Last revised: 8 July 2016.
We welcome You to our “Only Once” world. We offer You a Life Management Platform where you, other users and companies (“Only Once Members”) are able to store and share your own personal data.
This You-Own-Your-Data Agreement (this “Agreement”) is a legally binding contract between the individual or organization (“You” or “Owner”) accepting this Agreement including related General Terms Only Once and Only Once B.V. (”Only Once” or “we” or “us”) whose principal office is at Peppelkade 48, 3992 AK, Houten, The Netherlands. This Agreement applies to your use of all products, services, websites, mobile websites, native mobile applications, and co-branded products and services with our partners (collectively, the “Software,” which includes your “Data Stores”) that are owned and operated by us.
Please read this Agreement carefully before accepting it and using the Software. By clicking agree and using the Software, You agree to be bound by this Agreement. If You accept on behalf of an organization, You are legally binding the organization to this Agreement and represent that You have the authority to do so. If You do not agree with these terms and conditions, You should not accept this Agreement, and You may not use the Software.
Our principles to serve you
Because the security and privacy of your Data are paramount to us, we follow some principles:
- You own your data, not us: Only You decide what data You store in your Data Stores. You will remain always the ownership of your data. You have the ability to take your data with You when You terminate this Agreement.
- You always stay in control of your data: Only You can decide what data You want to share and with whom. At any time You can decide to stop sharing your data with another user or company.
- We do not use Your data for commercial use: Our enterprise business model is not based on exploiting your data. We do not sell, rent, lease, or provide your personal data in your Data Stores to any third parties or government in the world. This is also technically impossible because Only Once does not have access to your data in your Data Store; only You have the encryption keys.
- Transparent: We are committed to being transparent with You about our business model, terms and management of your Data. You will always be able to see which Only Once Members or apps You have shared your Data with.
- Take your data with you: We are convinced that we will make You a satisfied user. But if You decide to leave us, the Software provides You to export and delete your data whenever You want.
- The security and privacy of your Data are paramount to us: This does not need any further explanation!
This Agreement is the legally binding agreement that confirms that You will remain the legal owner of all your data, files or any information (collectively, “Data”) You store in your Personal Data Store (PDS) and / or Company Data Stores (ODS) (collectively, “Data Stores”). In privacy terms this means that You yourself are the Data Controller.
Only Once will only provide You with the Software as the Life Management Platform to store and share your data and provide the services to operate the Software as your Life Management Platform. In privacy terms this means that Only Once is your Data Processor.
Exercising your ownership
Because You are the Owner, You always retain ownership of your Data in your Data Stores, and only You can give permission to share. If You share your Data, You can update it for anyone with whom You have shared it or stop sharing.
We, Only Once Members, third party organizations and third party applications are not granted any right to use your Data in your Data Store, except for the specific purpose(s) for which You have granted it and subject to how the sharing occurs by You.
When You choose to grant access to your Data to another Only Once Member, You are granting a non-exclusive, limited right to access and use the applicable Data from your Data Store solely for the purpose intended, including any reuse or resharing permissions.
In consideration of the limited authorizations You provide to Only Once Members within the Software for accessing your Data, the recipient agrees not to use or disclose, in whole or in part, to any other party such shared Data except as permitted by You, and in accordance with this Agreement and/or any separate account or membership agreement You may have with a recipient, such as a third party organization.
Only Once Members that use the Software are contractually obligated to use your Data only as authorized by You. If they do not act in line with this, they are violating this Agreement and the General Terms Only Once. You yourself should also act in line with these terms for the Data of other Only Once Members that is shared with you.
Control and sharing of your data
Only Once has designed the Software in such a way that You will always be able to view which Only Once Members or third-party applications (“Apps”) you have shared your Data with through features in the Software.
You may be offered access to and use of the Software through: (a) a third party company or organization that partners with us (a “Partner”) because, for example, You are a member or customer of that Partner; or (b) your choice to use your Data in conjunction Apps that integrate with the Software.
In each case, You may have an independent (and sometimes pre-existing) relationship and/or account information stored with a Partner or Apps (“Data Users”) by virtue of being a member, customer or user of the Data User. In some cases, a Data User may provide data to You in your Data Store, in which case that Data will become yours. Where You share your Data with a Data User, You may stop sharing at any time. Data already shared or updated with a Data User may remain in its system and subject to its data, usage and privacy practices, which we do not control, based on your independent relationship with the Data User. When you stop sharing your Data, the Data User may retain the last version of the Data You shared, but they will not have ongoing updates from your Data Stores.
Sharing by Only Once
Only Once may share only your personal data related to the registration of your Only Once account or personal data You used to contact us or third party service providers to perform certain processing activities on behalf of Only Once.
Deleting your personal data
If You choose not to continue your Only Once account, You can export your data and delete your Only Once account and all data in your Data Stores yourself. Your data is then deleted from the servers and will be permanently deleted in the next backup cycle. We will only retain the personal data related to the registration of your Only Once account as long as needed to comply with our legal and fiscal obligations, resolve disputes, and enforce our agreements.
