Data Privacy & Security Policy
This Data Privacy Statement describes the information we collect about you as a visitor to ouroffice.io or other OurOffice websites that link to this Data Privacy Statement, how OurOffice will use the information provided, and with whom we may share the information. The Statement describes your choices and rights related to the information that is provided to or collected by OurOffice.
Updates to the Data Privacy and Security Policy reflect changes in applicable data protection laws, including the European Union General Data Protection Regulation (“GDPR”). Additionally, We have made this Data Privacy and Security Policy more clear, concise, and accessible by organizing it into the sections listed in the hyperlinked Table of Contents below.
Topics Covered by This Data Privacy and Security Policy
- Applicability of this Data Privacy and Security Policy
- Legal Disclaimer
- Information We Collect and Receive About You and How We Use It
- Data Retention
- Data Security
- International Transfer of Personal Information: Privacy Shield and Contractual Terms
- Marketing
- Rights with Regard to Your Personal Information
- Changes to this Privacy Policy
- Contacting OurOffice If You Have Questions or Concerns.
1. APPLICABILITY OF THIS DATA PRIVACY AND SECURITY POLICY
This Data Privacy and Security Policy describes the policies and procedures of OurOffice regarding the collection, use, access, correction, and disclosure of your personal information on OurOffice.io, or other OurOffice websites that link to this policy (the “Site”) or in delivery of OurOffice D&I as a Service (the “Services”). Your personal information will include any information which, either alone or with other data, is reasonably available to us and relates to you (“Personal Information”).
This Data Privacy and Security Policy also covers any of your Personal Information which is provided to us and which is used in connection with the marketing of the services, features or content we offer (the “Services”) to our Clients and/or the support that we may give you in connection with the provision of our Services.
Finally, this Data Privacy and Security Policy also describes the choices available to you regarding the use of, your access to, and your rights in relation to your Personal Information.
This Data Privacy and Security Policy does not apply to any third party applications, software or services that can be accessed from the OurOffice Site or Services, such as applicant tracking systems, social media websites or partner websites (“Third Party Services”).
2. LEGAL DISCLAIMER
OurOffice may disclose Personal Information when required by law or in the good faith belief that such action is necessary in order to conform to the edicts of the law, comply with legal mandates, enforce the terms of use of OurOffice’s website, enforce agreement between OurOffice and its customers or to protect the rights, property, or personal safety of OurOffice, its users and the public.
3. INFORMATION WE COLLECT AND RECEIVE ABOUT YOU AND HOW WE USE IT
We generally collect and process the following types of Personal Information indicated here.
This information is provided to us by our Client, the organization where you are an employee or may have applied for a job.
Information You Provide Us
Personal Information. When using the Site or Mobile Apps, you may choose to provide Us with certain Personal Information, such as your name, photograph, employment details, email address, phone number, and other contact information. This information is used to (i) communicate with you by responding to your requests, comments and questions, (ii) improve the Site and (iii) perform the Services provided by OurOffice. The GDPR legal basis for processing this information is (i) the legitimate interest in communicating with you and improving Our Site and (ii) the contractual obligation to perform the Services.
Contact Information. When you express an interest in obtaining additional information about the Services or the Site, OurOffice may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Device Information. When using the Site or Services, we may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We may use mobile analytics software to allow us to better understand the functionality of OurOffice Site on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any Personal Information you submit within the Site. When you download and use the Site. We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Location Information. We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Site. If you apply for a job at OurOffice through the Site, you may provide us with your location information by selecting the “Locate me” button. We use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your consent.
Log Data. As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the files viewed on OurOffice site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of OurOffice Site.
Tracking Technologies. OurOffice and its partners use cookies or similar technologies to analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about OurOffice user base as a whole. You can control the use of cookies at the individual browser level, but if you choose to disable cookies, it may limit your use of certain features or functions on OurOffice Site or Service. We partner with third parties to either display advertising on OurOffice Site or to manage our advertising on other sites. Our third party partners may use technologies such as cookies to gather information about your activities on our Site and other sites in order to provide you with advertising based upon your browsing activities and interests. The GDPR legal basis for processing this information is the legitimate interest in improving the relevance of OurOffice Site.
Other Information
Social Media Features. OurOffice Site may include social media features, such as the Facebook “Like” button and widgets, such as the “Share This” button or interactive mini-programs that run on OurOffice Site. These features may collect your IP address, which page you are visiting on OurOffice Site, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on OurOffice Site. Your interactions with these features are governed by the privacy policy of the company providing it.
Blog, Testimonials, and Referrals. Our Site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. We display personal testimonials of satisfied customers on Our Site in addition to other endorsements. With your consent, We may post your testimonial along with your name. In addition to your other rights, if you wish to update or delete your testimonial, you can contact us at team@ouroffice.io. If you choose to tell a friend about OurOffice, we will ask you for your friend’s name and email address. You must have the consent of your friend before using this service. We will automatically send your friend a one-time email inviting him or her to visit the Site. OurOffice stores this information for the sole purpose of sending this one-time email and tracking the success of OurOffice referral program In addition to their other rights, your friend may contact us at team@ouroffice.io to request that we remove this information from our database. The GDPR legal basis for processing this information is your consent.
