PRIVACY STATEMENT OF IOTSPOT BV

1 General
iotspot B.V. (“we” or “iotspot”), the responsible party for processing your personal data, takes great care that your personal data are processed in a manner that complies with applicable laws and regulations. iotspot B.V. agrees to comply without restriction with all privacy stipulations set forth below when provisioning our Services to you.

2 Your consent
In order to access our Services, you (as Customer and/or as User as further defined in our Terms of Service) are required to provide information about yourself (such as identification or contact details). Before entering this information about yourself, you will be requested to give us express and unambiguous consent to process this data.

3 Processing privacy sensitive data of our Customers
Upon entering into a contract with iotspot, we require and will process and store the following information of our Customers (whose Users are registering to and accessing our Services) under your Company Account, for as long as your contract with us is in effect:

a) The registered name of the legal entity;

b) The registered address(es) of the legal entity and location address(es), where our Services are activated for you;

c) The geo-location of the location address(es), where our Services are activated for you;

d) The e-mail domain name(s), of the User groups that you grant access to our Services;

e) Descriptive information about the activated location(s) for you, such as a picture, floor, zone and sector denominations;

f) Descriptive information of the category and type of workplace and rooms that are activated for you in our Services;

g) The number of workplaces (i.e. desks or seats) that are activated for you in our Services per office location;

h) The number of rooms (i.e. meeting room, classroom or treatment room) that are activated for you in our Services per office location;

i) The number of Customer’s Users registered to our Services; 

j) Required billing information of the legal entity;

4 Processing personal data of our Users
Upon registering as a User to our Services, we will process and store the following information of you under your User Registration:

a) You are required to provide and we will process and store it for as long as your User Registration is active:

1) Your name;

2) Your e-mail address, as associated with the e-mail domain name of the Customer;

b) You can optionally provide the following extra information that we will process and store for the period that you have defined these:

1) Your phone number;

2) Your job title;

3) Your public LinkedIn profile identifier;

4) Whether or not you are an Emergency Rescue Officer;

5) Your department;

6) Your profile picture;

c) During the use of our Services you can enter and/or specify the following information that we will process and store, for as long as you have defined these, to improve your ease of use of our Services:

1) Your favourite workplace(s) with their location; and

2) The names - as you define them - of your favourite colleagues;

d) For proper functioning of our Service during your use thereof, we generate the following information associated to you that is processed and stored during the indicated timeframe:

1) The name of the Customer that grants you access to our Services (indicating the Company Account). This data is stored and processed during your use of our Services under the Customer’s contractual relationship with us and/or up to the date of execution of your request to stop your use of our Service and to delete all personal data associated to your registration (i.e. de-registration);

2) Future workplace reservations, i.e. the date and time of workplace reservations that you have made for future use. These records are processed and stored between the time you made the reservation and the actual date of the workplace reservation.

3) Name and authorisation period of guests, i.e. users without the Customer’s domain name, that are invited by you. These data are stored from the date of invitation to the authorised end-date plus 6 weeks. These records will not be deleted upon your de-registration of our Service, but remain stored without association to you up to the indicated end date.

4) Presence data for automated registration of you being present or not at a designated time of a reserved workspace. De facto this defines your whereabout, as a workplace is directly associated with a location. Your presence data is stored and processed during the 24-hour period of the reservation and is deleted after the end of day.

5) The Operating System and its Release-version, which we store and process for the duration of your registration to our Services  

e) To offer you appropriate support in your use of our Services we generate, store and process the following information that is associated to you for the indicated duration:

1) Date of your last use of our Services, which is stored and processed for a maximum period of 52 weeks;

2) Request date, login date, IP-address and login name of your last login request, stored and processed for a maximum of 6 weeks;

5 Purpose of generation, storage and processing of privacy sensitive and personal information
We collect and process information and statistics about the way you use our Services, that is we record, store and process the transactions, like reservations and bookings that you execute with our Services (i.e. “transactional data”). With the exception of a) the data and records mentioned before in article 3 and 4 hereof and b) for the current 24 hour period, this information can thereafter by no means be traced back or associated to you. 

