Last updated: December 8, 2016
With respect to the PII processed in the Services, ScheduleOnce is a data processor. The organization or natural person who is licensed to use the Services (the “ScheduleOnce Account Holder” or “Account Holder”) is the data controller. Notwithstanding the foregoing, the payment card data and other personal data of the Account Holder that is submitted to ScheduleOnce via the Services, is controlled by ScheduleOnce.
1. EU-U.S. Privacy Shield Framework and U.S.-Swiss Safe Harbor Framework
In regards to personal data processed within the ScheduleOnce Service, ScheduleOnce LLC complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. ScheduleOnce LLC has certified that, within the ScheduleOnce Service, it adheres to all applicable provisions of the Privacy Shield Framework, including the Privacy Principles, the Supplemental Principles, and Annex 1 of the Framework. To learn more about the Privacy Shield program, and to view ScheduleOnce LLC’s certification, please visit https://www.privacyshield.gov/list.
In regards to personal data processed within the ScheduleOnce Service, ScheduleOnce LLC complies with the U.S. - Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of PII from Switzerland. ScheduleOnce LLC has certified that, within the ScheduleOnce Service, it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view ScheduleOnce LLC’s certification, please visit http://www.export.gov/safeharbor/.
2. VeraSafe Privacy Program
ScheduleOnce LLC is a member of the VeraSafe Privacy Program, meaning that VeraSafe has assessed ScheduleOnce LLC’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The program criteria require that participants maintain a high standard of data protection and implement specific best practices pertaining to notice, choice, access, data security, and third-party information sharing.
Please note that if you are a natural person who is using the Services under the auspices of an agreement entered into with ScheduleOnce, or a member of the workforce of an organization who is using the Services under the auspices of an agreement entered into with ScheduleOnce (a “ScheduleOnce User” or “User”), the ScheduleOnce Service enables you to share your name, schedule (i.e., your available/busy time slots), profile photograph, and contact information publicly. If you choose to do so, such PII will become public information.
If you are not a ScheduleOnce User, but submit PII to the booking page of a ScheduleOnce User, the PII you submit will be processed in accordance with this Notice, and will be shared with the ScheduleOnce User whose booking page you submitted data to, and the relevant ScheduleOnce Account Holder.
Except as described in this Notice, we maintain the PII processed in the ScheduleOnce Service in confidence.
4. Categories of PII
The categories of PII processed by the Services, and their purposes of use, depend on how each ScheduleOnce User configures their respective Services.
Generally, the ScheduleOnce Service is designed to process basic contact information, photographic images (such as profile pictures), location data, and data that pertains to a User’s schedule. The ScheduleOnce Service contains User-customizable fields, which can be used to solicit any category of PII, including sensitive PII. Additionally, the ScheduleOnce Service enables you to upload files to a User’s booking page, which might also contain any category of PII, including sensitive PII.
The Reschedge application is designed to process the schedules and basic contact information of Users and interviewees. The Reschedge application may also be used to process other types of data that may be associated with a User, such as the department that the User belongs to within the organization that is licensed to use the Reschedge application. The Reschedge application also allows Users to upload files to the application, which might contain any category of PII, including sensitive PII.
The ScheduleOnce Service is designed to collect PII via Users’ booking pages, via the ScheduleOnce Outlook connector application, via various integrations with other third party information systems that are controlled by ScheduleOnce Users, and with respect to ScheduleOnce Users, from with the ScheduleOnce Users tab.
4.1 Cookies (Required)
Since cookies are essential to the operation of the Services you cannot opt out of these cookies without compromising the intended functionality of the Services.
4.2 Third party cookies (Opt out possible)
The Services use analysis cookies that collect data about how people use our web applications, including which pages are visited most often, how fast they load, and other statistical information. These cookies do not collect data that individually identifies a visitor, aside from an IP address. All data these cookies collect is only used to tell us how the Services are used so that we can optimize the user experience.
