PLEASE READ THIS DATA PROTECTION AND PRIVACY POLICY CAREFULLY. BY REGISTERING FOR OUR SERVICES OR BY ACCESSING OR USING OUR SERVICES, YOU AGREE TO BE BOUND BY THIS PRIVACY POLICY AND ALL TERMS INCORPORATED BY REFERENCE. IF YOU DO NOT AGREE TO ALL OF THESE, PLEASE DO NOT ACCESS OR USE THESE SERVICES.
This Privacy Policy describes how Desana Network Limited (we, us or Desana) may process any personal information that we have collected or that is provided or shared by you or a Customer in the course of using our Services or the Desana Platform (via the website or our mobile or web app). By accessing the Desana Platform or using our Services, you consent to Desana processing and collecting data on the terms and for the reasons which are explained below.
The Customer linked to your account is responsible for ensuring that you consent to your information being shared with Desana in accordance with this Privacy Policy and that you are given access to this Privacy Policy before your information is supplied to us.
Definitions
Unless otherwise defined in this Privacy Policy, terms will be as defined in our Terms and Conditions for Users or as set out in the European Union (EU) Regulation 2016/679 (the General Data Protection Regulation, “GDPR”) ( “EU GDPR”) and the “UK GDPR” (as defined in Section 3(10) of the UK Data Protection Act 2018 (“UK DPA”)).
THE INFORMATION WE COLLECT
Information Given to us by a Customer
When a Customer provides a User with access to our Services, the Customer will provide Desana with information required to operate a User's account. The Customer remains the data Controller of this User Personal Data and it is the Customer's responsibility to ensure that Users consent to that data being shared and processed by Des and that Users are supplied with access to this Privacy Policy before the data is supplied to us. Desana will process that Personal Data for the stated purposes including providing Services to Users and reporting to the Customer on a User's use of the Services. Thus Desana is the Processor of the User’s Personal Data.
Customers may provide Desana with the following Personal Data, for which the Customer is the Controller:
Full name;
Work email address;
Imprecise location;
Job title;
Job function;
Employee ID;
Industry;
Language preferences;
Other reference, racking numbers or descriptions as the Customer may determine and provide to Desana.
Anonymous information about a potential User's home, such as postcode / zip code or other approximation of home location to allow Desana and the Customer to assess the availability of our Services in that area. This information will not be linked to a User account in our systems and Desana will not make any attempt to correlate this information. Desana will delete this information when it is no longer required for the stated purpose and no later than 12 months of it being supplied to us.
Information We Collect
There are a number of ways in which we may collect further information and data for which Desana shall be the Controller. Our Customer and Users may be asked to provide us with information and we may also collect data via automated means. Desana shall be the Controller of this information:
Utilisation Data including booking history and usage information including location, start and end date and time, resource booked, how and when booked, and your booking history in our app;
Unique user Identifiers (including Internal user ID);
Device ID for any device you use to access the services;
Location of User device when searches are made based on location;
Device details, manufacturer, software version, IP address and other unique identifiers;
Workspace Search history for searches within our app;
Communications records of support and other communications that may be held with us or our Customer Support teams or other employees.
We may also collect and process the following data about you, for which Desana shall also be the Controller:
Information that you put into forms or surveys on the Desana Platform at any time;
A record of correspondence between us on all mediums which we are in contact;
Details of bookings created, managed and cancelled through the Desana Platform;
Details of Users visits to the Desana website or the Desana Platform including the resources accessed by User;
Location Information: about precise or approximate location as determined through data such as IP addresses or (where enabled on your mobile device) mobile device GPS;
Device Information: including hardware model, operating system and version, unique device identifiers, mobile network information and information about the device’s interaction with the Desana Services.
Log Information: about how our services are accessed or used, including, authentication, access times, client or browser type and language, Internet Service Provider and Internet Protocol (“IP”) address.
Information collected by Cookies and other tracking technologies in accordance with our Cookie Policy: we may automatically collect information using cookies, web beacons (also known as “tracking gifs,” “pixel tags” and “tracking pixels”) and other tracking technologies to, monitor and improve our Services and your experience, monitor your activity, count visits, understand usage and campaign effectiveness, and tell if an email has been opened and acted upon. For information about removing or rejecting cookies, please see our Cookie Policy.
Information You Choose to Give Us
You may choose to provide us with additional information in order to obtain a better experience when using the Desana Platform. This additional information will be processed based on your consent and Desana shall be the Controller for this information:
Additional Profile Information: as part of your Desana profile (such as profile picture, preferred language(s), city, and a personal description). Some of this information may become part of your profile page, and will be visible to others in your organisation.
