THE INFORMATION WE COLLECT
Information Given to us by a Customer
Customers may provide Desana with the following Personal Data, for which the Customer is the Controller:
Work email address;
Other reference, racking numbers or descriptions as the Customer may determine and provide to Desana.
Anonymous information about a potential User's home, such as postcode / zip code or other approximation of home location to allow Desana and the Customer to assess the availability of our Services in that area. This information will not be linked to a User account in our systems and Desana will not make any attempt to correlate this information. Desana will delete this information when it is no longer required for the stated purpose and no later than 12 months of it being supplied to us.
Information We Collect
There are a number of ways in which we may collect further information and data for which Desana shall be the Controller. Our Customer and Users may be asked to provide us with information and we may also collect data via automated means. Desana shall be the Controller of this information:
Utilisation Data including booking history and usage information including location, start and end date and time, resource booked, how and when booked, and your booking history in our app;
Unique user Identifiers (including Internal user ID);
Device ID for any device you use to access the services;
Location of User device when searches are made based on location;
Device details, manufacturer, software version, IP address and other unique identifiers;
Workspace Search history for searches within our app;
Communications records of support and other communications that may be held with us or our Customer Support teams or other employees.
We may also collect and process the following data about you, for which Desana shall also be the Controller:
Information that you put into forms or surveys on the Desana Platform at any time;
A record of correspondence between us on all mediums which we are in contact;
Details of bookings created, managed and cancelled through the Desana Platform;
Details of Users visits to the Desana website or the Desana Platform including the resources accessed by User;
Location Information: about precise or approximate location as determined through data such as IP addresses or (where enabled on your mobile device) mobile device GPS;
Device Information: including hardware model, operating system and version, unique device identifiers, mobile network information and information about the device’s interaction with the Desana Services.
Log Information: about how our services are accessed or used, including, authentication, access times, client or browser type and language, Internet Service Provider and Internet Protocol (“IP”) address.
Information You Choose to Give Us
You may choose to provide us with additional information in order to obtain a better experience when using the Desana Platform. This additional information will be processed based on your consent and Desana shall be the Controller for this information:
Additional Profile Information: as part of your Desana profile (such as profile picture, preferred language(s), city, and a personal description). Some of this information may become part of your profile page, and will be visible to others in your organisation.
Other Information: by filling in a form, conducting a search, updating or adding information to your User Account, responding to surveys, participating in promotions, or using other features of the Desana Platform.
Certain features of the Desana Platform (such as uploading or downloading content) may need to access information on individual devices in order to work. By using such functionality, you consent to Desana accessing your devices and information. If we can, we will ask before the app accesses devices or information.
HOW WE USE YOUR INFORMATION
All of the information we hold about you and the Customer, including all of the information described above will be held by us and processed in accordance with the principles of privacy by design and all relevant Data Protection laws including EU GDPR and UK GDPR.
To provide you with access to the Services and features of the Desana Platform and Services;
To authenticate and verify your identity;
To fulfil our contractual obligations with our Customers and with you;
To respond to questions, comments, and other requests including for customer or user technical support.
For service and product development and improvement including debugging and detecting errors ;
To protect internal quality control and the safety of Desana users;
To monitor and analyse trends, usage and activities in connection with our Services;
To pursue our legitimate interests, such as direct marketing, research and development of our products and services, including marketing research and the development of new products and services.
To pursue our Business needs as agreed in our contract such as, research and development of our app and enhancing the cyber and information security of our app, and fraud prevention, Debugging and detecting errors and improvement opportunities in our applications, platform and services, Analysing and understanding the use of our applications, platform and services, Producing analysis to aid in increasing engagement and use of our services by both You and others Users and Customers including potential users and customers.
To carry out audits and to allow authorised third parties to audit us;
To comply with our legal obligations;
For preventing potentially prohibited or illegal activities;
To enforce our agreements, including our contractual obligations to Customers, users, Operators and third party agents or advisors authorised by the Customer.
To create insights and reports from your Utilisation Data in an aggregate and pseudonymised way ensuring that no individual may be identified from such. We may share these insights and reports with selected stakeholders and publicly. When producing such reports and analysis, we will ensure that use cases with low numbers of users are properly considered to ensure that unanimity is protected and that jigsaw identification is not likely.
SHARING YOUR INFORMATION
Except as described below, we will not share your information with any third parties.
We will disclose information provided to us by Customers or Users in the following circumstances:
When you make bookings with a workspace Operator listed on the Desana Platform, limited data (name, profile image, booking start and end date and time) about you will be shared with the workspace Operator. This data ensures that workspace Operators can be notified of bookings by you and to verify your appearance upon arrival at their workspace. When you make a booking you are expressingly authorising this information transfer.
ALL Data held by us about a user including their booking and communication history with us may be disclosed to the Customer with which your account is associated, at any time, upon the Customer's request.
