Privacy Policy

DeskbookR ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our workspace booking service ("Service").

This Privacy Policy applies to all users of the DeskbookR Service, including website visitors, trial users, and customers.

Data Controller: DeskbookR
Email: info@deskbookr.com
Website: https://deskbookr.com

For business-to-business relationships where your organization is the data controller and we process data on your behalf, please refer to the Data Processing Agreement in our Software Service Agreement.

We collect different types of personal data depending on how you interact with our Service:

2.1 Information You Provide Directly

Account Information: Name, email address, password (encrypted), job title, department
Organization Information: Company name, office location, workspace preferences
Booking Information: Desk/parking space bookings, dates, times, location preferences
Profile Information: Profile photo (optional), contact preferences, notification settings
Communication Data: Messages you send to support, feedback, survey responses
Payment Information: Billing name, address, payment method details (processed by third-party payment providers)

2.2 Information Collected Automatically

Information, that may be collected when you use our Service, includes:

Usage Data: Pages viewed, features used, booking history
Device Information: IP address, browser type and version, operating system, device identifiers
Cookies and Tracking: Session cookies, authentication tokens, preferences (see Section 7 for details)
Log Data: Access times, error logs, API calls, system events

2.3 Information from Third Parties

Microsoft Entra ID (Azure AD): When you sign in with Microsoft, we receive your name, email, and organization ID

Under GDPR, we must have a legal basis for processing your personal data. Here's why we may process your information:

Purpose	Legal Basis	Data Used
Provide the workspace booking service	Contract Performance	Account info, booking data, usage data
User authentication and account security	Contract Performance	Email, password, authentication tokens
Process payments and billing	Contract Performance	Payment information, billing address
Send service notifications and updates	Contract Performance	Email, notification preferences
Improve service quality and fix bugs	Legitimate Interest	Usage data, error logs, feedback
Prevent fraud and ensure security	Legitimate Interest	IP address, device info, access logs
Comply with legal obligations	Legal Obligation	Transaction records, tax information
Send marketing communications	Consent (opt-in)	Email, communication preferences
Conduct analytics and research	Legitimate Interest	Aggregated usage data (anonymized)

We may use your personal data for the following purposes:

4.1 Service Delivery

Create and manage your user account
Process workspace and parking bookings
Display availability and facilitate desk sharing
Send booking confirmations and reminders
Enable collaboration features within your organization

4.2 Communication

Respond to your inquiries and support requests
Send important service updates and security alerts
Notify you about changes to our Service or policies
Send promotional emails (only with your consent - you can opt out)

4.3 Service Improvement

Analyze usage patterns to improve features
Troubleshoot technical issues and bugs
Conduct user research and gather feedback
Develop new features based on user needs

4.4 Security and Fraud Prevention

Monitor for suspicious activity and unauthorized access
Enforce our Software Service Agreement
Protect against security threats and abuse
Comply with legal and regulatory requirements

We do not sell your personal data. We only share your information in the following circumstances:

5.1 Within Your Organization

Other users in your organization can see your name, email, and booking information to facilitate workspace coordination
Your organization's administrators can access user data and usage reports

5.2 Service Providers (Sub-processors)

We may work with third-party service providers who process data on our behalf:

Cloud Hosting: Microsoft Azure (data storage and infrastructure)
Authentication: Microsoft Entra ID (single sign-on and identity management)
Email Services: Transactional email providers for notifications
Payment Processing: Stripe or similar payment processors (they handle payment card data)
Analytics: Usage analytics services (anonymized data)
Customer Support: Help desk and ticketing systems

All service providers are contractually bound to protect your data and use it only for specified purposes. A current list of sub-processors is available upon request at privacy@deskbookr.com.

5.3 Legal Requirements

We may disclose your personal data if required to:

Comply with legal obligations, court orders, or government requests
Enforce our Software Service Agreement
Protect the rights, safety, or property of DeskbookR, our users, or the public
Respond to claims of illegal activity or policy violations

5.4 Business Transfers

If DeskbookR is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.

