Privacy policy

I. About Only Once and this privacy notice

Only Once is committed to empowering the entire business ecosystem by providing tools that enhance and streamline data management processes, maximizing day-to-day efficiency. Our mission is rooted in offering secure solutions, utilizing EU-based cloud services to uphold the highest standards of data protection. At Only Once, security remains a fundamental aspect, ensuring our members can seamlessly and securely share their professional business data with a simple click. This privacy policy explicitly outlines Only Once's role as the data controller, emphasizing our dedication to safeguarding your data and clarifying how we, at Only Once, handle and protect your data in accordance with our mission and values.

This privacy notice for Only Once (‘OO’, ‘we’, ‘us’, or ‘our’), describes how and why we might collect, store, use and/or share (‘process’) your information when you use our services (‘the Platform’), such as when you:

  • Download and use our mobile application, or any other application of ours that links to this privacy notice;
  • Engage with us in other related ways, including any sales or marketing.

Questions or concerns? Reading this privacy notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Platform.

 

II. SUMMARY OF KEY POINTS

 This summary provides key points from our privacy notice, but you can find out more details about any of these topics by scrolling down.

What personal data do we process? When you visit, use, or navigate our Platform, we may process personal data depending on how you interact with us and the Platform, the choices you make and the features you use. The personal data primarily consists of business-related information or data that is publicly accessible but, due to its traceability, falls within the scope of GDPR.

Do we process any sensitive personal data? We may process sensitive personal data when necessary, but only with your consent or as otherwise permitted by applicable law.

Do we receive any information from third parties? We may receive information from other users, such as the organizations you disclose information to.

How do we process your information? We process your information to provide, improve, and administer our Platform, communicate with you, for security and to comply with law. We may also process your information for other purposes with your consent. We process your information only when we have a valid legal reason to do so.

In what situations and with which types of parties do we share personal data? We may share information in specific situations and with specific categories of third parties.

How do we keep your information safe? We have organisational and technical processes and procedures in place to protect your personal data. However, no electronic transmission over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information.

What are your rights? Depending on where you are located geographically, the applicable privacy law may mean you have certain rights regarding your personal data.

How do you exercise your rights? The easiest way to exercise your rights is by logging into your account, or by contacting us through e-mail via privacy@onlyonce.com.

 

III. PRIVACY POLICY IN FULL

A.  What information do we collect?

In short: we collect personal data that you provide to us.

We collect personal data that you voluntarily provide to us when you register on the Platform, express an interest in obtaining information about us or our Platform, or otherwise when you contact us.

Personal information provided by you. The personal data that we collect depends on the context of your interactions with us and the Platform, the choices you make and the purposes for which you use the OO application. The personal data we collect may include the following:

  • Names;
  • Phone numbers;
  • Email addresses;
  • Mailing addresses;
  • Job titles;
  • Contact or authentication data;
  • Billing addresses;
  • Banking details;
  • Debit/credit card numbers;
  • IP addresses;
  • Profile pictures.

Sensitive information. When necessary, with your consent or as otherwise permitted by applicable law, we process the following categories of sensitive information:

  • Information revealing race or ethnic origin;
  • Information revealing religious or philosophical beliefs;
  • Student data;

Application data. If you use our OO application, we also may collect the following information if you choose to provide us with access or permission:

  • Push notifications. We may request to send you push notifications regarding your account or certain features of the application. If you wish to opt out from receiving these types of communications, you may turn them off in your device’s settings.

This information is primarily needed to maintain the accuracy of your personal data, the security and operation of our application, for troubleshooting, and for our internal analytics and reporting purposes.

In addition to the aforementioned personal data, we may also collect metadata, such as login timestamps, helpdesk tickets, and other relevant information. For a comprehensive overview of the types of personal data processed, please refer to https://www.onlyonce.com/features/data-fields/.

All personal data that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal data.

Information automatically collected

In short: Some information – such as your Internet Protocol (IP) address and/or browser and device characteristics – is collected automatically when you visit our Platform.

We automatically collect certain information when you visit, use, or navigate the Platform. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Platform, and other technical information. This information is primarily needed to maintain the security and operation of our Platform, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies.

The information we collect includes:

  • Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Platform and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Platform (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called 'crash dumps'), and hardware settings).
  • Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Platform. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.
  • Location Data. We collect location data such as information about your device's location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the Platform. For example, we may use technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Platform.

Information collected from other sources

In short: We may collect limited data from the organizations with whom you have shared personal data, and other outside sources.

In order to enhance our ability to provide services to you and update our records, we may obtain information about you from other sources, such as public databases like the Chamber of Commerce trade register, business partners, data providers, and from other third parties. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behaviour data), Internet Protocol (IP) addresses, social media profiles and social media URLS, and custom profiles.

B.  How do we process your information?

In short: We process your information to provide, improve, and administer our Platform, communicate with you, for security and fraud prevention, and to comply with law. We may also process your information for other purposes with your consent.

