Privacy Policy

Effective Date: 01-Nov-2023

At ACCESS A SEAT, we're proud to introduce our Hot desk Booking Application, designed with your employees in mind, prioritizing data privacy and security. Our goal is to empower your employees, making it easy for them to match their schedules to the office spaces they need, all while giving you full control over the process of locating, booking, and monitoring office space usage.

ACCESA ("we," "us," or "our") is committed to protecting the privacy and security of your personal data, as well as your rights and freedoms of data subjects, according to the European General Data Protection Regulation (GDPR). The core principles of personal data processing: lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, confidentiality, integrity, and accountability, underlie our business activities.

Why Your Privacy Matters to Us

We value your privacy and want you to feel confident when using our application. This Privacy Policy is here to help you understand how we collect, use, and protect your data.

Data Controller

We are ACCESA IT SYSTEMS, a leading tech company that fosters an environment where our teams and partners thrive and have an impact in the community. We provide a various range of services for our clients like Cloud Solutions, Process Automation Platforms & AI Custom Software Development Operations & Support.

Contact Details

Visiting Address: Constanta 12, Platinia Office, 400158 Cluj-Napoca, Romania

Phone: +47 22 83 39 50

Email: hello@accesa.eu

Website: https://discover.accesa.eu/

If you have any questions, concerns, comments, or requests regarding this Privacy Policy or our data practices, please contact us to dpo@accesa.eu.

This chapter pertains to all email exchanges with us.

What Information Do We Collect and How?
Why We Use Your Information and How We Do It Legally?
Third-Party Services and Tools
How Long Do We Keep Your Data?
Automated Decision and Profiling

What Information Do We Collect and How?

We gather personal data to facilitate secure and efficient email exchanges. If you share data about others, you must confirm their consent.

We collect data through Direct Collection and include Personal Data you provide during email exchanges, including names, contact details, professional information, and email content.

What categories of data are processed?

Data processed during email exchanges may vary based on the interaction and shared information and may include the following categories of data:

Identification Information

Your name, contact details (like phone and mailing addresses), and any other personal information shared during email exchanges, like employee IDs, and usernames.

Professional Information

Job titles, company names, industry affiliations, professional qualifications, and business contact information.

Communication Data

The content of emails exchanged, including text, attachments, documents, images, and any other information shared during our correspondence.

Communication Metadata Logs and IT Usage Data

To investigate and document incidents, check phishing emails, and maintain security, we may collect logs and other IT usage data related to email communications. This data may include timestamps, email addresses, and subject lines related to our email communications, server logs, IP addresses, device information, email delivery logs, metadata related to email exchanges, and information for security monitoring and incident response.

Financial and Transaction Data (if relevant)

Billing information, financial transaction records, payment details, bank account and invoices related to professional agreements, order histories, and details of products or services discussed during email exchanges.

Other necessary data

Depending on your interactions, we might process additional personal data, such as information related to our professional agreements, project details, event information, or contractual terms and any other data relevant to our professional relationship.

Providing Personal Data for Email Communication

Usually, you initiate email communication, providing data voluntarily. While not obligatory, omitting certain data may affect communication effectiveness and our ability to assist. We handle data in compliance with privacy laws.

Why We Use Your Information and How We Do It Legally?

We use your data during email exchanges for various purposes, outlined with legal bases and data categories:

Purpose

Details on the Purpose

Legal Base

Email Communication

To facilitate email communication and correspondence between you and our company.

To communicate with you efficiently and effectively through email for business-related matters.

Contract execution

Steps to enter a contract.

Legitimate interest

Regulatory Compliance

To comply with legal obligations, including record-keeping, regulatory requirements, and responding to legal requests.

Legal obligation

Responding to Inquiries

To respond to inquiries, questions, or requests made via email.

Contract execution

Steps to enter a contract.

Legitimate interest

Newsletters and Updates

To send newsletters, updates, or promotional materials related to our services or products.

Consent

Customizing User Experiences

To personalize and improve your user experience based on your email interactions.

Legitimate interest

Research and Development Business Analytics and Reporting

We use aggregated data for business analytics, reporting, and performance assessment, for research and development purposes to enhance our services and activity and to monitor our business operations.

Legitimate interests

Fraud Prevention, Incident Investigation, Security Monitoring

We may process email, IT usage data and logs to prevent fraud and investigate/document incidents, unauthorized access, phishing, and security breaches.

Legal obligations

Legitimate interest

Dispute Resolution

To facilitate resolution, investigations, or legal proceedings in the event of disputes arising from our cooperation.

To establish, exercise, or defend our legal rights.

Legitimate interest

Complaints Resolution, Data Subjects Requests

To address and resolve complaints or concerns raised by you or third parties regarding our services, processes, or treatment of personal data and to respond to data subjects’ requests.

To document and respond complaints and data subjects’ requests, and/or

To establish, exercise, or defend our legal rights.

Legal obligations

Legitimate interest

Improving Services, Business Development

To monitor the quality of our services, identify areas for improvement, enhance the overall user experience, identify potential business opportunities, collaborations, or partnerships.

Legitimate interest

Internal/External Audit

Compliance Monitoring

To conduct internal and external audits and ongoing compliance monitoring to ensure that our organization adheres to regulatory requirements, policies, and internal standards.

