officeatwork Privacy Policy
officeatwork, with our affiliates and subsidiaries (collectively, “officeatwork”, “us”, “our”, “we” or “Company”), respect the privacy of our customers, business partners and other visitors to our Website, Apps, Extensions or Add-ins who may choose to provide Personal Information (as defined below) and are committed to respect their privacy. We recognize the need for appropriate protections and management of Personal Information that you provide to us. This Privacy Policy applies to all information collected about you by officeatwork, regardless of how it is collected or stored. This policy covers the types of information collected, how your information may be used, whom the information may be shared, and how your information is protected.
Except as otherwise noted in this Privacy Policy, officeatwork is a data controller (as that term is used under the EU General Data Protection Regulation (“GDPR”)), which means that we decide how and why the information you provide to us is processed. This Policy may be amended or updated from time to time to reflect changes in our practices with respect to the Processing of your information, or changes in applicable law. We encourage you to read this Policy carefully, and to regularly check this page to review any changes we might make.
Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the Federal Government (Data Protection Act, FADP) and in accordance with GDPR, every person is entitled to protection of their privacy and to protection against misuse of their personal data. We comply with these terms. Personal data will be kept strictly confidential and will not be sold or passed on to third parties. The details can be found in the following explanations.
When using our Apps or Add-ins as a customer (with a valid subscription other than a free evaluation license), we only temporarily collect the users' object ID (Microsoft Azure AD User ID) in our application telemetry (in Microsoft Azure Application Insights) for support reasons. This data gets auto deleted after 180 days. Based on the users' object ID, we, as officeatwork, can NOT identify the users. We can NOT link the Object ID to any other data like names, emails, phone numbers, etc.
Optionally, we allow customers to configure the officeatwork user experience across the officeatwork application. In this case, customers can choose to protect the ability to make configuration changes to specific users and/or groups. Capturing these restrictions will require officeatwork to also store the respective user object IDs as well as Azure AD groups IDs in the customer's officeatwork application settings. In case of a customer no longer using our services, the customer can delete the officeatwork application settings including any optionally provided user object IDs and/or Azure AD group IDs.
All telemetry and application configuration data collected is stored georedundant in the following regions:
West Europe
East US
West US
Southeast Asia
Australia Est
Switzerland North
Our services use cookies. Cookies are small text files stored on your device (computer, tablet, smartphone, or another device) to enhance your experience using our services. We use cookies of type 'Essential'. They allow us to provide you with the essential features of our services, such as sign-in and service health. Using them is in your best interest, hence all the applicable personal data protection laws allow us to use them freely.
Here is a list of the essential cookies we use:
Provider: Microsoft (Authentication) | Name: Esctx | Description: Tracks browser-related information. Used for service telemetry and protection mechanisms.
Provider: Microsoft (Authentication) | Name: x-ms-gateway-slice | Description: Azure AD Gateway cookie is used for tracking and load balance purposes..
Provider: Microsoft (Authentication) | Name: Stsservicecookie | Description: Azure AD Gateway cookie is also used for tracking purposes.
Provider: Microsoft (Authentication) | Name: buid | Description: Tracks browser-related information. Used for service telemetry and protection mechanisms.
Provider: Microsoft (Authentication) | Name: fpc| Description: Tracks browser-related information. Used for tracking requests and throttling.
All officeatwork Apps and Add-ins you can find on Microsoft AppSource are covered by this policy. These are:
Content Chooser
Content Uploader
Designer
Image Chooser
Mail Responder
Mail Signature
Slide Chooser
Smart Template
Template Chooser
Verifier
Wizard
We may collect information about you directly from you, from third parties, and automatically through your use of other services.
When registering on our site (including subscribing to our newsletter, register for an event, respond to a survey or fill out a form, communication with us via email), we may collect individually identifiable information, namely information that identifies an individual or with reasonable effort identify an individual (“Personal Information”), such as your name, address, telephone number, email address, IP address, and contact preferences. Personal Information collected online may be supplemented with information you provide to us through other services and sources, as well as other data collection methods.
We do not require that customers, partners, or other visitors to our site provide us with Personal Information and you may visit our site anonymously. In this case, we do not collect Personal Information when you visit our site unless you choose to provide it to us (except for certain IP analysis, conducted by 3rd party analytical services– see link to their privacy policy below). The decision to provide Personal Information is voluntary and you may withdraw your consent at any time. However, if you do not provide the Personal Information requested, you may not be able to proceed with the activity or receive the benefit for which the Personal Information is being requested (including, without limitation, the support services). Additionally, after you register to our site, we will be able to backtrack your activity on our site even before you registered (if you did not register, that information will remain anonymous to us).
We do not collect information regarding your data stored in for instance your SharePoint Online, Microsoft Teams, OneDrive, OneDrive for Business, Dynamics CRM etc. Additionally, the architecture of our Apps and Add-ins is constructed in a way that your data never gets transferred via any of our officeatwork servers or services.
