- Privacy Notice
- Data Processor Agreement
- End User Licence Agreement
- API Agreement
- Standards of Business Conduct
As a 24SevenOffice customer, your security is our top priority. In our Privacy Notice we will explain our Policy concerning privacy and storage of personal data. This Statement will also cover the individual’s right accordingly to the General Data Protection Regulation (GDPR), that EU has enforced by May 25, 2018. GDRP applies to all organizations in the EU or territories outside of EU that has adapted the same regulations (e.g. Norway). It cover all organizations that process personal data in purpose of offering products or services or to monitor behavior in some way.In this Statement we will explain 24SevenOffice role as a data processor and your rights to control the information registered of you as an individual. If your company is organized as a sole proprietorship, 24SevenOffice will process your data as a corporation and not as a personal data.
1. What personal data does 24SevenOffice process?
To understand what kind of data 24SevenOffice stores about an individual we need to define what kind of personal data Is stored.
24SevenOffice define Customer content as data, images, text, video, audio and ledger information that a Customer or any user connected to the Customer stores and processes in the 24SevenOffice Service.
24SevenOffice define account information as information about a customer or an individual that is collected in the signup service, and later updated by the users themselves. This is basic information necessary to deliver the 24SevenOffice Service. For example, account information includes names, usernames, phone numbers, email addresses and billing information associated with a customer account.
Customers who use the 24SevenOffice Payroll module, have to store additional information about an individual to be able to provide payroll services. This might be, but are not limited to, social security number, bank account number, sick days, and absences. Make sure that you have included permission to process such information through your employee agreements. In the payroll module, you can choose to send paychecks via email. This is not recommended in accordance with the General Data Protection Regulation (GDPR), so it is recommended that users log in to 24SevenOffice to retrieve their own paychecks.
24SevenOffice define Mobile data as information collected from you mobile phone to perform services like time tracking, expenses and trip tracker. These services will need to have access to functions in your mobile phone like e.g. geodata, storage and camera.
24SevenOffice define Payment data as information the user provide when making online purchases. This might be information like credit card number, security codes, name and billing address. Payment data is used to complete transactions and to detect and prevent fraud.
24SevenOffice define Support data as information collected when an individual is in contact with 24SevenOffice for help. This might be information you supply in a support request to the 24SevenOffice customer service department or any other results from helping you as a customer.All of the data defined above will include Personal data that is any information related to identify an individual person.
2. What is a Data Processor and a Data Controller?
A Data Processor is an entity which processes Personal data on behalf of the Data Controller. A Data Controller is the entity which, alone or jointly with others, determines the purposes and means of the processing of personal data.
What is processing?
Processing means obtaining, recording or holding the information or data or carrying out any operation on the information like using, alteration, updating, retrieval, deletion or destruction of data.
3. Who is the Data Processor?
This is determined by who is the supplier and the customer. As long as you as a customer of 24SevenOffice store and process Personal data about e.g. your own customers, you are a Data Processor in relation to your own customer. While 24SevenOffice as a Data Processor hold and process data, it does not have any responsibility or control over the content of the data. In the relationship between 24SevenOffice and you as a customer of the 24SevenOffice Service, 24SevenOffice is the Data Processor.What does this mean? E.g. If an individual wants knowledge about what kind of information that is registered about him/her, the individual has to contact the Data Processor. If that is one of your customers, they have to make a request to you, not to 24SevenOffice. You are solely responsible for providing this information to your customer, since you are the only one that know what kind of data you have stored about your own customers.
4. Why 24SevenOffice processes your personal data?
24SevenOffice collect, use and share the data described in this notice as necessary to fulfill the Customer License Agreement (CLA) and to comply with the legal obligations and to provide a safe and secure Service to all customers. 24SevenOffice acts as a Data Processor when operating data on behalf of its customers. Personal data collected in this process is minimum Account information to provide the Service to its customer, but also information about the customer relationship between 24SevenOffice and you as a customer. This might be information that you have consented to receive from 24SevenOffice based on your own or your employer’s interests, information to provide you with relevant offers, information to prevent abuse or notification about suspected breach.
