We provide users with the tools necessary to use our platform in a GDPR compliant manner. As the controller, you are responsible for ensuring that your use of OnceHub’s products complies with the regulation. We recommend taking the following steps to uphold your responsibilities under the GDPR.

Data protection by design

OnceHub users should consider privacy when configuring their accounts. This includes deciding what information is required for scheduling, and which notifications to send to customers. We recommend users consider the privacy impact of all their customer touchpoints.

Data protection by default

In addition to our default security measures, we allow users to set even stronger custom security policies enforcing stricter password policies, account lockout and short sessions. We also allow you to limit access to customer data within your account by assigning roles and permissions to account users.

Compliance officers

Our users may need to appoint a DPO and EU representative. To ensure compliance, users must provide OnceHub with the contact information of their compliance officers. This information can be provided in the account settings.

Data protection impact assessments

OnceHub users should determine what information is necessary for conducting their meetings and the privacy impact of collecting this data. We also recommend assessing your policies and processes regarding data collected and processed by OnceHub.

Lawful basis of processing

Users may need to establish a lawful basis for processing, depending on their use of scheduling. When scheduling is initiated by customers, users likely have a lawful basis for processing their data. If scheduling is initiated by OnceHub users, or if sensitive data is required, it is recommended that users request explicit consent during the scheduling process.


OnceHub users should uphold their responsibilities outlined in the Master Service Agreement (MSA) and Data Processing Addendum (DPA). Users are also required to provide OnceHub with information on their purpose of processing and the categories of data and individuals whose data is being processed.

Data subject rights

Users should be ready to respond to data access requests from customers. OnceHub users can generate reports to provide customers with all scheduling information. Additionally, users can contact us to fulfill any further data subject requests.

Data breach notifications

In the event of a data breach, OnceHub pledges to notify all affected parties according to the GDPR requirements. Users may be responsible for notifying their data subjects if their data has been compromised.