We also do not collect any personal user data (except for the user's object ID for support reasons only and optionally user object IDs and group IDs for tenant configuration reasons) for licensed customers when interacting with the Add-Ins or Apps. This way we make sure that no GDPR relevant data of your general users is ever stored on any of our servers or services.
Any information we collect from you may be used in any of the following ways:
To provide our products and services to you, to communicate with you about your use of our products and services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.
Your personal information will not be sold, exchanged, transferred, or given to any company outside officeatwork or our trusted third-party service providers for any reason whatsoever, without your consent, other than for the express purpose of delivering the product(s) or service requested, and as otherwise explicitly set forth herein.
We may send periodic informational or promotional content. However, you can always unsubscribe or choose not to receive promotional information from us by following the specific instructions in the email you receive or by notifying us via the appropriate method below. It may take a reasonable period of time to process your request, no longer than 30 days for direct mail and telephone promotions and 10 business days for email promotions.
Your information helps us to respond more effectively to your customer service requests and support needs.
We continually strive to improve our site offerings based on the information and feedback we receive from you.
To perform research, technical diagnostics, and analytics with regards to the website and our Apps and Add-ins.
Controls from some analytics service providers to opt out of data collection through web beacons.
We will provide you with access to your information when reasonable, or in accordance with relevant laws, the opportunity to change your information. To protect your privacy and security, we will take steps to verify your identity before granting access or making changes to your data. Requests to delete Personal Information are subject to any applicable legal and ethical reporting or document retention obligations. To access and/or correct information, you can notify us via the appropriate method below.
Since we operate globally, it may be necessary to transfer, store and process Personal Information in any country in which we or our affiliates (especially Microsoft), subsidiaries or service providers maintain facilities. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to Personal Information. You hereby consent to the transfer of your Personal Information to countries outside the European Union.
We do not sell, trade or otherwise transfer Personal Information to outside parties (except to the third parties with whom we have contracted to provide services to us, as detailed in the section below).
We use third parties, such as cookies and trackers, to compile aggregate data about site/app traffic and site/app interaction for marketing and targeting purposes, to assist us in better understanding our site/app visitors/users so that we can offer better site experiences and tools in the future. These service providers are not permitted to use the information collected on our behalf except for the purpose of providing the services to us. Some of the servers of these third parties may be located outside of the European Union.
In most cases, we will not receive the information these third parties collect but only receive the analysis or results that we requested, and the sole holders of the collected information are the third parties. Below you can find the links to the privacy policies of the third parties we currently use. This list is reviewed and updated periodically.
https://privacy.microsoft.com/en-US/privacystatement
https://policies.google.com/privacy
https://www.zoho.com/privacy-commitment.html
https://www.brevo.com/legal/privacypolicy
https://www.linkedin.com/legal/privacy-policy
https://missiveapp.com/privacy
https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Also, we may release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies or protect ours or others’ rights, property, or safety.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We are committed to use our reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the personal information you choose to provide us. Access to the personal information is based on the ‘least to know’ concept together with role-based access control systems, ensuring only authorized access to the personal information. To protect the privacy of any personal information you may have provided, we are using data hosts (redundant setup Microsoft Azure PaaS services, storing and processing data globally, inside and outside of the EU) who implement market best practice security measures including encryption for data-at-rest and data-in-transit. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied, or otherwise, that we will prevent such access.
You may contact us any time and request:
To view, access, erasure, obtain, change, be informed of, restrict or object processing, allow or disallow automated decision-making including profiling, or update any personal data relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected)
To opt out of such communications by following the opt-out instructions contained in the email. If you opt out of receiving emails about recommendations or other information, we think may interest you, we may still send you emails about your account or any Products and you have requested or received from us.
To transfer your personal data. You have the right to request the transfer of your personal data to another service provider or third party, where it is technically feasible. This is known as the right to data portability.
If you wish to raise a complaint on how we have handled your personal information, you can contact us as set forth below.
If there are any questions regarding this Privacy Policy or the information that we collect about you, or if you feel that your privacy was treated not in accordance with this Privacy Policy, you may contact us here.
If you have a technical or general support question, please visit our services page here.
To find the officeatwork subsidiary in your country or region, check out our about page here.
If you wish to place a SARs request, please visit fill out our officeatwork Subject Access Request form here. Please note that we have one month to respond to your request.
Any other requests regarding the handling of personal information (other than SARs request) please contact us at our email: gdpr@officeatwork.com or write to officeatwork AG, Security Officer, Bundesplatz 12, 6300 Zug, Switzerland.
If you wish to contact us or anything other than your personal information, please visit our contact page here.
This Policy is current as of the last updated date set forth below. We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on the website. We encourage you to review this Privacy Policy regularly for any changes.
If the scope of personal data collection is expanded beyond what is already defined in this policy, officeatwork will inform all customers of this upcoming change with reasonable lead time.
Last updated: April 2023
officeatwork AG
Bundesplatz 12
6300 Zug
Switzerland
