top of page

PRIVACY POLICY AND DATA PROCESSING GUIDELINES

(last updated September 2024)

 

 

First Democracy Technology, Inc (dba “MyFO”) is committed to protecting your privacy and complying with applicable data protection laws. This Privacy Policy outlines how MyFO collects, uses, discloses, and safeguards information about you in connection with the MyFO Solution, Software, and Services (“Services”), websites, and other interactions with you, as well as the choices you have about your information.

1. MyFO Services. MyFO's suite of financial management tools is accessible via our websites. These tools allow you to manage and plan your financial holdings and investments digitally through a single online platform. Through this platform, you can also provide documentation and reporting visibility to stakeholders you might choose to invite, such as family members, a financial advisor, an accountant, etc.


Third-party Services. Our Services also enable you to customise and connect your MyFO account to third-party services (“Third-Party Services”), such as financial institutions from which you might choose to populate data about your financial investments into your MyFO account. The use of your information by these third parties is governed by the respective Third-Party Services’ privacy policies and terms. We recommend you carefully review their privacy policies and terms, as MyFO is not responsible for Third-Party Services.


Your Privacy Obligations. We rely on you to comply with applicable privacy laws when collecting, using, or disclosing information about individuals through the Services, including obtaining any necessary consents and providing any necessary notices. If we receive any questions or complaints regarding your use of the Services, we will direct the request to you for further assistance.


Legal Age. Our Services are not designed for individuals under the age of 18. If you are under 18, please do not use MyFO or provide any personal information to us."


2. What information do we collect? We collect information about you as reasonably necessary for the following activities:


Using our Services. We may collect the following information when you use our Services:


 

  • Account information. Your contact and profile information including your name, email address, and address; your preferences such as language, time zone, and the types of communications you would like to receive from us; and image (if you choose to provide this).


 

  • Billing and other payment information. This may be applicable if you sign up for MyFO directly, with information including payment method details such as credit card number. We comply with the standards set by the Payment Card Industry Data Security Standard (PCI DSS) when processing payment information. All payment data is encrypted and securely stored to ensure the protection of your financial information.


 

  • Services acquired. The MyFO features and services you have chosen to acquire from us, including the type of plan, number of team stakeholders, and transaction information related to the Services.


 

  • Usage statistics. Anonymized, non-identifiable usage and investment statistics, including but not limited to details about asset classes, allocations, and other investment activities, along with technical information about your device, system and application software, and peripherals, as well as your interactions with the Services. We collect anonymized and aggregated data regarding your use of our Services. This information is used to enhance service functionality and improve user experience. Personal identifiers are removed to maintain your privacy and data protection.


Applying for employment. Our careers page collects information you choose to provide to us when applying for employment, which may include contact information, education and employment history, credentials, and LinkedIn profile information.


Browsing our websites. When you browse our websites, we collect information about you as described below, some of which is collected automatically:


 

  • MyFO and our authorized service providers use cookies and other similar tracking technologies on our websites and Services including web beacons, pixels, and software tokens.

     

  • Website usage data including engagement rate, the address of the previous web page that directed you to our website, browser type and session experience.



3. How do we use your information? We use your information for the purposes described below:


Providing and securing our Services.

 

  • We need to identify and authenticate our users to ensure, for example, that only those authorized users are able to use the Services for their organisation, and to make changes to their accounts.
     

  • We use information that you provide when signing up to set up your account, process payments, contact you regarding the Services, and manage your account.
     

  • We use your contact information and information related to your request to respond to your inquiries, manage our contract with you, respond to your questions and requests, and send you updates and information about the Services.
     

  • We use logging and other data such as general location information—for example, the IP address of your browser or device, to help us manage the performance, security and compliance of the Services.



Communicating with you. We use your contact information where appropriate to send you information about our Services, events, marketing communications (consistent with your chosen communication preferences) and job opportunities. We use email statistics, such as open rates, to assess the effectiveness of, and to make improvements to our communications. We also use engagement analytics to better understand your needs so that we can provide the information and services that would be more suitable for you. You have control over the types of communications you receive from us. You can update your preferences at any time through your account settings. We obtain explicit consent for any marketing communications in accordance with GDPR requirements.


Improving our websites and applications. We use information about you to help us understand usage patterns and other activities on our websites and applications so that we can diagnose problems and make improvements, including enhancing usability and security. We also use website personalization software to help us present information on our websites that may be more relevant to you, such as displaying resources applicable to your industry or organisation size.


4. What are your rights regarding the information about you?


Services information. When using our Services, you may access, update, or correct most of your Account information by logging in to your account to edit your profile or organisation record. Requests to access, correct, update, or delete your information can be made in writing to our privacy team and will be handled within thirty (30) days unless they are unusually extensive or complex, in which case we will advise you of the expected timeline for handling your request. You can contact our Support team for other general requests about your account.

