Privacy Notice

Version 2.5. Last updated 1st October 2021.
View changelog


This Privacy Notice covers our privacy practices with respect to the collection, use, and disclosure of information obtained:

  • Through OnceHub websites that link to this Privacy Notice; and
  • Through the provision of sales and support services, professional services and webinars that we provide to customers.

It also describes our privacy practices with respect to information entered into our software by our customers.

Our Applicant Privacy Notice covers our privacy practices in connection with an individual’s application for employment at OnceHub.



OnceHub processes two broad categories of personal data:

  • Personal data of our customers, account holders, and visitors to our web site as well as technical data regarding our customers interaction with our services (“Customer Data”), for which we act as a controller; and
  • Personal data that is entered into our SaaS products by our customers and their end users (“Application Data”) for which we act as a processor.  Please refer to our Data Processing Addendum for further information about how Application Data is processed.

If you are an individual who interacts with our products through one of our customers, and you wish to obtain further information about how they process your personal information, please inquire directly with the applicable customer.  We should point out that we are not responsible for the privacy or data security practices of our customers, which may differ from those set out in this Privacy Notice.


How we process Customer Data

We collect and process Customer Data in various ways and for a variety of purposes.

When you visit our website, interact with our chatbot, sign up for a OnceHub event or request information from us via our website

Information gathered:

  • Information you voluntarily provide to us;
  • Contact details and, if applicable, information relating to your company and your role at the company;
  • Information about which of our services you are interested in; and
  • Technical information that we collect indirectly and automatically through our systems. This information includes logging your Internet Protocol (IP) address, geo-location information, device and connection information, browser information, software configuration, operating system and use of cookies. You can find further information about Cookies in our Cookie Notice.

Purposes for which we use the information;

  • To provide you with the information you request;
  • To learn more about who is interested in our products and services;
  • To understand how visitors to our websites are using them, and which pages and features of the websites are most popular;
  • To help us improve the navigational experience on our web pages;
  • To track and prevent fraudulent activities and other inappropriate activities and monitor content integrity, manage security, and verify or authenticate information provided by you; and
  • To provide you with marketing communications from OnceHub.  You can always choose to opt out of further marketing communications through an unsubscribe link that is provided in any marketing email you receive from us.  You can alternatively contact us using the form on our your rights page to communicate your choice to opt out.

When you communicate with our Sales and Customer Success teams

Information gathered;

  • Your personal information such as your contact details;
  • A record of your communication with our teams;
  • A recording of your video call with our Sales or Customer Success teams, subject to us receiving your explicit consent to do so; and
  • Any information you share during the course of the communication.

Purposes for which we use the information:

  • Help us keep track of the inquiries we receive from you, and from customers generally;
  • To provide you with professional services; and
  • To help us improve our services and provide training to our team members.

It is important that you are thoughtful about the information you share with our employees.  While we will take appropriate measures to protect any sensitive information you share with us, you should not share any financial or other sensitive information, about you or your end users, that is not strictly necessary for our employees to assist you.

When you create, or log into, a OnceHub account or purchase our services

Information gathered:

  • Your name, email address, zip or postal code, phone number;
  • A password;
  • Your credit card or PayPal account details if you purchase a paid subscription to our services; and
  • Connectivity, technical and aggregated usage data, such as IP addresses and general locations, device data, date and time stamps of usage, and the recorded activity (sessions, clicks and other interactions) of customers in connection with the use of our services.

Purposes for which we use the information:

  • Identify you as an account holder;
  • So that we can communicate with you about your account;
  • Provide you with marketing communications from OnceHub from which you can opt out as described above;
  • Recognize you when you communicate with us;
  • Communicate verification codes to your phone number to when you log into your account, if you choose to set up two-factor authentication;
  • Bill you for your use of our products and services; and
  • To gain a better understanding on how our customers evaluate, use and interact with our services, and how we can continue to improve our products, offerings and the overall performance of our services.

When we gather information from publicly available sources

Information gathered:

  • Information about our customers and potential customers from publicly available sources, such as LinkedIn or business registers. This may include information about your business sector and the size of your company.

Purposes for which we use the information:

  • To help us better understand our customer base.


