PRIVACY P0LICY
INTRODUCTION
Mix Coworking is a coworking space located in Clonakilty town; our address is 8 Wolfe Tone Street, Clonakilty, P85 Y243. Mix Coworking may be referred to as We, Our and Us.
At Mix Coworking, we value the importance of protecting your privacy and personal data. While we have to reserve the right to update this privacy policy at any time without prior notice, our data processing will always remain fair, transparent, and lawful. The data protection officer for Mix Coworking can be contacted by emailing hello@mixcoworking.ie.
DEFINITONS
Account means an individual account created for You to access our services or parts of our service.
Personal Data or Data is information that relates to an identified or identifiable person. The law does not require, and it is not Mix Coworking's practice, to acquire extra, unnecessary information solely to identify persons.
Processing refers to any action taken with personal data: collecting, storing, analysing, communicating, on or off a computer. For purposes of this policy, the Controller is Mix Coworking.
A Processor or Service Provider means any natural or legal person who processes the data on behalf of Mix Coworking. It refers to third-party companies or individuals employed by Us to facilitate our services. For the purpose of the GDPR, Service Providers are considered Data Processors.
GDPR means the EU General Data Protection Regulation.
Website refers to Mix Coworking, accessible from https://mixcoworking.ie
GDPR DATA PR0TECTI0N PRINCIPLES
Mix Coworking commits itself to operate with the following privacy principles:
1. Lawfulness, Fairness, and Transparency
1.a. Beyond upholding your legal rights, we aim to provide our services fairly and to be transparent in the way we process your data.
1.b. We will always provide you with a clear statement of the purpose behind an act of data Processing.
1.c. We will always provide you with a clear statement on how Processing is compatible with your legal rights, also known as the legal or lawful basis for Processing.
2. Purpose limitation
2.a. We aim to collect your data only for specific, limited purposes that we will specify to you in advance as clearly as we can.
2.b. Moreover, if we ever rearrange how we do things, we aim never to process your data in a way incompatible with the original purposes.
3. Data Minimisation
We try only to process the Personal Data that we really need.
4. Accuracy
We will try to correct or erase inaccurate Personal Data depending on what is appropriate in the context.
5. Storage Limitation
We will try to delete Personal Data when we no longer need them.
6. Integrity and Confidentiality
We protect your Data with the appropriate technologies and business practices. We guard against unauthorised or unlawful Processing and against accidental loss, destruction, or damage to your data.
7. Accountability
7.a. We aim to document, as necessary and appropriate, the things we do for your protection.
7. b. You also have a number of rights that you can use to check up on us and hold us accountable. We've listed these below.
7.c. In addition to holding ourselves accountable, we demand that any third party processers are accountable, and we are transparent in our choice of third party processors so that you can hold them accountable too.
PERSONAL DATA WE PROCESS
1. How we obtain Personal Data
The information we process about you includes information:
· you have directly provided to us
· that we gather from third party databases and service providers (such as Skedda, our booking system)
· as a result of your use of our website or our services (including email, booking and subscribing)
2. Types of Personal Data we collect directly
When you use our website and our services, such as booking a desk with us, we ask you to provide Personal Data. This can be categorised into the following groups:
· personal identifiers, such as your first and last names
· contact information, such as your email address, your telephone number and your postal addresses for billing, delivery and communication
· account information, including your username and password
· payment information, such as a debit or credit card number and expiry date and bank account details
· records of communication between us, including messages sent through our website, email messages and telephone conversations
· marketing preferences that tell us what types of marketing you would like to receive
3. Types of Personal Data we collect from third parties
We confirm some of the information you provide to us directly using Data from other sources. We also add to the information we hold about you, sometimes to remove the need for you to provide it again.
The additional information we collect can be categorised as follows:
· information that confirms your identity, for example, your email address, when creating a booking on Skedda
· business information, including your business trading name and address, your company’s registered number (if incorporated), and your VAT number (if registered). We may collect this from you directly, from your own website or company.