Marketing emails, advertising and website browsing. For marketing communications, you may opt out of marketing communications sent by MyFO by accessing our communications preferences page, by clicking on the “unsubscribe” link in a MyFO email you may receive, or by completing the unsubscribe form thereafter. Please note that if you are a MyFO user, unsubscribing from marketing communications will not affect product-generated emails sent in connection with your use of MyFO’s Services. MyFO may choose to participate in interest-based advertising (where you may have visited our websites or another website which allows us to display advertising relating to our Services). The Network Advertising Initiative has developed a tool that may help you understand which third parties have currently enabled cookies for your browser and how to opt out of those cookies. For more information and to opt out of interest-based advertising, you can visit this page.


5. Who has access to your information? MyFO does not rent or sell your information. We restrict access to your information to authorized employees and we do not share your information with third parties except in the circumstances explained below.

Employees and Authorized Contractors. Our employees and authorized contractors may need to access information about you when they require this information to perform their job. For example, a customer support representative would need access to your account to validate your identity and respond to your question or request; our email communications team would need access to your contact information to ensure this information is sent correctly and any unsubscribe requests are properly managed; and our security staff would need to review information to investigate attempted denial of service attacks, fraudulent account activity, or other attempts to compromise the Services. All our employees and contractors are required to agree to maintain the confidentiality and protect the privacy of your information.


Service Providers, Authorized Resellers, and Partners. We will share limited information about you to authorized service providers we use for marketing services, communicating with you, managing our customer database, the provision of professional services, and providing and managing the Services (including hosting data centres, securing our Services, and payment processing). We limit the number of service providers who are permitted to process your Content for the purpose of assisting us in delivering the Services. We refer to these service providers as "subprocessors," and a current list can be requested of MyFO if needed.


When sharing your information with any of the above service providers, resellers and partners, we ensure they agree to obligations consistent with this Privacy Policy and any other appropriate confidentiality and security measures, and only use your information to carry out the Services and your requests.


We may also participate in and run marketing events (e.g. conferences, webinars, and provide resources) with sponsors and other organisations. Where the sponsors or other organisations wish to collect your information for their marketing purposes, while we may facilitate this (e.g. information may be collected on the same registration form), they will be doing so independently under their own policies. We will advise you and provide you an opportunity for you to share your information with the sponsors or other organisations for such purposes, either upon registration or during the event.


Successor and Affiliated Entities. We may share information about you among MyFO-controlled affiliates and subsidiaries, and they will protect your information in a manner that is consistent with this Privacy Policy and where applicable, in accordance with the privacy policy specific to the entity. We may also disclose your information as part of a corporate transaction such as a merger or sale of assets. If we do, we will inform such entities of the requirement to handle your information in accordance with this Privacy Policy, or inform you that you are covered by a new privacy policy.


Law Enforcement, Government Agencies, and Professional Advisors. We may need to disclose information about you where we believe that it is reasonably necessary to comply with a law or regulation, or if we are otherwise legally required to do so, such as in response to a court order or legal process, or to establish, protect, or exercise our legal rights or to defend against legal claims or demands. For governmental data access requests concerning you or your organisation, we would first attempt to redirect the request to you and/or we would first attempt to notify you unless we are legally prohibited from doing so. In addition, we may disclose information about you if we believe it is necessary to investigate, prevent, or take action:


(a) against illegal activities, fraud, situations involving potential threats to our rights or property (or to the rights or property of those who use our Services), or to protect the personal safety of any person; or (b) regarding situations that involve the security of our Services, abuse of the Services infrastructure, or the Internet in general (such as voluminous spamming, or denial of service attacks). We may also use professional advisors, including lawyers and accountants, and may be required to disclose information about you when engaging them for their services and as necessary for audits, financial and other regulatory reviews.



6. What international data transfers occur at MyFO? Under the General Data Protection Regulation (GDPR) and other data protection laws, information about you may only be transferred from your region to other regions if certain requirements are met. For instance, under the GDPR, information about you may be transferred from the European Economic Area (EEA) to outside the EEA if adequate data protections are in place. Our Services are managed by MyFO’s headquarters in Canada. As the European Commission considers Canada to be a country which provides adequate data protection, information about you may be transferred from the EEA to Canada.


MyFO may also use third-party service providers, such as managed hosting providers, credit card processors, and technology partners to provide the software, networking, infrastructure and other services required to operate the Services. These third-party providers may process or store personal data on servers outside of the EEA, UK, and Switzerland, including in Canada or the US. We rely on adequacy (if sent to Canada) and standard contractual clauses (if sent to the US or onward to other countries) to ensure that information about you is lawfully transferred under EU law. In this case, we have implemented supplementary measures as outlined in the next section of this Policy. The third-party service providers we use to help us deliver the Services and which process your Content are referred to as “subprocessors,” a current list of which can be requested of MyFO if needed.