Your rights in respect of Customer Data

You have certain rights in relation to your personal data that we process.  The exercise of these rights may vary depending on the data protection laws that apply to us both in relation to your personal data.  Details of the rights of our EEA customers under the GDPR can be found in the section of this notice called “EU SPECIFIC PROVISIONS“.

If you wish to exercise any of these rights, then please contact our Data Protection Officer by using the contact form on our your rights page.  If we can’t deal with any of your requests then we’ll get back to you and explain the reasons why.  We’ll aim to get back to you within one month.  For more complicated requests, or for many requests, we might take longer, but we’ll tell you if there’s a delay and the reasons why.

If you wish to exercise any of these rights in relation to personal data that we process on behalf of our customers who use our services, then please direct your request to the relevant customer who is the controller of such data.


How we process Application Data

We process personal data that you or your end users enter into our services through your use of our products. This personal data is process by us as a processor, in order to perform the services that we provide you with pursuant to the Master Services Agreement, the Data Protection Addendum, our Acceptable Use Policy, and as further instructed by you in the use of our services. We have no direct control or ownership of the Application Data that we process.

Customers may submit Application Data to our services in accordance with our Acceptable Use Policy, the extent of which is determined and controlled by our customers in their sole discretion.  Further information about the processing of Application Data can be found in our Master Services Agreement, Data Processing Addendum, and in our support documentation at


How we share information

We only share your data with third-party service providers, known as subprocessors, for the purposes set out in this notice.  These providers are limited to only accessing or using this data to provide services to us.

We do not sell, rent, exchange or allow your data to be used by third parties for their own marketing purposes.

You can find more details about the subprocessors that we use in relation to Application Data on our subprocessor page including information about the data that is shared with them, why we share it and the security measures they have in place to protect your data.

Before we engage a subprocessor, we carry out a detailed audit to ensure that they have necessary security measures in place, and that they comply with all relevant data protection and privacy laws.  We enter into contracts with each subprocessor that ensure that they provide the same levels of protection that we agree to provide you under our Master Service Agreement, our Data Protection Addendum and this Privacy Notice.


Data security

We maintain appropriate administrative, physical, and technical safeguards to protect the security, confidentiality and integrity of your personal information.  We also take measures to ensure service providers that process personal data on our behalf also have appropriate security controls in place.

Full details of our security practices can be found on the security page of our Trust Center. You should also refer to our compliance page, which gives details of the third-party audits and certifications that relate to our security and privacy practices.

Please note that no service is completely secure. While we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur.

There are various steps that you can take to protect the confidentiality of your OnceHub account and protect it from unauthorized use, such as the implementation of two factor authentication and using a strong password policy on your account.  Further details of these steps can be found on in our knowledge base.  Please contact us immediately if you think your password or OnceHub account has been compromised.


Data retention

Once you delete your OnceHub account we will delete Customer and Application Data in accordance with our deletion schedule, as updated from time to time and made available on our website /trustcenter/data.

We reserve the right to retain personal data for longer than these periods only if:

  • The personal data is held in an aggregated or anonymized form, such that it is not possible to identify you as an individual from the data;
  • If there is a specific need or obligation to retain your information longer, like in the case of an open investigation, an audit or other legal matter; or
  • If there is any other legal basis on which we can retain your data for longer.

Please note that if you are a Customer of ours, you can delete Application Data that has been entered into ScheduleOnce by your end users. For more information about this feature please refer to this article on our support site

We reserve the right to contact you using your contact information during the 30 day period between the date you delete your account, and the date we delete your account data from our systems.


Google reCAPTCHA

We use Google reCAPTCHA for the purpose of verifying administrative users of OnceHub services.  The reCAPTCHA is a service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.

The reCAPTCHA is used to check whether data entered in the OnceHub services by administrative users has been entered by a human or by an automated program.

To do this, reCAPTCHA analyses the behavior of an administrative user based on various characteristics.  This analysis starts automatically as soon as an administrative user enters the OnceHub services.  For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the user has been on the website, or mouse movements made by the user).

The data collected during the analysis will be forwarded to Google.  The reCAPTCHA analyses takes place completely in the background.  Users are not advised that such an analysis is taking place.

Data processing is based on Art. 6 (1) (f) of the GDPR.  OnceHub has a legitimate interest in protecting its site from abusive automated crawling and spam.  We consider this to be proportionate and will not be prejudicial or detrimental to data subjects.

