HomeWork care about your privacy and protecting your Personal Data. This privacy policy (“Privacy Policy”) describes how HomeWork collects, uses, discloses, and otherwise processes your Personal Data in connection with your use of our website and our services.
Before you use our website or our services, please read this Privacy Policy in its entirety, to help you make informed decisions about your relationship with us.
1. Introduction
Data Controller: HomeWork Workspace Ltd (Company No: 11674420) whose registered office is at 14 Ellerton Road, London, United Kingdom, SW18 3NN, is the controller and responsible for your personal data (referred to as “HomeWork”, “we”, “us” or “our” in this Privacy Policy).
Data Protection Officer (“DPO”): Claire Tucker.
Personal Data: is data that relates to you and can — either on its own or in combination with other information — identify you as an individual. Personal Data does not include data that has been aggregated or made anonymous such that you can no longer be identified using means reasonably available to us.
Our services: the services referenced in this Privacy Policy include the coworking and meeting room services provided by HomeWork to you at our premises.
References to “you”: in this Privacy Policy, “you” means anyone who uses our website or our services. This Privacy Policy explains how we collect, use, and disclose your Personal Data in the context of your use of our services and our website.
2. Information We Collect
The Personal Data that we collect and our use of that information depends on your relationship with us and the requirements of applicable law as described below.
We collect information that:
- you provide to us directly;
- about your devices and their location, and your use of our services, including through certain Internet technologies; and
- that we obtain from other sources.
3. Information Collected From You
HomeWork requests different types of Personal Data from you, depending on the services you use and your relationship with us.
- Identity and Contact Data: including your name, mailing address, phone number, email address, Slack account, and other information that enables us to contact you.
- Payment Information: including your bank account information, and payment or other information required when you set up a direct debit with us.
- Profile data: includes preferences, feedback and survey responses.
- Marketing and communications data: includes preferences in receiving marketing from us and communication preferences.
4. Information Collected About You
- Technical Data: Google and Other Third-Party Analytics. We use a tool called “Google Analytics” to collect information about the use of our website (e.g., Google Analytics collects information such as how often users visit the website, what pages they visit when they do so, and what other sites they used prior to coming to our website). Google Analytics collects only the IP address assigned to you on the date that you visit the website, rather than your name or other identifying information. The information collected through the use of Google Analytics is not combined with your Personal Data. You can learn more about how Google Analytics collects and processes data and opt-out options at http://www.google.com/policies/privacy/partners/. We also may use other third-party analytics tools to collect similar information about use of certain online services.
- Technical Data: On your Mobile. Our website is specifically designed to be compatible for use on mobile computing devices. Mobile versions of the website may require you to log-in with an account. In such cases, information about use of each mobile version of the website may be associated with user accounts.
5. Aggregated Data and Special Categories of Personal Data
We may also collect, use and share aggregated data such as statistical or demographic data (“Aggregated Data”). Aggregated Data may be derived from your personal data but is not considered personal data by law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Policy.
Apart from dietary requirements (health information), we do not collect Special Categories of Personal Data (such as race, ethnicity, religious or philosophical beliefs, sexual orientation, political opinions, trade union membership, information about health, and information about criminal convictions and offences).
6. Use Of Personal Data
We will use Personal Data in the following circumstances:
- where we need to provide the services to you (i.e. because we are contractually obliged to do so);
- where it is in our legitimate interests to do so (or those of a third party) and your interests and fundamental rights do not override those interests; and/or
- where we need to comply with a legal or regulatory obligation.
Occasionally, we rely on consent as a legal basis for processing personal data other than in relation to sending useful information and marketing communications to you via telephone and/or email. You have the right to withdraw consent to us contacting you like this at any time by responding to the person that contacts you and/or by contacting us via the details given below.
We have set out below the ways we use personal data and the legal basis for doing so. We have also identified what our legitimate interest is, where appropriate.
We may process personal data for more than one lawful ground depending on the specific purpose for which we are using data. Please contact us if you want further details about the specific legal ground we are relying on to process your personal data.
Where we need to collect personal data by law, or under the terms of a contract and you do not provide that data when requested, we may not be able to perform the contract. In this case, we may have to cancel a service you have with us but we will notify you of this at the time.
7. Sharing of Personal Data
We may disclose your Personal Data in limited circumstances to our community, our service providers and advertisers, and other end users, in order to provide our services and to improve ways of working in our community. Where required by applicable law, we will only share your Personal Data with particular third parties with your consent.
Our Community: our services may include member communities, forums, networks, and other features through which you may share information and connect with others. This includes: member networks, events, and/or other groups available to users.
