Explaining our responsibilities as controllers and processors
Data you enter into our software
You are what is commonly known in privacy law as a controller in relation to the data that you and your customers enter into our software. You determine what data you collect, who you collect it from, and the purposes for which you use it. You are responsible for complying with privacy laws that apply to you and your customers in relation to this data.
We are what is known as a processor in relation to this data, and we process it on your behalf and under your instructions, in accordance with the terms of the Master Services Agreement between us. The Master Services Agreement places contractual obligations on us to keep this data secure and to only process it under your instructions and for the purposes set out in that agreement. We comply with all relevant privacy laws in relation to our role as a processor of this data.
Data we collect from you
We are a controller in respect of data we collect from you for our own business purposes. We collect this data from you when:
- You create, or log into, a OnceHub account or purchase our services;
- You visit our website, interact with a chatbot, sign up for a OnceHub event or request information from us via our website;
- You communicate with our Sales and Customer Success teams; or
- When we gather information from publicly available sources
Full details of how we process this data, and the rights you have in respect of it, can be found in our Privacy Notice. We only collect the data that is necessary for us to achieve the specific business purposes that are set out in our Privacy Notice. We comply with all relevant privacy laws in relation to our role as a controller of this data.
How long do we keep your data?
We delete data in accordance with the following retention and deletion timeframes.
|Type of data||Retention and deletion procedures|
|Customer and application data held in a OnceHub account (with a paid subscription) when you delete your account or there is a payment failure.||After 30 days we will delete all customer data (including name and email), together with all your application data from our production databases. After a further 30 days, we will delete your customer and application data from our backup systems.|
|Customer and application data held in a non-paid account with an expired trial, or when you delete your non-paid account.||
After 90 days (unless you have started a trial of another one of our products, or you have purchased a paid subscription) we delete all customer data (including name and email) together with all your application data from our production databases. After a further 30 days, we delete your customer and application data from our backup systems.
|Communications with OnceHub, including our Sales, Customer Success and Privacy teams held in our customer service application.||We retain communication data held in our customer service application for a maximum period of 12 months.|
|Sales records, including their digital equivalent, used for accounting, tax, and audit purposes.||We retain sales records for accounting and tax purposes depending on, and in accordance with, applicable tax law.|
|Credit card and PayPal information used for billing purposes when you delete your account.||After 30 days we delete credit card and PayPal payment data held in our internal PCI compliant billing databases. After a further 30 days, we delete this payment data from our backup systems.|
|Email and contact information used for marketing purposes.||Your contact data is deleted from our marketing database when you unsubscribe or opt out of receiving marketing emails.|
|Cookies and tracking technologies.||How long we retain this data depends on the type of cookie or tracking technology being used, and the choices you make about cookies and tracking technologies. For more information, please see our Cookie Notice.|