· Information that confirms your contact information, for example, your postal address may be provided to our payment processing partner when making a credit/debit card payment
4. Types of personal data we collect from your use of our services
By using our website and our services, we process:
· Your username and password and other information used to access our Website and our services
· information you contribute to our community, including reviews
· Your replies to polls and surveys
· usage information, including the frequency you use our services
· transaction information that includes the details of the products and services you have bought from us and payments made to us for those services
· your preferences to receive marketing from us and how you wish to communicate with us
5. Special personal data
We do not collect any special personal data about you. Special personal data is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. It also includes information about criminal convictions and offences.
Payment Information
Payment information is not collected or stored by us or transferred to us through our Website. Employees of Mix Coworking do not have access to your payment information. That information is provided directly to our third-party payment processor, Stripe, whose use of your personal information is governed by their Privacy Policy. Stripe's privacy policy and user agreement can be found here: https://stripe.com/ie/privacy.
These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
At the point of payment, you are transferred securely to Stripe for payment processing. The payment page is integrated with our booking system called Skedda, which is accessed via our Website; however, Stripe handles all payment information securely and independently of our Website and services.
Direct Debit information
When you agree to set up a Direct Debit arrangement, the information you give to us is passed to our bank, Allied Irish Bank, for Processing according to our instructions.
RIGHTS TO OBJECT OR RESTRICT PROCESSING
Right to Object Processing
European law provides you with a right to object; this means you have the right to tell us to stop Processing your Data for direct marketing. When the Processing is for purposes other than direct marketing, you should explain to us what you're objecting to and why you're objecting. Mix Coworking is then entitled by law to consider whether any legitimate grounds override those objections. If not, then Mix Coworking will cease that Processing right away.
Right to Restrict Processing
European law also provides you with a right to restrict; this means you can put a pause on all or certain types of Processing.
Right to Withdraw Consent
For any Processing that is based on your consent, you can withdraw that consent at any time; this means that we will stop that Processing unless there is another basis to continue Processing, such as a legal obligation. Withdrawing consent does not affect any Processing that has already taken place.
Further Rights
You have a number of legal rights that will help you hold us accountable and abide by the above privacy principles. Here's a listing of rights that you should keep in mind:
1. Rights to information and access
2. Right to correct inaccurate data or supplement incomplete data
3. Right to erasure
4. Right to restriction of Processing
5. Right to data portability
6. Right to object
7. Right to avoid automated individual decision-making
No.6 explained: Right to Data Portability
We understand that sometimes you'll need to take your data with you. At your request, we'll provide you with a transferable copy of your data or send it directly (if possible) to your designated recipient. To make this request, please get in touch with the data protection officer at hello@mixcoworking.ie.
No. 7 explained: Right to Avoid Automated Individual Decision-Making
At Mix Coworking, all decisions that could affect your rights are made by humans. While we use computers to help us in our work, all decisions are made by real people.
Exercising Your Rights
The easiest way for you to exercise the rights above is to contact the data protection officer directly via email at hello@mixcoworking.ie. Let the data protection officer know, if possible, what it is that you're looking for and what it is that you'd like us to do. If you have multiple requests, please make sure you state them all clearly.
If you think your rights have been violated, you have a right to file a complaint with Ireland's Data Protection Commissioner.
USE OF PERSONAL DATA
Third-Party Providers and Partners
To provide the services and experiences that we offer, we rely on our partners to process your information, such as payments and communication. ALL third-party partners we currently work with are listed here alongside their function;
Skedda - our booking system
Stripe - online payments processing system
TapKey - for smart access to the building
Trello - for community management
Wix - for website and online enquiries
Mailerlite -for the mailing list and group communications
Google - For email, forms, and the sharing of documents (Google Drive)
GoCardless - for direct debit payments
By contract, third parties are required to maintain the confidentiality of the Personal Data we provide to them, only act on our behalf and under our instructions, and not use the information for purposes other than the product or service they're providing to us or on our behalf.
