Overview
Web Interface
User Settings
Files
Productivity
Migration
Administration
Api
OneOffice Logo

GDPR Compliance

How OneOffice respects and enforces GDPR compliance

PII or Personally Identifiable Information relates to data that identifies or contains personal information related to the user.

This can be:

  1. Your full name or names of family members.
  2. Your address
  3. Your bank account / credit card number.
  4. A unique combination of data that, together, can identify you. For example your birth date and your workplace.

2. Session and Application Cookies

We use server-side Cookies for authentication. It is considered the most secure browser-based session-management today.

Our mobile apps also use session-based headers, similar to Cookies in their use.

OneOffice only stores cookies needed for it to work properly. All cookies come from OneOffice servers directly.

No third-party cookies will be sent to your system. Ever! We host all services that you use with us (Document Editor, Whiteboard, Video calls etc.) That's why we are so secure ... we are monolithic.

3. Cookies used by OneOffice

Under GDPR legislation, only cookies which contain PII are relevant.

Below is the table of cookies we use, no personal data is stored in any of them.

Cookie Data Stored Lifetime
Session cookie Session ID, Secret Token (used to decrypt the session on the server) 24 minutes
Same-site cookies Application settings (not user-related) Forever
Remember-me cookie User ID, Original Session ID, Remember Token 15 days -- configurable

We do not show those annoying popups asking you to consent to Cookies. If you use OneOffice, you automatically consent to our use of Cookies to properly and securely operate our services.

4. User Rights Policies

We strongly recommend you inform your employees that company-related tools are for work only.

Now, we are all guilty of communicating with families and friends from work emails, either inadvertently or as a matter of habbit.

We should be conscious that we waive any right to privacy when we use company tools for personal reasons.

Therefore, User GDPR rights, such as the right to be forgotten (i.e. forcing the company to wipe out all our data) is waived. How can a company function whent its data is under constant threat of being wiped out by a disgruntled employee.

5. Underage Users

While we do offer learning tools for K12 (i.e. ClassroomAPP), our main offering of OneOffice Productivity was not made for children.

If you have employees under the age of legal consent, typically less than 18 years of age (some countries allow 16+ to participate in the workforce), please ensure their legal guardians have signed rights waivers on their behalf.

Don't miss this step if you have internships, summer student programs and the like. Make sure your legal department is on top of it.