Desky is a cloud-based platform used by organizations in their capacity of employes (hereinafter, “Customers”) to create a digital plan of their offices, visualize and manage their occupation in real time, and to reserve hot-desks, desks or meeting rooms easily.
Desky can be both a Controller and a Processor of personal data for the purposes of the General Data Protection Regulation (hereinafter, “GDPR”). For example, Desky will be the Controller of personal data when a Customer enters into a contract directly with us, for the processing of said Customer’s data.
However, in most instances due to the nature of our business Desky has no direct relationship with the data subjects and exclusively processes the End User’s personal data on behalf of the Customers and according to their instructions. Thus, if you are an employee using our platform we act solely as a data processor with respect to the processing of your data. Our Customers decide the purposes for which they use our Platform, as well as the means for collecting data from our platform’s magnitude of features.
In the case of users who browse our website, Desky will be a processor of data collected here, such as cookies, or any data that is interesting to enjoy our content.
Example: if you are a user of our website and you need to access a particular service, such as subscribing to a newsletter, we will manage your personal data for the intended purpose.
Before you can access to our Platform, one of our Customers, as your employer, has already created an End-User account for you and provided us certain data about yourself, including:
Desky processes your personal data:
Desky does not process your personal data for its own purposes. When we process usage and analytics information, as well as some statistical and aggregate data derived from personal data for the improvement and further development of our services, we do so in an anonymized manner.
The processing of your data is carried out in accordance with the following legal bases: your consent in accordance with Art. 6 para. 1 lit. a) GDPR or, as the case may be, Art. 9 para. 2 lit. a) GDPR, for the performance of a contract with you in accordance with Art. 6 para. 1 lit. b) GDPR, or for a legitimate interest in accordance with Art. 6 para. 1 lit. f) GDPR.
The legal basis for processing your data in accordance with the stated processing purposes is:
Desky implements state of the art security standards to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information. We also implement appropriate organizational measures to protect your information.
We apply our security standards also when working with business and technology partners. We only select and contract with processors and third parties who use appropriate security measures and provide sufficient guarantees, including technical and organizational measures, to ensure the appropriate protection of the data we entrust with them.
Moreover, Desky’s employees have signed a Non-Disclosure Agreement or clause in connection to their employment and we have set internal processes such as continuous training and policies that are frequently updated to ensure the availability and resilience of our systems and services. Additionally, Desky has a defined an incident response plan in case of a physical or technical incident.
Data processed by Desky is hosted in the EU and processed either within the EU or such third country deemed to offer an adequate level of security by the European Commission, or by service providers that have entered into binding agreements that fully comply with the lawfulness of third country transfers.
Other recipients of your data may include government agencies and administrations, to the extent that we are legally obliged to do so and service companies, such as tax advisors or lawyers.
We keep personal data for different periods, depending on the type of information, the period of our contract with our Clients, legal requirements regarding certain types of data, and other factors.
Generally speaking, we will stop processing your information when (a) your employer is no longer a Customer of Desky; or (b) you are no longer an employee of our Customer. If circumstance (a) or (b) occurs and we are under no legal or contractual duty to preserve your information for a longer period, we will delete your data.
If we have to retain your information for the purposes of complying with a contractual or legal obligation of retention, or to resolve disputes or enforce our rights we will restrict its access by specific persons or roles.
Under the GDPR you have certain rights when it comes to our processing of your personal data:
Desky usually acts on requests and provide information free of charge, but may charge a reasonable fee to cover our administrative costs of providing the information for:
You can address your communications and exercise your rights by sending written communication to the following e-mail address GDPR@factorial.co In some cases, the request may be refused if you ask for the deletion of data necessary for the fulfillment of legal obligations.