Data Privacy Policy of Office24


Updated: April 2021

The protection of your personal information, e.g. when you visit our website, when you contact us and when you enter into a contractual relationship with us regarding our services is of the utmost importance to us. 

Below you will find information on what data we collect when you visit our homepage, when you fill out our web forms or use other functions on our website, and how and for what purpose we process this data. We collect, process and use personal information only in accordance with the following principles and in compliance with the applicable legal provisions on data protection.

Questions about privacy in connection with our website and the services offered through our website can be directed to us using the contact information in section 1, directly below.

 1.    Responsible party and data protection officer  

This privacy information applies to the data being processed by:

Office24 Ltd.

Address:       18A Heath Road
                         Nailsea,
                         Bristol, BS48 1AD 

All contact details can be found here. (hereinafter also referred as “Office24” or “we”).

You can contact Office24’s data protection officer here:

E-Mail:            dataprivacy@office24.co.uk


2.    Collection and storage of personal data and the nature and intended use


2.1    While visiting our website

When you visit our website, the browser used on your end device automatically transmits information to the server of our platform. This information is temporarily stored in a so-called log file.

The following information is recorded without requiring any action on your part: 

• the IP address of the requesting end device,

• the date and time of access,

• the name and URL of the retrieved file,

• the website from which access is made (so-called referrer URL),the browser used and, if necessary, the operating system of your computer and the name of your Internet access provider.

The above-listed data will be processed by us for the following purposes:

• to ensure a smooth connection of the website,

• to guarantee a user-friendly experience of our website,

• to evaluate system safety and stability,

• for other administrative purposes.

The data is stored in server log files in a format that allows the identification of the persons concerned, for a maximum period of 14 days, unless a security-relevant event occurs (e.g. a DDoS attack). When a security-relevant event occurs, server log files are stored until the security-relevant event has been eliminated and fully resolved.

The legal basis for data processing is our legitimate interest, which results from the above listed purposes for data collection. Under no circumstances will we use the data collected for the purpose of drawing conclusions about your person. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. You are not obligated to provide us with any personal information. If you choose to not provide such information, it will not be possible to access our website.

Furthermore, we use cookies and analytical services when you visit our website. You can find further information on this below.

2.2    When contacting us

We offer you the option of contacting us via a contact form which you can find by clicking on "Contact" at the bottom of our website. You will need to provide us with your telephone number and e-mail address. Additional information (company name, name, your request and questions) may be provided voluntarily. 

Alternatively, you can send us an email to info@office24.co.uk using your preferred E-Mail server. When doing so, it is necessary to provide your name, a valid email address and a description of your problem so that we know who the request comes from and can appropriately address it. Additional information (such as subject and - if available - contract reference) may be provided voluntarily.

In the event that your enquiry concerns a contract to which you are a contractual party, or concerns the implementation of pre-contractual actions, the data processing will be carried out in accordance with Article 6 (1)(b) UK-GDPR. For all other inquiries, data processing for the purpose of establishing contact is based on a balance of interests (Article 6 (1)(f) UK-GDPR). In this case our legitimate interest is the processing of your request. In the case of an already existing customer relationship with us, we store your information in our system together with your contractual data in order to be able to offer you a flawless service. If you are interested in our services, we store your information in order to find a suitable offer for you via our services or to be able to send you such offers in the future based on the interests you have expressed. In addition, the personal information collected by us in the course of contacting you will be deleted in accordance with the legal requirements after the inquiry you have made has been completed.

2.3    Newsletter 

We will use your name and email address to send you our newsletter on a regular basis, provided you have explicitly given consent (Article 6 (1)(a) UK-GDPR). To receive the newsletter, providing an email address is sufficient. 

You can use the link at the end of each newsletter to unsubscribe at any time.

2.4    Phone support and request for a callback

You can reach us at any time via the toll-free number listed on our website.

You also have the option of requesting a free callback via our website. For this purpose, it is necessary to provide your name and e-mail address in order to determine where the request originated from. It is also required that you tell us when you would like us to call you back (immediate call back or indication of preferred date and time).

We store this information along with others you provide by phone in order to process your request. If a contractual relationship arises or a contractual relationship already exists, we will store this information under your customer ID to ensure a seamless service and a smooth execution of the contract. In this case, the legal basis for data processing is Article 6 (1)(b) UK-GDPR. 

