Privacy & policies

OO Software AB & Serviceprotocol.com
Data security & privacy policy

Published 3 mars 2025

This policy aims to describe how OO Software AB collects, uses, stores and protects personal data. It also establishes how OO Software AB manages cybersecurity and data handling to protect our customers’ data. The policy applies to all personal data processed by the company and includes all employees, suppliers and service providers. Serviceprotocol.com is a product developed by OO Software AB. 

1. Data collection

OO Software AB collects personal data such as name, contact details, payment information and other relevant information to provide our services. The collection is carried out in accordance with applicable laws and regulations, including the General Data Protection Regulation (GDPR). We implement advanced security measures to protect data from unauthorised access, manipulation and loss.

For further information and clarification, see sections 6.1-6.5 in the Terms and conditions.

2. Consent

We ensure that consent is obtained from individuals before their personal data is collected and processed. The consent must be voluntary, specific and informed.

To provide and improve our services, we may collect personal data from multiple sources, such as directly from users through cookies. We always process personal data in accordance with data protection regulations.

3. Rights to data inspection and correction 

Individuals have the right to access their personal data, request correction of inaccuracies and, in certain cases, request the deletion of their data. To exercise these rights, individuals can contact us via info@serviceprotocol.com.

Please note that certain data may be used to improve our services and ensure a better user experience. In some cases, we may need to retain certain data, for example, to comply with legal obligations, ensure service functionality or for security reasons. 

All processing is carried out in accordance with applicable data protection legislation and with the highest possible security measures to protect individual privacy.

4. Storage

Personal data is stored only for as long as necessary to fulfill the purpose for which it was collected. Certain data may need to be retained for a limited period to comply with legal requirements, ensure service functionality or improve our services. When the data is no longer needed, it is securely deleted in accordance with our data retention policy. This ensures that no sensitive information remains and can be misused.

For further information and clarification, see section 6.2 in the Terms and conditions.

All customer data is stored on secure servers located in Sweden. We use encryption to protect data both during transmission and storage. This ensures that all data is protected against potential security threats.

5. Security measures

We implement a range of technical and organizational measures to protect personal data from unauthorized access, loss or damage. This includes encryption, firewalls and regular security audits. Only authorized personnel have access to sensitive information.

See section 4. Storage.

6. Data transfer and third-party usage

Personal data is transferred only within the organization and to trusted third parties that meet our data protection requirements. When we use third parties to transfer personal data, we ensure that they adhere to the same high standards of data protection as we do.

Data is not transferred outside of the EU/EEA; all data on Serviceprotocol.com is stored in Sweden.

For further information and clarification, see section 3.4, 3.5, 6.5, 9.3, 10.1, 11.4, 12.5 in the Terms and conditions.

7. Incident management 

We have an incident response plan to quickly identify, manage and report security incidents involving personal data. Incidents are reported to relevant authorities and affected parties in accordance with legal requirements. 

The incident response plan is documented for internal use.

A Data Protection Officer (DPO) handles any security matter and these matters are managed within the timeframe specified in the GDPR. The DPO can be contacted via dataskyddsombud@serviceprotokoll.se.

8. Responsibilities of data processors

Everyone handling personal data within OO Software AB is responsible for complying with this policy and applicable data protection laws. This includes all employees.

OO Software AB is responsible for the entire process of handling customer data.

9. Training and awareness 

We provide regular training for our employees on data protection regulations and security protocols to ensure they are aware of and comply with our data protection policies. This includes recognizing and reporting phishing attempts, using strong passwords and reporting security incidents in accordance with the company’s internal incident response plan. 

10. Continuous review and updates

This policy is regularly reviewed and updated to ensure compliance with current laws and regulations and to reflect best practices in data protection. We reserve the right to amend the policy as needed and will inform affected users of significant changes via email, the application or other appropriate channels. We strive for continuous improvements of our data protection measures. Our systems and software are regularly updated to ensure the highest possible level of security.

11. Backup and recovery

We regularly back up all critical data to prevent data loss in the event of unforeseen incidents. These backups are stored in secure and geographically separate locations. We have tested recovery plans to quickly restore data when needed.

For further information and clarification, see section 6.2 in the Terms and conditions.

12. Contact information 

For questions regarding this policy or our data management, please contact us at info@serviceprotocol.com or +46 33 323 31 33.

Information about which data is collected about you when using app.serviceprotocol.com

Why we save your information

All your activities on Serviceprotocol.com are logged in order to provide your group/company with traceability, history and statistics of the work performed. Serviceprotocol.com and your group/company use the log files to be able to track changes and identify errors that occur in the system.

Your data and settings in Account Settings are saved so that the system can use Time Report, send messages in the ways you have chosen and create log files of your work in the system. You can change the information in your account settings at any time. The username cannot be changed. Please contact us if required.

Activity Log and History Log

You can view the Activity Log yourself on your Account Settings page. The date and time of your activities are saved in the log. If you do not see the activity log and want access to it, contact the person who has the admin rights for your group/company to get that permission.

History is saved on orders, the customer card in the Customer Register among many other functions. More places where history is collected may be added. Viewing History is a permission set with an admin account. Contact whoever has the admin permission for your group/company to get that permission.

History saves all activities on a single order such as user ID, time of the activity and the activity itself.

The right to be forgotten

When you leave a company, your user account is deactivated, but the log files remain so that the company can continue to have traceability and a history of orders.

If you do not want your name to remain in the company’s log files, we can anonymise your username. Contact your former employer or us (contact details can be found here) directly and we will arrange it. In order for your former employer to remain order traceability, we need to inform your company when we take this action.

Serviceprotocol.com and your group/company use the log files to be able to track changes and identify errors that occur in the system.

Use of Google’s API for synchronising a Google calendar and the Planner.

The system offers you as a user to synchronise the Planner in Serviceprotocol.com with your Google calendar.

The data from your Google calendar stored in Serviceprotocol.com is the date, time and text that is linked to the calendar entry. Others in your group can see the information in the google calendar that you connected.

If you no longer want to use the synchronisation, in your Account settings, click on Unlink Google Account. If the connection to the calendar is removed, the information added is not removed from our database due to your company’s need of planning the work and traceability.

Your data can always be anonymised. Contact us and we will arrange this.

The data from your Google calendar is not shared with third parties.