Legal Obligation and/or

Legitimate Interests

Risk Management and Control Activities

To assess, manage, and control risks related to data security, privacy, and compliance.

Ensuring proper risk management, sustainability, and compliance of our operations.

Legitimate Interest

Please note that the specific purposes and legal bases for processing may vary depending on the circumstances and your interactions with us. We process data fairly and lawfully, respecting your privacy rights.

Third-Party Services and Tools

We may utilize various third-party tools and services to optimize our email exchange process, ensuring efficient communication and security. These tools may have access to email content or metadata to provide their services. We carefully select and work with trusted third-party providers who comply with data protection standards and confidentiality requirements.

How Long Do We Keep Your Data?

We retain data for email communication, mainly up to 3 years after email exchange completion for legal and dispute resolution purposes. Retention periods may vary based on the specific purposes and regulations. We comply with legal obligations and prioritize data security. You have rights over your data; details in "Your Rights" section.

Automated Decision and Profiling

Our primary focus is on data collection for email communication, security, and analytics, and we do not engage in any automated decision-making processes that could impact your rights and freedoms.

Profiling may occur for Security Risk Profiling to safeguard email exchange security. We process data to identify potential security threats, ensuring email communication safety. Profiling adheres to data protection laws, and you can object to it.

The processing helps us proactively respond to security incidents, investigate security breaches, and maintain the confidentiality and integrity of email communications.

The logic is to provide a safer, more transparent, and efficient environment to engage in professional relationships. The significance lies in improved security. The envisaged consequences are generally positive and aim to enhance the overall experience and outcomes for our communication.

If you have any concerns or questions about automated decision-making or profiling in our company, please do not hesitate to contact us using the contact details provided in the "Contact Us" section of this Privacy Policy.

This Privacy Policy applies generally to our B2B Clients.

What Information Do We Collect and How?
Why We Use Your Information and How We Do It Legally?
Third-Party Services and Tools
How Long Do We Keep Your Data?
Automated Decision and Profiling[OP1]

What Information We Collect and How?

How is data collected?

We collect data for professional interactions and collaborations, prioritizing security. When you are sharing data about others, please ensure third-party consent for sharing such data with us.

Direct Collection includes information shared by you directly, such as your name, contact details, professional information, and other relevant documents or information.
Indirect Collection from Public Sources. Publicly available information about you from sources like professional social media profiles, business websites, or public registers, only if such information is relevant to our business relationship management.

What categories of data are processed?

During our interactions, we process diverse personal data categories aligned with our purposes. Specific data may vary but adheres to data protection laws.

Below are presented the main categories of personal data we may process:

Identification Data

Name, contact details (email, phone, and mailing addresses), and other identification information shared during business relationship and relevant for our cooperation.

Business Data

Job titles, company names, industry affiliations, professional qualifications, etc.

Communication Records

Records of email correspondences, meeting minutes, call logs, and other communication-related data exchanged during our professional interactions.

Legal Information

Data from legally binding documents, such as service agreements and other relevant legal documents.

Financial Data

Billing information, financial transactions records, bank account details, credit ratings, payment terms, financial transactions, billing history, invoices related to professional agreements, order histories, and details of products or services and other financial data relevant to our collaborations.

Due Diligence Data

Information related to the counterparty risk assessment, considering factors such as financial stability, reputation, and compliance history.

Regulatory Data

Data related to regulatory requirements, certifications, licenses, permits, accreditations, and industry-specific qualifications.

Intellectual Property Data

Information about intellectual property rights and agreements between you and our company, such as patents, trademarks, or copyrights.

Performance Data

Data related to the performance and service quality, including service level agreements, performance evaluations, and feedback.

Representatives’ Data

Data of assigned employees or legal representatives, such as names, job titles, contact details, and other relevant information for the business relationship management.

Insurance Data

Information about the insurance coverage and liability agreements.

Marketing Preferences

Preferences for marketing communications, feedback, survey results, and other marketing-related data shared during our interactions.

Dispute Records

Information related to any legal disputes or complaints that may arise during our cooperation.

Audit and Compliance Data

Data related to audits, assessments, or inspections conducted by / or related to our cooperation.

Access Rights Data

Data about the access rights and permissions granted for our application, and IT resources.

Technical Data

Technical information, such as system and application access logs, IP addresses, and the usage of corporate digital resources relevant to our collaborations.

IT Data

Information about the hardware and software, relevant for IT support purposes.

Device Data

Data about the devices used to access our application, such as laptops, smartphones, or tablets.

Metadata Logs and

IT Usage Data

We collect metadata and IT usage data across our application, which is important for investigating incidents, verifying communications, and maintaining security. This data includes timestamps, user identifiers, system activity records, access logs, IP addresses, device details, application usage logs, server logs, cloud environment data, and metadata related to interactions. It helps in monitoring security and responding to incidents in our application and IT infrastructure.

Other Relevant Data

Bottom of Form

Obligation to Provide Personal Data

Certain data is required to enable the execution of business agreements, counterparty risk assessment, compliance checks, and cooperation. Not providing it may limit opportunities and impact the partnership.