Surveys / Feedback: from time to time, we may ask for your feedback in surveys. Participation is voluntary, and we will use the information that we collect for research and reporting purposes, and to help us to improve the quality of our services. We use the survey responses to determine the effectiveness of our services, including the quality of our communications and our advertising and/or promotional activities. If you participate in a survey, your responses will be used along with other participants’ responses.
Other Parties When Required by Law and as Necessary to Provide and Protect Our services: there may be instances when we disclose your Personal Data to other parties:
- to provide you with the services that you request;
- to invoice you and collect payments via accounting software such as QuickBooks;
- to comply with our legal obligations, including with auditors, lawyers, CPAs, financial consultants, or other consultants;
- to comply with the law or respond to legal process or a request for cooperation by a government entity or law enforcement;
- to detect, limit, and prevent fraud, or verify and enforce compliance with the policies governing our services;
- to protect our rights, property, and safety or that of any of HomeWork, our business partners, members, or employees; or
- where otherwise required by law.
We share Personal Data in this way either to comply with legal obligations to which we are subject, or to meet our legitimate interests in protecting our business, including from fraud and legal claims.
Other Parties in Connection with a Corporate Transaction: we may disclose or share your information in the event that we purchase, sell, finance, transfer, or acquire all or a portion of a business or assets, such as in connection with a merger, or in the event of a bankruptcy reorganisation or liquidation.
8. Social Media
We are active on social media platforms (Instagram, Facebook, LinkedIn) and share information, images, and video with the public through unaffiliated external social media sites. Personal Data shared on social media will be subject to that platform’s privacy policy. We encourage you to read their policies. Our social media accounts are public, which means that anyone can see your posts, and your posts may even show up in search engine results.
While we will not edit comments, we may delete a comment from our page on a social media site if it, for example, does not relate to the post, promotes a commercial product or service, uses obscene, threatening, or harassing language, or if it is a personal attack or hate speech that targets or disparages any ethnic, racial, age, or religious group (or other legally protected group), or if it advocates illegal activity or breaches copyright laws.
9. Slack
We may use Slack to communicate with you and send you messages. Any communication or information uploaded on Slack is subject to their privacy policy which is available here: https://slack.com/intl/en-gb/privacy-policy.
10. Personal Data – Your Rights
You have the right to:
- Request access to your personal data (known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are processing it lawfully.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. It is unlikely, but in some cases we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Request restriction of the processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
11. Opt-Out
You have the right to opt-out of certain uses and disclosures of your Personal Data as set out in this Privacy Policy, and in specific circumstances, for example related to direct marketing.
12. Special Categories of Personal Data – Dietary Requirements
Where you have provided us with any dietary requirements in relation to any events and have consented to HomeWork’s use of such information you may withdraw that consent, in accordance with applicable law.
13. Email and Telephone Communications
Opting-Out of Marketing Communications: we provide a means to unsubscribe in our marketing-related email communications. Note that we will continue to send transaction-related emails regarding services that you have requested following an unsubscribe. We may also need to send you certain communications regarding operation and administration of the services, and you will not be able to opt out of those communications, e.g., communications regarding updates to our Terms of Use or this Privacy Policy. If you no longer desire to be contacted by us, you must terminate your relationship with HomeWork, following which you can no longer use our services.
Collaboration: we do not sell your Personal Data to third parties for their direct marketing purposes. We may partner with other organisations to run events or programs. The Personal Data and other information that you provide to sign up or participate in that event or program will be available to that organisation, and you may receive emails or other communications from it after the event. Please refer to that organisation’s privacy policy for information on how to opt-out of its communications.
14. Complaints
If you have any concerns about our processing of your Personal Data, we’d be delighted to discuss them with you. You may also lodge a complaint with the Information Commissioner’s Office which is the UK supervisory authority for data protection.
15. Retention
HomeWork will retain your Personal Data for as long as you have a relationship with us, and for a period after your relationship with us has ended.
When determining how long this retention period will last, we take into account the length of time Personal Data is required to:
- continue to develop, tailor, upgrade, and improve our services;
- maintain business records for analysis and/or audit purposes;
- comply with record retention requirements under the law;
- defend or bring any existing or potential legal claims; or
- address any complaints regarding the services.
16. Information Security
The security of all Personal Data provided to HomeWork is important to us. HomeWork takes reasonable steps to use appropriate technical or organisational measures to protect your Personal Data, including against unauthorised or unlawful processing and accidental loss, destruction, or damage. Unfortunately, no data transmission over the Internet or storage of information can be guaranteed to be 100% secure. As a result, while HomeWork strives to protect your Personal Data, we cannot ensure or warrant the security of any information that you transmit to HomeWork, and you do so at your own risk. As such, we ask that you help us be safer together by implementing your own security controls, such as locking your laptop when you leave your desk and other security best practices.
