The Spaceflow transforms physical buildings into a human experience, making amenities, services and community life available right in the palm of your hand. The Spaceflow changes the way people connect with the spaces around them and with each other – making life more convenient and enjoyable.
GDPR means General Data Protection Regulation (EU) No. 2016/679;
Personal data means any information relating to an identified or identifiable natural person;
|Minimal viewed data||Basic data for App (or its services) to work for any user:||Optional data (voluntarily inserted)||Social Content|
|Name/Surname||Name (Name of the Merchant), Surname||Bio (“description” in case of the Merchant)||Reservations, communications etc. by a particular User|
|Telephone (in case of the User)|
|Telephone (compulsory in case of the Merchant, in case of the User compulsory for verification while registering the Account unless Facebook login used)||Image (in case of the User)|
|Phone operating system & brand||Employer|
|Facebook credentials (ID user and Email stored in the phone)||Time of the meeting with the visitor /User, place of the meeting with the visitor /User (in case of the Visitor System)|
|Geolocation (not stored)|
|Password (not access to it) / access code to the building|
|Image (in case of the Merchant)|
|History of purchased Events (date, Event name, Price)|
|History of purchased Amenities (date, duration, Amenity name, Price)|
The data specified above is jointly referred to as the “User Data”. The App does not allow performing any personalized analysis of your behavior or profiling based on the User Data.
Other specific data are processed for web admin page and for online payment mechanism within the App:
|Experience data (Appcues platform)|
|PD I: Any User profile data passed to Appcues by the Spaceflow, using the `Appcues.identify()` SDK function Browser information that is collected by default in the Appcues SDK (e.g., OS, device type, browser language, user agent);|
|PD II: End-user Appcues data This data pertains to how Users are interacting with Appcues content; This category usually does not contain Personal data;|
|PD III: Spaceflow’s data is collected by the Appcues dashboard, for example the name and email address of each of a Spaceflow’s team members who are authorized to use the Appcues platform. This category contains Personal data;|
|PD IV: Spaceflow’s aggregate data includes its-wide statistics such as active User count, number of Appcues flows shown, how many Appcues flows are published at a time, etc. This data does not contain Personal data.|
|Payment data (Adyen payment service)|
|Cardholder data (like Credit Card Numbers, CVC codes, expiry dates etc.). The Spaceflow does not have access to such data (except for the last 4 digits of the card number, expiry data and Cardholder name) and they are securely processed by a payment platform which acts as a sub-processor – Adyen.|
|Facebook SDK data (SDK data)|
Explicit events, Implicit events, Automatically logged events, Facebook app ID, Mobile advertiser ID, Metadata from the requests, the following device related metrics: time zone, device OS, device model, carrier, screen size, processor cores, total disk space, remaining disk space.
The SDK data is described more in detail here.
If your Account is in private regime, the Optional data and your Account is not seen within a particular Profile by anyone except the SF Manager and the Spaceflow through the web admin page to the extent of your Minimal viewed data and if you post anything, your post is visible to anyone in the Profile (in case of ticket request the SF Manager upon its decision can see your cell phone number). The Merchant cannot see in the web admin page anything about you except its published information (e.g. advertisements).
If your Account is in public regime, your Account can be viewed also by other Users connected to the same Profile and in such Profile to the extent of your Minimal viewed Data, the Optional Data and the Social Content you published.
The Spaceflow provides some of the data above to the SF Manager who processes this data for its own purposes. Please find below an overview of who is controller for which processing activities:
(user inserts the data)
(except of history of purchased Events and history of purchased Amenities)
(user inserts the data)
|History of purchased Services (Events, Amenities)||SF Manager / Merchant||Spaceflow|
Minimal viewed data
Social content (if applicable)
(the SF Manager receives through the App)
(Inserted by the User himself about another user, or – in case of the Visitor System – about the visitor)
|User (if applicable)||Spaceflow|
If You provide (as the Merchant or any Building user) the Basic data/Optional data of another natural person (e.g. sub-contractor or employee), You are considered to be a controller with full liability and the Spaceflow is a processor.
For this purpose, your data will be stored until the Account is deactivated.
In addition to the purpose described above, we, the Spaceflow, may use the User Data (which are for these purposes used in anonymized form and therefore not considered to be personal data under the GDPR) based on our legitimate interest in further development of the App, more specifically:
We, the Spaceflow, process the Experience data in order to provide effective onboarding process for new App-users, to facilitate early adoption of new App features, to enable better user – experience through App-user feedback/surveys, campaigns and Users’ self-service support, as a result to make experience with the App deeper.
