Data privacy

Explaining our responsibilities as controllers and processors

Data you enter into our software

You are what is commonly known in privacy law as a controller in relation to the data that you and your customers enter into our software.  You determine what data you collect, who you collect it from, and the purposes for which you use it.   You are responsible for complying with privacy laws that apply to you and your customers in relation to this data.

We are what is known as a processor in relation to this data, and we process it on your behalf and under your instructions, in accordance with the terms of the Master Services Agreement between us.  The Master Services Agreement places contractual obligations on us to keep this data secure and to only process it under your instructions and for the purposes set out in that agreement.  We comply with all relevant privacy laws in relation to our role as a processor of this data.

Data we collect from you

We are a controller in respect of data we collect from you for our own business purposes. We collect this data from you when:

  • You create, or log into, a OnceHub account or purchase our services;

  • You visit our website, interact with a chatbot, sign up for a OnceHub event or request information from us via our website;

  • You communicate with our Sales and Customer Success teams; or

  • When we gather information from publicly available sources

Full details of how we process this data, and the rights you have in respect of it, can be found in our Privacy Notice. We only collect the data that is necessary for us to achieve the specific business purposes that are set out in our Privacy Notice. We comply with all relevant privacy laws in relation to our role as a controller of this data.

How long do we keep your data?

We delete data in accordance with the following retention and deletion timeframes.

Type of data or event type Retention and deletion procedures
  • When you delete your OnceHub account.
  • After 6 months’ inactivity on a starter account or on an account in a no-subscription status.
  • When you create an account but do not subscribe to a service within 7 days.
 After 30 days we will delete all account data, (including name, email, PayPal and card payment details), together with all your Application Data from our production databases. After a further 14 days, account and Application Data will be deleted from our backup systems.
When you delete payment card details on an active account. Card data is deleted immediately from our production databases. Data is deleted from backup systems after a further 14 days.
Application Data held in a Starter account Application Data is deleted from our production databases 6 weeks after the date it was created and deleted from our backup systems after a further 14 days.
Communications with OnceHub, including our Sales, Customer Success and Privacy Teams held in our customer service application. We retain communication data held in our customer service applications for the duration of your subscription with us and for a maximum period of 12 months thereafter.
Sales records, including their digital equivalent, used for accounting, tax, and audit purposes. We retain sales records for accounting and tax purposes depending on, and in accordance with, applicable tax law.
Email and contact information used for marketing purposes. Your contact data is deleted from our Marketing database when you unsubscribe or opt out of receiving Marketing emails.
Cookies and tracking technologies. How long we retain this data depends on the type of cookie or tracking technology being used, and the choices you make about cookies and tracking technologies.  For more information please see our Cookie Notice.