17. Use of CCTV
We operate a CCTV system within our premises. Its aim is to provide a safer and more secure environment for the benefit of visitors, staff and members.
We use CCTV as outlined below. We believe that such use is necessary for our legitimate interests or for the purposes of fulfilling the terms of a contract (i.e. our contracts with our staff), including:
- to prevent crime and protect buildings and assets from damage, disruption, vandalism and other crime;
- for the personal safety of visitors, members and staff;
- to act as a deterrent against crime;
- to support law enforcement bodies in the prevention, detection and prosecution of crime;
- to assist in day-to-day management, including ensuring the health and safety of visitors, members and staff;
- to assist in the effective resolution of disputes which arise in the course of our business; and
- to investigate gross misconduct or behaviours that puts others at risk.
- CCTV images are monitored, recorded and used in strict accordance with this policy.
Where CCTV cameras are placed in HomeWork, we will ensure that signs are displayed at the entrance of the surveillance zone to alert individuals that their image may be recorded. Such signs will contain details of the organisation operating the system, the purpose for using the surveillance system and who to contact for further information, where these things are not obvious to those being monitored.
Recorded CCTV images will be stored in a way that ensures the integrity of the image and in a way that allows specific times and dates to be identified.
Access to live images is restricted to the DPO and any other authorised staff at HomeWork (see further details below), and recorded images can only be viewed in a restricted area by approved staff.
The recorded images are viewed only when there is suspected criminal activity and for occasionally checking that our staff are following best practice. We do not use CCTV for the purpose of monitoring visitors or members.
We reserve the right to use images captured on CCTV where there is activity that we cannot be expected to ignore such as criminal activity, potential gross misconduct, or behaviour which puts others as risk.
Images retained for evidential purpose will be retained in a locked area accessible by the Data Protection Officer.
Where images are retained, the DPO will ensure the reason for its retention is recorded, where it is kept, any use of the images and finally when it is destroyed.
CCTV digital recordings are made using a digital recorder operating in real time mode, monitoring the setting continuously 24 hours a day.
Data recorded by the CCTV system will be stored digitally using a cloud computing system. Data from CCTV cameras will be retained for thirty days then will be automatically recorded over. In some cases, the images may be kept for longer. For example, where images are being recorded for crime prevention purposes, data will be kept long enough only for incidents to come to light.
At the end of their useful life, all images stored in whatever format will be erased permanently and securely. Any physical matter such as tapes or discs will be disposed of as confidential waste. Any still photographs and hard copy prints will be disposed of as confidential waste.
No images from our CCTV cameras will be disclosed to any third party, without express permission being given by the DPO. Data will not normally be released unless satisfactory evidence that it is required for legal proceedings or under a court order has been produced.
In other appropriate circumstances, we may allow law enforcement agencies to view or remove CCTV footage where this is required in the detection or prosecution of crime.
No images from CCTV will ever be posted online or disclosed to the media.
Disclosure will only be granted:
- if its release is fair to the individual concerned;
- if there is an overriding legal obligation; and
- if it is consistent with the purpose for which the system was established.
We will maintain a record of all requests and disclosures of CCTV footage. If access or disclosure is denied, the reason is documented.
18. Collection of Information from Children
Our website and services are not directed to children, and we do not knowingly collect Personal Data from children except as permitted under applicable law. If we become aware that a child has provided us with Personal Data, we will delete such information from our files or obtain parental consent in accordance with applicable law.
19. Changes to this Policy in the Future
Any information that is collected via the website or our services is covered by the Privacy Policy in effect at the time such information is collected. We reserve the right to change, modify, add, or remove portions of this Privacy Policy at any time and at our sole discretion.
If we make any material changes to this Privacy Policy, we will notify you of those changes by posting them on the website or by sending you an email or other notification, as required by applicable law, and we will update the “Effective Date” below to indicate when those changes will become effective.
We encourage you to review this Privacy Policy periodically to remain informed of how we use and protect your information, and to be aware of any policy changes. Your continued relationship with us after the posting or notice of any amended Privacy Policy shall constitute your agreement to be bound by any such changes. Any changes to this Privacy Policy take effect immediately after being posted or otherwise provided by HomeWork.
20. Questions or Comments
If you have any questions or comments regarding our Privacy Policy, please contact us at info@homeworkworkspace.com
Effective Date: January 2020