Application Privacy Policy

Last updated: March 24, 2018

This Privacy Policy (hereinafter, the “Policy”) addresses data subjects whose personal data (“PII”) may be received or otherwise processed by ScheduleOnce (a trade name of OnceHub Inc. and/or OnceHub Ltd.), (“us”, “we,” “our,” or “ScheduleOnce”) in our hosted online appointment scheduling platform, which includes the ScheduleOnce Outlook® connector software application (the “Outlook Connector” and together with the hosted web application, the “ScheduleOnce Service”), and our hosted interview scheduling platform, Reschedge (collectively with the ScheduleOnce Service, the “Services”). This Policy does not apply to the ScheduleOnce publicly accessible websites, such as www.scheduleonce.com or www.reschedge.com, the employees of ScheduleOnce, or to any PII we collect outside of the Services.

With respect to the PII processed in the Services, ScheduleOnce is a data processor. The organization or natural person who is licensed to use the Services (the “ScheduleOnce Account Holder” or “Account Holder”) is the data controller. Notwithstanding the foregoing, the payment card data and other personal data of the Account Holder that is submitted to ScheduleOnce via the Services, is controlled by ScheduleOnce.

1. EU-U.S. and Swiss-U.S. Privacy Shield Framework

With respect to personal data processed within the ScheduleOnce Service when used under the Enterprise Plan, and with respect to personal data processed within Reschedge, ScheduleOnce (a trade name of OnceHub Inc.) complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (the “Privacy Shield”) as adopted and set forth by the U.S. Department of Commerce. ScheduleOnce has certified that, within the ScheduleOnce Service, it adheres to all applicable provisions of the Privacy Shield.

To learn more about the Privacy Shield, and to view ScheduleOnce’s certification, please visit https://www.privacyshield.gov and https://www.privacyshield.gov/list, respectively.

2. VeraSafe Privacy Program

ScheduleOnce (a trade name of OnceHub Inc.) is a member of the VeraSafe Privacy Program, meaning that, with respect to personal data (“PII”) processed within the ScheduleOnce Service when used under the Enterprise Plan, VeraSafe has assessed ScheduleOnce’s data governance and data security for compliance with the VeraSafe Privacy Program Certification Criteria. The program criteria require that participants maintain a high standard of data protection and implement specific best practices pertaining to notice, onward transfer, choice, access, data security, data quality, recourse, and enforcement.

3. Confidentiality

Please note that if you are a natural person who is using the Services under the auspices of an agreement entered into with ScheduleOnce, or a member of the workforce of an organization who is using the Services under the auspices of an agreement entered into with ScheduleOnce (a “ScheduleOnce User” or “User”), the ScheduleOnce Service enables you to share your name, schedule (i.e., your available/busy time slots), profile photograph, and contact information publicly. If you choose to do so, such PII will become public information.

If you are not a ScheduleOnce User but submit PII to the booking page of a ScheduleOnce User, the PII you submit will be processed in accordance with this Policy, and will be shared with the ScheduleOnce User, whose booking page you submitted data to, and the relevant ScheduleOnce Account Holder.

Except as described in this Policy, we maintain the PII processed in the ScheduleOnce Service in confidence.

4. Categories of PII

The categories of PII processed by the Services, and their purposes of use, depend on how each ScheduleOnce User configures their respective Services.

Generally, the ScheduleOnce Service is designed to process basic contact information (such as name, email, phone number), photographic images (such as profile pictures), location data, and data that pertain to a User’s schedule. The ScheduleOnce Service contains User-customizable fields, which can be used to solicit any category of PII, including sensitive PII. Additionally, the ScheduleOnce Service enables you to upload files to a User’s booking page, which might also contain any category of PII, including sensitive PII.

The Reschedge application is designed to process the schedules and basic contact information of Users and interviewees. The Reschedge application may also be used to process other types of data that may be associated with a User, such as the department that the User belongs to within the organization that is licensed to use the Reschedge application. The Reschedge application also allows Users to upload files to the application, which might contain any category of PII, including sensitive PII.

The ScheduleOnce Service is designed to collect PII via Users’ booking pages, via the ScheduleOnce Outlook connector application, via various integrations with other third-party information systems that are controlled by ScheduleOnce Users, and with respect to ScheduleOnce Users, from within the ScheduleOnce Users tab.

The Reschedge application is designed to collect PII that is manually submitted to the application by Users and Account Holders, and via integrations with Office 365, Microsoft® Exchange® and Google® G Suite.

4.1 Cookies (Required)

The Services use cookies. Some of these cookies enable us to remember data you have entered or choices you have made, such as your email address, time zone, and date and time preferences, and provide you with a better user experience. We use session ID cookies to recognize you, as you move from one page to another within the application.

