Privacy Policy

Modified on Mon, 1 May, 2023 at 12:40 PM

TABLE OF CONTENTS






Glossary of Terms and Definitions


Term 

Definition 

Anonymisation

Means the process of removing direct personal identifiers that may lead to an individual being identified or re-identifiable. 

Anonymous Data

Means any information relating to a natural person where the person cannot be identified whether by the Data Controller or by any other person, taking account of all the means reasonably likely to be used either by the Data Controller or by any person to identify that individual.

Consent 

Means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data Controller 

Means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. 

Data Processor 

Means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Data Protection Laws

Means the data protection legislation(s) that Hotdesk abides by. Such legislations stipulate the data protection standards that Hotdesk must comply with to ensure that the privacy, confidentiality, and integrity of data is upheld. 

The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

The Spanish Data Protection and Digital Rights Act 3/2018 (the “Data Protection Act”)

Data Subject 

Means the individual to whom the personal data relates to. 

Data Transfers

Means the transfer of data from one jurisdiction to another.

Encryption

Means the process of encoding information stored on a device and can add a further layer of security. It is considered an essential security measure where personal data is stored on a portable device or transmitted over a public network. 

European Economic Area (EEA)


Means the area in which the agreement on the EEA provides for the free movement of persons, goods, services, and capital within the European Single Market, as well as the freedom to choose residence in any country within this area.

Identifiable Natural Person

A natural living person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to his biological, physical, biometric, physiological, mental, genetic, economic, cultural or social identity.

Personal Data 

Means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Personal Data Breach 

Means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

Processing 

Means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Pseudonymisation 

Means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Rights Requests

Means specific rights that individuals may exercise as per the Spanish Data Protection and Digital Rights Act 3/2018 (the “Data Protection Act”).

Special Category Data

Means data revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and including genetic data and biometric data where it is used for the purpose of uniquely identifying a natural person.

Subject Access Request (SAR)


Means a request from an individual (or a data subject) seeking a copy of one's data from an organisation in an accessible, readily available, and legible format. Such requests are limited to information that is specific and limited to that individual.

Supervisory Authority (SA)

Means the local data protection regulators who are responsible for overseeing data protection compliance within a given jurisdiction. Such regulators are responsible for the following:

  • Monitoring and enforcing data protection compliance

  • Prepare key guidance documents

  • Proposing and approving codes of practice

  • Investigate complaints made by data subjects

  • Preparing guidance


The competent national supervisory authority in Spain is Agencia Española de Protección de Datos (the “AEPD”).

Third Party 

Means an entity, whether or not affiliated to an organisation, that is in a contractual arrangement with Hotdesk. These third-party relationships include, but are not limited to, activities that involve outsourced products and services, use of independent consultants, networking and marketing services arrangements, merchant payment processing services, services provided by affiliates and subsidiaries, joint ventures and other business arrangements where Hotdesk has an ongoing relationship. 

Workspaces or Listings

Means one or many physical space(s) that is/are made available to User(s) whether for viewing on Hotdesk’s Platform, and/or to use during specific times if booked by a User and accepted by the Host, and subject to specific Booking Fees and any site-specific terms or limitations. 

Workspaces and Listings are listed on Hotdesk’s Platform by their respective owner/operator, the Host, either directly or by agreeing with us to list the workspace for them on our Platform. 

Workspaces may be but are not limited to co-working spaces, serviced offices, business centres, shared offices, and/or any other physical location for commercial business purposes. 

Listings may be but are not limited to specific rooms, office rooms, meeting rooms, conference rooms, event spaces, dedicated desks, hotdesks, and/or shared areas within a Workspace. 

 



Introduction


Hotdesk. S.L (referred to as “we”, “us”, “our” or “Hotdesk” in this policy) primarily refers to all personal information that is collected and used about Hotdesk Users, Hosts and Enterprise Clients for the purposes of the Spanish Data Protection and Digital Rights Act 3/2018 (the “Data Protection Act”). 

Hotdesk. S.L is registered in Av Diagonal, 420, Planta Baja. 08037, Barcelona, Spain.