If you have shown interest in our services but no contractual relationship is established, we will store your information in accordance with Article 6 (1)(f) UK-GDPR. We will contact you again after 6 months to check if you are still interested in our services. In all other cases, in particular if you inform us that you wish your information to be deleted, we will delete the information collected during the phone call as soon as your request has been resolved.

2.5    LIVE-Test

In order to test our phone services, we offer you the option of a LIVE test. We will then simulate the scenario that you - for a reason selected by you - are not able to be reached. The call will be answered by a Office24 secretary and a message will be left for you. For this purpose, it is necessary that you enter your name and instructions for our secretary using a form on the website. In a second step, you will be asked to provide your E-Mail address and mobile phone number so that after the call is made, you will receive a sample email and text message with a call notification for the simulated call. You will then be shown a phone number that you can call to make the test call.

If a contractual relationship arises or a contractual relationship already exists, we will store this information under your customer ID to ensure a seamless service and smooth contract implementation.

In this case, the legal basis for data processing is Article 6 (1)(b) UK-GDPR. If you have shown interest in our services but no contractual relationship is established, we will store your information in accordance with Article 6 (1)(f) UK-GDPR. We will contact you again after 6 months to check if you are still interested in our services. In all other cases, in particular if you inform us that you wish your information to be deleted, we will delete the information collected during the LIVE-Test as soon as your request has been finally settled.

2.6    Registering a customer account in our customer portal

If you are a Office24 customer, an account will be set up for you using the information provided by you when placing the order, so that you may use the additional functionalities of the Customer Portal. Your customer account is not publicly accessible.

After account setup, a temporary password will be sent to you with the request to update your password immediately, using a password chosen by you.

The content you post may not contain personal information of third parties, unless their explicit consent has been obtained or there is another legal basis for such (e.g. Article 6 (1)(b) UK-GDPR). If you obtain consent of third parties for this purpose, you are obliged to inform these individuals of the scope of data processing by Office24 and provide them with all necessary information on data subjects. 

The processing of the information you are required to provide during the registration process is necessary in order to fulfil the contract you entered in by registering for a user account on our website.

You can use the following functionality in our customer portal to

 · retrieve call logs and call history

· provide instructions to the secretary, receptionist etc. (e.g. availability times)

· manage appointments and for address book management (if necessary, using Google Calendar and Google Contacts, see section 2.9)

· make online bookings (see section 2.8)

· file documents

· access E-Mail inbox

· link other customer accounts, e.g. employee accounts

· access dictation service

· arrange credit rating and credit information services

· to utilise email, Fax, text messages and letter forms to directly send a message via the website

· access our customer referral program

· set up call forwarding

The information is stored during the contract duration (Article 6 (1)(b) UK-GDPR). In the event of contract cancellation, we will ask you if you want to continue using the basic functions of your customer account in our customer portal, free of charge. If you decide to continue using your customer account, we will store your information for the duration of your use of the customer account, unless you delete it yourself. If you inform us that you do not want to use your customer account, or if we do not record any activity in your customer account for a period of 5 years after contract cancellation - or from a later date onwards - we will delete or irreversibly anonymise your information.

2.7    Online and phone bookings

You have the option of booking secretarial services (telephone and office services) online via our website. You can also book rental offices and conference, seminar rooms by telephone.  

For this purpose it is necessary that you provide us with the following information in addition to the information about which product, which tariff and which additional services you would like to book (e.g. text message notifications, 24h extension): Company name, company type, postal address, salutation, first name, last name, email address, phone number, account or credit card details. 

The content you submit may not contain personal information of third parties without their explicit consent. If you obtain the consent of third parties for this purpose, you are obligated to inform these individuals of the scope of data processing by Office24 and provide them with all necessary information on data subjects.

The data you provide during the booking process will be processed in accordance with Article 6 (1)(b) UK-GDPR, as this is required to fulfil the contract concluded via the website. We store your data in accordance with section 2.7 of this privacy policy in order to provide you with a seamless service. In the event of contract termination, we will ask you if you would like to continue using the basic functions of your customer account in our customer portal free of charge. If you wish to continue using the customer account, we will store your information for the duration of your use of the customer account, unless you delete it yourself. If you inform us that you do not want to keep your customer account, or if we do not record any activity in your customer account for a period of 5 years after contract termination - or from a later date - we will delete or irreversibly anonymise your data.

