Then - while it is nice that they are ‘dogfooding’ their own product - I’d rather see their privacy policies and terms of service as regular HTML pages and not their Docs. After all, now to read the PP you have to already use the product, so you are already liable the PP/ToS terms, possibly.
The PP looks well thought-out and complete. They do not have ‘advertising’ cookies, so the trackers are related to the other categories (they do use Google Analytics for instance). The PP is compliant to the GDPR EU privacy regulations, which is good. However, while this gives you better protection that, say, anything you have in the US, there are many legal loopholes in privacy policies in general that still make it very hard to know how your data can be used.
I am not a lawyer or expert in this, but to me texts like “We do not link IP addresses to anything personally identifiable. This means, for instance, that a user’s session will be tracked, but the user will remain anonymous.” means not much. For the law, probably, now your data is anonymous and can be shared with others. But anyone could know your identity from the IP address and your browser fingerprint and de-anonymize it. Google being in their services means that vast amounts of your data are probably being collected. This is subject to Google’s privacy policies.
GDPR compliance means you can request to see the data that they (OnlineOffice) collect, and be assured of good retention policies (e.g. deletion 60 days after you close your account) and “Right to be forgotten”, etc. You’ll have to find out though what each of their 3rd parties are doing with your data, by going through their PP’s too.
They mention they may share data ‘with partners or other third parties’, but do not explicitly mention who they are. In the PP they only mention Google and Amazon AWS and refer to their PP’s. Maybe these are the only 3rd-parties.
All in all, as PP’s come, this is a good one. But PP regulatory guidelines in general still have much to be desired.