This notice describes the personal data we collect, how it is used and shared, and your choices regarding this data. Hotdesk is the data controller for the personal data collected in connection with the use of Hotdesk Services.

Hotdesk recognises that in other instances, it is a Data Processor when it provides the Hotdesk Host Portal to allow Host or Enterprise Clients to add and manage spaces and listings on the Hotdesk app. It also provides businesses and enterprises with access to the Host Portal so that they can manage their real estate, gain data insights, and track employee usage and preferences.

Scope


This notice applies to Users of Hotdesk’s services, including Users of Hotdesk’s mobile application (AppStore & Google Play), Hotdesk websiteHotdesk Host Portal, and services (collectively, the “Services”) and through other interactions and communications you have with us. This notice specifically applies to:

  • Users: refers to any person or entity which uses Hotdesk’s Platform to find or book workspaces (as defined below), inclusive of person(s) or entity(ies) that have downloaded, installed or used our software applications and/or visited our Platform(s), even if they have not initiated a booking request or signed up.

  • Hosts: refers to the owners and/or operators of Workspace(s) and Listings, and any relevant Agent(s) or third parties that are involved with the Host in managing their Workspaces and Listings.

  • Enterprise: is a Hotdesk client that avails of the Services for the benefit and use of their own employees work space needs.

  • This notice also governs Hotdesk’s other collection of personal data in connection with its services. For example, we may collect the contact information of individuals who use accounts owned by Hotdesk Enterprise Users. 


Personal Information we collect about you


  • Information that you provide to us 

We collect information you provide directly to us through your access or use of the Services, such as when you create or modify your account, “Help” or “Feedback” support, or otherwise communicated with us. 

  • Information we collect through your use of our service

When you use our Hotdesk app, we collect personal data which you can find more information in this Privacy Policy. 

When you use the Hotdesk Portal, we collect personal data which you can find more information in this Privacy Policy. 

  • Information we collect from other sources

We may also receive information from other sources and combine that with Personal Data we receive from you or collect through our Services. This may include: 

  • If your employer uses one of our enterprise solutions, we may receive information about you from your employer.

  • Vendors who validate user phone numbers of the user (for  sign-up or password recovery).

  • To manage payments regarding final passenger accounts and card information.



Use of your personal information


We use your personal information for a variety of reasons. The table below illustrates such uses.

Category

Description

Example

Account Management

Used for the setup, bookings, payments and management of Host  accounts. 

For example, to enable Hosts to create accounts, log in to the Hotdesk app and host portal, or to verify their credentials. 

We also conduct a monthly review to confirm the accuracy of booking dates and to settle any payments that may be outstanding. 

Advertising and/or Marketing

Used to display or target ads, ad personalisation, marketing communications, or measuring ads performance.

For example, displaying ads in your app, sending push notifications to promote other products or services, SMS and email marketing, or sharing data with advertising partners.

Analytics

Used to collect data about how Users use the app or how it performs.

For example, to see how many Users are using a particular gesture, to monitor app health, to diagnose and fix bugs or crashes, or to make future performance improvements.

App Functionality

Used for Features that are Available in the App

For example, to enable app features, or to authenticate Users.

Developer Communications

Used to send news or notifications about the app or the developer.

For example, sending a push notification to inform Users about an important security update.

Fraud Prevention, Security and Compliance

Used for fraud prevention, security, or compliance with laws.

For example, monitoring failed login attempts to identify possible fraudulent activity.

Personalised Commercial and Promotional Communications

To send commercial and promotional communications through telematic or conventional means, in relation to similar goods and services than the ones previously contracted or acquired from Hotdesk. 

This includes personalised electronic communications with information regarding products, services, events, courses, programs, promotions and relevant news for users. 

For example, customers / transport agencies can send communications to their final users/passengers using our dashboard (push notifications).

Quality and Satisfaction Surveys



Qualitative and Quantitative Studies 

To carry out and analyse quality and satisfaction surveys related to the services offered by Hotdesk.

To carry out research exercises that aim to understand deep insights about the users habits, patterns, psychographics etc. 