DeskbookR is based in Slovenia and our Service uses cloud infrastructure within the European Economic Area (EEA). For some services, data may be processed in multiple locations, including outside the European Economic Area (EEA).

How we protect your data during international transfers:

Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with all non-EEA service providers
Adequacy Decisions: We transfer data to countries recognized by the EU Commission as providing adequate protection
Microsoft Azure: Our primary hosting provider complies with EU-US Data Privacy Framework

For more information about our international data transfer safeguards, contact privacy@deskbookr.com.

We use cookies and similar technologies to provide and improve our Service. Here's what we may use:

7.1 Essential Cookies (Always Active)

These cookies are necessary for the Service to function and cannot be disabled:

Authentication: Keep you logged in securely
Session Management: Remember your session across pages
Security: Protect against cross-site request forgery (CSRF)

7.2 Functional Cookies

Preferences: Remember your language, theme, and display settings
Recent Bookings: Quick access to frequently used workspaces

7.3 Analytics Cookies

Usage Analytics: Understand how users interact with the Service (anonymized data)
Performance Monitoring: Identify and fix technical issues

7.4 Managing Cookies

You can control cookies through your browser settings:

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Cookies and website data
Edge: Settings → Cookies and site permissions → Cookies and site data

Note: Disabling essential cookies will prevent you from using the Service.

We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:

Data Type	Retention Period	Reason
Account information	Duration of account + 90 days	Service provision and account recovery
Booking history	Duration of account + 90 days	Service provision and dispute resolution
Payment records	7 years after last transaction	Tax and legal compliance
Support communications	1 year after last contact	Customer service and quality improvement
Usage logs	90 days	Security monitoring and troubleshooting
Backup data	90 days from backup creation	Disaster recovery
Marketing consent data	Until consent withdrawn + 6 months	Respect opt-out preferences

When data is no longer needed, we securely delete or anonymize it so it can no longer identify you.

Under GDPR and other privacy laws, you have important rights regarding your personal data. Here's how to exercise them:

9.1 Right of Access

You can request a copy of all personal data we hold about you. We'll provide it in a commonly used electronic format within 30 days.

How to request: Email privacy@deskbookr.com with "Data Access Request" in the subject line.

9.2 Right to Rectification

If your personal data is inaccurate or incomplete, you can ask us to correct it.

How to update: Most information can be updated directly in your account settings. For other changes, contact privacy@deskbookr.com.

9.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances:

The data is no longer necessary for its original purpose
You withdraw consent (where consent was the legal basis)
You object to processing based on legitimate interests
The data was processed unlawfully

How to request: Email privacy@deskbookr.com with "Deletion Request" in the subject line.

Note: We may need to retain certain data for legal or legitimate business reasons (e.g., financial records for tax purposes).

9.4 Right to Restrict Processing

You can ask us to limit how we use your data while we investigate a concern you've raised.

9.5 Right to Data Portability

You can receive your personal data in a structured, machine-readable format (e.g., CSV, JSON) and transmit it to another service provider.

How to request: Email privacy@deskbookr.com with "Data Portability Request" in the subject line.

9.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Marketing opt-out: Click "Unsubscribe" in any marketing email or update preferences in your account settings.

9.7 Right to Withdraw Consent

If we process your data based on consent, you can withdraw it at any time. This won't affect the lawfulness of processing before withdrawal.

9.8 Right to Lodge a Complaint

If you're unhappy with how we handle your data, you can complain to your local data protection authority:

Slovenia: Information Commissioner of the Republic of Slovenia - www.ip-rs.si
EU/EEA: Find your local authority at edpb.europa.eu

9.9 Automated Decision-Making

The Service may use automated processing in the following ways:

Automatic Unit Booking: Based on your booking requests, preferences, and availability, the system may automatically assign and book workspace units (desks, parking spaces) that match your criteria. You can review, modify, or cancel any automated booking at any time through your account.
Smart Recommendations: The system may suggest workspaces based on your booking history, preferences, and usage patterns. These are recommendations only and never binding.