2.8    Contact and calendar synchronisation

We enable our customers to synchronise their contacts and calendar entries from an existing customer account with Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter "Google"), which is not subject of the contractual relationship with Office24. This is done via technical interfaces provided by Google.

By using these interfaces, it is possible to automatically transfer contact and calendar data stored with Google to the data stored at Office24 and, vice versa, to transfer data stored at Office24 to Google. In addition, the interfaces enable Office24 employees to have direct access to the customer's Google calendar (if requested by the customer), and to enter appointments scheduled for the customer. Under certain circumstances, this could lead to a significant increase in the quality of the service provided by Office24.

Google stores and processes the data collected in connection with its company on servers located in the USA and respectively, in a third country, in the sense of Article 44 et. seqq. UK-GDPR in combination with section 18 of the Data Protection Act 2018. In accordance with the above-mentioned provisions, it is pointed out that the respective customer remains responsible for the lawfulness of the transfer of information of third parties (such as his or her customers and/or employees) within the framework of his or her existing contractual relationship with Google, even if this is done via the interfaces described above. 

The set-up of contact and calendar synchronisation by Office24 is only possible with the explicit consent of the customer, which the customer can provide as part of the synchronisation setup. Without consent the respective functionality will not be activated. In the context of the declaration of consent, the customer is again referred to the above explanations.

In this instance, the legal basis for data processing is Article 6 (1)(a) UK-GDPR. Consent can be revoked at any time by sending a message to dataprivacy@office24.co.uk.

Office24 services may be used without restrictions, as well as without contact and calendar synchronisation.

3.    Information Disclosure


3.1 In General

We have entered into data processing agreements with technical service providers which we use for the operation and maintenance of our website, as well as with the providers of communication, tracking and web analysis tools listed in sections 2, 5 and 6 of this privacy policy, who process the data on our behalf for the purposes of user analysis and statistical evaluation. Beyond that, we do not transfer or share your personal information with third parties, except for the purposes listed below.

We will only disclose your personal information to third parties if the following is applicable:

• you have provided your explicit consent, 

• the disclosure of information is necessary to protect our legitimate interests or the legitimate interests of a third party and there is no reason to assume that you have an interest worthy of protection in not disclosing your data,

• in the event that there is a legal obligation for disclosure, and

• a disclosure is legally permissible and required for the processing of contractual relationships.

3.2 Data transfer to third countries

Service providers who process personal data on our behalf outside the European Union (so-called third countries) will only be used without your consent in accordance with Article 49 (1) (a) UK-GDPR if an adequacy regulation in the sense of section 18 of the Data Protection Act 2018 or suitable guarantees have been obtained from the recipient for this third country. If you consent to the transfer of your personal data to third countries, we will transfer your data to the USA in connection with the following services without suitable data protection guarantees:

•    Google Analytics, Firebase, Google Dynamic Remarketing, Google Marketing Platform (Google Ireland Limited / Google LLC)

The transfer of personal data to third countries that do not offer an adequate level of data protection (in particular to the USA) carries the risk that the data may be processed for the purposes of third parties without your knowledge and that the data may not be protected against access by third parties. In particular, there may be governmental access in the USA, for example, within the scope of intelligence investigation powers according to Section 702 FISA and Executive Order 12 333.

4.    Cookies

 

Please be advised that when you visit our website, we store information on your end device using cookies (please see our Cookie Policy for individual cookies). Cookies are small files that are transferred to your browser from an Internet server and stored on your hard drive. Information is stored in the cookie, which occurs in connection with the respective end device. This does not mean, that we obtain direct knowledge of your identity. We use the term "cookies" in these guidelines for all files that collect data in this way.

The use of cookies enables us to make the use of our services more enjoyable for you. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our website. In addition, we also use temporary cookies to optimise user-friendliness, which are stored on your end device for a certain fixed period of time. If you visit our website the next time, we will automatically recognise that you have already visited our website, and which entries and settings you have made so that you do not have to enter them again.