Other Information: by filling in a form, conducting a search, updating or adding information to your User Account, responding to surveys, participating in promotions, or using other features of the Desana Platform.
Certain features of the Desana Platform (such as uploading or downloading content) may need to access information on individual devices in order to work. By using such functionality, you consent to Desana accessing your devices and information. If we can, we will ask before the app accesses devices or information.
HOW WE USE YOUR INFORMATION
All of the information we hold about you and the Customer, including all of the information described above will be held by us and processed in accordance with the principles of privacy by design and all relevant Data Protection laws including EU GDPR and UK GDPR.
Desana are committed to the principles of privacy by design and will seek to protect your privacy at all times. In Our contract with you and by agreeing to this privacy policy you the user grant us consent to process and analyse the data we hold on you for the purposes of providing service to you and the customer. You also grant us express consent to process and analysis your information in a number of ways and for a number of reasons as set out below:
To provide you with access to the Services and features of the Desana Platform and Services;
To authenticate and verify your identity;
To fulfil our contractual obligations with our Customers and with you;
To communicate with you, including providing newsletters and marketing materials and communications about new product features, promotions, Desana's strategic partners, and other news about Desana including any updates to our terms and conditions or this Privacy Policy;
To respond to questions, comments, and other requests including for customer or user technical support.
For service and product development and improvement including debugging and detecting errors ;
To protect internal quality control and the safety of Desana users;
To monitor and analyse trends, usage and activities in connection with our Services;
To pursue our legitimate interests, such as direct marketing, research and development of our products and services, including marketing research and the development of new products and services.
To pursue our Business needs as agreed in our contract such as, research and development of our app and enhancing the cyber and information security of our app, and fraud prevention, Debugging and detecting errors and improvement opportunities in our applications, platform and services, Analysing and understanding the use of our applications, platform and services, Producing analysis to aid in increasing engagement and use of our services by both You and others Users and Customers including potential users and customers.
To carry out audits and to allow authorised third parties to audit us;
To comply with our legal obligations;
For preventing potentially prohibited or illegal activities;
To enforce our agreements, including our contractual obligations to Customers, users, Operators and third party agents or advisors authorised by the Customer.
To create insights and reports from your Utilisation Data in an aggregate and pseudonymised way ensuring that no individual may be identified from such. We may share these insights and reports with selected stakeholders and publicly. When producing such reports and analysis, we will ensure that use cases with low numbers of users are properly considered to ensure that unanimity is protected and that jigsaw identification is not likely.
SHARING YOUR INFORMATION
Except as described below, we will not share your information with any third parties.
We will disclose information provided to us by Customers or Users in the following circumstances:
When you make bookings with a workspace Operator listed on the Desana Platform, limited data (name, profile image, booking start and end date and time) about you will be shared with the workspace Operator. This data ensures that workspace Operators can be notified of bookings by you and to verify your appearance upon arrival at their workspace. When you make a booking you are expressingly authorising this information transfer.
ALL Data held by us about a user including their booking and communication history with us may be disclosed to the Customer with which your account is associated, at any time, upon the Customer's request.
Where the Customer works with third party agents or advisors we may be asked by the customer to provide utilisation data to that third party, which may or may not include your PII. Such Data Sharing is subject to the Customers Privacy policy and is only carried out under the customers instruction.
To any of our group companies (which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 736 of the UK Companies Act 1985) including our international subsidiaries and holding company under approved binding corporate rules under GDPR.
To our investors in pursuit of their legitimate interests and their investment In Desana.
As required by law or any applicable regulation to protect the rights, property, or safety of ourselves or others. This may include disclosing to other companies and organisations in connection with fraud protection and credit risk reduction.
Where we believe there is an imminent risk to life and the disclosure of information to appropriate third parties is justified and proportionate to protect life and is in line with UK ICO and / or EU GDPR Guidelines.
When we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to legitimate government or legal requests, at our sole discretion.
If Desana is involved in a merger, acquisition, or sale of all or a portion of its assets, to any prospective seller or buyer of all (or part of) our business or assets. You will be notified via email and/or a prominent notice on the Desana Platform of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
To any other third party where we provide you with reasonable notice we intend to do so.
Where we are subject to external audit or other verification or investigative process and disclosure is necessary for the prompt and efficient completion of such. We shall at all times ensure that appropriate confidentiality and non-disclosure agreements are in force where possible.
We will never Pass or Sell your PII to a third party for them to use in their own marketing.