These automated processes are designed to enhance your experience and convenience. You always maintain full control over your bookings and can:

Review and modify any automated booking
Delete automated bookings
Opt out of creating booking requests for automatic booking feature
Contact your administrator to request human review of any automated decision

No automated decisions are made that significantly affect your legal rights or have similarly significant effects without your ability to intervene.

We implement appropriate technical and organizational measures to protect your personal data:

10.1 Technical Security

Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
Authentication: Authentication support, secure password policies
Access Controls: Role-based access, principle of least privilege
Monitoring: Security monitoring and intrusion detection
Backups: Regular encrypted backups

10.2 Organizational Security

Employee Training: Regular data protection and security training
Confidentiality: All employees must sign confidentiality agreements
Vendor Management: Due diligence on all third-party processors
Incident Response: Planned documented procedures for data breach notification
Audits: Planned security assessments and penetration testing

While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

If we discover a data breach that may affect your rights, we will:

Notify you without undue delay (within 72 hours if feasible)
Describe the nature of the breach and data affected
Explain the likely consequences and our response measures
Provide contact information for further inquiries
Report to supervisory authorities as required by law

We only send marketing emails with your explicit consent.

12.1 What We Send

Product updates and new features
Tips for better workspace management
Webinar invitations and educational content
Special offers and promotions

12.2 How to Opt Out

Click "Unsubscribe" at the bottom of any marketing email
Update your communication preferences in account settings

Note: Even if you opt out of marketing, you'll still receive important service-related emails (booking confirmations, security alerts, account changes).

Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@deskbookr.com and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

How we notify you:

We'll update the "Last Updated" date at the top of this page
For significant changes, we'll email you at your registered email address
You may also see an in-app notification about important changes

We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

If you have questions, concerns, or requests about this Privacy Policy or how we handle your personal data, please contact us:

Email: privacy@deskbookr.com

General Support: support@deskbookr.com

We aim to respond to all privacy inquiries within 5 business days and resolve requests within 30 days as required by GDPR.

If your organization has a subscription with DeskbookR and you process personal data through our Service:

Your organization is the data controller for end-user data
DeskbookR acts as a data processor on your behalf
Our Data Processing Agreement (DPA) terms are in Section 9 of our Software Service Agreement
Your organization is responsible for complying with GDPR and informing your users about data processing

1. WHO WE ARE

2. WHAT PERSONAL DATA WE COLLECT

2.1 Information You Provide Directly

2.2 Information Collected Automatically

2.3 Information from Third Parties

3. WHY WE COLLECT YOUR DATA (LEGAL BASIS)

4. HOW WE USE YOUR PERSONAL DATA

4.1 Service Delivery

4.2 Communication

4.3 Service Improvement

4.4 Security and Fraud Prevention

5. WHO WE SHARE YOUR DATA WITH

5.1 Within Your Organization

5.2 Service Providers (Sub-processors)

5.3 Legal Requirements

5.4 Business Transfers

6. INTERNATIONAL DATA TRANSFERS

7. COOKIES AND TRACKING TECHNOLOGIES

7.1 Essential Cookies (Always Active)

7.2 Functional Cookies

7.3 Analytics Cookies

7.4 Managing Cookies

8. HOW LONG WE KEEP YOUR DATA

9. YOUR PRIVACY RIGHTS

9.1 Right of Access

9.2 Right to Rectification

9.3 Right to Erasure ("Right to be Forgotten")

9.4 Right to Restrict Processing

9.5 Right to Data Portability

9.6 Right to Object

9.7 Right to Withdraw Consent

9.8 Right to Lodge a Complaint

9.9 Automated Decision-Making

10. SECURITY MEASURES

10.1 Technical Security

10.2 Organizational Security

11. DATA BREACH NOTIFICATION

12. MARKETING COMMUNICATIONS

12.1 What We Send

12.2 How to Opt Out

13. CHILDREN'S PRIVACY

14. CHANGES TO THIS PRIVACY POLICY

15. CONTACT US

16. ADDITIONAL INFORMATION FOR B2B CUSTOMERS