clouds

Privacy Policy

Spaceflow transforms physical buildings into a human experience, making amenities, services and community life available right in the palm of your hand. Spaceflow changes the way people connect with the spaces around them and with each other – making life more convenient and enjoyable.

Definitions

GDPR means General Data Protection Regulation (EU) No. 2016/679;

  • Personal data means any information relating to an identified or identifiable natural person;
  • All definitions used in the Terms of Use are also used in these Privacy terms unless is stated something explicitly different.

What data are collected?

  1. In order to provide “You” (as the User of our services especially the App) and the “SF Manager” (entity which use the App with respect to the specific real-estate project) with an essential App functionality under the Terms of Use we, the Spaceflow, collect through your App-Usage following Personal data:
Minimal viewed data Basic data for App to work for any user: Optional data (voluntarily inserted) Social Content
Name/Surname Name (Name of the Merchant), Surname Bio („description“ in case of the Merchant) Reservations, communications etc. by a particular User
E-mail E-mail Telephone (in case of the User)
Telephone (compulsory in case of the Merchant, in case of the User compulsory for verification while registering the Account unless Facebook login used) Image (in case of the User)
Phone operating system & brand Employer
Facebook credentials (ID user and E-mail stored in the phone)
Phone language
Privacy settings
Notification token
Geolocation (not stored)
Password (not access to it) / access code to the building
Image (in case of the Merchant)

In the following, the data specified above is jointly referred to as the “User Data". The App does not allow performing any personalized analysis of your behavior or profiling based on the User Data.

Who can see my profile?

If your Account is in private regime, the Optional Data and your Account is not seen within a particular Profile by anyone except the SF Manager and the Spaceflow through the web admin page to the extent of your Personal Data and if you post anything, your post is visible to anyone in the particular Profile. The Merchant cannot see in web admin page anything about you except its published information (e.g. advertisements).

If your Account is in public regime, your Account can be viewed also by other Users connected to the same Profile and in such Profile to the extent of your Personal Data and Optional Data and the Content you published.

Who is controller and processor?

Spaceflow provides some of the data above to the SF Manager who processes this data for its own purposes. Please find below an overview of who is controller for which processing activities:

Personal Data Basic data Minimal viewed data
Basic data (user inserts the data) Spaceflow
Basic data
Optional data
Social content (user inserts the data)
Spaceflow
Minimal viewed data
Optional data
Social content (if applicable) (the SF Manager receives through the App)
SF Manager Spaceflow
Optional data
(Inserted by the User himself about another user)
User (if applicable) Spaceflow

If You provide (as the Merchant or any Building user) the Personal Data/Optional Data of another natural person (e.g. sub-contractor or employee), You are considered to be a controller with full liability and the Spaceflow is a processor.

What Spaceflow does with the User Data and Optional Data

  1. App functionality
    We, the Spaceflow, use the User Data in the App in order to make the App work under the Terms of Use, i.e. to provide all Users of the App their connection with their Account and to join the Profiles, and to connect the Users, the Merchants and the SF Managers in social environment of the Profiles. Thus, processing User Data for this purpose is necessary in order to perform a contract with you. For this purpose, your data will be stored until the Account is deactivated.

  2. Improvement of the App

    In addition to the purpose described above, we, the Spaceflow, may use the User data (which are for these purpose used in anonymized form and therefore not personal data under GDPR) on the basis of our legitimate interest in further development of the App, more specifically:

    • to improve, test, and monitor the effectiveness of the App with respect to the current functionalities in the Profiles (e.g. workload of hardware if certain amount traffic is reached, modify user experience in order to provide more comfort and intuitive use of the App, change of the Apps configuration if any);
    • to develop and test new features (including their improvement, e.g. future internal market, different method of sharing economy implemented within the building profile, incentivize a cooperation of building users,) of the App;
    • to monitor metrics such as total number of visitors, traffic (e.g. how much users sign into the App during day, what are the main activities they do in the app, the workload of the App during the day);
    • to diagnose or fix problems with the use of the App (e.g. if the App does not work properly with a specific device operating system, if it crashes due to incompliance with other technical parameters of the device);
    • to automatically update the App on your device (if the Spaceflow comes with any new functionality of feature we do so through the App update).

    Content posted within the Profile stays in the Profile communication history until it is outdated (in case of created events) or deleted by you (if you are an author). All other data (communication) will be stored for the purposes above for life of the Profile.

  3. Recipients

    Spaceflow uses the following processors:

    • Google Ireland Limited (Cloud Service Provider, providing “platform as a service” services e.g. environment, computing capabilities, for more information see: https://cloud.google.com/terms/), the App runs on the Google Cloud Platform.
    • Message Systems, Inc. d/b/a SparkPost, Delaware, US, (email service - Sparkpost, sending the email from the App), for more information see: https://www.sparkpost.com/policies/DPA/ (the App uses API of the Sparkpost to send: 1) Addressing, message, 2) email address of the addressee 3) content of email. Message Systems, Inc. d/b/a SparkPost is certified under the EU-U.S. Privacy Shield Framework.

