We recognize our duty to handle your data in a responsible manner. We do not and will not sell your data to third parties.
This Policy applies to the use of 1st Incident Reporting’s mobile application, web application and the 1st Incident Reporting Website (the “Website”) (collectively referred to as the “Services”). Please read it carefully in order to understand when you may provide personal information to us and how emAPPetizer uses the personal information provided. By using 1st Incident Reporting, you agree to the use of your personal information as described in this Policy. The terms “we”, “us” or “emAPPetizer” are each intended as a reference to emAPPetizer Inc.
To make this Policy as clear as possible, we have determined the occasions when a customer would potentially share information with emAPPetizer. The Policy is therefore divided as follows:
- Learning about 1st Incident Reporting
- Opening a 1st Incident Reporting Account
- Using 1st Incident Reporting
- Getting help from 1st Incident Reporting
We have then added different sections explaining in more detail how your personal information is used, how and when it might be shared, how you can access and control your personal information, the ways we make sure your information is safe, and how to contact us.
Learning about 1st Incident Reporting
As you look into your needs and gather information regarding what 1st Incident Reporting can do for your business, you may visit our Website, download our mobile application or call one of our representatives. As you learn about 1st Incident Reporting, you may voluntarily provide personal information, such as your name and your email address during these interactions.
We collect: name, email address, IP address, and information provided by cookies or similar technology, such as the type of browser you are using to access our website, the page you were on before heading to our website, the amount of time you spend on our website, the pages you decide to visit, as well as the data and time you are accessing our website on.
Why: We use this personal information to share news about new 1st Incident Reporting features and software updates, as well as special offers. As for the IP address and other information that is automatically collected when accessing our website, this data allows us to analyze how our website is used and accessed in order to optimize it to better meet our visitors’ needs. It also allows us to accompany you in the process of learning more about us, to respond to your inquiries and to ensure you receive a high standard of service when you first contact us.
Legal basis: necessary for our legitimate interests (improving and customizing our products and services) and yours (responding to your inquiries and allowing you to contact us).
To learn more about the third-party services we use, you may consult our complete list of third-party services in the “Whom we may disclose your information to and why” section of this Policy.
Opening a 1st Incident Reporting Account
Once you have gathered enough information about 1st Incident Reporting, we allow you to open a 1st Incident Reporting account on our Website or on our mobile application. We offer a 14-day trial so you can try our product and determine whether or not it meets your needs. Registering for this trial does not require any payment information. However, when the trial period is over, if you decide to go for one of our paid plans, you will be asked to provide additional information that will help us complete your purchase. Information may include elements such as your name, your email address, your phone number, your company name, your job title, and payment information.
We collect: your name, your email address, your phone number, your company name, your job title, payment information, and any other type of information you disclose to Microsoft, Google or Apple if you choose to sign in using third-party login information.
Why: We use this information to complete your transaction, to administer your account, to establish a relationship with you, to inform you of updates and new features, to send you our newsletter, and to process payments. We do not store any payment or credit card information. We only use payment information in connection with the purchase of a subscription for 1st Incident Reporting.
Payment details you provide will be encrypted using secure sockets layer (SSL) technology before they are submitted. Payments are normally made through our payment gateway provider, Stripe, or through PayPal.
Legal basis: performance of a contract and necessary for our legitimate interests (ensure we get paid) and your legitimate interests (ensure you receive the products or services you have paid for).
Please note that if you refuse to provide us with such information, we will not be able to process your orders and make the emAPPetizer’s subscription you have purchased available to you.
Using 1st Incident Reporting
Once your account is set up, you will be able to use the 1st Incident Reporting, whether through our mobile application or our Website. As you use 1st Incident Reporting, you and the authorized members of your team may create and edit incidents directly on our platform. In doing so, you may voluntarily provide pictures, videos, sound recordings, as well as other files such as PDFs and Excel spreadsheets. Some data such as the date and your GPS location may be automatically captured.