To carry out research exercises that aim to measure CSAT and NPS score to collect data about customer satisfaction, willingness to refer to the service and get a numerical understanding of our target audience demographics, habits, booking patterns. 

For example, we would engage with focus groups and conduct customer interviews to complete this exercise.

For example, this could be done either through direct surveys sent in emails, SMSs or face to face at

workspaces or other locations.


Disclosure of your personal information by us


We only disclose your personal information outside of Hotdesk in limited circumstances. If we do, we will put in place appropriate controls and data sharing agreements that require recipients to protect your personal information, unless we are legally required to share that information. Any contractors or recipients that work for us will be obliged to follow our instructions. We do not sell your personal information to third parties.

We may disclose your information to our third-party service providers, partners, agents, and subcontractors (Suppliers) for the purposes of providing services to us or directly to you on our behalf.

When we use Suppliers, we only disclose to them any personal information that is necessary for them to provide their services and only where we have a contract in place that requires them to keep your information secure and not to use it other than in accordance with our specific instructions.

We take steps to ensure that any third-party partners who handle your information comply with data protection legislation and protect your information to the same extent that we do. We only disclose personal information which is necessary for them to provide the service they are undertaking on our behalf. We will aim to anonymise your information or use aggregated non-specific data sets where possible.

We attach a supporting Schedule with a list of the categories of third parties with whom we may share your data.


Category of Third Party

Description of Service Provided

Lawful Basis for Processing

Affiliates

We may share your personal data with our affiliates in order to improve and enhance the user experience. 

Legitimate Interest

Asset Purchasers

We may share your personal information with any third party that purchases, or to which we transfer, all or substantially all of our assets and business. Should such a sale or transfer occur, we will engage best efforts to try to ensure that the entity to which we transfer your personal information uses it in a manner that is consistent with this privacy policy.

Legitimate Interest

Performance of a Contract

IT Service Providers

System based processing of personal details as part of organisational/ operational requirements.

e.g. cloud hosting services; application development and support services; IT Infrastructure services; email services; call recording services.

Help maintain the safety, security, and integrity of our services and Users.

Performance of a Contract

Law Enforcement Agencies & Authorities

To assist law enforcement agencies for the purposes of preventing, detecting, investigating, or prosecuting criminal offences.

Legal Obligation

Courts, Regulators, and Government Authorities

We may share your personal information with these parties where we believe this is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights or the rights of any third party.

To investigate or address claims or disputes relating to the use of Hotdesk’s services, to satisfy requirements under applicable laws, regulations, or operating licences or agreements, or pursuant to legal process or governmental request, including from law enforcement.

Legal Obligation

Legal/Professional Advisors

The provision of business consulting, audit and legal services including access to and analysis of personal data as part of business initiatives, statutory audits, legal claims, and ad-hoc consultancy advice.

Performance of a Contract

Legitimate Interest

Other Users

Provide, maintain, and improve our services, including, for example, to facilitate payments, send receipts, provide services you request (and send related information), develop new features, provide User support to Users, develop safety features, authenticate Users, and send product updates and administrative messages.

Perform internal administration and operations, including, for example, to prevent fraud and abuse of our services; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends.

Send you communications we think will be of interest to you, including information about products, services, promotions, news, and events of Hotdesk, where permissible and according to local applicable laws.

Notify you about changes to our terms, services or policies and other communications that aren’t for the purpose of marketing the services or products of Hotdesk or its partners.

Legitimate Interest

Performance of a Contract


Cookies


We use cookies on our website. Hotdesk is the data controller of any information we obtain from the use of cookies. Please refer to our Cookie Policy for more information.

International Data transfer


We are a global organisation, and your personal information may be stored or processed in any country where we have our facilities or in which we engage service providers and subcontractors. 

We have put in place appropriate safeguards in accordance with applicable legal requirements to ensure that your data is adequately protected. 

What are your rights ?


You have certain rights in respect of your personal data, and we have processes to enable you to exercise these rights. Your rights are as follows:

  • Opt Out / Unsubscribe: You can request to be removed from our marketing mailing list, from the unsubscribe button in the email itself. 