On the other hand, we use cookies to record the use of our website statistically and to evaluate this for the purpose of optimising our offer for you (see section 5 "Analysis Tools"). These cookies enable us to automatically recognise that you have already visited us when you return to our website. We also use cookies for retargeting purposes (see section 6 "Marketing"). These cookies are automatically deleted after a specific time period. 

When you visit our website, we ask for your consent to the use of all cookies that are not absolutely necessary for the provision of our website (Article 6 (1)(a) UK-GDPR). You can also visit our website without accepting cookies. Our Cookie Policy provides detailed information about the cookies we use and you will be able to manage your cookie settings and choose for which cookies you give us your consent.

If you do not want your end device to be recognised during your next website visit, you can refuse the use of cookies by changing the settings in your browser to "reject cookies". You will find the respective procedure in the operating instructions of your browser. If you refuse the use of cookies, you may experience limitations in the use of some areas of our website.

5.    Analytical Tools


The tracking procedures listed below and used by us are carried out on the basis of the consent you have provided voluntarily. With the tracking procedures we use, we want to ensure that our platform is designed to meet your needs and is continuously optimised. Furthermore, we want to ensure that we can provide you with personalised recommendations based on your user behavior. We also use the tracking procedures to record the use of our website statistically and to optimise our offers for you. The provision of this information is not required by law or contract, nor is it necessary for the conclusion of a contract. You are not obligated to provide this personal information. 

The respective data processing purposes and categories of data can be found in the information on the corresponding tracking tools. 

Use of Google Analytics in combination with anonymisation function

For the purpose of designing our platform to meet the needs of our customers and continuously optimising it, we use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). In this context, pseudonymised user profiles are created and cookies are used. 

The information generated by the cookie about your use of this platform, such as

• browser type/version,

• the operating system used,

• referrer URL (the previously visited page),

• host name of the accessing computer (IP address),

• time of the server request,

are, based on your consent, transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the platform, compile reports on the platform activities and provide additional services connected with the use of the platform and the internet for the purposes of market research and the design of this platform in line with the requirements. This information may also be transferred to third parties if this is required by law or if third parties process this information on our behalf. Under no circumstances will your IP address be merged with other Google data. IP addresses are made anonymous so that an assignment is not possible (IP masking). This means that your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before.

You may refuse the use of cookies by not giving your consent,, or by selecting a corresponding setting in the browser software; however. We would like to point out that not all functions of this platform can be used to their full extent in this case. You can also prevent the collection of data generated by the cookie and related to your use of the platform (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on.

Further information on data protection in connection with Google Analytics can be found on Google Analytics Help.

We also use Google Analytics to evaluate data from AdWords and the double-click cookie for statistical purposes. You can deactivate this in the Ads Preferences Manager if you prefer. 

6.    Marketing


If we receive your e-mail address in connection with the sale of a service and you have not objected, we also reserve the right to send you regular information about similar services by e-mail, as this represents a legitimate interest of Office24.

You can object to this use of your E-Mail address at any time by sending a message to dataprivacy@office24.co.uk or via a link provided for this purpose in the promotional E-Mail.

Furthermore, we engage in retargeting. Retargeting in online marketing refers to a process in which website or app visitors are identified and then addressed in pseudonymous form on other websites with targeted advertising. Users of the website or app are marked in pseudonymous form so that they can be recognised on the platform or another website. Pseudonymous user profiles are created based on this information. The pseudonymous user profiles are not merged with data via the owner of the pseudonym. The purpose of the procedure is to raise awareness of a user (who has already shown an interest in a platform or product) in order to increase the advertising relevance and thus the click and conversion rate (e.g. order rate). For retargeting, we use time-limited cookies with a runtime. You can find further information on our Cookie-Policy. We may combine your pseudonymous personal information with other pseudonymous information we receive from other sources and use it to improve and personalize the advertisements and marketing activities directed to you.

 If you do not want us to collect information in regard to your visit to our platform and the use of our services, applications and tools, you can object to the data collection at any time with effect for the future by deactivating cookies in your browser or device settings. 

6.1    Google Dynamic Remarketing

We use the Google Dynamic Remarketing tag (embedded in all pages of our website) as part of Google Ads. Google Dynamic Remarketing allows us to not only display interest-based ads on other websites and apps for past visitors to our website, but also to display ads that include specific products and services that users have viewed on our website. For this purpose, we have created a feed with details of the services we wish to display as ads (Remarketing List). The Google Ads Product Referral Tool extracts individual services from this feed and determines the best variety of services for each ad based on the popularity and what visitors have viewed on our site.

