Based on Article 13 of the Swiss Federal Constitution and the data protection regulations of the Federal Government (Data Protection Act, FADP) and in accordance with GDPR, every person is entitled to protection of their privacy and to protection against misuse of their personal data. We comply with these terms. Personal data will be kept strictly confidential and will not be sold or passed on to third parties. The details can be found in the following explanations.
When using our Apps or Add-ins as a customer (with a valid subscription other than a free evaluation license), we only temporarily collect the users' object ID (Microsoft Azure AD User ID) in our application telemetry (in Microsoft Azure Application Insights) for support reasons. This data gets auto deleted after 180 days. Based on the users' object ID, we, as officeatwork, can NOT identify the users. We can NOT link the Object ID to any other data like names, emails, phone numbers, etc.
Optionally, we allow customers to configure the officeatwork user experience across the officeatwork application. In this case, customers can choose to protect the ability to make configuration changes to specific users and/or groups. Capturing these restrictions will require officeatwork to also store the respective user object IDs as well as Azure AD groups IDs in the customer's officeatwork application settings. In case of a customer no longer using our services, the customer can delete the officeatwork application settings including any optionally provided user object IDs and/or Azure AD group IDs.
All telemetry and application configuration data collected is stored georedundant in the following regions:
Here is a list of the essential cookies we use:
Provider: Microsoft (Authentication) | Name: Esctx | Description: Tracks browser-related information. Used for service telemetry and protection mechanisms.
Provider: Microsoft (Authentication) | Name: x-ms-gateway-slice | Description: Azure AD Gateway cookie is used for tracking and load balance purposes..
Provider: Microsoft (Authentication) | Name: Stsservicecookie | Description: Azure AD Gateway cookie is also used for tracking purposes.
Provider: Microsoft (Authentication) | Name: buid | Description: Tracks browser-related information. Used for service telemetry and protection mechanisms.
Provider: Microsoft (Authentication) | Name: fpc| Description: Tracks browser-related information. Used for tracking requests and throttling.
Provider: Microsoft (Application Insights) | Name: ai_user | Description: Used by Microsoft Application Insights software to collect statistical usage and telemetry information. Thecookie stores a unique identifier to recognize users on returning visits over time.
Provider: Microsoft (Application Insights) | Name: ai_session | Description: Preserves users' states across page requests.
All officeatwork Apps and Add-ins you can find on Microsoft AppSource are covered by this policy. These are:
We may collect information about you directly from you, from third parties, and automatically through your use of other services.
When registering on our site (including subscribing to our newsletter, register for an event, respond to a survey or fill out a form, communication with us via email), we may collect individually identifiable information, namely information that identifies an individual or with reasonable effort identify an individual (“Personal Information”), such as your name, address, telephone number, email address, IP address, and contact preferences. Personal Information collected online may be supplemented with information you provide to us through other services and sources, as well as other data collection methods.
We do not collect information regarding your data stored in for instance your SharePoint Online, Microsoft Teams, OneDrive, OneDrive for Business, Dynamics CRM etc. Additionally, the architecture of our Apps and Add-ins is constructed in a way that your data never gets transferred via any of our officeatwork servers or services.
We also do not collect any personal user data (except for the user's object ID for support reasons only and optionally user object IDs and group IDs for tenant configuration reasons) for licensed customers when interacting with the Add-Ins or Apps. This way we make sure that no GDPR relevant data of your general users is ever stored on any of our servers or services.
Any information we collect from you may be used in any of the following ways:
To provide our products and services to you, to communicate with you about your use of our products and services, to respond to your inquiries, to fulfill your orders, and for other customer service purposes.
Your personal information will not be sold, exchanged, transferred, or given to any company outside officeatwork or our trusted third-party service providers for any reason whatsoever, without your consent, other than for the express purpose of delivering the product(s) or service requested, and as otherwise explicitly set forth herein.