Data fields in our Data Stores
You understand and agree that the Data Stores and the data fields within them are solely determined by Only Once, and therefore Only Once reserves the right to reorganize and/or remove the Data Stores and data fields from time to time. In connection with such reorganization and/or removal, it is possible that some Data may be deleted and/or moved. In such cases, we will give You notice and try to help You preserve your Data, but Only Once shall not be responsible for any loss or relocation of any Data arising out of such reorganization and/or removal.
Protect your data
The security and privacy of your Data are paramount to us. Only Once has taken appropriate technical and organizational security measures against loss or unlawful processing of your personal data. The most important security measure is that all data in your Data Store has been encrypted using 256-bit AES encryption. This means that only You can unlock the data in your Data Store using your encryption key.
We use Secure Socket Layer encryption using secure cookies with HTTPS to protect all your Data in transit to our servers, meaning from browser to server, such as when You access your information or grant access to it to others.
Your Data Store is hosted in a secure data center located in the European Union, which has 24/7 physical protections, firewalls, intrusion detection systems, and an array of other technological safeguards, and holds a number of certifications, including ISO27001/2, ISAE3402, SOC 1 and SOC 2 Reports, and is PCI compliant.
Nevertheless, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee absolute security. Security is as strong as the weakest chain. Therefore You as Owner should also take all appropriate security measures to secure your own data, like choosing a strong password for your Only Once account, an even stronger password for the encryption keys to your Data Stores, and making sure that the devices You use to log in on your account have adequate protection towards viruses and malware.
We will never ask You to provide us your password or encryption keys. You should also never give them to any other person. You should keep the copy of your encryption keys in a secure location but keep in mind that if you loose them you are NOT able to access your Data Stores any longer.
We will notify You about important activities related to your account, like a password change. You are obliged to monitor these actions to ensure your account is not misused. Please notify us immediately of any suspected or unauthorized use of your password, encryption keys, account or any other such incident at firstname.lastname@example.org. If we discover a security incident that compromises your Data, we will let You, in accordance with applicable law, know about it on the email address you use to log in.
ONLY ONCE SHALL NOT BE RESPONSIBLE OR LIABLE FOR UNAUTHORIZED ACCESS, HACKING, OR OTHER SECURITY INTRUSIONS OR FAILURE TO STORE OR THE THEFT, DELETION, CORRUPTION, DESTRUCTION, DAMAGE, OR LOSS OF ANY DATA OR INFORMATION OR LOSS OF PASSWORD AND ENCRYPTION KEYS.
Because Only Once will not be able to fully support all services to you, we will need to contract sub-processors to support us, like hosting of the data center. We will contractually bound these sub-processors to the same obligations with respect to the processing of your data as those which we are bound to under this agreement.
Transfer of data
You are in control of the personal data You share. The Software will only share in your name due to your duly instruction the data in your Only Once account and Data Stores if You choses to share this data with any other OO Members.
As a consequence your personal data may be viewed (transferred) to different countries around the world. Please note that some countries, like the US, do not provide for an adequate level of protection of your personal data but your personal data will always remains physically stored in a data center in European Union. We therefore want to emphasize that You always be careful with whom You share your data.
Terms and Termination
This Agreement will commence upon the date You accept it or start using the Software and shall continue in force and effect until its termination. You may terminate this Agreement at any time by ceasing to use the Software, and canceling and permanently deleting your account. Before doing so, You may choose to export your Data.
Only Once may terminate this Agreement and your right to use the Software upon 30 days’ notice to You if Only Once ceases to offer the Software. If You breach this Agreement, the Acceptable Use Policy or our General Terms Only Once, Only Once may terminate this Agreement and/or your right to use the Software immediately without notice.
Warranties and Disclaimer
You represent and warrant to Only Once that any Data that You upload, store, use, permit access to or otherwise manage in the Data Stores of the Software does not violate any law or legal requirement, and does not infringe the privacy, intellectual property, or any other rights of any other person or entity. You agree to defend, indemnify and hold harmless Only Once, and all other persons or entities using the Software, from and against any loss or damages arising out of your breach of the foregoing warranty.
THE SOFTWARE INCLUDING, WITHOUT LIMITATION, ALL CONTENT, FUNCTION, MATERIALS AND SERVICES, IS PROVIDED “AS IS,” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTY FOR INFORMATION, DATA, DATA PROCESSING SERVICES OR UNINTERRUPTED ACCESS, ANY WARRANTIES CONCERNING THE AVAILABILITY, ACCURACY, COMPLETENESS, USEFULNESS, OR CONTENT OF INFORMATION, AND ANY WARRANTIES OF TITLE, NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
ONLY ONCE DOES NOT WARRANT THAT THE SOFTWARE OR THE FUNCTION, CONTENT OR SERVICES MADE AVAILABLE THEREBY WILL BE TIMELY, SECURE, FREE FROM HACKING OR OTHER SECURITY INTRUSION, UNINTERRUPTED OR ERROR FREE, OR THAT DEFECTS WILL BE CORRECTED. ONLY ONCE MAKES NO WARRANTY THAT THE SOFTWARE WILL MEET USERS’ EXPECTATIONS OR REQUIREMENTS. NO ADVICE, RESULTS OR INFORMATION, OR MATERIALS WHETHER ORAL OR WRITTEN, OBTAINED BY YOU THROUGH THE SOFTWARE SHALL CREATE ANY WARRANTY NOT EXPRESSLY MADE HEREIN. IF YOU ARE DISSATISFIED WITH THE SOFTWARE, YOUR SOLE REMEDY IS TO DISCONTINUE USING THE SOFTWARE. USE OF THE SOFTWARE IS AT YOUR SOLE RISK. YOU WILL BE SOLELY RESPONSIBLE FOR ANY LOSS OR DAMAGES YOU MAY SUFFER AS A RESULT OF YOUR USE OF THE SOFTWARE.