We and our partners process your data to do the following
– Provide you with the information, products, or services that you have requested
– Fulfil our obligations to you, including:
– Provide you with Mix Coworking services, products, and experiences
– Fulfil our legal obligations to you and financial or other institutions
– Improve and develop our business, such as our website, products, services, and experiences
– Provide you with information that we think would be of interest to you, sometimes about new products, services, and experiences
– To enforce our rights under our terms and conditions or any other contracts with you
– To prevent fraud
– To protect the rights, property, and safety of Mix Coworking employees and customers or other relevant persons
– To respond, when necessary, to valid law enforcement requests
– To comply with applicable laws
– To gather your opinions and input
– To manage any situation where Processing or other transactions are disputed
– To handle and resolve complaints
DATA SECURITY
We use the following technologies and measures to help protect your data:
– Encryption;
– Locked physical storage;
– Restricted access areas;
– Confidentiality agreements;
– Regular reviews for personal data we should delete because it's outdated or unnecessary for the original purpose;
– Shredding and secure disposal
While no system is 100% secure, we take every reasonable precaution to protect your Data and to respect your privacy.
Confidentiality of Personal Data
Mix Coworking requires all employees to maintain the confidentiality of the Personal Data they handle. Further, we expect you to voice or escalate any concerns about how Mix Coworking handles Personal Data.
COOKIES
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit a website that uses them. They allow information gathered on one web page to be stored until it is needed for use at a later date. They are commonly used to provide you with a personalised experience while you browse a website, for example, allowing your preferences to be remembered. They can also provide core functionality such as security, network management, and accessibility; record how you interact with the website so that the owner can understand how to improve the experience of other visitors, and serve you advertisements that are relevant to your browsing history.
Some cookies may last for a defined period of time, such as one visit (known as a session), one day or until you close your browser. Others last indefinitely until you delete them. Your web browser should allow you to delete any cookie you choose. It should also allow you to prevent or limit their use. Your web browser may support a plug-in or add-on that helps you manage which cookies you wish to allow to operate. The law requires you to give explicit consent for use of any cookies that are not strictly necessary for the operation of a website.
We currently ask for consent to use analytical cookies. These cookies help us to understand how visitors interact with our Website, discover errors and provide a better overall analytics. These cookies are not required to use our website.
OTHER MATTERS
Encryption of data sent between us
We use Secure Sockets Layer (SSL) certificates to verify our identity to your browser and to encrypt any data you give us. Whenever information is transferred between us, you can check that it is done so using SSL by looking for a closed padlock symbol or another trust mark in your browser’s URL bar or toolbar.
Delivery of services using third party communication software
With your consent, we may communicate using software provided by a third party such as Facebook (WhatsApp), Apple (Facetime), Microsoft (Skype), Zoom Video Communications (Zoom) and Slack. Such methods of communication should secure your Personal Data using encryption and other technologies. The Providers of such software should comply with all applicable privacy laws, rules, and regulations, including the GDPR. If you have any concerns about using a particular software for communication, please tell us.
REVIEW
We aim to review our data protection and privacy policies and procedures at least once a year and more often if necessary to account for changes in the law or how we do things.
A situation may arise where we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they have the proper authorisation, such as a search warrant or court order. This may include your Personal Data.
Rights of state agency
A state agency can request to access subject data by sending an email to hello@mixcoworking.ie.
CONTACT INFO
General Contact: Mix Coworking, 8 Wolfe Tone Street, Clonakilty, P85 Y2443, Cork, Ireland. General telephone contact: 086 8269907. Email address: hello@mixcoworking.ie
DPO Contact: Data Protection Officer, Mix Coworking, 8 Wolfe Tone Street, Clonakilty, P85 Y2443, Cork, Ireland. Email address: hello@mixcoworking.ie.
You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.