We collect: your GPS location, as well as any details you voluntarily enter when creating an incident on our Services (pictures, videos, sound recordings, as well as other files such as PDFs and Excel spreadsheets).
Why: We collect this information to enhance your experience and let you fully take advantage of all the Services’ features. Automating the collection of your GPS location allows us to simplify the process of entering an incident for the user. When you sign into the mobile application for the first time, your device will ask you whether or not you consent to the application accessing your location. You can always modify your choice through your device settings.
Legal basis: performance of a contract and necessary for the legitimate interests of the user or subscriber to take advantage of the features offered by emAPPetizer’s 1st Incident Reporting.
Getting Help from 1st Incident Reporting
From time to time, you may decide to contact our Customer Care department for assistance with the 1st Incident Reporting platform. To be able to offer you the best services possible, we may collect certain information from you.
We collect: Contact information such as your name, email address, phone number, social media handles (if you contact us on our social media profiles), and the content of your communications with emAPPetizer Customer Care (including voice recording if you call us).
Why: We collect this data to give you the best customer support possible and to improve our products and services.
Legal basis: necessary for our legitimate interests (to be able to properly identify you) and yours (to fulfill your demand or answer your questions)
HOW WE USE PERSONAL INFORMATION
emAPPetizer uses the data we collect to provide you with the Services we offer, which includes using data to improve and personalize your experience. We also use the data we collect to communicate with you about your account, new features, and other types of updates. We use your data for the following purposes:
- To improve our Services by developing new features, doing research and maintaining the current performance of the application (applicable legal bases under the GDPR: legitimate interests);
- To ensure we respect the contractual and legal obligations we have towards you (applicable legal basis under the GDPR: contract performance);
- To offer you the best customer support there is (applicable legal bases under the GDPR: contract performance);
- To provide you with the subscription plan you have purchased or the free plan you signed up for (applicable legal bases under the GDPR: contract performance);
- To fulfill any legal or regulatory obligations we might have (applicable legal basis under the GDPR: legal obligations);
- To document activity on our Services in case of a third-party complaint (applicable legal basis under the GDPR: legal obligations) ;
- To ensure we are paid when you purchase subscription plans from us (applicable legal basis under the GDPR: contract performance);
- To guide our business decisions and develop new products or services that are relevant for our clients (applicable legal bases under the GDPR: legitimate interests);
- To communicate with you, whether for marketing, advertising or account maintenance purposes. For instance, we may contact you by email to notify you of newly available features or updates (applicable legal basis under the GDPR: contract performance, consent); and
- To update our files (applicable legal basis under the GDPR: legal obligations, contract performance).
When visiting our Services, you may provide information online via cookies or similar technologies.
Cookies are files that hold a small amount of data about a certain user. That data may include an anonymous unique identifier. They are stored on the user’s computer or other devices’ hard drive. Cookies allow us to tailor your user experience whenever you visit our Services.
The cookies we use perform up to three different functions:
1) Performance cookies: we use these cookies to analyze how our visitors use our Services and to improve our Services’ performance.
2) Functionality cookies: we use these cookies to allow us to remember your preferences every time you visit our Services.
3) Essential cookies: some cookies are essential for the operation of our Services. Disabling these cookies will stop you from accessing our Services or using all our Services’ features.
Keep in mind that you can instruct your browser to disable the cookies we use. Doing so may however stop you from properly accessing our Services.
If you would like more information about cookies, you may visit the following website: https://www.allaboutcookies.org
WHOM WE MAY DISCLOSE YOUR INFORMATION TO AND WHY
We do not and will not sell personal information about our customers. We only disclose your data as authorized in this Policy. We may however share information with the following types of parties:
Third-party vendors: we may disclose your personal information to third-party vendors who carry out services such as credit card processing and email communications. We only share your personal data as necessary, to complete a transaction you have requested and authorized.