5. Who owns and controls customer content?
24SevenOffice customers maintain ownership of their own Customer content, while 24SevenOffice store and host the content. 24SevenOffice do not access or use customer content for any other purpose than what has been described in this Privacy Notice without the customer’s consent. Customer content is always owned by the company that the 24SevenOffice Service is connected to by its company or organization number, and shall not be confused by who is the invoicing partner. E.g. in circumstances where the customer is invoiced by their accountant or another sales partner, the customer owns the content registered within the 24SevenOffice Service, not the accountant or sales partner. It is required that the customer pay the invoicing part to get access to the Customer content, no matter who is the invoicing partner.
6. How 24SevenOffice uses Account Information?
24SevenOffice is organized in several partly or fully owned companies. Information as mentioned in this Privacy Notice will be shared with these companies to supply the 24SevenOffice Service to you as a customer. In case of a merger or an acquisition, there might be necessary to display data containing some degree of personal information. This will not be shared without a signed non-disclosure agreement between the parties
Business partners and resellers
24SevenOffice may share personal data with business partners in order to fulfill the order and invoicing process in cases where you have purchased the 24SevenOffice through a partner. No other data will be shared.
Third-party Service Providers (for 24SevenOffice)
24SevenOffice may use Third-party Services it selves to communicate with you as an customer. This might be information accordingly to the Customer License Agreement (CLA) or promotional information through email or other practical channels. 24SevenOffice may also share personal data with third-party Services to perform payment services, e.g. processing credit card payment or collection services when customers fails to fulfill their payment obligations.
Third-party Service Providers (for Customers)
One of the advantages with using the 24SevenOffice Service is all of the integrations available for the customer, or the open API that can be used to produce new integrations. By accepting Third-party Service Providers, you as a customer also consent that this provider gets access to your data, that might contain personal data. 24SevenOffice is not responsible for third party operating procedures, support, customization or development. It is strongly advised to read and consent any third party terms and conditions and ask the supplier what kind of personal data they are extracting through the 24SevenOffice API before starting using such an ancillary service.
24SevenOffice will use your Account information to give you digital information that is relevant for you as a 24SevenOffice customer. This might be, but is not limited to, newsletters, re-targeting ads, information about security and operations, new features in the Service, as well as customer service messages inside the Service.
24SevenOffice use data stored in the 24SevenOffice Service for statistical purposes, without identifying the individual customers.
24SevenOffice store usage patterns to optimizing further development of the Service and to give you as an individual user of the 24SevenOffice a greater user experience. This usage is performed without identifying the individual user of the 24SevenOffice Service.
Website, Social Media, Blogs and Customer Testimonial
24SevenOffice posts blogs about Customer testimonials and news that is relevant for the readers of the blogs. Such information may contain information about individuals that can be defined as personal data. 24SevenOffice obtain the consent before posting any information identifying any individuals, or links to the original site as a source. 24SevenOffice also posts content from the website on social media platforms, or post information only intended for these platforms. The information is displayed for users that is following 24SevenOffice or through advertising tools offered by the single social media platform.
7. How 24SevenOffice collects your personal data?
The main purpose for 24SevenOffice to collect your personal data is to provide the Service to all customers, and to secure that it is you and only you that get access to your data. In addition 24SevenOffice wants to give you the best user experience, and uses different tools as described below to give you this experience. As of date 24SevenOffice uses the following tools for this purpose:
Web Sites Navigational Information
The 24SevenOffice website is using a small number of software solutions to collect and store information – to provide an even better service and great user experience, when a user visits our website, as details of how you use the 24SevenOffice Service, such as your search queries. This also includes device event information, such as system activity, hardware settings, browser type, browser language, the date and time of your request and referral URL.
The 24SevenOffice Service stores cookies on your device, be it mobile phone, tablet or computer. These cookies enables us to know that you are you after having logged in, and is a critical part of any website (or application) on the Internet that requires users to log in. Without cookies it would be (for now) impossible for any web-based application to identify you and deliver your data securely to you, and you only. Apart from the cookies used for authenticating and identifying you, we also use some cookies to enhance the user experience, for instance the ordering and hiding of columns in certain reports throughout the application. Feel free to delete these cookies after having logged out of the system. You may set your browser to block all cookies, including cookies associated with the software 24SevenOffice use on our website, if you don`t want 24SevenOffice to collect and store information. But as mentioned in the text above, this may affect your user experience in the 24SevenOffice Service.