Social content posted within the Profile stays in the Profile communication history until it is outdated (in case of created events) or deleted by you (if you are an author). All other data (communication) will be stored for the purposes above for life of the Profile.
Between the Spaceflow and customers who possess a SF Manager role is based on agreement and the Terms enabled possibility to pay through an online mechanism in the web admin page. Therefore, the Spaceflow processes the Payment data on the basis of a legal obligation. The Spaceflow does not have any access to this Payment data (unless stated above) which is processed securely by the below stated processor in compliance with the best industry practices.
We process SDK data to allow you to log to the App via Facebook, based on the legitimate interest under point 2 above.
Based on this information we may use this SDK data to create a list of Custom Audiences to promote our core product, the App, to search for potential customers and users with shared qualities (Lookalike Audience). We do so on the basis of your granted consent.
Spaceflow uses the following processors:
Furthermore, your data may be disclosed to the following recipients:
If you are connected to the particular Profile the SF Manager is a controller of the Personal data in your Profile, namely your Minimal viewed data, the Optional data and the Social content (see above). Your profile can be viewed by the SF Manager through the web admin page of the App. SF Manager is entitled to observe and manage the Profile environment to the extend you see. Through the web admin page the SF Manager is entitled to see your Minimal viewed data.
SF Manager uses the web admin page to:
Processing your Minimal viewed data, the Optional data and the Social content as just described is necessary for the purpose of the legitimate interest of the SF Manager to provide better services in the building to which the building profile in the App is connected, to create a closer connection between the operator of the real-estate project and You (the User/Merchant), to provide unique and vivid experience when your work or use the particular building any other way and make the particular building attractive for current and prospective tenants. Minimal viewed data may be used by the SF Manager in other systems the SF Manager engages in relation with the operation of the building.
Processing your history of purchased Services is necessary for the purpose of the legitimate interest of the SF Manager (or the Merchant) for the establishment, exercise or defense of legal claims and to fulfillment of their duties with respect to fulfill tax legislation.
For these purposes, your data is stored until it is outdated (in case of events, history of purchased Services) or deleted by you (if you are an author).
Communication between you and your SF Manager is stored for the life of the Profile.
SF Manager uses the following processors:
Furthermore, your data may be disclosed to the following recipients:
The App and the web admin page are used in communication with all users of the App a Transport Layer Security (TLS) encryption technology to encrypt personal information (including geolocation) and maintain by-design security.
If you make a reservation within a particular Profile in the App for a certain service, you will decide whether the App will have access to your calendar application in order to record such reservation.
The Spaceflow guarantees that information in the App may not be accessed, disclosed, altered, or destroyed without authorized access.
Data logs from the App are saved for the purposes of security events and are erased from the App after 7 days.
The Experience data is retained for an indefinite period of time and they can be erased in seven days following the receipt of an individual request at firstname.lastname@example.org.
The Payment data is retained by the payment processor for 10 years, this requires Dutch law under which the payment processor operates.
Personal data received from Integrated third systems are retained in the App for the retention periods set by Integrated third systems providers.
The Spaceflow, the SF Manager and the Merchant can access the App through web admin page. We do not use any plugins of third parties in our web admin page and the App web admin environment.
The Spaceflow uses its own analytics tools to monitor metrics and usage trends in the App and such tools collect information sent by your device but are anonymized. The Spaceflow works within the App only with anonymized logs of such statistics and then provides results to the SF Manager in the web admin page.
If Information is anonymized (e.g. used anonymized for statistics) so it is no longer reasonably associated with an identified or identifiable natural person, the Spaceflow and the SF Manager may use it for any business purpose.
The GDPR grants you a number of rights we will honor:
In case you granted your consent to processing your Personal data, you have a right to withdraw that consent at any time.
If you wish to exercise any of the rights set out above, please contact the respective controller (see above). You can find the contact details of all controllers at the bottom of this document.
Although the Spaceflow and the SF Manager go to great lengths to ensure your data’s confidentiality and integrity, differences in opinion might nevertheless occur from time to time. If you feel that the Spaceflow or the SF Manager is not handling your data in line with applicable laws, please do not hesitate to contact us. Alternatively, you are entitled to file a claim with the data protection authority in your country.
With its registered office at Pernerova 676/51, Karlín, 186 00 Praha 8,
Registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 259630
Account No.: 275103930/0300
Represented by Lukáš Balík, Executive Director
The representative of the Spaceflow: email@example.com
Data Protection Officer: firstname.lastname@example.org
You can also reach the SF Manager in the App help desk for a particular Profile.