Only Once is committed to empowering the entire business ecosystem by providing tools that enhance and streamline data management processes, maximizing day-to-day efficiency. Our mission is rooted in offering secure solutions, utilizing EU-based cloud services to uphold the highest standards of data protection. At Only Once, security remains a fundamental aspect, ensuring our members can seamlessly and securely share their professional business data with a simple click. This privacy policy explicitly outlines Only Once's role as the data controller, emphasizing our dedication to safeguarding your data and clarifying how we, at Only Once, handle and protect your data in accordance with our mission and values.
This privacy notice for Only Once (‘OO’, ‘we’, ‘us’, or ‘our’), describes how and why we might collect, store, use and/or share (‘process’) your information when you use our services (‘the Platform’), such as when you:
Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Platform.
This summary provides key points from our privacy notice, but you can find out more details about any of these topics by scrolling down.
What personal data do we process? When you visit, use, or navigate our Platform, we may process personal data depending on how you interact with us and the Platform, the choices you make and the features you use. The personal data primarily consists of business-related information or data that is publicly accessible but, due to its traceability, falls within the scope of GDPR.
Do we process any sensitive personal data? We may process sensitive personal data when necessary, but only with your consent or as otherwise permitted by applicable law.
Do we receive any information from third parties? We may receive information from other users, such as the organizations you disclose information to.
How do we process your information? We process your information to provide, improve, and administer our Platform, communicate with you, for security and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.
In what situations and with which types of parties do we share personal data? We may share information in specific situations and with specific categories of third parties.
How do we keep your information safe? We have organisational and technical processes and procedures in place to protect your personal data. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.
What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal data.
How do you exercise your rights? The easiest way to exercise your rights is by logging into your account, or by contacting us through e-mail via privacy@onlyonce.com.
In short: we collect personal data that you provide to us.
We collect personal data that you voluntarily provide to us when you register on the Platform, express an interest in obtaining information about us or our Platform, or otherwise when you contact us.
Personal information provided by you. The personal data that we collect depends on the context of your interactions with us and the Platform, the choices you make and the purposes for which you use the OO application. The personal data we collect may include the following:
Sensitive information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:
Application data. If you use our OO application, we also may collect the following information if you choose to provide us with access or permission:
This information is primarily needed to maintain the accuracy of your personal data, the security and operation of our application, for troubleshooting, and for our internal analytics and reporting purposes.
In addition to the aforementioned personal data, we may also collect metadata, such as login timestamps, helpdesk tickets, and other relevant information. For a comprehensive overview of the types of personal data processed, please refer to https://www.onlyonce.com/features/data-fields/.
All personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.
Information automatically collected
In short: Some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – is collected automatically when you visit our Platform.
We automatically collect certain information when you visit, use, or navigate the Platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Platform, and other technical information. This information is primarily needed to maintain the security and operation of our Platform, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
Information collected from other sources
In short: We may collect limited data from the organizations with whom you have shared personal data, and other outside sources.
In order to enhance our ability to provide services to you and update our records, we may obtain information about you from other sources, such as public databases like the Chamber of Commerce trade register, business partners, data providers, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), Internet Protocol (IP) addresses, social media profiles and social media URLS, and custom profiles.
In short: We process your information to provide, improve, and administer our Platform, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.
We process your personal data for a variety of reasons, depending on how you interact with our Platform, including:
In short: We only process your personal data when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.
If you are located in the EU or UK, this paragraph applies to you.
The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal data. As such, we may rely on the following legal bases to process your personal data:
In short: We may share information in specific situations described in this paragraph and/or with the following categories of third parties.
We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work. As an example, we have chosen Amazon Web Services (AWS) to host all our services, such as the storage of login credentials. We have contracts in place with our third parties, which are designed to help safeguard your personal data. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will also not share your personal data with any organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal data with are as follows:
When you consent to using our application or interact within certain areas designated for user interaction, your personal data may be shared with the organizations that use the application. This sharing will only occur if explicit consent has been granted by you or as per the functionalities provided within the application. The sharing and synchronization of information will not take place if you choose not to become a member of OO. This shared information might be visible to and accessible by other organizations within the application and their associated CRM systems, but only if the same types of information have been previously shared with those organizations. For instance, if you have previously provided your address and have since moved, sharing a new address will result in the update of this information in the CRM systems of organizations with whom you had initially shared your address. However, OO will not make this shared data publicly available outside the application without prior authorization.
In short: We may use cookies and other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
In short: We may transfer, store, and process your information in countries other than your own.
Our servers are located in the EU. If you access our Platform from outside the EU, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by third parties with whom we may share your personal data in other countries.
If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the transfer of data to a third country may occur, but we emphasize that such transfers will only take place if that country ensures an adequate level of security. We strive to collaborate with our partners in a manner that prioritizes data protection, and two examples of the mechanisms we employ are adequacy decisions and Standard Contractual Clauses (SCC’s).