Third Party Cookies
24SevenOffice also uses third party tools to perform tasks mentioned under the Cookies paragraph. This might be, but is not limited to, statistic purpose, e.g. the number of visitor on the webpages or to provide the user with relevant advertisements.
Internet Protocol addresses
24SevenOffice collects your Internet Protocol (IP) address to track and aggregate personally identifiable information, as well as when the customer log into the Service. This is e.g. used to navigate the visitor to the right region site of the webpage, or to other relevant sites on the same webpage. To perform an identity conformation, the internet protocol address may be used as an identifier.
24SevenOffice uses Web Beacon in conjunction with cookies to compile information about Customers and visitors usage of the 24SevenOffice website and interaction using emails. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the Web Beacon, and a description of a website tied to the Web beacon. 24SevenOffice may place Web Beacons in marketing emails that notify the customers when clicking on a link in the email that directs you to one of 24SevenOffice websites. It is also used to operate and improve the 24SevenOffice website and email communications. 24SevenOffice may use information from Web Beacons in combination with personal data to provide you with information about 24SevenOffice and the 24SevenOffice Service.
Marketing Automation Tools
Help desk Tools
24SevenOffice uses help desk tools as an integrated customer support and chat tool. All information you register in contact with 24SevenOffice Customer Service through email, phone or chat will be stored in these tools. This being statistics, earlier communication about the same issue or to find other solutions on similar situations.
When you download or use the mobile app, 24SevenOffice may receive information about your location and your mobile device, including a unique identifier for your device. 24SevenOffice may use this information to provide you with location-based services. Most mobile devices allow you to turn off location services. For more information see the mobile suppliers websites.
The sales department in 24SevenOffice uses these tools to perform their sales activities. In the sales process they may process data that is defined as personal data and that has come to their attention through the sales process. This is e.g. traditional information you store in a CRM system. This information will be available for other employees in 24SevenOffice. All employees in 24SevenOffice has signed confidentiality agreements. In cases where 24SevenOffice uses external personnel, they will also sign a confidentiality agreement.
The 24SevenOffice Service
24SevenOffice does not collect data registered within the 24SevenOffice Service for any other purposes than for anonymized statistics. Information that is publicly known or received by 24SevenOffice through any of the other paragraphs in this Privacy Notice is not covered in this paragraph.
By accepting the Customer License Agreement (CLA) you also consent that 24SevenOffice use these tools for collecting described information.
8. What are my rights?
As an individual you have the right to access all Personal data that is registered about you in any register. This rights can be categorized as follow:
To give or revoke Consents
You have the right to give or revoke Consent about use of your Personal data. A revoke of Consent may lead to that you will be unable to use the Service.
Right to access
You have the right to get access to information about what Personal data has been registered about you.
Correcting and updating
You have the right to require that false or wrongfully information about you is corrected in the register.
Right to be forgotten
You have the right to require that the owner of the register delete Personal data about you in their register.
Right to export of personal data
You have the right to get your personal data transferred in a plain machine-readable format. See Customer License Agreement (CLA) for terms of export of any data.
Right to get information
You have the right to be informed if Personal data about you as an individual is collected. You also have the right to be notified if there has been a data breach at the owner of the register.The owner of the register is obliged to support you in these inquiries about Personal data. Contact the owner of this register directly about these issues. If you are a customer of 24SevenOffice see contact information in the last paragraph. If you are a customer of a company that uses the 24SevenOffice Service, please contact that company directly.
9. What if public authorities want to access your personal data?
When governments or law enforcement make a lawful request for Personal data or any other data processed by 24SevenOffice, we are committed to transparency to what we disclose. 24SevenOffice believes that customers should control their own data, and will not disclose Personal data to a government or law enforcement except when you accept such a request or where required by law. 24SevenOffice may access, preserve and share your information in response to a legal request (like a search warrant, court order or subpoena) 24SevenOffice may also access, preserve and share information when it is necessary to: detect, prevent and address fraud and other illegal activity; to protect the company, you and others. Information received about you may be accessed, processed and retained for an extended period of time when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of 24SevenOffice terms or policies, or otherwise to prevent harm.
10. Where does 24SevenOffice process and store data?
The physical storage of data is located in the EU/EEA for all customers based in this region. Data storage for these customer is not replicated outside of this area.