  • Right to Access (also known as a ‘Subject Access Request’): You have the right to obtain confirmation as to whether we process personal data about you, receive a copy of your personal data held by us, and obtain certain other information about how and why we process your personal data.

  • Right to Rectification: You have the right to request for your personal data to be amended or rectified where it is inaccurate (for example, if you change your name or address) and to have incomplete personal data completed. 

  • Right to Erasure (also known as 'the Right to be Forgotten'): You have the right to deletion of your personal data in the following cases:

    1. The personal data are no longer necessary in relation to the purposes for which they were collected and processed. 

    2. Where our lawful basis for processing your information is consent and you then withdraw your consent. 

    3. Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us, you object to our processing and we do not have overriding legitimate grounds.

    4. You object to our processing for direct marketing purposes. 

    5. Your personal data has been unlawfully processed. 

    6. Your personal data must be erased to comply with a legal obligation to which we are subject.

  • Right to Object: You have the right to object to our processing of your personal data in the following cases: 

    1. Our lawful basis for processing is that the processing is necessary for a legitimate interest pursued by us. 

    2. Our processing for direct marketing purposes.

  • Right to Data Portability: You have the right to request for your personal information to be prepared and arranged and sent to another organisation (or ask us to do so if technically feasible).

  • Right to Withdraw Consent: Where we process personal data based on consent, individuals have a right to withdraw their consent at any time. To do so, please use the contact details below in the “How to Contact Us” section.

  • Right to Lodge a Complaint with a Supervisory Authority: We sincerely hope that you will never need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint using the contact details set out below. You may lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred. 


Please note, all rights are subject to qualifications and limitations. In other words, there may be instances and justifiable grounds to deny any request where we are required or permitted by law to do so. We will always be clear and communicate this to you if and when these instances arise.

Security


Your Hotdesk profile is password-protected so that only you and authorised Hotdesk employees have access to your account information. Hotdesk staff will never reach out to you and ask for any personal account information, including your password.

We make every effort to ensure that your personal data is secure on its system. We have staff dedicated to maintaining our security standards as set forth herein. We implement technical and organisational measures to ensure a level of security appropriate to the risk to the personal information we process. These measures are aimed at ensuring the on-going integrity and confidentiality of personal information. We evaluate these measures on a regular basis to ensure the security of the processing. 

Unfortunately, no data transmission over the Internet can be guaranteed to be 100% secure. As a result, we cannot guarantee the security of any personal data you transmit to us, and you do so at your own risk. If you have any further questions on this issue, refer to our Terms of Service.

Data Protection lead


Our data protection lead, the COO, can be contacted in relation to queries related to this policy. You can send your queries by emailing help@hotdesk.com

How long do we store your information ?


We will keep your personal information for as long as we have a relationship with you. Once our relationship with you has come to an end, we will retain your personal information for a period of time that enables us to:

  • Maintain business records for analysis and/or audit purposes 

  • Comply with record retention requirements under the law

  • Defend or bring any existing or potential legal claims


We will delete your personal information when it is no longer required for these purposes. If there is any information that we are unable, for technical reasons, to delete entirely from our systems, we will put in place appropriate measures to prevent any further processing or use of the data.

Updates to this notice


We may occasionally update this notice. If we make significant changes, we will notify you in advance of the changes through the Hotdesk apps or through other means, such as email. We encourage you to periodically review this notice for the latest information on our privacy practices.

How to contact us ?


If you have questions or concerns regarding the way in which your personal information is being used, please contact our data privacy team by emailing help@hotdesk.com.  

If you are unsatisfied with the manner in which your information is being processed, please raise a complaint by reaching out to help@hotdesk.com. 

If you would like to lodge a complaint to your local supervisory authority, please get in touch and we will provide you with instructions and contact details to your local supervisory authority.

If you would like to stop receiving commercial or promotional communications, please email Hotdesk at help@hotdesk.com or by unsubscribing through any of the communications received.

We are committed to working with you to obtain a fair resolution to any complaint or concern you may have. If, however, you believe that we have not been able to assist with your complaint or concern you have the right to make a complaint to the data protection authority of your country.



Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article