5. Lawful Basis of Processing
If you are an Account Holder, we process your PII based on your consent. If you are a member of the workforce of an organization that is a ScheduleOnce Account Holder, or if you are not a User of the Services and you, a User, or an Account Holder submits your PII to the Services, we will process such PII on the basis of the legitimate interests pursued by the ScheduleOnce Account Holder, such as the need to efficiently schedule meetings and interviews.
6. Purposes of Use
We collect and use PII for the purposes of providing the Services to our Users and Account Holders at their instruction, processing PII on behalf of Users and Account Holders, retaining PII indefinitely so that former Users can more easily resume their use of the Services at a later time (unless a User instructs us to delete such PII, in which case such request will be subject to the limitations described in this Policy in Section 9 “Data Retention”), communicating with corporate business partners about business matters, providing information on the Services to prospective ScheduleOnce Account Holders, improving the Services, and conducting related tasks for legitimate business purposes.
We share PII with our data subprocessors, who further process such PII on behalf of, and under the instruction of, ScheduleOnce. Such data subprocessors include:
- webserver management service providers;
- infrastructure service providers;
- colocation service providers;
- software consulting service providers;
- SMS notification service providers; and
- email service providers.
We require those data subprocessors to maintain at least the same level of confidentiality, integrity, and availability that we maintain for such PII. ScheduleOnce remains liable for the protection of your PII that we transfer to our subprocessors. Note that some of our subprocessors, and our non-U.S. group company, process your data, including PII, outside of the United States.
We may also disclose PII:
- to other third parties for the purposes for which we receive the PII (e.g., performance of contractual obligations and rights);
- to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
- if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring or other company change; and
- to our subsidiaries only if necessary for business and operational purposes.
If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.
8. Data Integrity & Security
ScheduleOnce employs technical, administrative, and physical measures that are reasonably designed to help protect PII that we process from loss, unauthorized access, disclosure, alteration, destruction, or other processing.
9. Data Retention
PII that you submit to the ScheduleOnce Service is retained for as long as is necessary for us to perform our obligations under the contract entered into between the ScheduleOnce Account Holder and us. Note that we keep backup copies of our databases as part of our disaster recovery/business continuity plans, and it may not be reasonably possible for us to delete data from such backups.
10. Access, Review & Opting Out
If you are a data subject of PII that was submitted to the Services by a User or a ScheduleOnce Account Holder and you wish to exercise your rights with regards to such PII, please contact the User or Account Holder that provided your PII to us.
11. Privacy of Children
The Services are not directed at, or intended for use by, children under the age of 13. If you believe that PII pertaining to your under-13-year-old child has been submitted to the Services, and you would like to exercise your rights with regards to such PII, please contact the User whose Services the PII is processed in.
12. Changes to This Notice
We may update this Notice from time to time by posting a new version on our website. When we make a material change to the Notice, we will update the Last Updated date above to reflect the effective date of the most recent version of the Notice.
13. Contact & Dispute Resolution Process
If you have any questions or complaints about how we process your PII, please contact us via our contact form or using the information below.
Security and Compliance Manager
340 S. Lemon Ave. #5585,
Walnut, CA 91789
We will respond to your inquiry within four weeks of receipt.
13.2 Dispute Resolution under the EU-U.S. Privacy Shield and U.S.-Swiss Safe Harbor Frameworks
With regards to PII processed in the ScheduleOnce Service, if a privacy complaint or dispute cannot be resolved through ScheduleOnce’s internal process, ScheduleOnce has agreed to participate in the VeraSafe Dispute Resolution Procedure. Subject to the terms of the VeraSafe Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to you. To file a complaint with VeraSafe and participate in the VeraSafe Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/dispute-submission.
13.3 Binding Arbitration
With regards to PII processed in the ScheduleOnce Service, if your dispute or compliant can’t be resolved by VeraSafe nor through the Department of Commerce, you may have the right to require that ScheduleOnce enter into binding arbitration with you pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.
13.4 Regulatory Oversight
ScheduleOnce is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.
Microsoft and Outlook is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Google is either a registered trademark or trademark of Google Inc. in the United States and/or other countries.