To any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985) including our international subsidiaries and holding company under approved binding corporate rules under GDPR.
To our investors in pursuit of their legitimate interests and their investment In Desana.
As required by law or any applicable regulation to protect the rights, property, or safety of ourselves or others. This may include disclosing to other companies and organisations in connection with fraud protection and credit risk reduction.
Where we believe there is an imminent risk to life and the disclosure of information to appropriate third parties is justified and proportionate to protect life and is in line with UK ICO and / or EU GDPR Guidelines.
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to legitimate government or legal requests, at our sole discretion.
If Desana is involved in a merger, acquisition, or sale of all or a portion of its assets, to any prospective seller or buyer of all (or part of) our business or assets. You will be notified via email and/or a prominent notice on the Desana Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
To any other third party where we provide you with reasonable notice we intend to do so.
Where we are subject to external audit or other verification or investigative process and disclosure is necessary for the prompt and efficient completion of such. We shall at all times ensure that appropriate confidentiality and non-disclosure agreements are in force where possible.
We will never Pass or Sell your PII to a third party for them to use in their own marketing.
When you sign up to use our service you also grant us authority to send you email notifications that we believe to be in your legitimate interest to receive. We may contact you from time to time about our Services and that of our Operators, including marketing messages relating to our Service. We will do this electronically, for example by in-app notification, email, text message, or by telephone.
You may tell us at any time if you do not wish to receive marketing messages from us by contacting us at [email protected] or by following any instructions we may include in the messages we send to you.
We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device.
OTHER IMPORTANT INFORMATION
Third Party Links and Services
Social Media Tools
We may offer social sharing features or other integrated tools which let you share actions taken on our Services with other media, and vice versa. The use of such features enables the sharing of certain information with friends or the public, depending on the settings established with the third party that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the third parties that provide these social sharing features.
Find a colleague
“Do Not Track”
Use of Location Data
The Desana app may make use of location data sent from your mobile device. This functionality can be turned off by turning off the location services settings for the app on mobile devices. If you subscribe to these services, you consent to us and our partners’ and licensees’ transmission, collection, maintenance, processing and use of location data and queries to provide and improve location-based products and services. Your consent may be withdrawn at any time by turning off the location services setting on mobile devices or on the app.
The security of your information is important to us. All information provided to us is stored on our secure servers. Our Information Security Management system is certified to ISO27001 and we hold a number of other security certifications and attestations. Our conformity with ISO27001 and GDPR is audited both internally and externally on a regular basis to ensure we keep your data as secure as we can. You can find more information about the steps we take to secure your data on the security section of our website.
Booking in Locations without adequate Data Protection Measures
You should be aware that when you book workspace or access our Services in locations where the local laws do not provide for adequate data protection under GDPR or the laws of your home country, you do so entirely at your own risk. You should also note some nations / jurisdictions have laws in place to monitor individuals including their use of technology and the internet. You should be aware that when you book workspace or access our services in such locations you do so entirely at your own risk.
Whilst we will endeavour to provide you with notice when this special case for international data transfers exists we can not guarantee we will always be able to do so. As you are booking workspace to be physically present in a nation / jurisdiction, it is your responsibility to decide if you accept the risks of using technology and services which potentially expose you and your PII to any such risks as may occur in the location you chose to book workspace in BEFORE you book or physically enter that nation / jurisdiction.
In order to provide services to you we will use a number of different service providers and sub processors. Our current list of sub-processors is shown in the table below including a link to their individual privacy policies. Where such sub-processors are located outside of the UK / EEA, Standard Contractual Clauses are in place to protect your Personal Data. We may update this list from time to time inline with our terms and conditions.
Standard Contractual Clauses
The Services are not available to children, to use our services you must legally be an adult, have attained the age of legal majority and have the ability to agree to legal contracts independently of a supervising adult in all jurisdictions in which you access our services. We do not knowingly collect personal information from children. If you learn that a child has provided us with personal information you must contact us and we will promptly take steps to delete such information and terminate the child’s account.
Profiling and Automated Decision Making
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
User have the right not to be subject to a decision based solely on automated processing, including profiling, Desana does not engage in any automated decision making or profiling as described in Art 22 of EU GDPR.
DATA RETENTION AND DELETION
We will retain your information for as long as your personal or your organisations’ account is active or as needed to provide you services via the Desana Platform. Once either account has been deleted, we will only retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer hold any information on you, please contact your organisation.
When your account with us is closed we will delete your Personal Data within 90 days of such termination unless we are required to hold your data for a longer period of time to comply with any legal or contractual obligation. When we delete your Personal Data we will pseudonymise your Utilisation Data and continue to hold that information for as long as we deem appropriate. We will use this information for our own purposes including accounting and tax reporting and reporting on the use of our services both to stakeholders and publicly.
