Last updated: January 25, 2019
With respect to the PII processed in the Services, OnceHub is a data processor. The organization or natural person who is licensed to use the Services (the “OnceHub Account Holder” or “Account Holder”) is the data controller. Notwithstanding the foregoing, the payment card data and other personal data of the Account Holder that is submitted to OnceHub via the Services, is controlled by OnceHub.
1. EU-U.S. and Swiss-U.S. Privacy Shield Framework
With respect to personal data processed within the OnceHub Service when used under the Enterprise Plan, and with respect to personal data processed within Reschedge, OnceHub complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce. OnceHub has certified that, within the OnceHub Service, it adheres to all applicable provisions of the Privacy Shield.
To learn more about the Privacy Shield, and to view OnceHub’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.
Please note that if you are a natural person who is using the Services under the auspices of an agreement entered into with OnceHub, or a member of the workforce of an organization who is using the Services under the auspices of an agreement entered into with OnceHub (a “OnceHub User” or “User”), the OnceHub Service enables you to share your name, schedule (i.e., your available/busy time slots), profile photograph, and contact information publicly. If you choose to do so, such PII will become public information.
If you are not a OnceHub User but submit PII to the booking page of a OnceHub User, the PII you submit will be processed in accordance with this Policy, and will be shared with the OnceHub User, whose booking page you submitted data to, and the relevant OnceHub Account Holder.
Except as described in this Policy, we maintain the PII processed in the OnceHub Service in confidence.
3. Categories of PII
The categories of PII processed by the Services, and their purposes of use, depend on how each OnceHub User configures their respective Services.
Generally, the OnceHub Service is designed to process basic contact information (such as name, email, phone number), photographic images (such as profile pictures), location data, and data that pertain to a User’s schedule. The OnceHub Service contains User-customizable fields, which can be used to solicit any category of PII, including sensitive PII. Additionally, the OnceHub Service enables you to upload files to a User’s booking page, which might also contain any category of PII, including sensitive PII.
The Reschedge application is designed to process the schedules and basic contact information of Users and interviewees. The Reschedge application may also be used to process other types of data that may be associated with a User, such as the department that the User belongs to within the organization that is licensed to use the Reschedge application. The Reschedge application also allows Users to upload files to the application, which might contain any category of PII, including sensitive PII.
The OnceHub Service is designed to collect PII via Users’ booking pages, via the ScheduleOnce Outlook connector application, via various integrations with other third-party information systems that are controlled by OnceHub Users, and with respect to OnceHub Users, from within the OnceHub Users tab.
The Reschedge application is designed to collect PII that is manually submitted to the application by Users and Account Holders, and via integrations with Office 365, Microsoft® Exchange® and Google® G Suite.
3.1 Cookies (Required)
Since cookies are essential to the operation of the Services, you cannot opt out of these cookies without compromising the intended functionality of the OnceHub Service.
3.2 Third Party Cookies (Opt Out Possible)
The Services use analysis cookies that collect data about how people use our web applications, including which pages are visited most often, how fast they load, and other statistical information. These cookies do not collect data that individually identifies a visitor, aside from an IP address. All data these cookies collect is only used to tell us how the Services are used, so that we can optimize the user experience.
4. Lawful Basis of Processing
If you are an Account Holder, we process your PII based on your consent, and based on the need to perform the obligations of our contract with you. If you are a member of the workforce of an organization that is a OnceHub Account Holder, or if you are not a User of the Services and you, a User, or an Account Holder submits your PII to the Services, we will process such PII based on the documented instructions of the data controller.
5. Purposes of Processing
We collect and use PII for the purposes of providing the Services to our Users and Account Holders at their instruction, processing PII on behalf of Users and Account Holders, communicating with corporate business partners about business matters, providing information on the Services to prospective OnceHub Account Holders, improving the Services, and conducting related tasks for legitimate business purposes.
6. Sharing PII within OnceHub
7. Sharing PII with Third Parties
We share PII with our data subprocessors, who further process such PII on behalf of, and under the instruction of, OnceHub. Such data subprocessors include:
- infrastructure service providers;
- software consulting service providers;
- web-based productivity software providers;
- SMS notification service providers; and
- email service providers.
We require those data subprocessors to maintain at least the same level of confidentiality, integrity, and availability that we maintain for such PII. OnceHub remains liable for the protection of your PII that we transfer to our subprocessors. Note that some of our subprocessors, and our non-U.S. group companies, process your data, including PII, outside of the United States.
We may also disclose PII (i) to other third parties for the purposes for which we receive the PII (e.g., performance of contractual obligations and rights); (ii) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders; (iii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring or other company change; and (iv) to our subsidiaries, only if necessary for business and operational purposes.
If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.
8. Data Integrity & Security
OnceHub has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.
9. Data Retention
PII that you submit to the OnceHub Service is retained for as long as is necessary for us to perform our obligations under the contract that is entered into between the OnceHub Account Holder and us. Note that we keep backup copies of our databases for a limited period of time as part of our disaster recovery/business continuity plans, and it may not be reasonably possible for us to delete data from such backups.
10. Choice, Access, Review
If you are a User or Account Holder, we provide web pages or other mechanisms on our platform through which you can correct or update personal data, or elect to change your preferences. You can also contact us to update your personal data at firstname.lastname@example.org.
If you are a data subject of PII that was submitted to the Services by a User or a OnceHub Account Holder, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. To submit such requests or raise any other questions, please contact the User or Account Holder that provided your PII to us.
11. Privacy of Children
The Services are not directed at, or intended for use by, children under the age of 13. If you believe that PII pertaining to your under-13-year-old child has been submitted to the Services, and you would like to exercise your rights with regards to such PII, please contact the User whose Services the PII is processed in.
12. Changes to This Policy
We may update this Policy from time to time by posting a new version on our website. When we make a material change to the Policy, we will update the Last Updated date above to reflect the effective date of the most recent version of the Policy.
13. Contact & Dispute Resolution Process
OnceHub in the United States participates in the EU-U.S. Privacy Shield Framework (the “Framework”). This Framework applies to personal data received in the United States from the European Union or European Economic Area (“EU”) about former, current, or prospective corporate customer contacts (collectively, “EU Personal Data”). We are committed to subjecting such EU personal data to the Framework, including its Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. To learn more about the Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
If you have any questions or complaints about how we process your PII, please contact us via our contact form or using the information below.
Security and Compliance Manager
340 S. Lemon Ave. #5585,
Walnut, CA 91789
We will respond to your inquiry within four weeks of receipt.
13.2 Dispute Resolution under the Privacy Shield
With regards to PII processed in the OnceHub Service, where a privacy complaint or dispute cannot be resolved through OnceHub’s internal process, OnceHub has agreed to participate in both the EU data protection authorities (DPAs) dispute resolution process as well as that of the Swiss Federal Data Protection and Information Commissioner (FDPIC). Subject to the terms of the EU DPAs or FDPICs dispute resolution processes, whichever is relevant according to the case, the EU DPAs or the FDPIC will provide appropriate recourse to you. To file a complaint with the EU DPAs or FDPIC, please submit the required information here:
13.3 Binding Arbitration
With regards to PII processed in the OnceHub Service, if your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by the EU DPAs, you may have the right to require that we enter into binding arbitration with you, pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
13.4 Regulatory Oversight
OnceHub is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Microsoft and Outlook is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Google is either a registered trademark or trademark of Google Inc. in the United States and/or other countries.