How OnlineOffice processes data across the website, workspace, invoicing, documents, trip logs, attendance, the mobile app, and paid modules. Last updated: 12 May 2026.
The website and OnlineOffice service are operated by Brains 4 Corporations s.r.o., Ipeľská 5143/13, 821 07 Bratislava - mestská časť Podunajské Biskupice, company ID 55 456 723, tax ID 2121994952.
Privacy and GDPR requests: gdpr@onlineoffice.sk. Technical support: podpora@onlineoffice.sk. General contact: info@onlineoffice.sk.
For account management, subscriptions, security, support, and service operation, OnlineOffice acts as controller. For data the customer enters about their own clients, suppliers, employees, vehicles, or work processes, the customer may act as independent controller and OnlineOffice as technical processor.
The tenant administrator is responsible for having a legal basis for using data in the workspace, especially company client data, employee attendance, GPS geofencing, and internal controls.
| Area | Data types | Purpose | Typical retention |
|---|---|---|---|
| Account | name, email, password hash, Google identity, language, theme, plan | registration, login, password reset, account security | account lifetime and a reasonable period after termination |
| Invoices and clients | supplier, customer, company ID, tax IDs, IBAN, items, amounts, PDF, XML, QR data | invoice creation, records, export, sending, and status tracking | according to account settings and customer accounting/tax retention |
| Documents and templates | DOCX templates, placeholders, imported tables, generated ZIP/PDF/DOCX outputs | bulk document generation and workflow packs | according to plan, archiving settings, and user deletion |
| Email/status workflow | recipients, CC, sending status, reminders, timestamps | sending invoices, reminders, and work documents | for communication evidence and legal claim needs |
| Audit logs and approvals | who changed what and when, before/after values, IP, user agent, approver, comment | accountability, internal controls, audit trail, evidence | longer where needed for controls and tenant settings |
| Teams and workspace | roles, permissions, invitations, memberships, clients, processes | team management, access, and responsibility tracking | workspace lifetime or legal need |
| People and employees | name, contact details, address, employer, role, department, manager, engagement type, contract dates, lifecycle status, employment-change records | onboarding, contract updates, employee GDPR documents, attendance, offboarding, and internal records | during employment/collaboration and then according to the customer employment, accounting, and retention periods |
| Trip log | vehicles, plate numbers, drivers, odometer, trips, purpose, private/business type, expenses | trip log records and monthly reports | according to customer accounting and tax retention |
| Smart Trips | trip start/end, location, route only when enabled, vehicle, driver, client, purpose | trip suggestions and sync to trip log | route points usually 30-60 days; trip summary according to accounting retention |
| Attendance and Smart Presence | clock-in/out, breaks, timesheets, corrections, geofence enter/exit events | attendance, approvals, corrections, and payroll exports | raw GPS/geofence events default 60 days; then hour summaries where needed |
| Android device | device id, model, app version, device token, revocation, push token | secure login, sync, notifications, device management | while linked and shortly after unlinking |
| Cookies and analytics | session cookies, CSRF tokens, language, theme, optional analytics | login, security, preferences, and consent-based measurement | according to cookie table and browser settings |