You may object to us storing your anonymised Utilisation Data, however you must do so before your Personal Data is deleted. After your Personal Data is deleted we will have no way to reliably identify your pseudonymised data in our data set. If you do object to our prolonged storage of your anonymised Utilisation Data, you should be aware that we will be required to hold this data for a period of time for tax and financial reporting purposes, the exact time frame will depend on the jurisdiction in which you have booked, however it would not normally be more than seven years.
Website Visitors / Sales Prospects
Desana may collect information on you in line with our cookie notice, including information from third parties about your use of our website and your contact with us during any sales process. This information may include information from Linkedin, Hubspot and Intercom and we may share your information with these third parties for the purpose of tracking your visit to our site, tracking your interest in our services and progress though our sales and marketing processes. Desana does not sell your information.
The Information we will collect includes;
Your name and employment details including your role and seniority;
Your contact information at your place of work;
Your interest in Desana and Other services like ours;
Your Contact history with Desana including any visit to our services;
Information about you detailed above in both the “Information Given to us by a Customer” and “Information We Collect” sections;
Information given to us by third parties, including;
Any Agents, advisers or intermediaries appointed by your employer;
Public record information, including information on Social media websites such as LinkedIn.
Information gathered from and processed by third parties is subject to their individual privacy policies, available on their websites.
Desana shall process this information on the basis of our legitimate interest. We will hold this information whilst we consider you or your employer to be a sales prospect, and for 5 years after the point that you or your employer either cease to be such or cease to be a customer of Desana.
CALIFORNIA PRIVACY NOTICE
California Shine the Light Law
The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. To make such a request from us, if entitled, please use the contact information listed below.
As we do not make our users data available to third parties for direct marketing purposes we have no disclosure to make.
California Consumer Privacy Act (CCPA):
In the preceding 12 months, we have not disclosed your personal information to any third party in a manner that would be considered a sale under the CCPA.
Information We Collect and Disclose
For purposes of the CCPA, we have collected the following categories of consumers’ personal information, and disclosed the personal information to the following categories of third parties for a business purpose, in the last 12 months:
Workspace providers; Customer
Workspace providers; Customer
Internet or other electronic network activity.
Workspace providers; Customer
Professional or employment-related information.
Inferences drawn from other personal information to create a profile about a consumer.
Personal information categories in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)
Workspace providers; Customer
We have not intentionally collected the following categories of Information:
Protected classification characteristics under California or federal law
Professional or employment-related information - Current or past job history or performance evaluations
Nonpublic education information per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)
Inferences drawn from other personal information
You have the right to request that we disclose to you (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the specific pieces of personal information we collected about you; (iii) the business or commercial purpose for collecting or selling personal information about you; and (iv) the categories of personal information about you that we sold or disclosed for a business purpose and the categories of third parties to whom we sold or to whom we disclosed for a business purpose such information in the preceding 12 months.
You have the right to request that we delete personal information we collected from you subject to certain exceptions.
You have the right to “opt-out” of your personal information being sold to certain third parties. This right can be exercised by submitting a Do Not Sell My Personal Information request.
You also have the right to not be discriminated against in pricing and services because you exercise any of your rights under the CCPA. Desana does not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
YOUR RIGHTS AND REQUESTS
You may have the right to object to or opt out of certain or all uses of your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
Under the terms of GDPR you also have the right to ask for a copy of any information held, to correct any inaccuracies and to update any out-of-date information.
You can also ask us not to send you direct marketing communications (please note that we may continue to send you service-related (i.e. non-marketing) communications whilst you hold an account with us). If you wish to exercise any of these rights, or wish to object to our use of your data, or have any other questions or concerns about the use of your data please make a request to us using the contact details provided below.
We may require you to submit proof of your identity for these requests to be processed. Such information may include your First Name, Last Name, Street Address, City, Postcode, and registered Email address. This information will be used only for the purposes of verifying your identity and processing your request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession.
You can make a request in writing to us using the contact details provided below. We will then send you a form to complete to ensure we are able to act on your request fully and identify all information we hold. If we are not the data controller of the information you request we will also notify the data controller of your request and pass information to them about your request.
Mr Stephen Ramsay, Chief Information Security Officer and Data Protection Officer
Desana Network Limited
14 Albany Street
You can also use these contact details if you wish to request a copy of the personal data we hold about you, or if you wish to raise a complaint with us about our use of your personal information.
If you are located in the EEA or the UK, you may have the right to lodge a complaint with a supervisory authority under GDPR or the UK DPA 2018 (UK GDPR) if you believe our processing of your personal information violates applicable law. We ask that you contact us using the details above in the first instance, however you may in certain circumstances refer your complaint directly to;
In the UK you can contact the UK ICO via their website here: https://ico.org.uk/
Our UK ICO registration number is: ZB001405
If you are located in the EEA you should contact the Data Protection Commission (DPC) via their website here: https://www.dataprotection.ie/
Last updated: 29/12/2022