List of third-party vendors
Apple (third-party login – the United States): https://www.apple.com/privacy/
- To learn more about signing in with Apple: https://www.apple.com/legal/privacy/data/en/sign-in-with-apple/
- Apple uses the European Commission’s model contractual clauses: https://www.apple.com/legal/enterprise/data-transfer-agreements/datatransfer-ee.pdf
Freshdesk (ticket system – United States): https://www.freshworks.com/privacy/
- Freshdesk uses the European Commission’s model contractual clauses: https://freshdesk.com/gdpr
Google (analytics – United States) : https://support.google.com/analytics/answer/6004245
- To opt-out of Google Analytics for Display Advertising and customize the Google Display Network ads: : http://www.google.com/settings/ads
- To install the Google Analytics Opt-out Browser Add-on: https://tools.google.com/dlpage/gaoptout?hl=en
- Google uses the European Commission’s model contractual clauses: https://privacy.google.com/businesses/compliance/
Mailchimp (email marketing – United States): https://mailchimp.com/legal/privacy/
- Mailchimp uses the European Commission’s model contractual clauses: https://mailchimp.com/help/about-mailchimp-and-the-gdpr/
Mailgun (email service – United States): https://www.mailgun.com/legal/privacy-policy/
- Mailgun uses the European Commission’s model contractual clauses: https://www.mailgun.com/gdpr/
Microsoft (hosting – Canada): https://privacy.microsoft.com/en-ca/privacystatement
- Microsoft uses the European Commission’s model contractual clauses: https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4fanv
Mixpanel (analytics – United States): https://mixpanel.com/legal/privacy-policy/
- Mixpanel uses the European Commission’s model contractual clauses: https://mixpanel.com/legal/dpa/
Segment (customer data platform – United States): https://www.twilio.com/legal/privacy
- Segment uses the European Commission’s model contractual clauses: https://www.twilio.com/legal/data-protection-addendum
Stripe (credit card processor – United States): https://stripe.com/en-CA/privacy
- Stripe uses the European Commission’s model contractual clauses: https://support.stripe.com/questions/protection-of-european-data-transfers
Tidio (website chat – United States): https://www.tidio.com/privacy-policy/
- Tidio uses the European Commission’s model contractual clauses: https://www.tidio.com/wp-content/uploads/Agreement-for-entrusting-the-processing-of-personal-data.pdf
Twilio (phone supplier – United States): https://www.twilio.com/legal/privacy
- Twilio uses the European Commission’s model contractual clauses: https://www.twilio.com/legal/data-protection-addendum
Parties with whom it might be legally necessary: we may disclose your information if required to do so by law or in the good faith belief that such action is necessary to:
- Conform with the law or with any legal proceedings;
- Protect the rights or property of emAPPetizer;
- Protect the safety of our Services, our users, and their data.
Parties who might take part in a financial transaction with emAPPetizer: we may transfer your data in the event of a change of ownership, sale, merger, liquidation, reorganization or acquisition of emAPPetizer. We will only do so if the party acquiring your information agrees to comply to the terms of this Policy.
Please note that our Services may link to products or applications of third parties whose privacy practices may differ from emAPPetizer’ s. If you provide personal information to any of those parties, your data will be governed by their privacy policies.
Data protection laws give you certain rights in relation to your information. You can, amongst other things,
- Access: ask if we are processing information and, if we are, request access to personal information in a structured, commonly used technological format. Note, however, that we reserve the right to ask you for additional information to prove your identity;
- Accuracy: we are required to take reasonable steps to ensure that the Personal Information in our possession is accurate, complete, not misleading and up to date;
- Correction: request that any incomplete or inaccurate personal information we hold be corrected;
- Erasure: ask us to delete, destroy or remove personal information in certain circumstances. There are certain exceptions where we may refuse a request for erasure or destruction, for example, where the personal information is required for compliance with law or in connection with claims or required by contract between the parties;
- Restriction: ask us to suspend the processing of certain personal information, for example, to establish its accuracy or the reason for processing it;
- Transfer: request the transfer of certain personal information to another party;
- Objection: challenge when we are processing personal information based on a legitimate interest (or those of a third party) or for certain direct marketing purposes. However, we may be entitled to continue processing information;
- Automated decisions: contest any automated decision made where this has a legal or similar significant effect and ask for it to be reconsidered (GDPR only);
- Consent: where we are processing personal information with consent, withdrawal of consent in the circumstances permitted by law; and
- Complaint: make a complaint with a data protection supervisory authority.