The information collected and used for remarketing includes details such as the URL and referral URL for the website that triggers a tag hit and any resulting remarketing list memberships. Remarketing data is used to match users with Google accounts, add users to remarketing lists, generate similar audiences, serve dynamic ads, and ensure that Google Ads remarketing campaigns comply with Google's policies. In addition, reports including user information are available in our Google Ads account. Google may also use remarketing data to optimise the performance of our campaign, identify other audiences relevant to us, and gain specific insight into the composition of our remarketing lists. Google also uses aggregated and anonymous remarketing data for the benefit of all advertisers, including, for example, to improve similar audiences.

Google will not share this information with third parties or other advertisers, and Google will not use our remarketing lists to promote its own products.

You can opt-out of Google's use of device identifiers by visiting Google's ad settings (click here). Alternatively, you can disable cookies in your browser or device settings.

Additional information on data protection in connection with Google Dynamic Remarketing can be found here and here.

6.2    Google Marketing Platform

We also use the Google Marketing Platform (formerly "Google DoubleClick" and "Google Analytics 360 Suite"), a unified advertising and analysis platform. For advertising and analysis purposes, cookies are used to display ads that are relevant to you, to improve reports on campaign performance or to prevent a user from being shown ads more than once.  

Google uses a cookie ID to record which ads are played in which browser and can prevent them from being shown more than once. In addition, Google can use cookie IDs to record so-called conversions, i.e. whether a user has seen an advertisement and later visits the advertiser's website to make a purchase. If you are registered with one of Google's services, Google can assign the website visit to your user account.

In addition, the Google Marketing Platform enables us to understand whether you perform certain actions on our website after you have viewed or clicked on one of our ads on Google (conversion tracking) or another platform ("floodlight"). In this way, we are able to display personalised advertising to you in the future. 

If you do not want your end device to be recognised on your next visit, you can refuse the use of cookies by not giving us your consent or by changing the settings in your browser to "block cookies". You will find the respective procedure in the operating instructions of your browser.  

Information on how to deactivate personalised advertising by Google can be found here or when you visit the deactivation page of the Network Advertising Initiative. However, if you choose to decline the use of cookies, you may be limited in your use of some areas of our website.

More information about the Google Marketing Platform, can be found here and information about the use of cookies within the Google Marketing Platform, can be found here. For more information please visit the Network Advertising Initiative (NAI).

7.    Use of the Android-App


7.1    Data processing required for technical reasons

The contents of our app are provided by our server via the Internet. An active internet connection is therefore required to use all functions of the app. You can also use the app without an active Internet connection, but in this case there is no synchronization with current information in your customer account (e.g. updating your call history). In particular, the configuration and control of our office and telephone services as well as the use of the functions mentioned further in this privacy policy may not be possible.  

When using the app for purely informational purposes, your end device sends certain information to the server of our app for technical reasons. To ensure the security of the IT infrastructure used to provide the app, this information is also temporarily stored in a so-called server log file and evaluated if necessary.

This involves the following information:

• Type and version of the mobile operating system used,

• the contents called up, 

• the previously accessed content, 

• Date and time of the retrieval,

• language settings.

The mentioned data is processed by us for the following purposes: 

• Provision of the contents of the app accessed by the user,

• Provision of the search functions of the app

• Ensuring a comfortable use of our app as well as

• Evaluation of system security and stability.

The legal basis for data processing is our legitimate interest, which results from the purposes for data collection listed above. The provision of this data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the personal data. If the data is not provided, we will not be able to provide the accessed content of the app.

7.2    Login to the customer account

Our app is intended for use by our customers and enables you to configure and control our office and telephone services flexibly in terms of time and location. In order to use our app, it is therefore necessary for you to log in to the app with the access data (username and password) sent to you upon conclusion of the contract. You will be prompted to change your temporary password to a personal password in a timely manner. You can then use certain functions in your customer account (e.g., call history, creation and processing of instructions, storing VIPs, contacting your secretary). 

The contents and functions of the customer account in the app are provided by the server of our app via the Internet. An active Internet connection is therefore required to use all functions of the customer account in the app (see section 8.1 of this privacy policy).

