Last revised: 8 July 2016.
Who is responsible for your information?
Only Once B.V. (“Only Once”), whose principal office is at Peppelkade 48, 3992 AK, Houten, The Netherlands, is responsible for collection and processing of your personal data related to your Only Once account or personal data you used to contact us via the Website. Only Once has notified this registration to the Dutch Data Protection Authority “Autoriteit Persoonsgegevens” (notification number 1620770).
The You-own-your-data agreement is the binding agreement that confirms that you remain the legal owner of all data, files or any information (collectively, “Data”) you store in your Only Once account and as owner (and in privacy terms Data Controller) in your Data Stores. You and nobody else are responsible for all data you store in your Only Once account and your Data Stores. Only Once does not have access to any personal data you store in your Data Stores.
Why do we collect your personal information?
When you choose to register an Only Once account or otherwise contact us, we will ask you for the personal data related to your name and e-mail address. This information enables Only Once to:
- Communicate with you in a personal way, such as responding to your feedback or service requests;
- Perform the administration of your Only Once account including handling of payments;
- Communicate with you about data sharing requests you send or your receive;
- Inform you that other Only Once Members have made updates in data that is shared with you;
- Communicate with you about changes in your account to ensure the security and privacy of your account.
Only Once will also collect via analyzing tools meta-data (like IP addresses, country, OO members you share your data with) to ensure the proper working of the Website and functionality of the Software and to ensure compliance with (privacy) legislation.
How we collect your personal data
You can share your personal data with us in a number of ways, for instance by:
- Registering for an Only Once account;
- Communicating with us by e-mail, phone or in writing.
How do we share your personal information?
Only Once does not have access to personal data you store in your Data Stores and therefore Only Once cannot and will not sell, rent, lease, or provide your personal data to any third parties or government in the world.
Only Once may share only your personal data related to the registration of your Only Once account or personal data you used to contact us with third party service providers to perform certain processing activities on behalf of Only Once. Only Once requires these service providers to protect your personal data diligently and in line with the security standards of Only Once.
We will release your personal data related to your Only Once account or personal data you used to contact us only if so required by law, where necessary for preventing or combating fraud, where necessary for dispute resolution, or for any other pressing legitimate need which under the circumstances must outweigh your privacy interests, such as the security of our business and the safety of our staff, but never your personal data stored in your Data Stores.
If you choose to register an Only Once account or contact us, you allow Only Once (as Data Processor) to collect, store, use, disclose, and otherwise process your personal data in connection with the purposes as described above including in cooperation with Sub-Processors.
Retain your personal data
If you choose not to continue your Only Once account, you can delete your Only Once account and all data in your Data Store yourself via account information in the Settings menu. Your data is then deleted from the servers and will be permanently deleted in the next backup cycle. We will only retain the personal data related to the registration of your Only Once account as long as needed to comply with our legal obligations, resolve disputes, and enforce our agreements.
Registering with Only Once
We would like to send you by email newsletters, info about product updates or to include you in product user surveys, but we will only do so if you specifically consent to receive such communications from us by adjusting your email notifications in the Settings menu. You will always have the opportunity to unsubscribe from any further communication from us via adjusting your email notifications.
How do we protect your information?
Only Once has taken appropriate technical and organizational security measures against loss or unlawful processing of your personal data. The most important security measure is that all data in your Data Store has been encrypted using 256-bit AES encryption. This means that only you can unlock the data in your Data Store using your encryption key.
We use Secure Socket Layer encryption using secure cookies with HTTPS to protect all your Data in transit to our servers, meaning from browser to server, such as when you access your information or grant access to it to others.
Your Data Store is hosted in a secure data center located in the European Union, which has 24/7 physical protections, firewalls, intrusion detection systems, and an array of other technological safeguards, and holds a number of certifications, including ISO27001/2, ISAE3402, SOC 1 and SOC 2 Reports, and is PCI compliant.
Nevertheless, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. If we discover a security incident that compromises your personal data, we will let you know about it, in accordance with applicable law. Please notify us immediately of any suspected or unauthorized use of your password or account or any other such incident at email@example.com.
Transfer of data
You are in control of the personal data you share. We will only share the data in your Only Once account and Data Stores if you choses to share this data with any other Only Once Members.
As a consequence your personal data may be viewed (transferred) to different countries around the world. Please note that some countries, like the US, do not provide for an adequate level of protection of your personal data but your personal data will always remains physically stored in a data center in European Union. We therefore want to emphasize that You always be careful with whom You share your data.
Registration as user for Only Once Software is not allowed under the age of 16. Only Once generally does not intend to collect personal data from and/or generally does not intentionally communicate with children under the age of 16. We strongly recommend that parents take an active role in supervising the online activity of their children.
Applicable Law and Jurisdiction
All individuals from around the world that visit our Website or choses to register an Only Once account should be aware that the laws of The Netherlands shall exclusively govern these General Terms and all underlying agreements. All disputes arising in connection with these General Terms, including disputes concerning the existence and validity thereof, shall be submitted to the competent courts of The Netherlands unless binding statutory requirements specify otherwise.
Archived version: 21 November 2015
Questions and feedback
Please send us your questions and comments about privacy to firstname.lastname@example.org.