7. How do we safeguard your information? MyFO maintains industry standard security safeguards to protect your information. This includes ensuring our employees receive appropriate security and privacy training and guidance so they are aware of the measures they need to implement to protect your information. Access controls are in place to limit access to your information to those who need it to perform their jobs. For example, information about you may be provided to our customer support specialists to help you with your requests. Individuals who are permitted to handle your information must adhere to confidentiality obligations. We encrypt data in transit and at rest, where appropriate, to ensure that your information is kept private. We undertake service provider security and privacy reviews to ensure that service providers follow our stringent requirements to safeguard your information, and we also enter into data protection agreements with our service providers. All payment information is also fully encrypted and handled only by PCI certified organisations.


8. How long do we retain your information? Aggregated data is used by MyFO for analysis, product improvement, and troubleshooting purposes. We retain your information as long as required to provide the Services requested by you, for record keeping purposes, to comply with our legal obligations, resolve disputes, and enforce the terms for the Services. After it is no longer necessary for us to retain information about you, or otherwise upon your request, we will dispose of it in a secure manner or anonymize the information.


9. MyFO’s roles under the GDPR and UK data protection laws. Depending on the situation and the type of data involved, MyFO may act as a data controller or a data processor.


MyFO as a data controller. MyFO may act as a data controller when we are:


 

  • Collecting information from you to set up and administer your MyFO account (for example, Account information such as your name and email address);
     

  • Monitoring usage information on our website;
     

  • Managing your contact and other related information to send marketing, Services, and other communications to you;
     

  • Responding to a support or general inquiry; and
     

  • Recruiting individuals for job opportunities.



Legal bases for processing when MyFO is a data controller. The legal bases for processing information about you include:

 

  • Your consent (for example, when you have provided your information to sign up for an account or for a webinar; or you have provided your employment history when applying for a job). Where we rely on your consent to process personal data, you have the right to withdraw your consent at any time.
     

  • It is necessary to perform a contract (for example, we may need your information to fulfill our obligations of providing Services to you under the terms relevant to the Services you have acquired).
     

  • Legitimate interest (for example, to provide, maintain and improve the Services for you, to maintain the security of the Services, and to attract new customers to maintain demand for the Services, all of which are described in this Policy).
     

  • In some cases, we may have a legal obligation to process your personal data to comply with relevant laws (for example, processing payroll and tax information to comply with relevant employment and tax legislation); or processing is necessary to protect your vital interests or those of another person (for example, obtaining health-related information during a medical emergency).



Your rights when MyFO is a data controller. Where MyFO is acting as a data controller, we have outlined certain rights in this Policy. In addition, you may have the following rights:

 

  • Right to object to processing: you may request that MyFO stops processing information about you (for example, to stop sending you marketing communications).
     

  • Right to restrict processing: you may request that we restrict processing information about you (for example, where you believe that this information is inaccurate).
     

  • Right to data portability: you may request that we provide you with information MyFO has about you in a structured, machine-readable, and commonly used format, and you may request that we transfer this information to another data controller.



If you would like assistance on any of the above requests, please email us.


MyFO as a data processor. Where you are using our Services and making decisions about the personal data that is being processed in the Services (including selecting the Social Network accounts you wish to connect to the Services, or uploading and using Content), you are acting as a data controller and MyFO is acting as a data processor. There are certain obligations under the GDPR that you have as a data controller, including being responsible for managing Content on the Services. As a data processor, MyFO will only access and process Content to provide you with the Services in accordance with your instructions (which you provide through the Services) and applicable laws. As part of delivering the Services, we may process Content to further improve the Services, such as enhancing usability and developing new features.


10. Your California Privacy Rights. If you are a consumer as defined in the California Consumer Privacy Act (CCPA) and as amended by the California Privacy Rights Act (CPRA) (collectively, “California Privacy Laws’), the following provisions apply to you. Definitions of terms are set out in the California Privacy Laws.


Information about your Personal Information. The categories and specific types of personal information collected and sources from which personal information are collected, the purposes for collecting personal information, and the types of third parties with whom your information is shared are explained in this Policy.


Your Rights. We have outlined certain rights in this Policy. Under the California Privacy Laws, you may have the following specific rights: (a) The right to know about the personal information collected about you, which we have set out in this Policy; (b) The right to have your personal information deleted; (c) The right to correct inaccurate personal information; and (d) The right not to be discriminated against for exercising consumer rights under California Privacy Laws


You may access, update, or correct most of your Account information by logging in to your account; or you may exercise your rights by emailing us. While we disclose personal information to service providers for the purpose of managing our relationship with you (e.g. distributing marketing communications) and providing the Services, we do not sell your personal information.


11. Changes to this Privacy Policy. We reserve the right to update this privacy policy at any time. Changes will be posted on our website and, if significant, we will notify you directly. We encourage you to review our policy periodically to stay informed of how we protect your information.


12. How to contact us. If you have any questions, concerns or feedback, please email us, or send a letter to MyFO at 1066 W. Hastings St, Vancouver, British Columbia V6E 3X1, Canada. If we are unable to resolve your concerns, you also have the right to contact your local data protection authority.

bottom of page