Contacting You
When you sign up to use our service you also grant us authority to send you email notifications that we believe to be in your legitimate interest to receive. We may contact you from time to time about our Services and that of our Operators, including marketing messages relating to our Service. We will do this electronically, for example by in-app notification, email, text message, or by telephone.
You may tell us at any time if you do not wish to receive marketing messages from us by contacting us at [email protected] or by following any instructions we may include in the messages we send to you.
Note that you will continue to receive transaction-related emails regarding products or services you have requested. We may also send you certain other non-promotional communications regarding us and our Services, e.g., communications regarding the Services or updates to this Privacy Policy). Where you opt out of such communications you should note that this may affect the performance of our services to you and we will not be liable for any error act or omission that occurs as a result directly or indirectly of you not receiving such communications from us.
Mobile Devices
We may send you push notifications through our Apps. You may at any time opt out from receiving these types of communications by changing the settings on your mobile device.
OTHER IMPORTANT INFORMATION
Third Party Links and Services
Please note that if you click on, or follow, any links from the Desana app or website to a third party site or app (for example Google Maps), our privacy policy will no longer apply. You will be subject to the third party privacy policy, as amended by them from time to time. Please check the privacy policies of any such external provider before submitting any personal data, as we cannot accept any responsibility or liability in relation to them.
Social Media Tools
We may offer social sharing features or other integrated tools which let you share actions taken on our Services with other media, and vice versa. The use of such features enables the sharing of certain information with friends or the public, depending on the settings established with the third party that provides the social sharing feature. For more information about the purpose and scope of data collection and processing in connection with social sharing features, please visit the privacy policies of the third parties that provide these social sharing features.
Find a colleague
We may offer a ‘Find a Colleague’ feature or other integrated tools which facilitate you sharing actions taken on our Services with other users in your organisation. The use of such features enables the sharing of certain information including upcoming bookings and geo-location with colleagues, depending on the settings established by you in your profile settings. If you do not wish to make your bookings viewable to your colleagues you should set your preferences accordingly. The Customer may have the ability to limit or control access to this feature. Admin users of a Customer will always have access to your booking history and upcoming bookings. The Customer’s use and access of this information is bound by their internal processes and procedures and the Customer’s privacy policy, a copy of which they must provide to you.
“Do Not Track”
Your browser may offer you a “Do Not Track” option, which allows you to signal to operators of websites and web applications and Service that you do not wish such operators to track certain of your online activities over time and/or across different websites. If your browser is set to “Do Not Track”, Desana will attempt to honour this functionality. However, our third party service providers may use their own cookies, pixel tags, web beacons or other storage technology to collect and store Log Data or information from elsewhere on the internet, and we do not have access to, nor control over, a third parties’ use of cookies or other tracking technologies.
Use of Location Data
The Desana app may make use of location data sent from your mobile device. This functionality can be turned off by turning off the location services settings for the app on mobile devices. If you subscribe to these services, you consent to us and our partners’ and licensees’ transmission, collection, maintenance, processing and use of location data and queries to provide and improve location-based products and services. Your consent may be withdrawn at any time by turning off the location services setting on mobile devices or on the app.
Security
The security of your information is important to us. All information provided to us is stored on our secure servers. Our Information Security Management system is certified to ISO27001 and we hold a number of other security certifications and attestations. Our conformity with ISO27001 and GDPR is audited both internally and externally on a regular basis to ensure we keep your data as secure as we can. You can find more information about the steps we take to secure your data on the security section of our website.
International Transfers
Desana Operates globally which means the Information we collect may be transferred to, stored and/or processed in any country or territory where one or more of our partners or third party service providers, are located or maintain facilities or one of our operators of work space is located where you book workspace, including destinations outside the European Economic Area (“EEA”). While other territories may not have the same standards of data protection as GDPR or those within your home country, we will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy including implementing the European Commission's standard contractual clauses and relying on the European Commission's adequacy decisions about certain countries, as applicable, for data transfers from the EEA to the United States and other countries. In line with GDPR and best practice we will also complete Data Protection Impact Assessments, risk assessments and consider appropriate technical measures to protect your PII. We have also implemented similar appropriate safeguards with all of our service providers. By submitting your Personal Data and using our services, you agree to such transfers, storage and or processing in other territories.
Booking in Locations without adequate Data Protection Measures
You should be aware that when you book workspace or access our Services in locations where the local laws do not provide for adequate data protection under GDPR or the laws of your home country, you do so entirely at your own risk. You should also note some nations / jurisdictions have laws in place to monitor individuals including their use of technology and the internet. You should be aware that when you book workspace or access our services in such locations you do so entirely at your own risk.