The legal basis for data processing when using the login function is the provision of the app within the framework of the service agreement concluded with us, the legal basis for this is Art. 6 (1) lit. b UK-GDPR. The data is stored for the duration of the contractual relationship. If you delete/uninstall the app from your end device, local caches are deleted. In the event of termination, we will ask you whether you wish to continue using the basic functions of your customer account in our customer portal free of charge. If you wish to continue using your customer account, we will store your data for the duration of your use of the customer account unless you delete it yourself. If you inform us that you do not wish to keep your customer account, or if we do not record any activity in your customer account for a period of 5 years after termination - or from a later date - we will delete or irreversibly anonymize your data.

7.3    Call history

We provide your call history in your customer account of the app. This concerns calls that were received by your secretary in accordance with an instruction you have stored (see Section 8.4) or that were received on your phone number during a period for which an instruction existed. Your secretary records the following data, which you can view in the app for each call: Caller name, phone number, date and time of the call, and the caller's request. Call notes created by your secretary can be exported to other applications on your mobile device at any time.

You can delete individual call notes in the app at any time. If you delete call notes after moving them to the recycle bin, they are finally deleted and cannot be restored.

You also have the option to provide feedback on individual call notes. Depending on your satisfaction with call notes, we can assign a specific secretary (more) to you in the future based on your feedback.

The data processing in the context of the call history serves the execution of the telephone service contract (Art. 6 para. 1 lit. b UK-GDPR). The data will be stored for the duration of the contractual relationship and beyond that, if necessary, for the purpose of fulfilling legal, commercial and tax law or retention obligations.

7.4    Instructions and contact to your secretary

In our app, you have the option to send instructions to your secretary via the instructions function. This way you can control at any time how your secretary should behave in case of incoming calls. To do this, you need to specify the following data: time frame for which the instruction should be valid, greeting text, which callers should be put through (All/VIP/None) and - if you do not want calls to be put through - what message your secretary should give to the callers.

Within the scope of your instructions, you can also define forwarding numbers to which your secretary will transfer incoming calls and assign different forwarding numbers to different situations (e.g. forwarding on dial tone, forwarding on busy signal).

You can delete the data yourself in the app at any time.

You can also send a message to your secretary within the app. The information you provide in this way is processed exclusively for the provision of the telephone service. We store this information to process your request.

The data processing is used to perform the telephone service contract (Art. 6 para. 1 lit. b UK-GDPR). The data will be stored for the duration of the contractual relationship and beyond that, if necessary, for the purpose of fulfilling statutory, in particular commercial and tax law, retention obligations.

7.5    Contact synchronisation

If you give us your consent to do so, we will enable you to synchronise your contacts contained in the call notes of the app with the contact list of your mobile device to improve the service quality of the telephony services we provide and to ensure comprehensive secretarial support.

By using this feature, it is possible both to automatically transfer contact data stored on the mobile device to the app and, conversely, to transfer data stored in the app (especially the call history) to the contact list of the mobile device. You also have the option of specifying "VIPs" among your contacts who will be given preferential treatment in the event of calls.

You can give your consent when you log in to your customer account for the first time and subsequently manage it at any time in your customer account in the app, i.e. revoke it or give it again after revocation. In the event of revocation, all contact data will be deleted from our servers and uploaded again in the event of a new grant. The legal basis for the data processing is Art. 6 para. 1 lit. a UK-GDPR. 

However, the telephone services can also be used without contact synchronisation. Restrictions may arise in this case regarding the quality of the telephone services, as less information about your contacts is available to your secretary.

7.6    Push notifications

If you give your consent to this (Art. 6 para. 1 lit. a UK-GDPR), you will receive push notifications on your mobile device. You can give your consent when you log in to your customer account for the first time. In this case, we will inform you about incoming calls via push notification.

You can manage your consent at any time in your customer account in the app, i.e. revoke it or give it again after revocation. You can also manage the settings for push notifications in the settings of your mobile device.

7.7    Feedback about our app

If you would like to give us feedback on our app, you can do so using the feedback function directly in the app. For this purpose, you can also attach and submit a screenshot of your mobile device. The information you provide in this way will be used exclusively for processing your request.

The legal basis for data processing is Art. 6 Para. 1 lit. b UK-GDPR.

