Privacy Notice

Please read the CIOFirst Privacy Notice carefully to understand what information is collected through CIOFirst, how this information is used, and when it may be disclosed.

In this Privacy Notice, “CIOFirst” refers to our website, our application, and the products and services offered through our website and application. References to “we”, “us” or “our” means CIOFirst. References to “personal information” include “personal health information”.

By visiting our website and using CIOFirst services, you provide your consent and agree to the collection of personal data in a lawful and fair manner. We ensure that the collection and processing of personal data adhere to applicable privacy laws and regulations. If you have any questions or concerns about the data we collect and how it is used, please contact CIOFirst directly using the contact information provided in this privacy policy even if you do not read the entire CIOFirst Privacy Notice.

Data Controller and Data Processor

CIOFirst serves as the data processor for most information entered into the CIOFirst application, website, and supporting systems, acting on behalf of its business customers who serve as the data controllers. However, CIOFirst also collects certain information directly from users for security, logging, and application performance purposes, where it acts as the data controller and processor. CIOFirst may engage third-party sub-processors (as detailed below) to support its operations. If you have any inquiries about the processing of your personal data, please contact us using the contact information provided in this privacy notice.

Types of Data Collected

CIOFirst strictly limits the collection of personal data to only the information necessary to perform and provide services or fulfill a direct business need. We adhere to the principle of data minimization, ensuring that only the minimum amount of personal data required is collected and processed.

When collecting personal data, we strive to be transparent about the purposes for which the data is being collected and how it will be used.

The CIOFirst application and supporting applications collect the following types of personal data: cookies, usage data, email address, phone number, first name, last name, province, state, country, ZIP/Postal code, city, address, and company name.

Certain data may be mandatory for the use of the CIOFirst application, while other data may be optional. When data is mandatory, it is clearly indicated throughout the website and application. Users are free to choose not to provide optional data without any impact on the availability or functionality of the service. If you have any questions about which personal data is mandatory, please contact us using the contact information provided in this privacy notice.

CIOFirst applications may collect personal data that users provide voluntarily or collect usage data while using the website, web application, and supporting applications.

Furthermore, the CIOFirst website and its supporting applications may use cookies and other tracking technologies to enhance the user experience and provide specific functionalities. Please refer to the Cookie Policy below for more information.


At CIOFirst, we take the security of your personal data seriously. We implement robust technical and organizational measures to protect your data from unauthorized access, disclosure, alteration, or destruction.

We follow industry best practices and standards to ensure your data’s confidentiality, integrity, and availability. Our security measures include but are not limited to:

Encryption: We employ encryption techniques to safeguard your data during transmission and storage.

Access Control: We restrict access to personal data to authorized personnel only, ensuring it is accessible on a need-to-know basis.

Regular Audits: We conduct security audits and assessments to identify and address vulnerabilities or risks.

Employee Training: Our employees undergo comprehensive data protection training to ensure they understand the importance of data security and privacy.

We are committed to continuously enhancing our security practices and staying up to date with the latest industry standards to provide a secure environment for your personal data.

While we strive to protect your personal data, no method of transmission or storage is 100% secure. Therefore, we cannot guarantee absolute security. If you have any concerns about the security of your data, please contact us using the contact information provided in this privacy notice.

Mode, Place, and Methods of Processing the Data

Personal data is processed using computers and technology-enabled tools in accordance with organizational policies and procedures related to the stated purposes. In certain cases, personal data may be accessible to CIOFirst employees involved in the operation of the CIOFirst website, application, and supporting applications. External parties, such as third-party technical service providers, hosting providers, and IT companies, may also have access to personal data as data processors or sub-processors appointed by CIOFirst.

Legal Basis of Processing

CIOFirst may process personal data when one of the following legal bases applies:

  • Consent: Processing is based on the user’s consent for one or more specific purposes.
  • Performance of a Contract: Processing is necessary for the performance of a contract between CIOFirst and the user.
  • Legal Obligation: Processing is necessary to comply with a legal obligation.
  • Legitimate Interests: Processing is necessary for the legitimate interests pursued by CIOFirst or a third party.

The specific legal basis for processing personal data will be provided upon request, including whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.


Data is primarily processed at CIOFirst’s operating offices and hosting facilities located in the United States. However, third-party sub-processors may store and process some data in Canada or the European Union. Data transfers may involve transmitting user data to a country outside their own jurisdiction.