For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links:


Changes to our Privacy Notice

We may change this Privacy Notice from time to time.  If we make changes, we’ll revise the updated date at the top of this notice, and we may provide additional notice such as on the OnceHub website homepage, account sign-in page, or via the email address we have on file for you.  We will comply with applicable data protection laws with respect to any changes we make to this notice and seek your consent to any material changes if this is required by applicable law.


Handling disputes relating to our privacy practices

We hope we can resolve any disputes relating to our privacy practices between us.  You can raise your concern or dispute by emailing our Data Protection Officer by using the contact form on our your rights page.

For customers in the European Economic Area (“EEA“), you have additional rights to make a complaint to a competent data protection authority or commence proceedings in a court of competent jurisdiction in accordance with applicable data protection laws.



Legal basis of processing where OnceHub acts as a controller under the GDPR

If you are from the EEA, our legal basis for collecting and processing your Customer Data described above will depend on the personal information concerned and the specific context in which we collect it.

However, we will only collect personal information from you where either;

  • We have your consent to do so;
  • Where processing of your personal information is necessary to take steps to enter into a contract, or perform a contract, with you;
  • Where the processing is in our legitimate interests and not overridden by your fundamental rights and freedoms; or
  • In certain situations, where we have a legal obligation to collect personal information from you.

If you have questions about, or need further information concerning, the legal basis on which we collect and use your personal information, please contact our Data Protection Officer by using the contact form on our your rights page.

Your rights under the GDPR

The right to find out what personal data of yours we are processing

This is known as the right of access.  This right allows you to ask for details of the personal information we hold on you.

The right to change or update your information

This is called the right to rectification.  You can ask us to correct anything that you think is wrong with the personal information that we hold about you.  If you have a OnceHub account you can update your personal details and information in your account settings.  Otherwise you can contact us with details of the changes you wish to make and we will do it for you.

The right to restrict how your information is used

In certain circumstances you have the right to restrict the way we process your personal data.  The right is not an absolute right, and it depends on the type of personal data we hold and the legal basis on which we process it.  To exercise this right, you will need to contact us, providing us with details and we will respond to you.

The right to move your data

This is called the right to data portability.  You can ask us to supply you with the information that we hold on you in an electronic format.  If you wish to exercise this right then please contact us and we will make arrangements to provide you with this information.  Please be aware that we may require some identification to check that you are who you say you are.

The right to stop us from processing your data

This is called the right to object and you can exercise it in a few different ways.

You can object to us sending you marketing information and to do this you should click on the Unsubscribe link that you can find at the bottom of any of the marketing emails that we send you.

If you wish to object to us processing your data for any other reason then you should contact us and give us details of what it is you object to and why you want us to stop processing your personal data.  Bear in mind that this is not an absolute right, and there may be valid reasons why we can continue to process your data, but we will explain the reasons for that in detail if it applies.

The right to have your data deleted

This is called the right to erasure and means that you can ask for your personal information to be deleted.

When you delete your account, or your account is terminated for payment failure, we delete your data in accordance with our data retention policies, details of which are set out below, otherwise if you wish to make a request to delete your data then please contact us.

Sometimes it is not possible to delete your data, for instance if we have a valid legal basis for keeping it, but if that’s the case we will let you know.  Please be aware that we may require some identification to check that you are who you say you are.

Information from children

We do not knowingly permit children to sign up for a OnceHub account.  If we discover someone who is underage has signed up for a OnceHub account, we will take reasonable steps to promptly remove that person’s personal information from our records.  If you believe a person who is underage has signed up for a OnceHub account, please contact our Data Protection Officer by using the contact form on our your rights page.

International transfers

Your personal data will be transferred to the United States, where our primary processing facilities are located, and to other countries where we or our third-party service providers operate as set out on our subprocessors page.

OnceHub employs appropriate safeguards for cross-border transfers of personal data, as required by applicable local law.  In cases where the personal data is transferred from the European Union, the United Kingdom or Switzerland to a country outside of the European Union, the United Kingdom or Switzerland, that is not deemed to have adequate data protection provisions by the EU Commission, we rely on the EU Standard Contractual Clauses to comply with EU Law.

Data Protection Officer

OnceHub has appointed a Data Protection Officer who can be contacted by using the contact form on our your rights page.


back to top