Data privacy
Explaining our responsibilities as controllers and processors
Data you enter into our software
You are what is commonly known in privacy law as a controller in relation to the data that you and your customers enter into our software. You determine what data you collect, who you collect it from, and the purposes for which you use it. You are responsible for complying with privacy laws that apply to you and your customers in relation to this data.
We are what is known as a processor in relation to this data, and we process it on your behalf and under your instructions, in accordance with the terms of the Master Services Agreement between us. The Master Services Agreement places contractual obligations on us to keep this data secure and to only process it under your instructions and for the purposes set out in that agreement. We comply with all relevant privacy laws in relation to our role as a processor of this data.
Data we collect from you
We are a controller in respect of data we collect from you for our own business purposes. We collect this data from you when:
-
You create, or log into, a OnceHub account or purchase our services;
-
You visit our website, interact with a chatbot, sign up for a OnceHub event or request information from us via our website;
-
You communicate with our Sales and Customer Success teams; or
-
When we gather information from publicly available sources
Full details of how we process this data, and the rights you have in respect of it, can be found in our Privacy Notice. We only collect the data that is necessary for us to achieve the specific business purposes that are set out in our Privacy Notice. We comply with all relevant privacy laws in relation to our role as a controller of this data.
How long do we keep your data?
We delete data in accordance with the following retention and deletion timeframes.
Basic account (free account) data deletion
|
Event or Data Type |
Date of deletion from our servers |
|
You delete your account |
Data is deleted from our production servers after 2 days. Data is deleted from our backup systems after a further 14 days. |
|
After 180 days inactivity |
Data is deleted from our production servers after 182 days’ inactivity. Data is deleted from backup systems after a further 14 days. |
|
Meeting data |
Meeting data in a Basic (free) account is deleted from our production databases 42 days after the date of the meeting, and deleted from our backup systems after a further 14 days. |
|
You actively delete Application Data in your account |
Data is immediately deleted from production servers. Data is deleted from backup systems after a further 14 days. |
Trial account data deletion
|
Event |
Log in allowed for |
Deletion Timeframe |
|
No account selection made at the end of a 14 day trial period. N.B. At the end of a 14 day trial period you have the option to purchase a paid account, downgrade to a Basic (free) account or delete your account. |
For the next 30 days you only have a restricted login where you are able to either purchase a paid account, downgrade to a (free) Basic account, or delete your account. |
After this 30-day grace period, data is deleted from production servers after 2 days. Data is deleted from backup systems after a further 14 days. |
|
You delete your trial account |
You are no longer able to log into your account. |
Data is deleted from production servers after 2 days. Data is deleted from backup systems after a further 14 days. |
Paid account data deletion
|
Event or Data Type |
Log in allowed for |
Deletion Timeframe |
|
You cancel your subscription |
You can use your account until the end of your current subscription period. You then have a 30-day grace period with a restricted login that allows you to reactivate your subscription. |
After this 30-day grace period, data is deleted from production servers after 2 days. Data is deleted from backup systems after a further 14 days. |
|
You delete payment card details on an active account. |
N/A |
Card data is deleted immediately from our production databases. Data is deleted from backup systems after a further 14 days. |
|
Payment failure (i.e. the payment method held in your account could not be charged) |
You have grace periods to update your payment method: - 0-7 days: Full account access. - 8-30 days: Restricted login (payment processing only). Guest-facing interfaces disabled. |
After this 30-day grace period, data is deleted from production servers after 2 days. Data is deleted from backup systems after a further 14 days. |
|
You delete Application Data in your active account |
N/A |
Data is immediately deleted from production servers. Data is deleted from backup systems after a further 14 days. |
Deletion of other data types held by OnceHub
|
Data Type |
Deletion Timeframe |
|
Communications with OnceHub, including our Sales, Customer Success and Privacy Teams held in our customer service application. |
We retain communication data held in our customer service applications for the duration of your subscription with us and for a maximum period of 12 months thereafter. |
|
Sales records, including their digital equivalent, used for accounting, tax, and audit purposes. |
We retain sales records for accounting and tax purposes depending on, and in accordance with, applicable tax law. |
|
Email and contact information used for marketing purposes. |
Your contact data is deleted from our Marketing database when you unsubscribe or opt out of receiving Marketing emails. |
|
Cookies and tracking technologies. |
How long we retain this data depends on the type of cookie or tracking technology being used, and the choices you make about cookies and tracking technologies. For more information please see our Cookie Notice. |
