Effective date: March 23, 2022
The legal entity behind Polypane is Firstversionist B.V.
Types of Data Collected
While using our Services, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:
- Any information you send us through email or forms
- Any information you send us when creating an account, request customer support or otherwise communicate with us.
The types of data we may collect include basic user information (such as name, email address, and avatar), company information and other information you choose to provide.
When needed, we collect financial or business information from you, but only in the case of any agreement between parties and for the usage of invoicing, our administration of you as a customer and to comply with local laws and regulations.
When possible, we will not collect financial information from you (such as payment/credit card number, expiration date or security code). All payments to us are handled via third parties, Paddle Ltd (https://paddle.com) and Mollie B.V. (https://mollie.com). We refer to their respective privacy statements: https://paddle.com/gdpr and https://www.mollie.com/en/privacy.
We may also collect information automatically on how the Services is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the parts of our Services that you use, the time and date of your usage, the time spent on those parts, unique device identifiers and other debugging or diagnostic data.
Tracking & Cookies Data
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Services.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Services.
Examples of Cookies we use:
- Session Cookies. We use Session Cookies to operate our Services.
- Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
- Security Cookies. We use Security Cookies for security purposes.
Third Party Data
We may also obtain Personal Information about you from third parties, such as LinkedIn, Facebook, GitHub, Twitter and other publicly accessible sources.
Support And Service
When you contact us for support or with other customer service requests, we can keep records related to such requests, including any information provided by you related to said requests.
Marketing Or Other Communications
We may use your personal Data to contact you with marketing or promotional materials and other communications related to the Services. If you no longer wish to receive marketing or promotional communications related to the Services, you can use the unsubscribe link in the email or by emailing firstname.lastname@example.org to request us to stop sending you such communications. We process these requests immediately, but at most within two business days.
Use of Data
For individuals in the European Economic Area, our processing of your Personal Data is justified on the following legal bases:
- the processing is necessary to perform an agreement with you or take steps to enter into an agreement at your request;
- the processing is necessary for us to comply with relevant legal obligations;
- the processing is in our justified interest, and this justified interest prevails over your privacy; and/or
- you have consented to the processing.
Firstversionist uses the collected data for various purposes:
- To perform the agreement with you and with others
- To process. evaluate and complete certain transactions involving the Services
- To operate, provide and maintain the Services
- To provide documentation, communications, marketing and advertising or other services you request
- To notify you about changes to our Services
- To allow you to participate in interactive features of our Service when you choose to do so
- To provide customer care and support
- To protect and ensure safety of our Intellectual Property Rights
- To provide analysis or valuable information so that we can improve the Service
- To monitor the usage of the Services
- To detect, prevent and address technical issues
- To manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or applicable laws and regulations;
- To adhere to any legal obligations
Transfer Of Data
Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.
Disclosure Of Data
Firstversionist and its Services operate worldwide and we may share Personal Data with our affiliated businesses as part of our business operations, administration of the Services and to comply with applicable laws and regulations. We may also appoint third party service providers (operating under our instructions) to assist us in providing information, products or services to you, in managing our business or in managing and improving our Services. We may share your Personal Data with these affiliates and third parties to perform services that the third parties have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions, obligations and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or if we believe that the disclosure will further an investigation of suspected or actual illegal activities.
We reserve the right to share any data that is not deemed Personal Data or is not otherwise subject to contractual restrictions.
Firstversionist B.V. may disclose your Personal Data in the good faith belief that such action is necessary to:
- To comply with a legal obligation
- To protect and defend the rights or property of Firstversionist B.V.
- To prevent or investigate possible wrongdoing in connection with the Services
- To protect the personal safety of users of the Services or the public
- To protect against legal liability
Additionally we may share Personal Data with third parties in connection with potential or actual sale of our company or any of our assets, or those of any affiliated company, in which case any Personal Data held by us may be one of the transferred assets.
Where Personal Data is transferred outside of the European Economic Area to our affiliated companies or third party service providers, we will take steps to ensure that your personal information is as well protected as if it remained within the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clause.
We commit to resolve complaints about your Personal Data in adherence to the GDPR. Please email our Data Protection Officer at email@example.com.
