Privacy policy

The following notes give an overview of how we process personal data.

Personal data is any data that can identify you personally.

This privacy policy applies to the use of our website and to contact via this website.

Phone: +49 30 13897068

Email: info@ona.so

In the context of the website we process in particular:

• Contact data (name, email, phone)
• Communication content
• Technical data (IP address, browser, timestamp)

In the context of the ONA platform — depending on use — the following data may also be processed:

• Employee master data
• Contract data
• Working hours and shift data
• Payroll-relevant data
• Tax and social security related data
• Absence data

This processing happens exclusively on behalf of our customers.

We process data for the following purposes:

• Provision of the website
• Handling of inquiries
• Initiation and execution of contractual relationships
• Provision and operation of the ONA platform

Processing is based on:

• Art. 6 (1) (b) GDPR (contract / pre-contractual measures)
• Art. 6 (1) (f) GDPR (legitimate interest in secure operations)
• Art. 28 GDPR (data processing within the platform)

Where special categories of personal data are processed, this is done on the basis of Art. 9 GDPR in conjunction with employment and social law.

Our website and platform are hosted by external service providers.

Personal data may be processed on servers within the European Union.

We ensure that appropriate technical and organisational measures (TOMs) are implemented.

When using the ONA platform, personal data is processed on behalf of our customers (employers).

In these cases we act as a data processor according to Art. 28 GDPR.

Responsibility for the lawfulness of the data processing lies with the respective customer.

Personal data is only shared when necessary, e.g.:

• for technical operation (hosting)
• for contract performance
• on a legal basis

Transfer to third parties for advertising purposes does not occur.

Personal data is only stored as long as necessary for the respective purposes or as long as legal retention obligations exist.

You have the following rights:

• Information (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)

You have the right to lodge a complaint with a data protection supervisory authority.

Competent authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

We use technical and organisational security measures to protect your data against loss, manipulation and unauthorised access.

This website uses an encrypted connection (HTTPS).

We object to the use of contact data for sending unsolicited advertising.

When you use the contact form on this website, we process the following personal data: name, email address, company, employee count, number of locations, POS (point-of-sale) selection and the content of your message.

Purpose: handling and responding to your inquiry and preparing pre-contractual communication.

Legal basis is Art. 6(1)(b) GDPR where your inquiry concerns a contract or pre-contractual measures, otherwise Art. 6(1)(f) GDPR (legitimate interest in responding to inquiries).

Email delivery is handled by our processor SendGrid (Twilio Inc., 1801 California Street, Denver, CO 80202, USA). This involves a transfer to a third country (USA), safeguarded by Twilio's participation in the EU-US Data Privacy Framework and/or the conclusion of Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR.

Retention: we keep data submitted via the contact form only as long as required to handle your inquiry and any follow-up communication, at most six months unless statutory retention obligations or an active contract require longer storage.

We use necessary local storage (e.g. localStorage) to operate the website and to remember your cookie preferences. This storage is technically required and cannot be disabled.

Optional categories (analytics and monitoring) are disabled by default and only activated after your explicit consent. As long as you do not consent, no corresponding scripts or third parties are loaded.

You can change your selection at any time via "Cookie settings" in the footer.