Information Related to Data Collected for Our Clients Collection and Use in Providing the Services. When acting as a service provider, OurOffice only collects information under the direction of its Clients. The Client Agreement governs the delivery, access, and use of the Services and Site, including the processing of Personal Information and data submitted through Services accounts. The Client (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Client administrator of the Platform you use.
Client data will be used by OurOffice in accordance with the Client’s instructions, applicable terms in the Client Agreement, Client’s use of Services functionality, and as required by applicable law. Under applicable GDPR, OurOffice is a processor of Client data and Client is the controller.
OurOffice also uses other information in furtherance of Our legitimate interests in operating Our Services, the Site, and business.
How, and With Whom, Your Information Is Shared
Third Party Services. At times, you may be able to access other Third Party Services through the Site, for example by clicking on links to those Third Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies.
Information Shared with Our Service Providers. We may share your information with third parties who provide services to us. These third parties are authorized to use your Personal Information only as necessary to provide these services to us. These services may include the provision of (i) email services to send marketing communications, (ii) mapping services, (iii) customer service or support, and (iv) providing cloud computing infrastructure.
Information Shared with Our Sub-Processors. We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control such as an email service provider to send emails on our behalf, mapping service providers, and customer support providers (“Sub-Processors”). We may need to share Personal Information with our Sub-Processors in order to provide Services to you. Unless We tell you differently, our Sub-Processors do not have any right to use Personal Information or other information we share with them beyond what is necessary to assist us. Transfers to subsequent third parties are covered by onward transfer agreements between OurOffice and each Sub-Processor.
Information Disclosed Pursuant to Business Transfers. In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of OurOffice assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of OurOffice or OurOffice assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on OurOffice Site of any change in the legal owner or uses of your Personal Information, as well as any choices you may have regarding your Personal Information.
Information Disclosed for Our Protection and the Protection of Others. In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as we reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request (ii) enforce this Privacy Policy, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect OurOffice rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention.
We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors we share your Personal Information with to use it for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with OurOffice instructions.
Except as set forth above, you will be notified when your Personal Information is shared with third parties, and will be able to prevent the sharing of this information. Unless we otherwise have your consent, we will only share your Personal Information in the ways that are described in this Privacy Policy.
4. DATA RETENTION
We will retain your Personal Information and the Personal Information we process on behalf of OurOffice Clients for as long as needed to provide Services to OurOffice Clients in accordance with OurOffice data retention policies, and as necessary to comply with our legal obligations, resolve disputes, and enforce OurOffice agreements. You may request removal of your Personal Information at any time by contacting security@ouroffice.io. Without limiting any other remedies available to it, OurOffice may immediately suspend access to the Services and/or terminate the applicable Agreement if: (a) you breach any material provision that, (if it is capable of being cured) is not cured within thirty (30) days from written notice to you (and sixty (60) days in the case of non-payment); or (b) OurOffice determines that your actions are likely to cause legal liability for OurOffice or its suppliers and other customers. Upon any expiration or termination of the applicable Agreement, and upon expiration of the associated Subscription Term if the Client does not renew in accordance with a Renewal Notice, the rights and licenses granted hereunder will automatically terminate, and you may not continue to use the Service. OurOffice will have no liability for any costs, losses, damages, or liabilities arising out of or related to OurOffice’s termination of the applicable Agreement. Upon expiration or termination of the applicable Agreement, OurOffice will provide a backup file of Customer Data if requested within 30 days of termination or expiration, and OurOffice will have no other further obligation to maintain or provide access to your Customer Data. In addition, full backups and restoration are in line with generally accepted standards as well to ensure data integrity and management.
5. DATA SECURITY
The security of your Personal Information and OurOffice Clients’ information is very important to us. We use administrative, physical and technical measures designed to protect your information from unauthorized access, use, disclosure, alteration or destruction, in accordance with applicable laws and regulations.
When you enter sensitive information (such as login credentials), we encrypt the transmission of that information using secure socket layer technology (SSL). In addition, the use of cloud provider encrypted algorithms ensures data security as well. We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it.
Handling of your information by OurOffice staff is restricted by specific access levels, which are subject to strict contractual obligations, and disciplinary action in case of any failure to meet our standards. Transfer of such information to OurOffice Sub-Processors or other third party service providers is conducted with safeguards in place that also meet OurOffice data protection standards. We require Non Disclosure Agreements (NDA) and incorporate contractual provisions in all our agreements, ensuring compliance with (i) such standards and (ii) applicable data privacy laws and regulations.
