ScheduleOnce welcomes the progress brought forth by the GDPR. As a data processor, we work closely with privacy experts to ensure our security and privacy programs meet the standards outlined in the GDPR. Upon signing up to our platform, users agree to our Data Processing Addendum. The DPA is our contractual obligation to process data in a GDPR compliant manner.
Data protection is a key consideration right from the early stages of the development lifecycle. We ensure that all our features are fully secure and all data processed by ScheduleOnce is encrypted at rest and in transit.
Data protection is our default mode of operation. We only collect and store data required to provide our service. If a user deletes their ScheduleOnce account, we remove all their data from our systems within 180 days of deletion.
ScheduleOnce has designated an internal Data Protection Officer (DPO) to oversee compliance. Additionally, we have nominated VeraSafe, an experienced privacy consultancy, to represent ScheduleOnce in the EU.
Our application is audited internally and externally on an ongoing basis to identify potential privacy flaws and exposures. Additionally, we perform impact assessments for any new features that may potentially affect the data flow of our application.
ScheduleOnce obtains consent from users who agree to a Master Service Agreement, Data Processing Addendum, and Privacy Policy when signing up to our platform. Users can withdraw consent at any time by deleting their account. If you have specific security requirements, contact us for a custom agreement.
We hold ourselves accountable to the highest standards by providing visibility to our security program. We make all our legal documentation easily accessible from our Trust center, GDPR center, and Legal hub. Upon request, users can access our annual SOC 2 audit report.
ScheduleOnce has enacted policies to protect users’ rights. We allow ScheduleOnce users to opt-out of our notifications, and are ready to respond to any data access requests from our users.
We do our very best to protect your data, though the unexpected could happen. In such cases, we are committed to always being fully transparent and notifying the supervisory authority and all affected parties according to the GDPR requirements.