Why We Use Your Information and How We Do It Legally?

This section outlines our purposes, legal bases, and processed data during our business cooperation.

Purpose

Details on the Purpose

Legal Base

Managing Business Relationships

Establish, maintain business relations, and contractual activities.

Contract Execution

Steps to enter a contract.

Legitimate interest

Billing and Payments

Process financial transactions, billing, payments, and related financial activities.

Contract Execution

Legal obligation

Facilitating Communication

Facilitate communication and correspondence for business purposes.

Contract Execution

Steps to enter a contract.

Legitimate interest.

Responding Your Inquiries

Address your inquiries, questions, or requests.

Contract Execution

Steps to enter a contract.

Legitimate interest

Newsletters and Updates

Send updates, newsletters, or promotional materials.

Consent

Improving User Experiences

Improve user experience with our application.

Legitimate interest

Regulatory Compliance

Comply with legal obligations, including record-keeping, regulatory requirements, and responding to legal requests.

Legal obligation

Due Diligence and

Risk Assessment

Execute the counterparty due diligence process and assess related risks.

Legal obligation

Legitimate Interest

Checking Regulatory Requirements

Verify certifications, licenses, and industry qualifications.

Legal obligation

Intellectual Property Rights Management

Manage intellectual property rights and agreements, such as patents, trademarks, or copyrights.

Establish, exercise, or defend our legal rights.

Contract Execution

Legitimate interest

Service Performance Evaluation

Evaluate the performance and service quality, including service level agreements and feedback.

Legitimate Interest.

Marketing and Surveys

Manage marketing preferences, feedback, survey results, and other marketing-related data shared during our interactions.

Consent

Dispute Resolution

Facilitate dispute resolution, investigations, or legal proceedings.

Establish, exercise, or defend our legal rights.

Legitimate interest

Complaints Resolution

Data Subjects Requests

Address and resolve complaints or concerns regarding our services, processes, or treatment of personal data and to respond to data subjects’ requests.

Document and respond complaints and data subjects’ requests.

Establish, exercise, or defend our legal rights.

Legal obligation

Legitimate interest

Fraud Prevention

Incident Investigations Security Monitoring

Prevent fraud and investigate/document incidents, unauthorized access, phishing, and security breaches.

Protect our business and maintain information security.

Legal obligation

Legitimate interest

Research and Development

Use aggregated data for research and development to improve our offerings and activity,

Legitimate interest

Business Analytics Business Reporting

Business analytics, reporting, and performance assessment. Monitoring and improving our business operations.

Legitimate interest

Improving Services

Business Development

Monitor service quality, identify improvement areas, explore opportunities, pursuing business growth and development.

Legitimate interest

Internal /External Audit

Compliance Monitoring

Conduct internal / external audits and ongoing compliance monitoring to ensure adherence to regulatory requirements and standards.

Legal obligation

Legitimate interest

Risk Management

Control Activities

Assess, manage, and control risks related to data security, privacy, and compliance. Ensuring sustainability, and compliance of our operations.

Legitimate Interest

Specific purposes and legal bases may vary based on interactions. We ensure data processing aligns with data protection laws and respects privacy rights.

Third-Party Services and Tools

While managing our B2B client relationships, we use various third-party tools and services to streamline operations, improve communication, and ensure secure information exchange. These tools enhance our efficiency and security, sometimes involving the sharing of specific personal data with our Business Partners. We carefully select and work with trusted third-party providers who comply with data protection standards and confidentiality requirements, always aiming to improve the quality and security of our operations.

How Long Do We Keep Your Data?

Our data retention practices are tailored to your specific interactions with us:

Free Trial Accounts: For B2B Clients with free trial accounts, we retain data for a maximum of 90 days after the trial period concludes.
Subscription Accounts: If you are a B2B client who entered into a service agreement with us, we retain your data for a period of 5 years after the contract is formally closed. This duration may be extended as required by legal obligations and operational necessities.

Our commitment is to align data retention with your specific engagement and comply with relevant laws and operational requirements.

The time we keep it might change based on things like:

Type of Data - Some data needs longer keeping than others.
The purposes for which we process your personal data.
Legal and regulatory requirements. Sometimes the law says we must keep data for specific periods.
Our business needs and operational requirements affect how long we keep data.

During the retention period, we will take appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. Once the retention period expires, we will securely delete or anonymize your personal data in accordance with applicable laws and regulations.

Automated Decision and Profiling

Automated Decision-Making: We do not engage in automated decision-making processes with legal or similarly consequences for individuals.

We may use Profiling Techniques in the following contexts:

Security Risk Profiling where we analyse data like access logs, IP addresses, and device data to identify security threats, ensuring the safety of our application and IT systems.
Risk Assessment and Due Diligence Profiling which helps assess and manage counterparty risks.
Performance Profiling to evaluate our performance and service, using metrics and feedback.
Preferences Profiling involves tailor interactions and communications based on your expressed preferences for a more personalized experience.

These profiling activities aim to create a safer, transparent, and efficient environment for our professional relationships. They lead to improved security, compliance, efficiency, and personalized interactions. Rest assured, all profiling aligns with data protection laws, and you can object to it if needed. For any concerns or questions, please contact us using the details provided in the "Contact Us" section of this Privacy Policy.

