursuant to this lawful basis to the extent FirmoBase’s legitimate interest is overridden by your interests or fundamental rights and freedoms which require protection of your personal data.
Specifically, purposes 1 – 11 are necessary to enable FirmoBase to provide high quality services, tailor content to specific users, provide customer support, provide common online services such as messaging, and otherwise improve the products and services offered. Purpose 1 allows FirmoBase to provide customized experiences for each user. Purposes 2, 6, 7, and 10 are necessary to support FirmoBase’s legitimate interest in providing relevant content and promotions to users. Purposes 3 and 4 are used to provide, maintain, improve, and support users’ use of the FirmoBase Service. Purpose 4 also provides for promotion of FirmoBase’s business interests and services while protecting the privacy of our users. Purpose 10 why the FirmoBase Service exists - we have a legitimate interest in providing access to our business insights platform and information published on the platform. Purpose 8 is based on FirmoBase’s legitimate interest in protecting itself and its users from fraudulent activities. Purpose 9 reflects FirmoBase’s legitimate interest in putting forth valid legal defenses and claims.
With respect to profiling and third-party advertising, we have concluded the processing of user information is not likely to result in a high risk because i) each user profile includes a limited level of detail; ii) the profiles only extend to business areas that may be of interest to the user; iii) the targeting of marketing materials is unlikely to have a significant effect on the user; and iv) our internal processes are intended to promote accuracy, fairness, and non-discrimination. We value your fundamental rights and freedoms and therefore do not engage in uses of your information where our legitimate interests are outweighed by your fundamental rights and freedoms.
Legal Obligation; Vital Interests. In addition to the specific bases for disclosure of personal data set forth in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, as in the case of purpose 12, or in order to protect your vital interests or the vital interests of another natural person.
How Do We Protect Your Information?
We take appropriate security measures to protect against unauthorized access to all of our data. This includes internal reviews of our data collection, storage and processing practices, as well as an assessment of our encryption and physical security measures to guard against unauthorized access to systems where we store personal data. We restrict access to personal information to a limited number of our employees, partners and agents. These individuals and entities are bound by confidentiality agreements and may be subject to discipline, including termination and criminal prosecution, if they fail to meet any obligations required under their agreement with us.
The safety and security of your information also depends on you. You must maintain the security of your email accounts used to access the Site, and any other credentials you may use to access the site. Any information you share in public areas of the Site may be viewed by any other user of the Site. Unfortunately, the transmission of information via the Internet is not completely secure. Although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Site. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Site.
How Can You Access and Correct Your Information?
When you use our Site, we make every effort to provide you with access to your personal data and will correct this data if it is inaccurate or delete it at your request when you submit a support ticket, if it is not otherwise required to be retained by law or for legitimate business purposes. You can review and change portions of your personal data by logging onto the Site and visiting your "My Info" page on your account "Dashboard." We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems. If we are unable to comply with your request, you have the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
We retain the personal information you provide while your account is in existence or as needed to provide you services. We may retain your personal data even after you have closed your account if retention is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes between members, prevent fraud and abuse, or enforce this Policy and the Site’s Terms and Conditions. We may retain personal data, for a limited period of time, if requested by law enforcement. Our customer service department may retain information for as long as is necessary to provide support-related reporting and trend analysis only.
Children Under the Age of 16
Our Site is not intended for children under 16 years of age. No one under age 16 may provide any information to or on the Site. We do not knowingly collect information from or relating to children under 16. If you are under 16, do not use or provide any information on this Site or on or through any of its features. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us by submitting a support ticket.
Data Controller & Processors
FirmoBase, Inc. is the controller of the personal data processed in connection with the Site and the FirmoBase Service. FirmoBase, Inc. is located in the Hong Kong.
The following is a complete list of the processors we use to provide the FirmoBase Service:
- Amazon Web Services, Inc. (United States) provides server infrastructure;
- Sendgrid, Inc. (United States) provides email services;
- Google, LLC. (United States) provides advertising-related services;
Disclosure of Personal Data
We may disclose personal information that we collect or you provide as described in this Policy:
- To our subsidiaries and affiliates who are also subject to the terms of this Policy;
- To contractors, service providers, and other third parties we use to support our business and develop further the Site and FirmoBase Services, subject to sufficient guarantees of appropriate technical and organizational measures to protect your rights and privacy;
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some of all of FirmoBase's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by FirmoBase about our Site users is among the assets transferred;
- To fulfill the purpose for which you provide it. For example, if you give us your email address and the email address of a colleague to subscribe the colleague to the Site’s features, we may transmit your email address to the colleague;
- For any other purpose disclosed by us and supported by a lawful basis for processing when you provide the information; and
- With your consent.
Transfers of Data
We process personal data on leased dedicated servers located in the United States of America and Hong Kong. Our processor that provides these leased servers is Amazon Web Services, Inc. This transfer is subject to appropriate contractual safeguards and Amazon Web Services, Inc. is certified under the EU-US Privacy Shield. Transfers to other processors are either subject to appropriate safeguards or on the basis of an adequacy decision.
In some cases, we may process personal information outside your own country. If you use the FirmoBase Service from outside Hong Kong and provide personal data to us, your personal data may be transferred to Hong Kong. If you use the FirmoBase Service from within Hong Kong and provide personal data to us, your personal data may be transferred out of Hong Kong.
What About Other Websites Linked to Our Site?
Third-Party Marketing Consent
If at any time, you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can revoke your consent by sending us an email stating your request to email@example.com. For this revocation to function, you must have your browser set to accept browser cookies.
We do not control third parties' collection or use of your information to serve interest-based advertising.
However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website or the Digital Advertising Alliance (DAA) on the DAA's website.
What Are Cookies?
How Do We Use Information We Collect from Cookies?