HOW TO ACCESS AND CONTROL YOUR DATA
You can review, edit or delete your personal data in your 1st Incident Reporting account, via our Services, or by contacting us directly at firstname.lastname@example.org. You may withdraw your consent at any time. We will respond to any request as soon as possible. We guarantee a reply within thirty days of you sending in a request.
You can always opt out of receiving promotional emails and other types of marketing communication from us via the “unsubscribe” tab at the bottom of every email we send out.
We use a variety of physical safeguards to make sure your data is adequately protected. For instance, our web servers are accessible through HTTP, HTTPS & SSH. Moreover, authentication on the servers is made using private keys instead of passwords. We also use multi factor authentication. All our communications are encrypted to make sure your data is safe. Finally, we use IP whitelisting internally.
As for your account information, you can only access your 1st Incident Reporting account through the use of an individual user login and password. If you have any questions regarding the security of your personal data, you can contact us at email@example.com.
WHERE YOUR DATA IS STORED
Your personal information is currently stored on our servers, which are located in the Canada, within a Microsoft Azure Virtual Network. Your information may also be stored in other countries, following a transfer to the third-party vendors we work with.
HOW LONG YOUR DATA WILL BE KEPT FOR
We will retain all collected information for as long as necessary to provide the Services you have requested, or for other essential purposes such as complying with any legal obligations. As long as your account is active, we will keep your data on our systems. We will also dispose of your data if you decide to withdraw your consent.
QUEBEC PRIVACY COMMISSIONER’S OFFICE (COMMISSION DE L’ACCÈS À L’INFORMATION DU QUÉBEC)
If you are not satisfied by emAPPetizer’ s response following a request regarding the access of your personal information, you may contact the Commission de l’accès à l’information, the public authority in charge of overseeing personal information handling practices in the province of Quebec.
500, boul. René-Lévesque Ouest
Montréal (Québec) H2Z 1W7
Phone : 514 873-4196
Fax : 514 844-6170
Quebec city address:
525, boul. René-Lévesque Est
Québec (Québec) G1R 5S9
Phone : 418 528-7741
Fax : 418 529-3102
Website : http://www.cai.gouv.qc.ca
Email address: firstname.lastname@example.org
Phone: 1 888 528-7741
COMPETENT EUROPEAN AUTHORITIES
If you are not satisfied with our response following a request regarding your personal information, you may, if you are a European resident, contact the relevant supervisory authority to lodge a complaint. You will find a list of these authorities here.
OUR POLICY TOWARDS CHILDREN
emAPPetizer does not and is not intended to attract children. We do not knowingly solicit personal information from children or send them requests for personal information.
If we discover or are notified by a parent or guardian that a child under the age of fourteen has registered on our Services under false pretense, we will cancel the child’s account and will delete any personal information we might have collected in the process.
CHANGES AND UPDATES
emAPPetizer may modify or update this Policy to reflect change customer feedback or changes regarding 1st Incident Reporting, so please review it regularly. Whenever we update our Policy, we will change the date at the very top of this Policy. If there are any changes in the way emAPPetizer handles your personal information, we will make sure to notify you by email. Your continued use of our products and service after any modification to this Policy will constitute your acceptance of such modifications and updates.
If you have any questions or concerns regarding the use of your personal information, please send us an email at email@example.com.
Attention: Privacy Officer
1 Holiday Avenue
Suite #507, East Tower
Québec, H9R 5N3, Canada.