We generate, process and store transactional, personal and privacy sensitive data only for the following purposes:

a) Research into our Services, as to improve our Services;

b) Promotion of the use of our Services within the confines of a Customer’s contractual relationship;

c) To implement our Agreement(s) and our Services with you;

d) The technical and functional management of our Services for you; and

e)  If we are required to do so, either due to regulations and/or legislation, or due to reasons related to  this Privacy Statement:

i) The provision of (personal) data to certain third parties such as right holders, regulators, tax authorities, Justice, Police and other law enforcement agencies; and / or

ii) Enforcing compliance with our Terms of Service (see https://iotspot.co/terms-and-conditions/);

6 Confidentiality
The foregoing data and information, of article 3, 4 and 5 hereof, provided by you and/or generated in association with you may be viewed by authorised iotspot employees. All of our employees that are involved, are required to maintain the confidentiality of the personal information they obtain as documented in a written confidentiality agreement between our employees and iotspot.

Subject to article 5.e hereof, your personal data will not be passed to third parties unless you have given us specific permission to do so, or if this is necessary for the implementation of the services you want to use, or if it is required by law.

7 Your rights
You have the opportunity to view and verify your personal data at any time, to modify it, to shield it from other users or to oppose to it, being it factually incorrect, incomplete or irrelevant. You can review and verify your personal data upon request, either out of the App under Account Settings or with an e-mail to support@iotspot.co. You will receive an e-mail with a “personal data overview" at your registered e-mail address.

You as a User, have the opportunity to delete your personal data at any time, which we will do upon your request. You can generate this "personal data deletion request” using the request form at the bottom of your “personal data overview”.  

8 Information Security
We take all reasonable steps to protect your personal data against loss, abuse, unauthorised access, disclosure, alteration or destruction. It should be noted that no transmission of personal data via the Internet is 100% secure or error-free. You are solely responsible for the security of your Internet connection.

The data we generate, capture and process is stored on servers of our provider Amazon Web Services. The services of Amazon Web Services that we procure and utilise meet the General Data Protection Regulation.

You can find our full information security statement at https://iotspot.co/security.

9 Caching of information on a mobile device
Our Services are among others provided to you by Mobile Applications on your smart device. For purposes of optimal performance of our Services, iotspot reserves the right to cache Content on your smart device. This Content solely comprises of photographs and images that relate to your Company Account and/or are uploaded under your Company Account.

10 Social media
Our Services uses social media messenger services like WhatsApp to enable you to share workspaces with other users. The workspace information is limited to the URL-identifier of the shared workspace and can only be opened by Users that resort under the same Company Account(s). In no way does the shared information contain any personal information. 

You cannot register to our Service via the login of social media services such as LinkedIn (or, but not limited thereto Twitter, Facebook or Google+). Any reference to social media, such as your LinkedIn profile, in our Services is purely informational for you and other Users and does not access any of your personal information through for example the use of cookies.

11 Use of cookies
First, we point out to you that you can define your internet browser settings in such a way that cookies are not accepted. In this way the small software packages that gather information about your Internet usage, can not be installed without your permission. If you refuse the use of cookies, we cannot assure you, however, the (correct) transmission of our messages and the correct delivery of certain services.

Besides the cookies to facilitate a service requested by you (for example, to remember your settings), our Services use Internet tags. Internet tags (also known as single-pixel-GIF's, clear GIF's, invisible GIF's and 1-on-1 GIF's) are smaller than cookies and provide our webserver(s), information such as your IP address, how often you requested a page, the type of internet browser of your computer or smart device and the information you request. This information is solely gathered for the purpose of providing iotspot with statistics on the means by which registered users access our Services.

The cookies associated with any social media services are not used by us on our Website, not used by us when providing secure-URL services, nor used by us in our Mobile App that is installed on your smart device.

12 Links to other websites
Our Services may contain links or references to other websites. We do not forward or provide any of your personal information to these websites. We have no influence on the processing of personal data by the providers of these websites. This Privacy Statement is in no way applicable to those relevant websites.

13 Amendment of this Privacy Statement
We reserve the right to modify or amend this Privacy Statement in accordance with applicable laws and regulations.

14 Contact
If you have questions about the processing of your privacy sensitive and personal data by iotspot B.V., please contact Mr. M. Lankhorst, who acts as our privacy officer.

May 24th, 2018, iotspot B.V.