In both cases, whether through an adequacy decision or the implementation of Standard Contractual Clauses, our commitment is to uphold the highest standards of data protection and privacy in accordance with this privacy notice and relevant legal requirements. Further details can be provided upon request.
In short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.
We will only keep your personal data for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal data for longer than the period of time in which users have an account with us.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.
In short: We aim to protect your personal data through a system of organisational and technical security measures.
We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal data we process. We take a variety of measures, including the following:
We consistently update and patch our systems, ensuring that potential vulnerabilities are promptly addressed. All data is securely stored within Europe, adhering to regional regulations. Our commitment to open standards means we avoid proprietary technology, providing you with transparent and accessible services.
Our infrastructure is meticulously organized, with discrete environments for application usage, monitoring, and deployment. Encrypted communication, employing SSL for secure browser connections, adds an extra layer of protection during data transmission.
To combat potential security threats, we conduct rigorous identity checks, employ Non-Disclosure Agreements (NDAs), and carefully manage intellectual property through IP transfer agreements. Access is restricted to a virtual private network (VPN), and strict access rights are maintained for folders and applications. We have embraced a paperless approach and implemented a clean desk policy. Secure note software facilitates the transmission of confidential information, and an offboarding checklist ensures swift removal of access for departing team members.
Our commitment to user protection involves stringent operational measures. We enforce strong password policies (if applicable) and advocate for Two-Factor Authentication (2FA) to add an extra layer of user verification. Automated logout features, SMS verification, and email account verification contribute to a multi-step verification process. The entire registration and login process is encrypted, and behavioural analysis is conducted to identify and address potential security risks. IP blocking for AWS and App stores, along with comprehensive user logging, further strengthens our security posture.
Next to that, we subject ourselves to external scrutiny through audits and certifications from third-party organizations. We are currently in the process of undergoing external validation to meet industry standards and regulations, including ISO 27701, AVG/GDPR, NEN/ISO 27001/2, BIR, BIO, APP, OWASP, PCI-DSS, ISO 9162, and ISTQB. Our commitment to continuous improvement is further emphasized through regular pen testing and auditing processes.
These measures, combined with our certifications, ensure a comprehensive and robust security framework to safeguard your personal data. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal data, transmission of personal data to and from our Platform is at your own risk. You should only access the Platform within a secure environment.
In short: We do not knowingly collect data from or market to children under 18 years of age.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Platform, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Platform. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy privacy@onlyonce.com.
In short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal data. You may review, change, or terminate your account at any time.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal data, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal data; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal data.
We will consider and act upon any request in accordance with applicable data protection laws.
Withdrawing your consent
If we are relying on your consent to process your personal data, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in paragraph L below.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.
It's important to note that withdrawing your consent will lead to the deletion of your account. We respect your choices, and we are committed to ensuring that your personal data is handled in accordance with your preferences. Should you choose to withdraw your consent, please be aware that your account will be removed from our system as part of this process.
If you would at any time like to review or change the information in your account or terminate your account, you can:
Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.
In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.
We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
Subject to the applicable laws of your country, you have the right to access, update, or delete the personal data we collect from you. You can manage these actions directly through your account settings within the application. If you wish to review, update, or delete your personal data, please follow the steps below:
Additionally, if you encounter any challenges or prefer assistance, you can contact us via email at privacy@onlyonce.com. We are here to help ensure that your personal data is accurate and in line with your preferences.
Thank you for entrusting us with your information.
Effortlessly create and maintain your ART and Scrum Teams, ensuring every team member has access to fully up-to-date and accurate contact and event information. Assign SAFe compliant and ART roles and descriptions, and maintain all team data in our highly-secure app.
Automatically generate all SAFe events and timelines in one user-friendly app, then sync with calendars to alert every team member at the click of a button. Keep everybody on the same page, with one universal communication platform, eliminating the need for multiple channels.
Communicate and collaborate with Stakeholders, Suppliers and Team Members all in one place, with access to consistently reliable and accurate contact data. Know exactly where you need to be, and when, keeping your entire Team Roster on time and on track, regardless of location.
Slash admin and communication costs by eliminating time-consuming manual updates to XLS team rosters and mailing lists. With every SAFe event and standard pre-defined by the app, save time and money by optimizing and rolling out every process in a matter of seconds.
Build your network by connecting with colleagues and other Agile experts. Find answers to complex Agile questions or doubts in your Only Once activity feed, and search for user profiles to find the perfect candidates for your Agile Release Train.
© 2024 Only Once BV Houten
The Netherlands
All Rights Reserved
Chamber of Commerce 88135977
VAT nr 8645.13.549.B.01
info@onlyonce.com
support@onlyonce.com
investors@onlyonce.com