OurOffice also contracts with third-party experts to conduct regular independent network, system, and application vulnerability assessments.
Lastly, we depend on you for security and protection of your data, such as safeguarding your login credentials. If you become aware of any breach of security or privacy, or if you have any questions or concerns about OurOffice policies and processes, please contact us at security@ouroffice.io
6. INTERNATIONAL TRANSFER OF PERSONAL INFORMATION
OurOffice is based in the U.S., the Site is hosted in the U.S., and many of OurOffice’s suppliers and Sub-Processors are also based in the U.S. or otherwise outside of the European Union. In providing your Personal Information to OurOffice, your Personal Information will be sent to the U.S. (or otherwise outside of the European Union), where the local applicable law may provide you with less protection than under European Union law. However, any transfer of Personal Information from the European Union to the U.S. or elsewhere will be in accordance with applicable European Union data protection law.
OurOffice also enters into European Union Model Contractual Clauses, also known as Standard Contractual Clauses, with its Clients to meet the adequacy, privacy, and security requirements for Our Clients that operate in the European Union, and other international transfers of client data.
7. MARKETING
As part of the Services, you may choose to opt-in to receive occasional email and other communications from us, such as communications relating to promotions. You may opt-out of receiving such communications at any time by using the “Unsubscribe” link found in such emails, or by emailing us at team@ouroffice.io. In the context of us providing you marketing information, we may analyze your preferences to make sure the information we provide you is relevant.
8. RIGHTS WITH REGARD TO YOUR PERSONAL INFORMATION
In the event that you have provided Personal Information to us in your use of the Site, we will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting us at security@ouroffice.io. We will respond to your request within a reasonable timeframe.
When acting as a service provider of our Clients, OurOffice has no direct relationship with the individuals whose Personal Information is provided to OurOffice through the Services. An individual who is or was employed by one of OurOffice Clients and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her Personal Information in the Platform, should direct his/her query to the HR department of the Client that uses the Site or Services and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the Site provided by the Client.
If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information We control:
Right of Access. You can request details of your Personal Information we hold. We will confirm whether we are processing your Personal Information and we will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information, but We may charge you a fee to cover our administrative costs if you request further copies of the same information.
Right of correction. At your request, we will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide to us.
Right to be forgotten. At your request, We will delete your Personal Information if:
- It is no longer necessary for us to retain your Personal Information;
- You withdraw the consent which formed the legal basis for the processing of your Personal Information;
- You object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
- The Personal Information was processed illegally;
- The Personal Information must be deleted for us to comply with OurOffice legal obligations.
We will decline your request for deletion if processing of your Personal Information is necessary:
- For us to comply with Our legal obligations;
- For the establishment, exercise or defense of legal claims; or
- For the performance of a task in the public interest.
Right to restrict processing. At your request, We will restrict the processing of your Personal Information if:
- You dispute the accuracy of your Personal Information;
- Your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
- We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim; or
- You object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.
We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.
Right to data portability. At your request, We will provide you free of charge with your Personal Information in a structured, commonly used and machine readable format, if:
- You provided us with your Personal Information;
- The processing of your Personal Information is required for the performance of a contract; or
the processing is carried out by automated means.
Right to object. Where we rely on OurOffice legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless we have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing. You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
Right to withdraw consent. You have the right to withdraw any consent you may have previously given us at any time. In order to exercise your rights in this section we may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact us at security@ouroffice.io. We will respond to your request within 30 days or provide you with reasons for the delay.
Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If we refuse your request we will notify you of the relevant reasons.
In so far as practicable, we will notify OurOffice Clients and third parties we have disclosed your Personal Information with any correction, deletion, and/or restriction to the processing of your Personal Information. Please note that we cannot guarantee our Clients or other third parties will comply with your requests and we encourage you to contact them directly.
Please note that if you decide to exercise some of your rights, we may be unable to perform the actions necessary to achieve the purposes set out above or you may not be able to use or take full advantage of the Site and Services.
Right to complain to a supervisory authority. If you are not satisfied with OurOffice response, you have the right to complain or seek advice from a supervisory authority and/or bring a claim against us in any court of competent jurisdiction.
9. CHANGES TO THIS POLICY
We may amend this Data Privacy and Security Policy from time to time to reflect changes to OurOffice information practices. OurOffice use of Personal Information we collect is subject to the Data Privacy and Security Policy in effect at the time such information is used. If we make material changes in the way we collect or use information, we will notify you by posting an announcement on OurOffice Site or sending you an email. We encourage you to periodically review this page for the latest information on our privacy practices.
10. CONTACTING OUROFFICE IF YOU HAVE QUESTIONS OR CONCERNS
If you have any questions or concerns regarding this Privacy Policy, please send us a detailed message to security@ouroffice.io. We will make every effort to resolve your concerns. You may also raise any concerns or complaints with your local Data Protection Authority.
Effective Date: 11/01, 2018.