1. Website Users

This chapter of the Privacy Policy applies to our Website Users. 1.1. What Information Do We Collect and How?

1.2. Why We Use Your Information and How We Do It Legally?

1.3. Third-Party Services and Tools

1.4. How Long Do We Keep Your Data?

1.5. Automated Decision and Profiling.

1.1. Website Users - What Information Do We Collect and How?

This Website collects some Personal Data from its Users. Users are responsible for any third-party Personal Data obtained, published, or shared through this Website and confirm that they have the third party's consent to provide the Data to us.

Data Collection

When you visit and use our website, we collect certain data to enhance your experience and provide you with the right content.

The data collection methods we use may include:

- Voluntary Information - Data you share with us when you interact with our site, and you choose to share some personal info by filling out forms, subscribing to our newsletters, or engaging with our content.

- Automatic Information: We collect data automatically during your visit, such as your IP address, browser type, device information, and website usage patterns. This data is obtained through cookies and similar technologies.

Categories of Personal Data Processed when you visit our website may include the following types of data, collected by ourselves or through third parties:

Technical Information We collect

device, browser, and internet connection details when you access our website.

Website Usage Data

We track your actions on our site to improve and personalize your experience, like number of visits, real time visits, session recordings, devices (type, brand), software (win, browsers), accessing times, behaviors (most accessed pages, entry/exit pages, sessions), page speed, engagement - returning visits, transitions - page flows, performance - page speeds, user flows, top paths, heatmaps (dashboard), session recordings.

Cookies Data

We use cookies and similar technologies to collect info like your IP address, browser type, and how you browse.

Contact Information and

Subscription Data

If you contact us or subscribe to newsletters, we may collect name, email, phone, city, company, and other info for inquiries, support, and updates. You can unsubscribe anytime.

Opt-In Data

We might request permission for non-essential cookies, storing your preferences for personalized site use.

Demographic Information

If you choose to provide it, we might collect info about your age, gender, location, or preferences.

Geographic Position With consent, we collect approximate location- real time map (country and city) for location-based services and site enhancement.

Other necessary data

Depending on interactions, we may process additional data like name, surname, user-generated content, feedback, usage data, service logs, activity history, performance metrics, feature usage statistics, contact details, incident reports, and more for service provisioning and support.

Data from Third Party Cookies/Tools

We may use third-party cookies or tools like Google Analytics, Vimeo, LinkedIn, Instagram, and YouTube for website enhancement, user behavior analysis, and service improvement. These tools collect and process personal data, detailed in the "Third Party Services" section.

We don't collect financial, social security numbers, or sensitive personal data on our site. We only gather what's necessary for the purposes outlined in our Privacy Policy. Data processing is based on consent, legitimate interests, and legal obligations.

Providing Personal Data

You're not obliged to provide personal data. Most data collection relies on voluntary sharing and consent. Some essential cookie data may be collected automatically for security during site visits. Using the site without providing certain data may limit personalization, resulting in more generic content.

Managing Your Cookie Preferences

We respect your cookie preferences. Choose to accept or decline cookies; your settings are saved for future visits. Adjust settings through your device or browser anytime. Learn more in our [Cookie Policy]. Note that essential security cookies remain active.

1.2. Why We Use Your Information and How We Do It Legally?

Here, we clarify why we process your data and the legal grounds. Knowing why your data is used empowers informed privacy decisions. We process your website’s collected data for these purposes, following legal standards. No online services are provided directly on our website, and we don't engage in significant automated decision-making or profiling based on site data.

Purpose Details on the Purpose Legal Base Data Processed

Website Security We process data to protect the website, prevent unauthorized access, and stop fraud. Legitimate Interest IP addresses, device info, browser info, website usage data, clickstream data, and session info.

Responding to Inquiries

Contact Form We process data from website contact forms to respond to inquiries. Legitimate Interest Contact info (e.g., name, email, phone), user-submitted inquiries or support requests.

Cookie Consent Recording We request and record your consent for non-essential cookies and manage cookie preferences to comply with legal requirements. Legal Obligation Legitimate Interest Recorded consent, cookie preferences, device and browser info, IP address.

Data Retention Execution We process data to meet legal obligations, like record-keeping requirements, data retention and erasure requirements Legal Obligation Erasure of data after retention period.

Responding to Legal Requests Data is processed to respond to legal requests like court orders. Legal Obligation All personal data collected through our website

Website Analytics and Performance Data is used for website analysis to enhance performance and user experience. Legitimate Interest Website usage data, clickstream data, session info, device info, browser info, anonymized data, preferences.

Research and Development We process data to improve website features Consent Website usage data, user feedback, survey responses

Newsletter Subscription and Mailing List With your consent, we send news about our services, or upcoming events Consent Contact info (e.g., name, email), city, company, usage data

Location-based Interactions Geolocation data is collected with consent to enhance the website experience. Consent Geographic Position

Customizing User Experience We personalize your website experience based on your preferences. Consent Website usage data, page views, clickstream data, session info, device info, browser info.

User Feedback and Surveys User insights are gathered through feedback and surveys with consent. Consent User-provided feedback, survey responses, and any shared personal data.