    Furthermore, your data may be disclosed to the following recipients:

    • In case privacy mode is off: App-User joined in same Profile as the User, application portfolio manager, building managers;
    • Courts, Legal Representatives and Notaries;

What the SF manager does with the Minimal viewed data, the Optional data and the Social content

  1. Purpose, legal basis and duration of processing

    If you are connected to the particular Profile the SF Manager is a controller of the personal data in your Profile, namely your Minimal viewed data, the Optional data and the Social content (see above). Your profile can be viewed by the SF Manager through the web admin environment of the App. SF Manager is entitled to observe and manage the Profile environment to the extend you see. Through web admin page the SF Manager is entitled to see your Minimal viewed data.

    SF Manager uses the web admin webpage to:

    • regulate access control and management of users of the Profile for a particular building;
    • react to various requests/demands and feelings from You;
    • communicate with You directly through various communication activities (questionnaires, posts and notifications regarding functionalities, facilities, etc.);
    • improve the service of buildings operated by the SF Manager; and
    • provide social place for You to meet and to make the building life more vibrant.

    Processing your Minimal viewed data, the Optional data and the Social content as just described is necessary for the purpose of the legitimate interest of the SF Manager to provide better services in the building to which the building profile in the App is connected, to create closer connection between the operator of the real-estate project and You (the User/Merchant), to provide unique and vivid experience when your work or use the particular building any other way and make the particular building attractive for current and prospective tenants.

    For these purposes, your data is stored it is outdated (in case of events) or deleted by you (if you are an author). Communication between you and your SF Manager is stored for life of the Profile.

  2. Recipients

    SF Manager uses the following processors:

    • IT-Service provider Spaceflow s.r.o. (for the purpose of ensuring the technical functionality and for providing all users of the App their connection with their Account and to join the Profiles);
    • Property-manager (in case they are admins of the particular Profile, if the SF manager provides access to the Profile of the facility/asset);

    Furthermore, your data may be disclosed to the following recipients:

    • Company’s affiliates (for the purpose of internal audits);
    • In case privacy mode is off: Users joined in same Profile as you, application portfolio manager, building managers, service providers, admin of Spaceflow (the latter only in case You load data about the building);
    • Courts, Legal Representatives and Notaries;

What are the security measures in place?

The App and the web admin environment use in communication with all users of the App a Transport Layer Security (TLS) encryption technology to encrypt personal information (including geolocation) and maintains by-design security.

If you make a reservation within particular Profile in the App for a certain service, you will decide whether the App will have access to your calendar application in order to record such reservation.

The Spaceflow guarantees that information in the App may not be accessed, disclosed, altered, or destroyed without authorized access.

Data logs from the App are saved for the purposes of security events and are erased from the App after 7 days.

If there is a serious suspicion that the particular user breached the Terms of use or committed a fraud and other illegal activity, such log can be accessed, processed and retained for an extended time period when it is the subject of a legal request or obligation, governmental investigation, or investigations concerning possible violations of the Terms of Use, or otherwise to prevent harm.

The Spaceflow, the SF Manager and the Merchant can access the App through Web admin environment. We do not use any plugins of third parties in our web admin environment and the App webpage.

The Spaceflow uses its own analytics tools to monitor metrics and usage trends in the App and such tools collect information sent by your device but are anonymized. The Spaceflow works within the App only with anonymized logs of such statistics and then provide results to the SF Manager in the web admin environment.

If Information is anonymized (e.g. used anonymized for statistics) so it is no longer reasonably associated with an identified or identifiable natural person, the Spaceflow and the SF Manager may use it for any business purpose.

What are your rights and your obligations?

The EU General Data Protection Regulation grants you a number of rights:

  • to request access to your personal data;
  • to request rectification or erasure your personal data;
  • to request restriction of the processing of your personal data;
  • to object to the processing of your data;
  • to receive your data, as it was provided by you (data portability).

In case you gave your consent to processing your personal data, you have to right to withdraw that consent at any time.

If you wish to exercise any of the rights set out above, please contact the respective controller (see above). You can find the contact details of all controllers at the bottom of this document.

Although the Spaceflow and the SF Manager go to great lengths to ensure your data's confidentiality and integrity, differences in opinion might nevertheless occur from time to time. If you feel that the Spaceflow or the SF Manager is not handling your data in line with applicable laws, please do not hesitate to contact us. Alternatively, you are entitled to file a claim with the data protection authority in your country.

Changes of Privacy Terms

The Spaceflow may modify or update this privacy policy from time to time. The Spaceflow may provide you through the App and via e-mail with additional forms of notice of modifications or updates as appropriate under the circumstances.

How can you reach us?

1. Spaceflow

Spaceflow s.r.o.

With its registered office at náměstí I. P. Pavlova 1789/5, Nové Město, 120 00 Prague 2

Id. No.: 05184142

Registered in the Commercial Register kept by the Municipal Court in Prague, Section C, File 259630

Account No.: 275103930/0300

Represented by Lukáš Balík, Executive Director

The representative of the Spaceflow: support@spaceflow.io

Data Protection Officer: dpo@spaceflow.io

2. SF Manager

You can also reach the SF Manager in the App help desk for particular Profile.