TO THE GREATEST EXTENT PERMITTED UNDER APPLICABLE LAW, IN NO EVENT SHALL ONLY ONCE, ITS AFFILIATES OR ANY OF THEIR RESPECTIVE DIRECTORS, OFFICERS, EMPLOYEES, AGENTS, PARTNERS, LICENSORS, CONTENT OR SERVICE PROVIDERS, OR SUCCESSORS BE LIABLE FOR ANY INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL, EXEMPLARY OR PUNITIVE DAMAGES ARISING FROM OR DIRECTLY OR INDIRECTLY RELATED TO (i) THE USE OF, OR THE INABILITY TO USE, THE SOFTWARE, MATERIALS AND FUNCTIONS RELATED THERETO, (ii) UNAUTHORIZED ACCESS TO OR LOSS, CORRUPTION, OR ALTERATION OF DATA, TRANSMISSIONS, OR CONTENT, (iii) STATEMENTS OR CONDUCT OF ANY THIRD PARTY ON OR USING THE SOFTWARE, (iv) ONLY ONCE’S ACTIONS OR OMISSIONS IN RELIANCE UPON YOUR ACCOUNT OR CREDIT CARD INFORMATION AND ANY CHANGES THERETO OR NOTICES RECEIVED THEREFROM, (v) YOUR FAILURE TO PROTECT THE CONFIDENTIALITY OF YOUR DATA OR ANY PASSWORDS OR ACCESS RIGHTS TO YOUR ACCOUNT INFORMATION, (vi) THE ACTS OR OMISSIONS OF ANY THIRD PARTY USING OR INTEGRATING WITH THE SERVICE, OR (vii) ANY OTHER MATTER RELATING TO THE SOFTWARE, INCLUDING, WITHOUT LIMITATION, LOSS OF REVENUE, ANTICIPATED PROFITS, GOODWILL, LOST BUSINESS, USE, DATA, SALES, COST OF SUBSTITUTE SERVICES, OR OTHER INTANGIBLE LOSSES, EVEN IF PERSONAL OR ITS REPRESENTATIVE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
IN ADDITION TO AND WITHOUT LIMITING THE FOREGOING, TO THE EXTENT PERMITTED BY LAW, YOU AGREE THAT THE TOTAL LIABILITY OF ONLY ONCE TO YOU FOR ANY AND ALL CLAIMS ARISING FROM YOUR USE OF THE SOFTWARE OR OTHERWISE ARISING UNDER THIS AGREEMENT SHALL NOT EXCEED THE TOTAL AMOUNT PAID BY YOU FOR THE SOFTWARE IN THE PRECEDING YEAR. THE LIMITATIONS OF DAMAGES SET FORTH ABOVE ARE FUNDAMENTAL ELEMENTS OF THE BASIS OF THE BARGAIN BETWEEN ONLY ONCE AND YOU. THEY SHALL APPLY REGARDLESS OF WHETHER A CAUSE OF ACTION MAY BE IN CONTRACT, TORT (INCLUDING, BUT NOT LIMITED TO, NEGLIGENCE OR OTHERWISE), STATUTE, OR ANY OTHER LEGAL THEORY, EITHER ARISING FROM THIS
AGREEMENT, OR YOUR USE OF OR INABILITY TO USE THE SOFTWARE.
Applicable Law and Jurisdiction
Wherever You live around the world, if You choose to register an Only Once account in our Software You should be aware that the laws of The Netherlands shall exclusively govern the General Terms Only Once and all underlying agreements including this Agreement.
This Agreement may not satisfy the laws in countries outside the The Netherlands. If You choose to register an Only Once account from outside The Netherlands You are responsible for ascertaining to what extent local laws are applicable and compliance with local laws.
This Agreement is subject to the use of the Software as described in the License Agreement Only Once Software and the Acceptable Use Policy Only Once. This Agreement is part of the General Terms Only Once and all underlying agreements.
We may change this Agreement from time to time. We therefore encourage You to refer to this agreement on an ongoing basis.
If we make any change to this Agreement that in our sole discretion is material, we will notify You (for example, by email to the email address in your account or prominent notice in the Software) that this Agreement has been modified. The new version will show the date it was modified. If You disagree with any change to the Agreement, You will be able to export your Data from the Personal Service and permanently delete it. Your continued use of the Software 30 days after the update will constitute your acceptance of the revised Agreement
Archived version: not applicable.
Questions and feedback
Please send us your questions and comments about privacy to email@example.com.