If you have chosen to identify yourself to the ScheduleOnce Service, we use cookies containing encrypted data to enable us to uniquely identify you. Each time you log into the ScheduleOnce Service, a cookie containing an encrypted unique identifier that is tied to your account is placed on your computer. These cookies allow us to uniquely identify you when you are logged into the ScheduleOnce Service and enable us to provide you with the best user experience.

Since cookies are essential to the operation of the Services, you cannot opt out of these cookies without compromising the intended functionality of the ScheduleOnce Service.

4.2 Third Party Cookies (Opt Out Possible)

The Services use analysis cookies that collect data about how people use our web applications, including which pages are visited most often, how fast they load, and other statistical information. These cookies do not collect data that individually identifies a visitor, aside from an IP address. All data these cookies collect is only used to tell us how the Services are used, so that we can optimize the user experience.

5. Lawful Basis of Processing

If you are an Account Holder, we process your PII based on your consent, and based on the need to perform the obligations of our contract with you. If you are a member of the workforce of an organization that is a ScheduleOnce Account Holder, or if you are not a User of the Services and you, a User, or an Account Holder submits your PII to the Services, we will process such PII based on the documented instructions of the data controller.

6. Purposes of Processing

We collect and use PII for the purposes of providing the Services to our Users and Account Holders at their instruction, processing PII on behalf of Users and Account Holders, communicating with corporate business partners about business matters, providing information on the Services to prospective ScheduleOnce Account Holders, improving the Services, and conducting related tasks for legitimate business purposes.

7. Sharing PII with Third Parties

We share PII with our data subprocessors, who further process such PII on behalf of, and under the instruction of, ScheduleOnce. Such data subprocessors include:

  • infrastructure service providers;
  • software consulting service providers;
  • web-based productivity software providers;
  • SMS notification service providers; and
  • email service providers.

We require those data subprocessors to maintain at least the same level of confidentiality, integrity, and availability that we maintain for such PII. ScheduleOnce remains liable for the protection of your PII that we transfer to our subprocessors. Note that some of our subprocessors, and our non-U.S. group company, process your data, including PII, outside of the United States.

We may also disclose PII (i) to other third parties for the purposes for which we receive the PII (e.g., performance of contractual obligations and rights); (ii) to the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders; (iii) if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring or other company change; and (iv) to our subsidiaries, only if necessary for business and operational purposes.

If we must disclose your PII in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your PII will maintain the privacy or security of your PII.

8. Data Integrity & Security

ScheduleOnce has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect PII from unauthorized processing such as unauthorized access, disclosure, alteration, or destruction.

9. Data Retention

PII that you submit to the ScheduleOnce Service is retained for as long as is necessary for us to perform our obligations under the contract that is entered into between the ScheduleOnce Account Holder and us. Note that we keep backup copies of our databases for a limited period of time as part of our disaster recovery/business continuity plans, and it may not be reasonably possible for us to delete data from such backups.

10. Access, Review

If you are a data subject of PII that was submitted to the Services by a User or a ScheduleOnce Account Holder, you may have a right to request access to, and the opportunity to update, correct, or delete, such PII. To submit such requests or raise any other questions, please contact the User or Account Holder that provided your PII to us.

11. Privacy of Children

The Services are not directed at, or intended for use by, children under the age of 13. If you believe that PII pertaining to your under-13-year-old child has been submitted to the Services, and you would like to exercise your rights with regards to such PII, please contact the User whose Services the PII is processed in.

12. Changes to This Policy

We may update this Policy from time to time by posting a new version on our website. When we make a material change to the Policy, we will update the Last Updated date above to reflect the effective date of the most recent version of the Policy.

13. Contact & Dispute Resolution Process

13.1 Contact

If you have any questions or complaints about how we process your PII, please contact us via our contact form or using the information below.

ScheduleOnce
Security and Compliance Manager
340 S. Lemon Ave. #5585,
Walnut, CA 91789
USA
Email: trust@scheduleonce.com

We will respond to your inquiry within four weeks of receipt.

13.2 Dispute Resolution under the Privacy Shield

With regards to PII processed in the ScheduleOnce Service, where a privacy complaint or dispute cannot be resolved through ScheduleOnce’s internal process, ScheduleOnce has agreed to participate in the EU data protection authorities (DPAs) dispute resolution process. Subject to the terms of the EU DPAs dispute resolution process, the EU DPAs will provide appropriate recourse to you. To file a complaint with the EU DPAs, please submit the required information here:
https://www.privacyshield.gov/assistance.

13.3 Binding Arbitration

With regards to PII processed in the ScheduleOnce Service, if your dispute or complaint can’t be resolved by us, nor through the dispute resolution program established by the EU DPAs, you may have the right to require that we enter into binding arbitration with you, pursuant to the Privacy Shield’s Recourse, Enforcement and Liability Principle and Annex I of the Privacy Shield.

13.4 Regulatory Oversight

ScheduleOnce is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

Microsoft and Outlook is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries. Google is either a registered trademark or trademark of Google Inc. in the United States and/or other countries.