Privacy App

for mobile app

Last modified: 26 February 2020
Changes in relation to previous versions: none (first version)

Our data protection principles

This notice tells you which data we collect from you, how we use it and how you can withdraw consent to the use of your data.

Who is responsible for data collection and processing?

Everyworks Coworking GmbH is responsible for the collection and processing of your data. The appointed data protection officer is Ms Chris Newiger.
If you have any questions, suggestions and/or criticisms with regard to data protection and the Everyworks app, please contact:
DB Station&Service AG, Europaplatz 1, 10557 Berlin
E-mail: everyworks@deutschebahn.com
Data protection contact: datenschutz-station@deutschebahn.com

Downloading

When the app is downloaded, your user name, e-mail address and customer number, the time of download, the payment information and the individual device number are sent to the App Store. We have no control over such data processing and are not responsible for it.

Technical and contractual reasons

For technical reasons, use of the everyworks app requires certain data (e.g. IP address, device type) to be collected and stored so that the app can work on your device.
To be able to provide our services in the app, we require further personal data from you for contractual reasons:

Registration/logon for the customer account

First name, surname, company name (optional), additional company information (optional), street and house number, state, e-mail address, password (anonymized), verification of e-mail address

Payment data

Payment data, such as credit card data, contact/identification data, is collected for payment processing.
See also the data protection notice of the payment service provider Payone GmbH bspayone.com/DE/en/gtc

Booking data

Minute-based billing via check-in and check-out, acceptance of the rules and regulations valid for each space.

Sending of invoices

E-mail address for sending of invoices by e-mail as PDF.
The legal basis for such data processing is Art. 6 (1) (b) GDPR.

Access permissions

In order to process personal data for technical and contractual reasons, the app requires access permissions to certain features on your device. These access permissions are therefore enabled as the default. The following tells you which service processes your data and for what purposes, unless such access is absolutely necessary for technical reasons:

Technically required access:
Up to Android 6:

  • AUTHENTICATE_ACCOUNTS: Use of account authentication features, creation of accounts, retrieval and setting of passwords for the Everyworks app.
  • GET_ACCOUNTS: For retrieving the list of configured accounts (only the accounts, not the actual access data). This permission simply makes it possible to determine which accounts exist. For example, the app can determine whether a matching account already exists.
  • MANAGE_ACCOUNTS: Management – i.e. including the changing – of accounts/access data.
  • USE_CREDENTIALS: Use of authentication information of an account

For higher versions, only the following permissions are requested:

  • INTERNET and ACCESS_NETWORK_STATE: For interrogating the internet and network status

No permissions are currently collected for iOS.

Offers matching your booking

Following your booking, we would like to send you offers of similar products or services to the e-mail address used for the booking. You can unsubscribe at any time by clicking on the link in the e-mail.

Rights of the data subject
  • You can ask which of your data has been stored.
  • You can request the correction, deletion or blocking of your personal data, provided this is legally admissible and possible under an existing contract.
  • You have the right to lodge a complaint with a regulatory agency. The regulatory agency responsible for everyworks Coworking GmbH is: Berliner Beauftragte für Datenschutz und Informati¬onsfreiheit, Friedrichstr.219, 10969 Berlin, e-mail: mailbox@datenschutz-berlin.de
  • You have the right to portability of the data you have provided to us on the basis of a consent or contract (data portability).
  • If you have consented to your data being processed by us, you can withdraw this consent at any time. Withdrawal of consent does not affect the lawfulness of any prior processing based on such consent.
    To exercise your rights, it is sufficient to send a letter by post to Everyworks Coworking GmbH, Europaplatz 1, 105571 Berlin or by e-mail to smartcity@deutschebahn.com
Will your data be shared with others?

Contract implementation normally requires the involvement of external processors who are dependent on our instructions, such as data centre operators or other IT service providers, printing or mail-handling service providers or other parties involved in contract performance.
External service providers who process data on our behalf are carefully selected by us and subject to strict contractual obligations. Such service providers are bound by our instructions. This is guaranteed by strict contractual arrangements, technical and organisational measures as well as additional checks.
Apart from that, your data is transmitted only if you have explicitly given us your consent or if required by law.
Your data is not transmitted to third countries outside the EU/EEA or to an international organisation unless adequate safeguards are in place. These include the EU standard contractual clauses as well as an adequacy decision by the EU Commission.

When are cookies used?

No cookies are used unless absolutely necessary for the technical operation of the app.

Duration of processing

We store your data only for as long as necessary for fulfilling the purpose for which the data was collected (e.g. under a contract) or where this is provided for by law. Under a contract, for example, we store your data at least until the contract has been completely terminated. The data is then kept for the length of the statutory retention periods. If inactive, your customer account is maintained in the system for four years and then deleted from the system along with notification by e-mail (30 days before deletion).

Updating of the data protection notice

We adapt the data protection notice to modified functionalities or changed legal situations. We therefore advise you to read the data protection notice at regular intervals. Where your consent is required or parts of the data protection notice contain provisions of the contract with you, any amendments require your approval.