Cookies and Tracking Technologies Data about browsing activities, preferences, and interactions are collected through cookies and similar tech with consent (unless strictly necessary). Consent (Unless strictly necessary) IP address, device information, browser information, website usage data.

Social Media Integration

The purpose is to enable easy engagement with social media content with consent. Consent Information shared through social media integration, like profile info and social media posts.

Personalized Marketing

and Advertising Data is collected for personalized marketing and targeted advertising with consent. Consent Cookies, IP address, device information, browser information, website usage data, demographic information, visitor interactions.

Conversion tracking and remarketing

Tracking actions and behavior for remarketing or targeted advertising purposes. Consent Cookies, IP address, device information, browser information, website usage data, conversion data, interaction data.

Lead generation and marketing analytics

Generating leads, assessing marketing effectiveness, measuring campaign performance. Consent Website form data, contact information, interaction data, marketing analytics data and demographic information.

Displaying content from external platforms

This service allows viewing content from external platforms. Consent Web traffic data may be collected even when Users do not use it.

Monitoring and auditing

Monitoring and auditing, internal or external audits, compliance assessments, adherence to security standards. Legitimate interest Identifying info, documentation, audit logs, records, compliance data.

You have the right to withdraw your consent in certain situations, as outlined in the "Your Rights" section, should you ever wish to do so.

1.3. Third-Party Cookies and Tools

To enhance your experience, we use statistical and marketing cookies from trusted sources including Wix.com, Google Analytics, and Matomo Analytics. These cookies help us understand site usage and tailor content.

Our trusted partners assist us in managing these cookies.

§ Wix.com Inc. (Our Website Provider). Handles various website aspects securely and complies with privacy regulations. Your data is hosted and processed securely, and Wix.com complies with privacy regulations to safeguard your information. To understand how Wix.com handles your data and their commitment to your privacy, please review Privacy & Security | Site Compliance | Wix.com. Wix.com Inc. is located in USA and participant entity to the EU-US Data Privacy Framework (https://www.dataprivacyframework.gov/s/participant-search) and Israel one of the countries that the EU considers to have an adequate level of data protection.

§ Matomo Analytics is an open-source web analytics platform, to collect and analyze data about our website's usage. Matomo Analytics is provided by InnoCraft Ltd, located in New Zealand while 100% of the data collected and backups

are securely stored in Europe. Although New Zealand is outside Europe Economic Area (“EEA”), is one of the countries that the EU considers to have an adequate level of data protection.

For more information about Matomo Analytics' privacy practices, please review Matomo's Privacy Policy on their website: Privacy Policy - Analytics Platform - Matomo.

§ Google Analytics and its related products is a web service provided by Google Ireland Limited ("Google") for users of Google services based in the European Economic Area. When using Google Analytics for users located in the European Economic Area (EEA), the data collected is typically stored within the European Union (EU) or the European Economic Area. By way of exception data may be stored in servers located in USA.

For more information about Google Analytics' privacy practices, please review Google's Privacy Policy on the Google website: Privacy Policy – Privacy & Terms – Google.

For detailed information about these cookies and data handling, please check our Cookie Policy [insert link]. Your privacy is important, and we want you to make informed choices while using our website.

1.4. How Long Do We Keep Your Data?

We keep your data as long as we need to for legal reasons or as long as necessary to fulfill the purposes outlined in this Privacy Policy.

Technical Information Up to 12 months

Website Usage Data Up to 12 months

Cookies Data Usually until you finish browsing, or up to 12 months

Contact Information

Subscription Data For 3 years, so we can respond and document your requests and to establish, defend and exercise our rights in court.

Opt-In Data Until you unsubscribe or ask us to remove it.

Demographic Data Up to 12 months if you provide it.

Geographic Position Up to 12 months, and you can change your settings anytime.

Other Necessary Data Up to 3 years, depending on what data is and why we collected it.

Data collected through third party tools Up to 12 months or up to 3 years, so we can respond and document your requests and to establish, defend and exercise our rights in court.

We may be required to retain certain personal data for a longer period to comply with legal and regulatory obligations, resolve disputes, and enforce our rights. During the retention period, we will take appropriate technical and organizational measures to ensure the security and confidentiality of your personal data. Once the retention period expires, we will securely delete or anonymize your personal data.

1.5. Automated Decision and Profiling

Automated Decision-Making: We do not engage in automated decision-making processes that produce significant legal effects or similarly significant consequences for individuals based solely on automated processing.

Profiling enhances your experience by tailoring content to your interests and behavior. It helps us provide you with relevant information and optimize our services. You have the option to manage your preferences for personalized advertising and content; more details can be found in our "Your Rights" section.

We may use profiling techniques in the following contexts:

§ Personalization User Experience to customize your website experience based on your preferences and past interactions. This allows us to provide you with content and features that are most relevant to you.

§ Personalized Advertising and Marketing Communication involves analyzing your data to deliver targeted ads and marketing messages that align with your interests and behavior.

§ Website Analytics and Performance to track user behavior, such as page views and clickstream data, to understand how users interact with the site.

§ Cookies and Tracking Technologies are used to collect data Collecting data for personalized experiences and site improvements.

§ Security Profiling based on activities, access logs, and compliance to maintain security and integrity.