We may send periodic informational or promotional content. However, you can always unsubscribe or choose not to receive promotional information from us by following the specific instructions in the email you receive or by notifying us via the appropriate method below. It may take a reasonable period of time to process your request, no longer than 30 days for direct mail and telephone promotions and 10 business days for email promotions.
Your information helps us to respond more effectively to your customer service requests and support needs.
We continually strive to improve our site offerings based on the information and feedback we receive from you.
To perform research, technical diagnostics, and analytics with regards to the website and our Apps and Add-ins.
Controls from some analytics service providers to opt out of data collection through web beacons.
We will provide you with access to your information when reasonable, or in accordance with relevant laws, the opportunity to change your information. To protect your privacy and security, we will take steps to verify your identity before granting access or making changes to your data. Requests to delete Personal Information are subject to any applicable legal and ethical reporting or document retention obligations. To access and/or correct information, you can notify us via the appropriate method below.
Since we operate globally, it may be necessary to transfer, store and process Personal Information in any country in which we or our affiliates (especially Microsoft), subsidiaries or service providers maintain facilities. The data protection and other laws of these countries may not be as comprehensive as those in the European Union − in these instances we will take steps to ensure that a similar level of protection is given to Personal Information. You hereby consent to the transfer of your Personal Information to countries outside the European Union.
We do not sell, trade or otherwise transfer Personal Information to outside parties (except to the third parties with whom we have contracted to provide services to us, as detailed in the section below).
We use third parties, such as cookies and trackers, to compile aggregate data about site/app traffic and site/app interaction for marketing and targeting purposes, to assist us in better understanding our site/app visitors/users so that we can offer better site experiences and tools in the future. These service providers are not permitted to use the information collected on our behalf except for the purpose of providing the services to us. Some of the servers of these third parties may be located outside of the European Union.
In most cases, we will not receive the information these third parties collect but only receive the analysis or results that we requested, and the sole holders of the collected information are the third parties. Below you can find the links to the privacy policies of the third parties we currently use. This list is reviewed and updated periodically.
Also, we may release your Personal Information when we believe release is appropriate to comply with the law, enforce our site policies or protect ours or others’ rights, property, or safety.
We may rectify, replenish or remove incomplete or inaccurate information, at any time and at our own discretion.
We are committed to use our reasonable efforts, in accordance with market best practices, to ensure the security, confidentially and integrity of the personal information you choose to provide us. Access to the personal information is based on the ‘least to know’ concept together with role-based access control systems, ensuring only authorized access to the personal information. To protect the privacy of any personal information you may have provided, we are using data hosts (redundant setup Microsoft Azure PaaS services, storing and processing data globally, inside and outside of the EU) who implement market best practice security measures including encryption for data-at-rest and data-in-transit. Although we take steps to safeguard such information, we cannot be responsible for the acts of those who gain unauthorized access, and we make no warranty, express, implied, or otherwise, that we will prevent such access.
You may contact us any time and request:
To view, access, erasure, obtain, change, be informed of, restrict or object processing, allow or disallow automated decision-making including profiling, or update any personal data relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected)
To opt out of such communications by following the opt-out instructions contained in the email. If you opt out of receiving emails about recommendations or other information, we think may interest you, we may still send you emails about your account or any Products and you have requested or received from us.
If you wish to raise a complaint on how we have handled your personal information, you can contact us as set forth below.
If you have a technical or general support question, please visit our services page here.
To find the officeatwork subsidiary in your country or region, check out our about page here.
If you wish to place a SARs request, please visit fill out our officeatwork Subject Access Request form here. Please note that we have one month to respond to your request.
Any other requests regarding the handling of personal information (other than SARs request) please contact us at our email: email@example.com or write to officeatwork AG, Security Officer, Bundesplatz 12, 6300 Zug, Switzerland.
If you wish to contact us or anything other than your personal information, please visit our contact page here.
If the scope of personal data collection is expanded beyond what is already defined in this policy, officeatwork will inform all customers of this upcoming change with reasonable lead time.
Last updated: November 2022