Security Of Data
The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. Accordingly, we cannot be held responsible for unauthorized or unintended access that is beyond our control. Our personnel is only allowed to access or process Personal Data if this is reasonably required to do so for work related tasks, to adhere to any customer requests or to fulfill a legal obligation on behalf of us.
When using our service, you may be supplied with an automatically generated password. This password is not otherwise stored by us or in any way retrievable. We strongly encourage you to change this password regardless, and to use a long password made up of lowercase and uppercase letters, numbers and symbols, that is different from the passwords you use for other services, and that is updated periodically.
Transferring Personal Data
Where Personal Data is transferred outside of the European Economic Area to our affiliated companies or third party service providers, we will, as mentioned above, take steps to ensure that your Personal Data is protected by the same level of protection as if it remained in the European Economic Area, including by entering into data transfer agreements using the European Commission approved Standard Contractual Clause.
Personal Data Breach
In the case of a data breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transferred, stored or otherwise processed by us about our customers, we shall where feasible and not later than 72 hours after having become aware of it, notify the breach to the local supervisory authority, unless the information breach is unlikely to result in a risk to the rights and freedoms of natural persons. When the Personal Data Breach is likely to result in a high risk to the rights and freedoms of natural persons we will communicate the Personal Data Breach on our security page and via email with the affected natural persons, unless we have already implemented appropriate technical and organizational protection measures (particularly encryption and other measures that render the Personal Data unintelligible to any person not authorised to access it) and those measures are applied to the Personal Data affected by the breach or when we have taken measures that ensure that the high risk to the rights and freedoms of persons is no longer likely to materialize.
Collected Personal Data is in general not stored by us for longer than three years after an active agreement, unless you file a deletion request prior to that. In some circumstances we may retain certain Personal Data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required by a legal process, legal authority or other governmental entity having authority to make the request, for as long as required. In specific circumstances we may also retain certain Personal Data for longer periods of time corresponding to a statute of limitations so that we have an accurate record of your dealings with us in the event of any complaints or challenges.
We may employ third party companies and individuals to facilitate our Services ("Service Providers"), to provide the Services on our behalf, to perform Service-related services or to assist us in analyzing how our Services are used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Data storage and servers
Our Services and data are hosted on DigitalOcean and Amazon Web Services in European Data centers. Personal Data connected to any active customer accounts is stored on Amazon Web Services. This information is only accessible by people authorized to access the data, and usage logs are monitored and audited.
- Google Analytics
We use Sentry to track errors that occur in our Services. This includes certain data that correlates with the error, but does not include customer information.
We use Drift to provide on-site chat support. Drift requires explicit consent for its usage.
We use Supabase to store and manage subscription and license information on Amazon Web Services.
- Amazon Web Services
We use Amazon Web Services to send transactional and marketing-related email and to manage account authorization.
Payments / Credit Cards
Firstversionist does not store any credit card information on our servers. All automatic payment processing is handled by Paddle or by Mollie.
Communication and Encryption
We use HTTPS and SSL for all our resources, websites and APIs that are part of our Services or marketing efforts. This means that all information shared with us or with our Services are securely encrypted during transport.
Reporting Security Problems
If you find a security issue or vulnerability please contact us immediately at firstname.lastname@example.org.
Links To Other Sites
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
Our Services do not address anyone under the age of 16 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 16. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.
Based on the GDPR you may have rights available to you in respect of your Personal Data, such as:
- to obtain a copy of your Personal Data together with information about how and on what basis that Personal Data is processed;
- to rectify inaccurate Personal Data (including the right to have incomplete Personal Data completed);
- to delete your Personal Data (where it is no longer necessary in relation to the purposes for which it was collected or processed). We strive to delete or anonymize your Personal Data where possible within 30 days after your deletion request;
- to restrict processing of your Personal Data under certain circumstances.
- to port your Personal Data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of an agreement with you;
- to withdraw your consent to our processing of your Personal Data (where that processing is based on your consent);
- to obtain, or see a copy of the appropriate safeguards under which your Personal Data is transferred to a third country or international organization outside of the European Economic Area; and
- to lodge a complaint with your local supervisory authority for data protection.
In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your Personal Data which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your Personal Data for marketing or promotional purposes, including profiling for marketing or promotional purposes.