Financial accounting data
Storage of financial accounting data is following the local laws in the area that this functionality is provided. E.g. storage of Norwegian customers is in Norway. Data is not replicated to other regions than the above mentioned regions. 24SevenOffice will inform customers if there will be a future change of this notice.
11. How long does 24SevenOffice store data - Deletion of personal data
24SevenOffice stores data accordingly to the Term in the Customer License Agreement (CLA). It is the customer's responsibility to store data for the period of time required by laws and regulations. It is the customers own responsibility to delete Personal data that has no more purpose. Some information (e.g. accounting information) is required to be stored for a period of time by court regulations.Should the Customer License Agreement (CLA) be terminated before the required period of time comes to an end, it is the customers responsibility to agree upon the terms of extended storage with 24SevenOffice, or to export data.Upon expiry or termination of this Agreement, 24SevenOffice shall provide assistance reasonably required by the customer to have the Personal data transferred in a suitable standard format to the Data Controller and/or a third party service provider, where the Data Controller cannot export data themselves. See terms of assistance in Customer License Agreement (CLA) “Export of data at Termination”.24SevenOffice store data until it is no longer necessary to provide the Services or until your account is deleted – whichever comes first. 24SevenOffice will start the deletion of data processed on behalf of the customer within three months after the termination of the Customer License Agreement (CLA). 24SevenOffice has the right, but not any responsibility to delay deletion of data If the terms of the termination is not fulfilled. That might be, but is not limited to, an open legal issue concerning the customers data.
12. Use of subcontractors and 3.parties
24SevenOffice use subcontractors for:
- 24SevenOffice uses subcontractor for IT hosting services like server operation, storage and maintenance of the 24SevenOffice Service
- 24SevenOffice may use subcontractors for development purposes
- 24SevenOffice may use 3.parties services to perform processing tasks to supply you as a customer with an fast and reliable service. Personal data is not stored in any 3.party service when performing such tasks
- 24SevenOffice invoices some 3.parties services, but these Services are clearly marketed as 3.parties services. Their access to personal information from 24SevenOffice is limited to the access that you as a customer grants them to perform the requested service. Subcontractor will not have any access to personal data beyond information that connect you as a customer to an account in the 24SevenOffice ServiceWhen using subcontractors, 24SevenOffice will always enter into a data processing agreement (DPA) in order to protect your privacy rights.
13. Security. What is important to know about the security of 24SevenOffice?
24SevenOffice is committed to prevent unauthorized access disclosure or other deviant processing of your data. Your data is stored in a secure data operating environment with limited access for employees in 24SevenOffice or our sub-contractor on operations. Access to data is on need-to-know basis only. The operating environment is certified to conform the information security management standard ISO27001 and the quality management system standard ISO9001:2015. Bank payments uses industry-standard encryption to provide protection for all information sent over internet.What is the customer's role in securing their customer content?It is important when you as a customer evaluates the security of a cloud solution, understand and distinguish between security measures that 24SevenOffice implements and operates, “Security in the Cloud”, and security measures that customers implement related to internal security of their own data. 24SevenOffice is responsible for the operation and security of the 24SevenOffice Service, while you as a customer is responsible that no unauthorized entity gets access to you or any of your employees login information. That also includes leaving the 24SevenOffice Service logged on while leaving your media for accessing information. E.g. 24SevenOffice is not responsible for breach of security following customers improper storage of authentication tools like e.g. passwords and mobile phones.
14. How to contact 24SevenOffice?
If you have questions about personal data registered at a company that is a customer of 24SevenOffice, you have to contact this company. 24SevenOffice cannot access information registered about you in one of our customers registers.If you have the same question about personal data registered on you as an individual by 24SevenOffice or any of its subsidiaries, contact privacy[@]24SevenOffice.com
Changes to 24SevenOffice Privacy Notice
Last update 03.05.2018
23.04.2021 - In connection with the introduction of 24SevenOffice Payroll module, a new section under 1. What data do 24SevenOffice process is included. This section regulates what type of data that 24SevenOffice process to deliver payroll functionality to its customers.
02.10.2020 - Contact information email adress is updated
03.05.2018 - First edition of revised Privacy Notice after the changes in the laws and regulation regarding processing of personal data, known as General Data Protection Regulation (GDPR)