We process your personal data for a variety of reasons, depending on how you interact with our Platform, including:

  • To facilitate account creation and authentication and otherwise manage user accounts. We may process your information so you can create and log in to your account, as well as keep your account in working order;
  • To deliver and facilitate delivery of services to the user. We may process your information to provide you with the requested service;
  • To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.
  • To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.
  • To enable user-to-organization communications. We may process your information if you choose to use any of our offerings that allow for communication with an organization.
  • To identify usage trends. We may process information about how you use our Platform to better understand how they are being used so we can improve them.

 

C.  What legal bases do we rely on to process your personal data?

In short: We only process your personal data when we believe it is necessary and we have a valid legal reason (i.e. legal basis) to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfil our contractual obligations, to protect your rights, or to fulfil our legitimate business interests.

If you are located in the EU or UK, this paragraph applies to you.

The General Data Protection Regulation (GDPR) and UK GDPR require us to explain the valid legal bases we rely on in order to process your personal data. As such, we may rely on the following legal bases to process your personal data:

  • Consent. We may process your information if you have given us permission (i.e. consent) to use your personal data for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent.
  • Performance of a Contract. We may process your personal data when we believe it is necessary to fulfil our contractual obligations to you, including providing our Platform or at your request prior to entering into a user agreement with you.
  • Legitimate Interests. We may process your information when we believe it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal data for some of the purposes described in order to:
    • Analyse how our Platform are used so we can improve them to engage and retain users Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

 

D.  When and with whom do we share your personal data?

In short: We may share information in specific situations described in this paragraph and/or with the following categories of third parties.

Consultants, and Other Third-Party Service Providers

We may share your data with third-party vendors, service providers, contractors, or agents ('third parties') who perform services for us or on our behalf and require access to such information to do that work. As an example, we have chosen Amazon Web Services (AWS) to host all our services, such as the storage of login credentials. We have contracts in place with our third parties, which are designed to help safeguard your personal data. This means that they cannot do anything with your personal data unless we have instructed them to do it. They will also not share your personal data with any organisation apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal data with are as follows:

  • Cloud Computing Services
  • Data Storage Service Providers
  • User Account Registration & Authentication Services

Organizations

When you consent to using our application or interact within certain areas designated for user interaction, your personal data may be shared with the organizations that use the application. This sharing will only occur if explicit consent has been granted by you or as per the functionalities provided within the application. The sharing and synchronization of information will not take place if you choose not to become a member of OO. This shared information might be visible to and accessible by other organizations within the application and their associated CRM systems, but only if the same types of information have been previously shared with those organizations. For instance, if you have previously provided your address and have since moved, sharing a new address will result in the update of this information in the CRM systems of organizations with whom you had initially shared your address. However, OO will not make this shared data publicly available outside the application without prior authorization.

 

E.   Do we use cookies and other tracking technologies?

In short: We may use cookies and other tracking technologies to collect and store your information.

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

 

F.   Is your information transferred internationally?

In short: We may transfer, store, and process your information in countries other than your own.

Our servers are located in the EU. If you access our Platform from outside the EU, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by third parties with whom we may share your personal data in other countries.

If you are a resident in the European Economic Area (EEA), United Kingdom (UK), or Switzerland, the transfer of data to a third country may occur, but we emphasize that such transfers will only take place if that country ensures an adequate level of security. We strive to collaborate with our partners in a manner that prioritizes data protection, and two examples of the mechanisms we employ are adequacy decisions and Standard Contractual Clauses (SCC’s).

In both cases, whether through an adequacy decision or the implementation of Standard Contractual Clauses, our commitment is to uphold the highest standards of data protection and privacy in accordance with this privacy notice and relevant legal requirements. Further details can be provided upon request.

 

G. How long do we keep your information?

In short: We keep your information for as long as necessary to fulfil the purposes outlined in this privacy notice unless otherwise required by law.

We will only keep your personal data for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements). No purpose in this notice will require us keeping your personal data for longer than the period of time in which users have an account with us.

When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise such information, or, if this is not possible (for example, because your personal data has been stored in backup archives), then we will securely store your personal data and isolate it from any further processing until deletion is possible.

 

H. How do we keep your information safe?

In short: We aim to protect your personal data through a system of organisational and technical security measures.

We have implemented appropriate and reasonable technical and organisational security measures designed to protect the security of any personal data we process. We take a variety of measures, including the following:

We consistently update and patch our systems, ensuring that potential vulnerabilities are promptly addressed. All data is securely stored within Europe, adhering to regional regulations. Our commitment to open standards means we avoid proprietary technology, providing you with transparent and accessible services.

Our infrastructure is meticulously organized, with discrete environments for application usage, monitoring, and deployment. Encrypted communication, employing SSL for secure browser connections, adds an extra layer of protection during data transmission.