In summary, the profiling activities described above are implemented with the intention of enhancing your user experience and improving website performance. If you have any questions or concerns about our profiling practices, please don't hesitate to contact us using the information provided in our "Contact Us" section.

This chapter of the Privacy Policy applies generally to the enrolled users of our B2B Clients.

What Information Do We Collect and How?
Why We Use Your Information and How We Do It Legally?
How Long Do We Keep Your Data?
Automated Decision and Profiling[OP1]

What Information We Collect and How?

How is data collected?

We collect your data to grant you access and set up your user account in the booking application under the supervision of your dedicated B2B client account.

You may provide this data directly when you enroll or sign up in the application.
Alternatively, our B2B client, who assigned you for enrollment, may provide specific instructions and lists containing your data to help us set up your account.

When you are enrolled in a free trial demo or a subscription by a B2B client, it's important to note that we act as the Data Processor on behalf of our B2B client.

What categories of data are processed?

The data we process for enrolment purposes include:

Identification Data

User identification and authentication data (name, email address) and any necessary information to set up your access.

Professional Data

Job titles, department, company names, manager, and relevant business contact information (phone number and email).

Permissions

Access rights and permissions assigned for you in the application.

Communication Data

Records of communication and support interactions

Office Data

Office Plan and floor/building plans

Technical Data

Usage data, device data, and system usage, such as IP addresses and application access logs, to ensure secure and efficient usage of our tool.

Security Data

Data on security incidents and threat data

Analytics Data

Aggregated data for analytics, research, development, reporting, and improvement.

Performance Data

Performance data related to application usage, like number of visits, real time visits, session recordings, location – real time map, devices (type, brand), software (win, browsers), accessing times, behaviors (most accessed pages, entry/exit pages, sessions), page speed, events (booking navigation, auto-booking, user settings), engagement - returning visits, transitions - page flows, performance - page speeds, user flows, top paths, heatmaps (dashboard), session recordings.

Why We Use Your Information and How We Do It Legally?

In the context of users enrolled based on the instructions of our B2B clients, we process your data as a Data Processor.

Our processing of enrolled users' data is primarily based on the contractual relationship between us and our B2B client. The data processing is performed to fulfil our contractual obligations in providing access to and ensuring the proper functioning of our booking application and guaranteeing its smooth and user-friendly operation.

Purposes for which we process your data include:

Facilitate Your Access and Usage

We provide you with access to our booking application, ensuring it functions as intended. This processing is based on the contract between us and the enrolling B2B client

User Account Management

We use your data to ensure creation and/or erasure of user accounts, deletion of user accounts.

setting permissions and access rights for user accounts, assigning fixed and mobile desks for users, management of the reservation requests for mobile desks.

Management of your user account also requires tracking your activity in the platform (reservations, cancellations, logs) and integration with your internal active directory for single sign-on and permissions management in the Access a Seat tool.

Support Communication

To facilitate communication regarding your access, usage, and support related to our tool, ensuring a seamless experience.

Ensure Security

We process your data to maintain the security and integrity of our booking tool and protect against unauthorized access or malicious activities. This includes monitoring for security threats and vulnerabilities to ensure a safe user experience.

Research and Development

We use aggregated data for research and development to improve the application features and functions

Business Analytics and Reporting

We perform business analytics, reporting, and performance assessment to monitor and improve the application.

Analytics and Improvement

We use aggregated data for analytics, reporting, and ongoing features enhancement. This approach enables us to improve application features and functions, monitor the performance, identify areas for enhancement, and ultimately enhance your user experience.

Regulatory Compliance

We fulfil legal obligations and respond to any legal requests as required.

How Long Do We Keep Your Data?

When you are enrolled user through our B2B client, we retain your data as long as necessary for the duration of your access to our booking tool.

In the case of free trial enrolments, we keep your data for a maximum of 90 days after the trial period ends, ensuring that we can address any potential follow-up inquiries or transitions.
For general subscriptions, your data is retained for the duration of the subscription and up to 90 days after the subscription ends.

Automated Decision and Profiling

We do not engage in automated decision-making processes or profiling activities related to users enrolled by B2B clients.

Rest assured that our security measures are in place to safeguard your data during your usage of our booking tool. We handle your data with the utmost care and in compliance with relevant data protection laws and regulations.

At times, it's necessary for us to share your personal data with others to fulfil our legal and contractual obligations and to pursue our legitimate interests, we may share the data with our affiliates, subsidiaries, or service providers to facilitate our business activity. We take measures to ensure the security and confidentiality of your data when shared.

The following are examples of possible categories of recipients of your data:

Service Providers

These are companies that assist us in managing our business activity, including technical support, hosting, cloud solutions, security and risks management tools, data analysis, and IT services. These partners are contractually bound to comply with our data privacy and security requirements, ensuring the protection of your personal information. They are authorized to access personal data solely for the purposes we specify, contributing to the efficiency and security of our services.

Professional Advisors

We might work with lawyers, accountants, auditors, or consultants who could access your data while providing their services.

Legal and Regulatory Authorities

Occasionally, legal obligations may require us to share email data with law enforcement, regulators, or government authorities.