Whilst we will endeavour to provide you with notice when this special case for international data transfers exists we can not guarantee we will always be able to do so. As you are booking workspace to be physically present in a nation / jurisdiction, it is your responsibility to decide if you accept the risks of using technology and services which potentially expose you and your PII to any such risks as may occur in the location you chose to book workspace in BEFORE you book or physically enter that nation / jurisdiction.
Sub-processors
In order to provide services to you we will use a number of different service providers and sub processors. Our current list of sub-processors is available here including a link to their individual privacy policies. Where such sub-processors are located outside of the UK / EEA, Standard Contractual Clauses are in place to protect your Personal Data. We may update this list from time to time inline with our terms and conditions.
Children's Information
The Services are not available to children, to use our services you must legally be an adult, have attained the age of legal majority and have the ability to agree to legal contracts independently of a supervising adult in all jurisdictions in which you access our services. We do not knowingly collect personal information from children. If you learn that a child has provided us with personal information you must contact us and we will promptly take steps to delete such information and terminate the child’s account.
Profiling and Automated Decision Making
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
User have the right not to be subject to a decision based solely on automated processing, including profiling, Desana does not engage in any automated decision making or profiling as described in Art 22 of EU GDPR.
DATA RETENTION AND DELETION
We will retain your information for as long as your personal or your organisations’ account is active or as needed to provide you services via the Desana Platform. Once either account has been deleted, we will only retain and use Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. If you wish to cancel your account or request that we no longer hold any information on you, please contact your organisation.
When your account with us is closed we will delete your Personal Data within 90 days of such termination unless we are required to hold your data for a longer period of time to comply with any legal or contractual obligation. When we delete your Personal Data we will pseudonymise your Utilisation Data and continue to hold that information for as long as we deem appropriate. We will use this information for our own purposes including accounting and tax reporting and reporting on the use of our services both to stakeholders and publicly.
You may object to us storing your anonymised Utilisation Data, however you must do so before your Personal Data is deleted. After your Personal Data is deleted we will have no way to reliably identify your pseudonymised data in our data set. If you do object to our prolonged storage of your anonymised Utilisation Data, you should be aware that we will be required to hold this data for a period of time for tax and financial reporting purposes, the exact time frame will depend on the jurisdiction in which you have booked, however it would not normally be more than seven years.
Website Visitors / Sales Prospects
This section of our Privacy Policy applies to visitors to our website and Persons in contact with us with a view to procuring our services. Supplements the Privacy Policy.
Desana may collect information on you in line with our cookie notice, including information from third parties about your use of our website and your contact with us during any sales process. This information may include information from Linkedin, Hubspot and Intercom and we may share your information with these third parties for the purpose of tracking your visit to our site, tracking your interest in our services and progress though our sales and marketing processes. Desana does not sell your information.
The Information we will collect includes;
Your name and employment details including your role and seniority;
Your contact information at your place of work;
Your interest in Desana and Other services like ours;
Your Contact history with Desana including any visit to our services;
Information about you detailed above in both the “Information Given to us by a Customer” and “Information We Collect” sections;
Information given to us by third parties, including;
Your Employer;
Any Agents, advisers or intermediaries appointed by your employer;
Public record information, including information on Social media websites such as LinkedIn.
Information gathered from and processed by third parties is subject to their individual privacy policies, available on their websites.
Desana shall process this information on the basis of our legitimate interest. We will hold this information whilst we consider you or your employer to be a sales prospect, and for 5 years after the point that you or your employer either cease to be such or cease to be a customer of Desana.
CALIFORNIA PRIVACY NOTICE
This Privacy Notice applies to California consumers and supplements the Privacy Policy.
Pursuant to the California Consumer Privacy Act of 2018 as amended (“CCPA"), Desana Network Limited is providing this California Consumer Privacy Act Notice (“CCPA Notice”). This CCPA Notice supplements our Privacy Policy and applies solely to California consumers, effective January 1, 2020. Terms used but not defined shall have the meaning ascribed to them in the CCPA. This CCPA Notice does not apply to personal information that we process as a service provider on behalf of our customers or that we collect from job applicants, contractors or employees.
California Shine the Light Law
The California “Shine the Light” law permits users who are California residents to request and obtain from us once a year, free of charge, a list of the third parties to whom we have disclosed their personal information (if any) for their direct marketing purposes in the prior calendar year, as well as the type of personal information disclosed to those parties. To make such a request from us, if entitled, please use the contact information listed below.
As we do not make our users data available to third parties for direct marketing purposes we have no disclosure to make.