Retention Time

Personal data is retained for as long as necessary to fulfill the purposes for which it was collected unless a longer retention period is required or permitted by law.

The retention periods are as follows:

Personal data collected for the performance of a contract between CIOFirst and a business customer is retained until the contract is fully executed or until the business customer requests deletion of the data.

Personal data collected for CIOFirst’s legitimate interests is retained as long as necessary to fulfill those purposes. For specific information about CIOFirst’s legitimate interests, please refer to the relevant sections of this document or contact us using the contact information provided in this privacy notice.

Personal data processed based on user consent may be retained until such consent is withdrawn, provided it is not otherwise required or permitted by law.

Personal data may be retained for a longer period when necessary to comply with a legal obligation or a lawful order from an authority.

Once the retention period expires, personal data will be securely deleted or anonymized.

The Purposes of Processing

CIOFirst collects and processes personal data for the following purposes:

  • Providing Services: Personal data is collected to enable CIOFirst to provide its services.
  • Analytics: Personal data monitors and analyzes web traffic and user behavior on the CIOFirst website and application.
  • User Database Management: Personal data is managed to create user profiles, track user activities, and improve the application.
  • Managing Contacts and Sending Messages: Personal data is used to manage contact lists and send communications to users.
  • Handling Payments: Personal data is processed to facilitate payment transactions and related communications.
  • Displaying Content from External Platforms: Personal data displays external content and enables interaction with it.
  • Hosting and Back-End Infrastructure: Personal data is processed and stored on hosting and back-end infrastructure to support the operation of the CIOFirst application.
  • Spam Protection: Personal data is analyzed to filter traffic and protect against spam.
  • Contacting the User: Personal data is processed to respond to requests and inquiries.
  • Remarketing and Behavioral Targeting: Personal data is used for remarketing and behavioral targeting purposes to display targeted advertisements.

Processing and Sharing of Personal Data

CIOFirst engages various services and third-party processors to support its operations. The following provides detailed information on the processing of personal data, the involved services, and the third-party processors:


  • Salesloft Analytics (Salesloft, Inc.)
  • Google Analytics (Google Inc.)
  • Brevo SMTP (Sendinblue Inc.)

Contacting the User:

  • Mailing List or Newsletter (The CIOFirst Web)
  • Phone Contact (The CIOFirst Web)
  • Contact Form (The CIOFirst Web)

Displaying Content from External Platforms:

  • Google Fonts (Google Inc.)

Hosting and Back-End Infrastructure:

  • EasyWP (Namecheap)
  • Managing Contacts and Sending Messages:
  • Salesloft Email (Salesloft, Inc.)

User Database Management:

  • Salesloft CRM (Salesloft, Inc.)
  • Salesloft Lead Management (Salesloft, Inc.)

Services Online:

  • For detailed information about each service and third-party processor, please refer to the corresponding sections of this privacy notice.

Cookie Policy

The CIOFirst website and web application use cookies to enhance the user experience and provide specific functionalities.

The Rights of Users

Users have the following rights regarding their personal data processed by CIOFirst:

  1. Right to Withdraw Consent: Users have the right to withdraw their consent to the processing of their personal data at any time.
  2. Right to Object: Users can object to the processing of their personal data based on legitimate interests or for direct marketing purposes.
  3. Right of Access: Users can request access to their personal data and obtain information about the processing activities.
  4. Right to Rectification: Users can request to correct or update inaccurate or incomplete personal data.
  5. Right to Restrict Processing: Users have the right to restrict the processing of their personal data under certain circumstances.
  6. Right to Erasure: Users can request the erasure of their personal data, subject to legal obligations or overriding legitimate grounds.
  7. Right to Data Portability: Users can request to receive their personal data in a structured, commonly used, and machine-readable format and transmit it to another data controller.
  8. Right to Lodge a Complaint: Users have the right to lodge a complaint with a data protection authority regarding processing their personal data.

To exercise these rights or obtain further information, users can contact CIOFirst using the contact details provided in this document.

Changes to This Privacy Notice

CIOFirst reserves the right to modify or update this privacy notice at any time. Changes will be communicated through the CIOFirst website, application, or other appropriate means. It is recommended to review this privacy notice for the latest information regularly.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Notice or our privacy practices, please contact us at:

CIOFirst, 1611 E 2nd St. Suite #137 Casper, WY 82601,
Telephone: (415) 691-7836

Privacy Officer: Samarth Bhargava,

Last updated: January 2024