Privacy Statement of Firmhouse BV

25 May 2018

Introduction

At Firmhouse, we process your personal data in several places. For example when you leave your contact details on our website, but also when you’re a user of one of our software products or client of our consultancy services.

In this privacy statement, you’ll read where we process your personal data, how we go about it and what you can expect from us. If anything is unclear or you have questions, you can get in touch with us.

We take utmost care that your personal data is secure with us and that we confirm to European (GDPR) and Dutch (AVG) privacy legislation.

During the processing we conform to the requirements of the applicable data protection legislation. This means we:

  • clearly specify our purposes before we process personal data, by using this Privacy Statement;
  • limit our collection of personal data to only the personal data needed for legitimate purposes;
  • first ask for explicit permission to process your personal data in cases where your permission is required;
  • take appropriate security measures to protect your personal data and we demand the same from parties who process personal data on our behalf;
  • respect your right to inspect, correct or delete your personal data held by us.

Firmhouse BV is the party responsible for all data processing. In this privacy statement, we will explain which personal data we collect and for which purposes. We recommend that you read it carefully.

Third parties and subprocessors

We may provide your data to our partners and other software tools. These tools are being used by us to complete the goals we set out in this privacy policy. These partners may be based outside the EU. However, they make use of the European model clauses and have EU privacy shield certification. Where applicable, we’ve signed Data Processing Agreements with these partners so they are bound to the same rights and obligations as we have towards you under the European and Dutch privacy legislation.

Please refer to the articles below to understand which third party suppliers we use to process your data for which purpose.

Cookies

Our websites and software products makes use of cookies. Cookies are small files in which we can store information, so that you do not have to fill that information again. We can also use them to see whether you are visiting us again.

Where do we use your data?

We have several incoming channels in where we process your personal data. On our website, in our products, or when we get in touch with you through our other services.

The following headings list all the cases that we might use, collect, or process your personal data:

On our website with contact form and chat

You can use our contact form and our chat functionality on our website to ask us questions or make any request.

For this purpose, we can use your IP address, email address, phone number, name and address details, and name of your company. We need this data because we can then get back in touch with you. We store this information until we are sure that you are satisfied with our response.

We have a newsletter to inform those interested of our products and/or services. Each newsletter contains a link with which to unsubscribe from our newsletter. Your e-mail address is automatically added to the list of subscribers. We store this information until you cancel your newsletter subscription.

Cookies on our website

The first time you visit our website, we will show you a notification explaining our cookies. If you keep using our service, we assume that you do not object to these cookies.

You can disable the use of cookies through your browser setting, but some parts of our website may not work properly as a result of that.

We made arrangements with other parties who place cookies through our website. Nevertheless, we cannot fully control what they are doing with their cookies, so please read their privacy statements as well.

Use of Google Analytics

We use Google Analytics to track visitors on our website and to get reports about how visitors use the website. We accepted the data processing agreement from Google. We don't allow Google to use information obtained by Analytics for other Google services, and we anonymize the IP-adresses.

Subprocessors

  • Front — Our support and operations email inbox and chat system
  • Google Analytics - For tracking visits on our website
  • Hubspot - Our customer CRM
  • Revue - Our newsletter system

Our newsletter (https://digest.firmhouse.com)

We have a newsletter that you can sign up for so you receive regular updates about our company and content that you might find interesting. You can sign up for our newsletter at https://digest.firmhouse.com and you are added to the newsletter when you contact us via our website.

We use your email address to send you the occasional newsletter. After signing up, you need to confirm your newsletter subscription first. We store this information until you cancel your newsletter subscription.

Subprocessors

  • Revue - Our newsletter system

Using our software products

When using one of our software products, we also process your personal data.

Our software products are:

  • Airstrip
  • Dispatch
  • GoMonthly
  • Formbox
  • VenturePulse

Some of these products we offer directly (as Software as a Service) to you as end user. In other cases, the software is provided via an agreement we have with an organization or your employer. That organization or your employer will have provided access to an account for you.

When using our products, we use your IP address, name, email address, phone number, and if applicable your payment details to offer you access to our product’s functionalities and offer you support when needed. We store this information until you close your account or on the request of your employer who owns your account.

Use of Cookies

When using our products, we will use functional cookies to keep you logged in to our products and to track your activity within the product. If you keep using our products, we assume that you do not object to these cookies.

If you disable cookies via your web browser, it is possible that our products will not work in part, or not at all.

Subprocessors

When you’re using our products, your data might be transferred to one or multiple of the following subprocessors. We use these subprocessors as they are critical to us in offering you our product’s core functionalities. Our products would not work without them and they are mostly technical infrastructure components and service providers that we depend on.

  • Front - Our support and operations system
  • Mailjet - For sending you emails from inside our products
  • Postmark - For sending you emails from inside our products
  • DigitalOcean - Where our applications and databases are hosted
  • Heroku by SalesForce - Where our applications and databases are hosted
  • Appsignal - For receiving automatic bug reports when something goes wrong in our products
  • Aiven.io - For managing and maintaining our databases
  • Stripe - For storing your payment information and charging you

As client/participant of our consultancy services

You can hire us to perform certain services for you, like software development or participating in our training programs and workshops, either directly or as part of a training program organized by your employer or an organization.

For this purpose, we can use your email address, phone number, name and address details, and name of your company. We need this data to send you training material, communicate schedules, and for sending you an invoice and registering you and your organization in our accounting systems.

Subprocessors

  • Front - Our support and operations system
  • Google Suite - Our office collaboration tools like email, document processing, etc.
  • MoneyBird - Our bookkeeping and accounting system
  • Hubspot - Our customer CRM

Security

We take security measures to reduce misuse of and unauthorised access to personal data. These security measures include, but are not limited to:

  • Certified data centers and hosting parties with data storage operated in the European Union;
  • Encrypted end-user communication with our websites and products via SSL/TLS connections;
  • Encrypted communication between components of our infrastructure via SSL/TLS connections;
  • Data stored encrypted-at-rest in our database;
  • Logging and warning systems in place for unauthorized access attempts or infrastructure tampering;
  • Continuity and availability monitoring in place;
  • Company policies that prevent the unnecessary and unencrypted communication of personal data;

Changes to this Privacy Statement

We reserve the right to modify this statement. We recommend that you consult this statement on a regular basis, so that you remain informed of any changes.

When you’re a user of one of our products, we will give you a notification the next time you log in after our privacy statement was updated.

Inspection and Modification of your Data

You can always contact us if you have any questions regarding our privacy policy or wish to review, modify or delete your personal data.

You have the following right:

  • Being informed on which personal data we have and what we are using it for;
  • Inspection of the personal data that we keep from you;
  • Having incorrect data corrected;
  • Request to delete outdated personal data;
  • Revoke your consent;
  • Object to certain uses.

Please not that you always make clear who you are, so that we can assure we do not modify or remove the data from the wrong person.

Complaints

If you think that we are not helping you in the right way, you have the right to lodge a complaint at the authority. For The Netherlands, this is the Autoriteit Persoonsgegevens.

Contact details

Firmhouse BV
Stationsplein 45
3013AK Rotterdam
privacy@firmhouse.com