To combat potential security threats, we conduct rigorous identity checks, employ Non-Disclosure Agreements (NDAs), and carefully manage intellectual property through IP transfer agreements. Access is restricted to a virtual private network (VPN), and strict access rights are maintained for folders and applications. We have embraced a paperless approach and implemented a clean desk policy. Secure note software facilitates the transmission of confidential information, and an offboarding checklist ensures swift removal of access for departing team members.

Our commitment to user protection involves stringent operational measures. We enforce strong password policies (if applicable) and advocate for Two-Factor Authentication (2FA) to add an extra layer of user verification. Automated logout features, SMS verification, and email account verification contribute to a multi-step verification process. The entire registration and login process is encrypted, and behavioural analysis is conducted to identify and address potential security risks. IP blocking for AWS and App stores, along with comprehensive user logging, further strengthens our security posture.

Next to that, we subject ourselves to external scrutiny through audits and certifications from third-party organizations. We are currently in the process of undergoing external validation to meet industry standards and regulations, including ISO 27701, AVG/GDPR, NEN/ISO 27001/2, BIR, BIO, APP, OWASP, PCI-DSS, ISO 9162, and ISTQB. Our commitment to continuous improvement is further emphasized through regular pen testing and auditing processes.

These measures, combined with our certifications, ensure a comprehensive and robust security framework to safeguard your personal data. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorised third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal data, transmission of personal data to and from our Platform is at your own risk. You should only access the Platform within a secure environment.

 

I.     Do we collect information from minors?

In short: We do not knowingly collect data from or market to children under 18 years of age.

We do not knowingly solicit data from or market to children under 18 years of age. By using the Platform, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent's use of the Platform. If we learn that personal data from users less than 18 years of age has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware of any data we may have collected from children under age 18, please contact us at privacy privacy@onlyonce.com.

 

J.    What are your privacy rights?

In short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal data. You may review, change, or terminate your account at any time. 

In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal data, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal data; (iv) if applicable, to data portability; and (v) not to be subject to automated decision-making. In certain circumstances, you may also have the right to object to the processing of your personal data. 

We will consider and act upon any request in accordance with applicable data protection laws.

  • If you are located in the EEA or UK and you believe we are unlawfully processing your personal data, you also have the right to complain to your Member State data protection authority or UK data protection authority.

  • If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner. 

Withdrawing your consent
If we are relying on your consent to process your personal data, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in paragraph L below.

However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent.

It's important to note that withdrawing your consent will lead to the deletion of your account. We respect your choices, and we are committed to ensuring that your personal data is handled in accordance with your preferences. Should you choose to withdraw your consent, please be aware that your account will be removed from our system as part of this process.

 

Account Information

If you would at any time like to review or change the information in your account or terminate your account, you can:

  • Log in to your account settings and update your user account following the steps mentioned under paragraph L of this privacy notice. 

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, we may retain some information in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our legal terms and/or comply with applicable legal requirements.

 

K.  Do we make updates to this notice?

In short: Yes, we will update this notice as necessary to stay compliant with relevant laws.

We may update this privacy notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

 

L.   Contact us and manage your data

Subject to the applicable laws of your country, you have the right to access, update, or delete the personal data we collect from you. You can manage these actions directly through your account settings within the application. If you wish to review, update, or delete your personal data, please follow the steps below:

  1. Log in to your account.
  2. Navigate to the account settings section.
  3. Locate the option for managing your personal data.
  4. Follow the provided prompts to review, update, or delete the relevant information.

Additionally, if you encounter any challenges or prefer assistance, you can contact us via email at privacy@onlyonce.com. We are here to help ensure that your personal data is accurate and in line with your preferences.

Thank you for entrusting us with your information.


Run your ART like clockwork

Effortlessly create and maintain your ART and Scrum Teams, ensuring every team member has access to fully up-to-date and accurate contact and event information. Assign SAFe compliant and ART roles and descriptions, and maintain all team data in our highly-secure app.

One fully-integrated Agile solution

Automatically generate all SAFe events and timelines in one user-friendly app, then sync with calendars to alert every team member at the click of a button. Keep everybody on the same page, with one universal communication platform, eliminating the need for multiple channels.

Keep all Team Members aligned

Communicate and collaborate with Stakeholders, Suppliers and Team Members all in one place, with access to consistently reliable and accurate contact data. Know exactly where you need to be, and when, keeping your entire Team Roster on time and on track, regardless of location.

Save precious time and money

Slash admin and communication costs by eliminating time-consuming manual updates to XLS team rosters and mailing lists. With every SAFe event and standard pre-defined by the app, save time and money by optimizing and rolling out every process in a matter of seconds.

Connect with the Agile community

Build your network by connecting with colleagues and other Agile experts. Find answers to complex Agile questions or doubts in your Only Once activity feed, and search for user profiles to find the perfect candidates for your Agile Release Train.