8.    Disclosure of data from the app


8.1    In General

We have concluded data processing agreements with technical service providers that we use to operate and maintain our app and servers, and with the providers of the app analysis technologies listed in section 10 of this privacy statement, who process the data on our behalf for the purpose of user analysis and statistical evaluation. Service providers that process personal data on our behalf outside the European Union (so-called third countries) are only used if an adequacy decision of the European Commission or suitable or appropriate guarantees are in place for this third country with the recipient. Beyond that, we do not transfer your personal data to third parties - except for the purposes listed below.

We will only share your personal data with third parties if:

• you have given your express consent to do so,

• the transfer is necessary to protect our legitimate interests or the legitimate interests of a third party and there is no reason to believe that you have an overriding legitimate interest in the non-disclosure of your data,

• if there is a legal obligation to disclose your data, and

• this is legally permissible and necessary for the processing of contractual relationships with you.

8.2    Data transfer to third countries

Service providers that process personal data on our behalf outside the European Union (so-called third countries) will only be used without your consent pursuant to Article 49 (1) (a) of the UK-GDPR if an adequacy regulation in the sense of section 18 of the Data Protection Act 2018 or appropriate guarantees are in place for this third country at the recipient. If you consent to the transfer of your personal data to third countries, we will transfer your data in connection with the following services to the USA without appropriate data protection guarantees:

•    Google Analytics, Firebase (Google Ireland Limited / Google LLC).

The transfer of personal data to third countries that do not offer an adequate level of data protection (in particular to the USA) entails the risk that the data may be processed for third-party purposes without your knowledge and that the data may not be protected against access by third parties. In particular, there may be government access in the USA, for example within the scope of intelligence gathering powers under Section 702 FISA and Executive Order 12 333.

9.    App analytics to improve the app


If you have given your consent, we use app analysis technologies to record and analyse usage behavior in our app to improve the app and to better achieve the app's goals (e.g., increase page views). The legal basis is Art. 6 para. 1 lit. a UK-GDPR.

9.1    Use of Google Analytics with anonymisation function

For demand-oriented design and continuous optimisation of our app, we use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) ("Google"). In this context, pseudonymized usage profiles are created.

Information about your use of this app such as

• IP address,

• ID to (re)recognize your terminal device ("advertising ID").

• Type and version of the mobile operating system used,

• the contents called up,

• the previously accessed content,

• date of the retrieval

are transmitted to a Google server in the USA and stored there. The information is used to evaluate the use of the app, to compile reports on app activities and to provide other services related to the use of the app and the internet for the purposes of market research and demand-oriented design of this app. This includes information about the use of the app, in particular page views, call frequency and dwell time on accessed pages. This information may also be transferred to third parties if required by law or if third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised so that an assignment is not possible (IP masking). This means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area.

You can restrict the use of the advertising ID in the device settings of your mobile device.

Settings > Google > Ads > Reset Advertising ID.

You can find more information on data protection in connection with Google Analytics, for example, in the Google Analytics Help.

You can manage your consent at any time in your customer account in the app under "Privacy", i.e. revoke it or give it again after revocation.

9.2    Firebase

The app we offer uses technology from Google Firebase. Firebase is a developer platform that is part of the Google Cloud Platform and offers numerous services for developers. You can find a list of them here. Firebase assigns timestamped "instance IDs" for individual app users. These are unique and allow linking of different events or processes. We cannot associate this data with individual app users. We only process the aggregated data to analyse and optimise user behavior, such as by evaluating crash reports.

We do not use Firebase services that use personal information, such as IP addresses, email addresses, phone numbers, or passwords. More information about Firebase privacy and security can be found here. Wherever possible, we use servers located within the EU. If data is nevertheless transferred to the USA, this is done in encrypted form. More information about Google Firebase and data protection can be found here and here.

a)    For Firebase Analytics, Google also uses the advertising ID of the end device in addition to the "instance ID" described above. You can restrict the use of the advertising ID in the device settings of your mobile device.

Settings > Google > Ads > Reset Advertising ID.

You can manage your consent at any time under Settings > Configuration of your app under "Privacy", i.e. revoke it or give it again after revocation.

b)    Firebase Cloud Messaging is used to be able to transmit push messages or so-called in-app messages (messages that are only displayed within the respective app). For this purpose, a pseudonymised push reference is assigned to the end device, which serves as the target for the push messages or in-app messages. The push messages can be deactivated and reactivated at any time in the settings of the mobile device.