California Consumer Privacy Act (CCPA):
In the preceding 12 months, we have not disclosed your personal information to any third party in a manner that would be considered a sale under the CCPA.
Information We Collect and Disclose
For purposes of the CCPA, we have collected the following categories of consumers’ personal information, and disclosed the personal information to the following categories of third parties for a business purpose, in the last 12 months:
Category | Disclosed |
Identifiers. | Workspace providers; Customer |
Commercial information. | Workspace providers; Customer |
Internet or other electronic network activity. | Customer |
Geolocation data. | Workspace providers; Customer |
Professional or employment-related information. | Customer |
Inferences drawn from other personal information to create a profile about a consumer. | Customer |
Personal information categories in the California Customer Records statute (Cal. Civ. Code § 1798.80(e) | Workspace providers; Customer |
We have not intentionally collected the following categories of Information:
Protected classification characteristics under California or federal law
Biometric information
Sensory data
Professional or employment-related information - Current or past job history or performance evaluations
Nonpublic education information per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)
Inferences drawn from other personal information
You have the right to request that we disclose to you (i) the categories of personal information we collected about you and the categories of sources from which we collected such information; (ii) the specific pieces of personal information we collected about you; (iii) the business or commercial purpose for collecting or selling personal information about you; and (iv) the categories of personal information about you that we sold or disclosed for a business purpose and the categories of third parties to whom we sold or to whom we disclosed for a business purpose such information in the preceding 12 months.
You have the right to request that we delete personal information we collected from you subject to certain exceptions.
You have the right to “opt-out” of your personal information being sold to certain third parties. This right can be exercised by submitting a Do Not Sell My Personal Information request.
You also have the right to not be discriminated against in pricing and services because you exercise any of your rights under the CCPA. Desana does not offer financial incentives or price or service differences to consumers in exchange for the retention or sale of a consumer’s personal information.
YOUR RIGHTS AND REQUESTS
You may have the right to object to or opt out of certain or all uses of your personal information. Where you have consented to the processing of your personal information, you may withdraw that consent at any time by contacting us as described below. Even if you opt out, we may still collect and use non-personal information regarding your activities on our Services and for other legal purposes as described above.
Under the terms of GDPR you also have the right to ask for a copy of any information held, to correct any inaccuracies and to update any out-of-date information.
You can also ask us not to send you direct marketing communications (please note that we may continue to send you service-related (i.e. non-marketing) communications whilst you hold an account with us). If you wish to exercise any of these rights, or wish to object to our use of your data, or have any other questions or concerns about the use of your data please make a request to us using the contact details provided below.
We may require you to submit proof of your identity for these requests to be processed. Such information may include your First Name, Last Name, Street Address, City, Postcode, and registered Email address. This information will be used only for the purposes of verifying your identity and processing your request. We may not be able to comply with your request if we are unable to confirm your identity or to connect the information you submit in your request with personal information in our possession.
You can make a request in writing to us using the contact details provided below. We will then send you a form to complete to ensure we are able to act on your request fully and identify all information we hold. If we are not the data controller of the information you request we will also notify the data controller of your request and pass information to them about your request.
Contacting us
If you have any questions or comments about this Privacy Policy or the use of your data and our compliance with data protection laws around the world, you can contact our Chief Information Security Officer and Data Protection Officer by email at the following email address: [email protected]
OR Via
Mr Stephen Ramsay, Chief Information Security Officer and Data Protection Officer
Desana Network Limited
14 Albany Street
EDINBURGH
EH1 3QB
You can also use these contact details if you wish to request a copy of the personal data we hold about you, or if you wish to raise a complaint with us about our use of your personal information.
Supervisory Authority
If you are located in the EEA or the UK, you may have the right to lodge a complaint with a supervisory authority under GDPR or the UK DPA 2018 (UK GDPR) if you believe our processing of your personal information violates applicable law. We ask that you contact us using the details above in the first instance, however you may in certain circumstances refer your complaint directly to;
In the UK you can contact the UK ICO via their website here: https://ico.org.uk/
Our UK ICO registration number is: ZB001405
If you are located in the EEA you should contact the Data Protection Commission (DPC) via their website here: https://www.dataprotection.ie/
CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time as we deem necessary in order to reflect, for example, operational, legal or regulatory reasons, including our practices. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of an in application pop-up message prior to the change becoming effective. We encourage you to periodically review the application for the latest information on our privacy practices. This Privacy Policy and all changes made hereto as described in the previous paragraph remains effective unless and until we inform you otherwise via a push notification through the app, through email (sent to the e-mail address specified in your account) or by means of a notice on our app.
Last updated: 29/12/2022