Version: October 4, 2020
Unfortunately, it’s in the nature of things that this policy sounds quite technically. We tried to keep things as simple and clear as possible.
Personal data stored
The personal information you provide us (such as your name, email address, address or other personal information required in some form) are processed by us together with a timestamp and your IP address only for the stated purpose, stored securely and are not passed on to third parties.
Thus, we only use your personal information only for the communication with visitors who express this and for providing the offered services and products. We will not pass on your personal data without your consent. This should however not preclude that national authorities can gain access to this data in case of unlawful conduct.
If you send us personal data by email, we cannot guarantee its secure transmission. We strongly recommend not to send personal data via email without encryption.
The legislative basis according to article 6 (1) of the DSGVO (lawfulness of processing of personal data) consists of your consent to processing your provided information. You can revoke your consent at any time. An informal email is all it needs. You’ll find out contact information in this website’s imprint.
Which personal data we store
On this website
You can use this website without providing any personal information. If you optionally choose to use functionalities that require the input of personal information, we will only use these for the purpose stated.
In the app
Using the app is only possible if your organization previously set up a user account for you. The processing of your login details (username, password, and other information) happens on our servers or directly on the servers of your organization, depending on your organization’s configuration. If your organization processes your login information, we use established standards such as OpenID Connect or OAuth so your sensitive data is processed directly by your organization’s systems. In this case, your log in details are neither stored nor processed by our servers. However, your email address is always stored on and processed by our systems to identify the relevant organization and the available authentication methods.
To enable a personalized usage of the app, it’s necessary to store a minimum set of personal information after logging in. This includes your email address as an identifier, your name and a unique account ID provided by your organization’s authentication system.
Furthermore, we store and process the bookings you place using the app. For these bookings, we store the timestamp, enter and leave date, and the details of your booking (such as the selected space) and link them with your user account.
Where we store your data
Our servers are located in Germany.
Your rights according to General Data Protection Regulation (GDPR)
According to the regulations of the General Data Protection Regulation (GDPR) you have the following rights:
- Right to have your data corrected (article 16 DSGVO)
- Right to have your data deleted (article 17 DSGVO)
- Right to limit the processing of your data (article 18 DSGVO)
- Right to be notified – Duty regarding the correction, deletion or limitation of your data and its processing (article 19 DSGVO)
- Right to data portability (article 20 DSGVO)
- Right to refuse (article 21 DSGVO)
- Right to be not subject to sole automatic decision making, including profiling (article 22 DSGVO)
If you think the processing of your data violates the terms of the General Data Protection Regulation (GDPR) or your claims for data protection are violated in any way, you can contact the Federal Commissioner for Data Protection and Freedom of Information in Germany.
How long we store your data
If you sign up for our services or place a booking using the app, we will store the data as described above for an indefinite period of time. If your organization decides to terminate the contractual relationship with us, we will delete all related data directly after the contract has ended. Due to technical reasons, it may be necessary to keep backups after the date the contract ends.
Which rights to have regarding your data
If you have an account in the app and/or you have placed a booking, you can request an export of your personal data from us, including the data you have chosen to share with us. Furthermore, you can request the deletion of all your personal data stored on our systems. This does not include data we have to keep due to administrative, legal or security reasons.
Where we send your data
We will not share your data with third parties. Please note that your organization’s administrators can view your bookings in order to manage them and create statistics.
TLS encryption using HTTPS
In both our website and our app, we use HTTPS to transport data securely. (data protection by technical means article 25 (1) DSGVO). By using TLS (Transport Layer Security), an encryption protocol to securely transport data on the internet, we can protect sensitive data. Most browsers show a lock symbol in your browser when HTTPS is active.
For processing payments from your organization to us, we use the payment provider Bright Market, LLC (“FastSpring”) located in the USA. FastSpring acts as a broker and acts for its own account and its own name. You will receive payment confirmations and invoices directly from FastSpring.
Thus, FastSpring will receive knowledge about your data required to process the payment. After a payment has been completed, we receive relevant information using an automatic technical interface. This includes:
- Your email address
- Your first and last name
- Company name
- Purchased products and amounts
You can view more information about FastSpring’s data protection here: https://fastspring.com/risk-management-and-compliance/gdpr/
Cloudflare is an active member of the EU-U.S. Privacy Shield Framework which ensures the correct and secure transfer of personal data. More information at https://www.privacyshield.gov/participant?id=a2zt0000000GnZKAA0.
You can find more information about Cloudflare’s data protection at https://www.cloudflare.com/privacypolicy/.