You can manage your consent at any time under Settings > Configuration of your app under "Notification", i.e. revoke it or give it again after revocation. 

10.    Credit Assessment


We process information on your creditworthiness within the framework of the conclusion of contracts and contractual relationships with our customers. For this purpose, we obtain a credit report from a credit agency by transmitting your contact data to these agencies. This contains a so-called "Score", which is calculated on the basis of a scientifically recognised mathematical-statistical procedure and can be used to assess the credit risk. 

The transmission and processing of your information for the purpose of a credit assessment is necessary to protect our legitimate interests (Article 6 (1)(f) UK-GDPR). On the basis of the score value transmitted by the credit agency, we assess the risk of non-payment and decide on the acceptance or rejection of an order placed - if necessary, via our website - in order to avoid our risk of non-payment as far as possible. The credit assessment is performed as there is a risk of non-payment to the extent of all our offered services due to our obligation to pay in advance. The creditworthiness inquiries are included in the future calculation of the score value of our customers or interested parties. This is our legitimate interest within the scope of Article 6 (1)(f) UK-GDPR.

We store the score in our systems solely until your order has been processed completely. Additionally, we store information for evidence purposes for the possible assertion, exercise or defense of legal claims for a transitional period of three years from the end of the year in which you have provided us with the data and, in the event of any legal disputes, until their conclusion

11.    Payment Provider


Our website offers payments  via the payment service of EVO Payments International GmbH, Elsa-Brändström-Str. 10-12, 50668 Köln, Germany (EVO). The following payment method is handled by EVO: 

Credit card payments. 

Personal data such as bank details or credit card numbers are also transferred to EVO. This processing is necessary to check and process the payment order, which is used to fulfil the contract you have concluded with us. Legal basis is Article 6 (1)(b) UK-GDPR. 

Please click here for additional information and the EVO privacy policy.

12.    Security


Within the platform visit, we use the common TLS (Transport Layer Security) procedure in connection with an encryption level that corresponds to the respective state-of-the-art technology. The actual level of encryption also depends on the browser you use. You can determine whether an individual page of our website is being transmitted in encrypted form by the key or lock symbol in the lower status bar of your browser.

We have also taken technical and administrative security precautions to protect your personal information against loss, destruction, manipulation and unauthorized access. All our employees as well as service providers working for us are subject to the valid data protection laws. Our security precautions are subject to a continuous improvement process and our data protection declarations are constantly revised. Please make sure that you have the latest version.

13.    Rights of the individuals affected


You have the following rights:

• to request information about your personal information processed by us;

• to immediately demand the correction of incorrect or incomplete personal information stored by us;

• to request the deletion of your personal information stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims (if we have published your personal information, we are obligated, taking into account the available technology and implementation costs, to take reasonable measures, including technical measures, to inform the data controllers who process the personal data that you have requested the deletion of all links or of copies or replications of such personal information)

• to demand the restriction of the processing of your personal information if the accuracy of such information is disputed by you, if the processing is unlawful but you refuse to have it deleted and we no longer need the information, but in the case when you need the data for the assertion, exercise or defense of legal claims or have filed an objection to the processing

• to receive the personal information that you have provided to us in a structured, common and machine-readable format or to request its transfer to another responsible party;

• to revoke your consent towards us at any time. As a result, we are no longer allowed to continue the data processing that was based on this consent in the future and

• to complain to a regulatory agency. As a rule, you can contact the supervisory authority at your usual place of residence or work or at our registered office.

14.    Right to Appeal


If your personal information is processed on the basis of legitimate interests, you have the right to object to the processing of your personal data for reasons relating to your particular situation or direct marketing. In the latter case, you have a general right to appeal, which will be implemented by us without indicating any specific circumstances.

If you wish to make use of your right to cancel or to appeal you can simply send an email to dataprivacy@office24.co.uk.

15.    Privacy Policy Updates


This Privacy Policy is currently valid.Due to the further development of our website and offers above or due to changed legal or official requirements, it may become necessary to amend this privacy statement. The current privacy statement can be accessed and printed out at any time by clicking here.