Business Transfers

If we undergo a merger, asset sale, or significant organizational change, your data may be transferred to the new entity or owners.

Third-Party Tools and Platforms

We use various third-party tools and platforms to enhance our processes. These tools may process your data on our behalf.

Other Authorized Recipients

There might be other authorized recipients we have to share data with, depending on specific situations and laws,

We may need to transfer your data to countries outside the European Economic Area (EEA) or places with different data protection rules. We take steps to protect your data, including:

Adequacy Decisions: If the European Commission says a country has good data protection, we can send data there without extra safeguards, including EU-US Data Privacy
EU-US Data Privacy Framework: The European Commission has approved data transfers from the European Economic Area (EEA) to the United States under the EU-US Data Privacy Framework. Under this framework, your personal data may be transferred to participating U.S. companies without the need for additional safeguards.
Standard Contractual Clauses: We might use these approved contracts to ensure your data is safe when it goes outside the EEA.

The information about the transfers can be obtained through the “Contact Us” section in this Privacy Policy.

While performing our business activity, we are dedicated to ensuring the security of your personal data. We employ a range of technical and organizational measures to maintain the integrity and confidentiality of your personal information, protecting it from unauthorized access, disclosure, loss, alteration, or destruction.

Organizational Safeguards

We have put in place various organizational measures, including policies, procedures, and guidelines that govern data protection practices across our organization. We regularly assess data processing activities to identify and mitigate risks to your privacy, ensuring a balanced approach.

Data Encryption

We use encryption techniques to safeguard your personal data during transmission and storage, rendering it impervious to unauthorized access or interception.

Access Controls

Strict access controls are firmly in place to guarantee that only authorized personnel have access to your personal data. Access privileges are granted on a need-to-know basis and are routinely reviewed and updated.

Data Minimization

We only collect and process personal data that is necessary for the purposes outlined in this Privacy Policy. The data collected is limited to what is necessary and relevant.

Privacy from the Start

We integrate data protection into our processes from the very beginning, using privacy-enhancing technologies and practices to uphold the highest standards of data protection and privacy.

Employee Training

We make sure our team knows how to keep your data safe through training.

Incident Response

In the unlikely event of a data breach or security incident, we have procedures in place to promptly respond, investigate, and mitigate the impact. We will notify you and the relevant authorities as required by applicable regulations.

Regular Assessments

We conduct regular assessments and audits of our data protection and security measures to identify and address any vulnerabilities or risks related to personal data. This helps us maintain the effectiveness of our security controls and ensure ongoing data protection.

Other

Other security measures required to manage the confidentiality, availability, and integrity of the data, aligned with the technology development.

While we implement these technical and organizational measures, we are committed to continuously improving our security practices and adapt to evolving threats to safeguard your personal data. If you have any concerns about the security of your personal data or if you suspect any unauthorized access or disclosure, please contact us immediately using the contact details provided in the "Contact Us" section.

We are committed to transparency and ensuring that your data subject rights are accessible and cost-free:

Right to Withdraw Your Consent

You can withdraw your consent for the processing of your Personal Data at any time.

Right to Be Informed

You have the right to be informed about how your Personal Data is collected and processed. This includes knowing the purposes, who is processing your data, and how long will be kept.

Right to Object to Processing

When we process your Personal Data based on public or legitimate interest, you can object to it.

Right to Access Your Data

You can find out if we process your Personal Data, get details about the processing, and a copy of your Personal Data.

Right to Rectify Your Data

You have the right to ensure that your Personal Data is accurate and to request corrections if necessary.

Right to Restrict the Processing of Your Data

You have the right, under certain circumstances, to restrict the processing of your Personal Data. In this case, we will not process the Personal Data for any purpose other than storing it.

Right to have Your Data Erased or otherwise removed

You have the right, under certain circumstances, to obtain the erasure of your Personal Data.

Right to Portability of Your Data

You can receive your Personal Data in a structured, machine-readable format and, if possible, have it sent to another controller. This right applies when your Personal Data is processed automatically, based on your consent, a contract, or pre-contractual obligations.

Right Not to Be Subject to Profiling and Automated Decision-Making

You have the right not to be subjected to solely automated decision-making processes, including profiling, that significantly affect you. This means that important decisions, such as those related to your rights, benefits, or legal matters, should not be made solely by automated systems without human intervention. This right safeguards against unfair or discriminatory automated decisions.

Right to Lodge a complaint

You have the right to bring a claim before the Romanian Supervisory Authority (National Authority for the Supervision of Personal Data Processing - https://www.dataprotection.ro/) or directly to the court.

Limitations or Exceptions to Data Subject Rights:

While we respect your rights, legal or legitimate reasons may prevent us from fulfilling some requests. For instance, if it conflicts with our legal obligations or others' rights. We'll explain why if we can't fulfil your request.

Withdrawing Your Consent

You can withdraw your consent at any time. To do so:

Opt-Out: For non-essential cookies, adjust your settings in your device or browser. Essential cookies for security will still be active.
Unsubscribe: If you receive our newsletters or marketing communications, unsubscribe via the provided link.

Consent withdrawal may affect your experience:

If you withdraw consent for non-essential cookies, some website features and personalized content may not be available to you. This may affect your overall user experience on our website.
If you unsubscribe from our newsletter, you will no longer receive our news or updates about our services.

Withdrawing consent does not affect the lawfulness of any processing that occurred before your withdrawal. We are committed to respecting your choices and privacy preferences.

To request any action regarding your rights, contact us by email at dpo@accesa.eu or by postal mail to our head office. Our Data Protection Officer (DPO) will assist you and respond as soon as possible, not later than three months.

We may update this Privacy Policy from time to time to reflect changes in our privacy practices or legal obligations. We will post the revised version on our website and update the "Effective Date" at the top of this policy. We encourage you to check our Privacy Policy periodically for the latest information on our privacy practices.

We are committed to keeping you informed about our data practices and any updates to our privacy policy. You can access the history of previous versions of this privacy policy by visiting the "Privacy Policy History" section on our website. This section provides a record of all previous versions, allowing you to review any changes made over time.

Here are several definitions for the key terms and legal notions used in our Privacy Policy to ensure clarity. These definitions aim to help you better understand the terminology used in this Privacy Policy.

If you have any further questions or need clarification on any terms or provisions, please don't hesitate to contact us. Your understanding of your data rights and our practices is essential to us.

Personal Data

Any information about you, such as your name, or other identifying information that can directly or indirectly identify you.

Data Controller

As the Data Controller, we determine how and why data is processed, and we ensure data protection compliance. Additionally, when we act as a Data Processor on behalf of our B2B clients, they become the Data Controllers, and we assist them in managing and processing the personal data of their enrolled users according to their instructions and in compliance with applicable data protection laws and regulations.

Data Processor

Assists us as Data Controller in managing and taking care of your personal data. They follow our instructions and make sure your data is securely processed.

Additionally, when we act as a Data Processor on behalf of our B2B clients, we assist them in managing and processing the personal data of their enrolled users according to their instructions and in compliance with applicable data protection laws and regulations.

Data Processing Agreement

A legally binding contract that outlines the terms and conditions under which we, as the data processor, handle and process personal data on behalf of our B2B clients, who act as the data controller.

Data Processed

The specific personal data we collect, use, or otherwise process according to this Privacy Policy.

Data Processing

The actions performed on personal data, including but not limited to collection, storage, organization, alteration, use, disclosure, or erasure.

Data Protection Officer (DPO)

Our appointed person responsible for overseeing data protection compliance within our company, acting as a point of contact for personal data-related inquiries.

Data Subject

An individual whose personal data is being processed. This term often refers to you, our Website User, Client, and User.

Data Subject Rights

Your legal rights regarding your personal data, including the right to access, rectify, erase, restrict processing, object to processing, and data portability.

Consent

Your voluntary and informed agreement for us to process your data for specific purposes, obtained through clear and transparent means.

Opt-In/Opt-Out

The act of choosing to agree (opt-in) or disagree (opt-out) with specific data processing activities, such as subscribing or unsubscribing to our newsletters, or for cookies and tracking technologies.

Small pieces of data stored on your device to enhance your web browsing experience, including tracking preferences and user behavior for various purposes.

Geographic Position

Information about the approximate location of a user, such as their country and city, often collected with user consent for location-based services.

Purposes

Specific and transparent reasons for processing personal data, outlined in this Privacy Policy or provided to you when obtaining your consent.

Legal Basis

The lawful justification for processing personal data, ensuring that processing aligns with applicable data protection laws.

Legal Obligation

Processing personal data due to applicable laws, regulations, or legal obligations.

Legitimate Interests

One of the legal bases for processing personal data indicating that we have valid reasons for data processing that don't compromise your rights or interests.

International Data Transfers

The process of sharing data across borders outside the Economic European Area ("EEA"), which may require specific safeguards to ensure data protection.

Adequacy Decisions

Official approvals indicating that certain countries outside the EEA provide an adequate level of data protection, allowing for data transfers without additional safeguards.

Standard Contractual Clauses

Legally binding agreements established to ensure data protection when personal data is transferred outside the EEA to entities that may not have equivalent data protection laws.

Retention of Your Data

Storing or using your data for specific periods during which we store or use your data for specific purposes, in compliance with legal and regulatory requirements.

Profiling

Automated data processing for the purpose of analyzing and predicting behavior, preferences, or interests, often used to personalize user experiences, perform risk assessments, or for analytics.

Automated Decision-Making

Decisions made solely by machines or automated systems, without human intervention, which may impact individuals' rights and freedoms.

Due Diligence

The process of conducting research and assessments to evaluate the suitability and credibility of potential business partners, ensuring they align with our business objectives and standards.

Security Measures

Proactive actions and safeguards taken to protect your data from unauthorized access, disclosure, alteration, loss, or destruction.

Access Controls

Mechanisms and policies in place to manage and control who has access to specific data, limiting access to authorized individuals.

Data Minimization

The practice of collecting only the data that is necessary for the specified purposes of processing, minimizing the amount of personal data collected.

Data Encryption

The process of converting data into code or cipher to protect its confidentiality and integrity during transmission and storage.

Privacy by Design and Default

Making privacy a priority during its processing. An approach that incorporates data protection and privacy considerations into the design and operation of systems and processes by default.