Privacy Policy
Last Updated: March 29, 2026
DeskbookR ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, share, and protect personal information when you use our workspace booking service ("Service").
This Privacy Policy applies to all users of the DeskbookR Service, including website visitors, trial users, and customers.
1. WHO WE ARE
Data Controller: DeskbookR
Email: info@deskbookr.com
Website: https://deskbookr.com
For business-to-business relationships where your organization is the data controller and we process data on your behalf, please refer to the Data Processing Agreement in our Software Service Agreement.
2. WHAT PERSONAL DATA WE COLLECT
We collect different types of personal data depending on how you interact with our Service:
2.1 Information You Provide Directly
- Account Information: Name, email address, password (encrypted), job title, department
- Organization Information: Company name, office location, workspace preferences
- Booking Information: Desk/parking space bookings, dates, times, location preferences
- Profile Information: Profile photo (optional), contact preferences, notification settings
- Communication Data: Messages you send to support, feedback, survey responses
- Payment Information: Billing name, address, payment method details (processed by third-party payment providers)
2.2 Information Collected Automatically
Information, that may be collected when you use our Service, includes:
- Usage Data: Pages viewed, features used, booking history
- Device Information: IP address, browser type and version, operating system, device identifiers
- Cookies and Tracking: Session cookies, authentication tokens, preferences (see Section 7 for details)
- Log Data: Access times, error logs, API calls, system events
2.3 Information from Third Parties
- Microsoft Entra ID (Azure AD): When you sign in with Microsoft, we receive your name, email, and organization ID
3. WHY WE COLLECT YOUR DATA (LEGAL BASIS)
Under GDPR, we must have a legal basis for processing your personal data. Here's why we may process your information:
| Purpose |
Legal Basis |
Data Used |
| Provide the workspace booking service |
Contract Performance |
Account info, booking data, usage data |
| User authentication and account security |
Contract Performance |
Email, password, authentication tokens |
| Process payments and billing |
Contract Performance |
Payment information, billing address |
| Send service notifications and updates |
Contract Performance |
Email, notification preferences |
| Improve service quality and fix bugs |
Legitimate Interest |
Usage data, error logs, feedback |
| Prevent fraud and ensure security |
Legitimate Interest |
IP address, device info, access logs |
| Comply with legal obligations |
Legal Obligation |
Transaction records, tax information |
| Send marketing communications |
Consent (opt-in) |
Email, communication preferences |
| Conduct analytics and research |
Legitimate Interest |
Aggregated usage data (anonymized) |
4. HOW WE USE YOUR PERSONAL DATA
We may use your personal data for the following purposes:
4.1 Service Delivery
- Create and manage your user account
- Process workspace and parking bookings
- Display availability and facilitate desk sharing
- Send booking confirmations and reminders
- Enable collaboration features within your organization
4.2 Communication
- Respond to your inquiries and support requests
- Send important service updates and security alerts
- Notify you about changes to our Service or policies
- Send promotional emails (only with your consent - you can opt out)
4.3 Service Improvement
- Analyze usage patterns to improve features
- Troubleshoot technical issues and bugs
- Conduct user research and gather feedback
- Develop new features based on user needs
4.4 Security and Fraud Prevention
- Monitor for suspicious activity and unauthorized access
- Enforce our Software Service Agreement
- Protect against security threats and abuse
- Comply with legal and regulatory requirements
5. WHO WE SHARE YOUR DATA WITH
We do not sell your personal data. We only share your information in the following circumstances:
5.1 Within Your Organization
- Other users in your organization can see your name, email, and booking information to facilitate workspace coordination
- Your organization's administrators can access user data and usage reports
5.2 Service Providers (Sub-processors)
We may work with third-party service providers who process data on our behalf:
- Cloud Hosting: Microsoft Azure (data storage and infrastructure)
- Authentication: Microsoft Entra ID (single sign-on and identity management)
- Email Services: Transactional email providers for notifications
- Payment Processing: Stripe or similar payment processors (they handle payment card data)
- Analytics: Usage analytics services (anonymized data)
- Customer Support: Help desk and ticketing systems
All service providers are contractually bound to protect your data and use it only for specified purposes. A current list of sub-processors is available upon request at privacy@deskbookr.com.
5.3 Legal Requirements
We may disclose your personal data if required to:
- Comply with legal obligations, court orders, or government requests
- Enforce our Software Service Agreement
- Protect the rights, safety, or property of DeskbookR, our users, or the public
- Respond to claims of illegal activity or policy violations
5.4 Business Transfers
If DeskbookR is involved in a merger, acquisition, or sale of assets, your personal data may be transferred. We will notify you before your data is transferred and becomes subject to a different privacy policy.
6. INTERNATIONAL DATA TRANSFERS
DeskbookR is based in Slovenia and our Service uses cloud infrastructure within the European Economic Area (EEA). For some services, data may be processed in multiple locations, including outside the European Economic Area (EEA).
How we protect your data during international transfers:
- Standard Contractual Clauses (SCCs): We use European Commission-approved SCCs with all non-EEA service providers
- Adequacy Decisions: We transfer data to countries recognized by the EU Commission as providing adequate protection
- Microsoft Azure: Our primary hosting provider complies with EU-US Data Privacy Framework
For more information about our international data transfer safeguards, contact privacy@deskbookr.com.
7. COOKIES AND TRACKING TECHNOLOGIES
We use cookies and similar technologies to provide and improve our Service. Here's what we may use:
7.1 Essential Cookies (Always Active)
These cookies are necessary for the Service to function and cannot be disabled:
- Authentication: Keep you logged in securely
- Session Management: Remember your session across pages
- Security: Protect against cross-site request forgery (CSRF)
7.2 Functional Cookies
- Preferences: Remember your language, theme, and display settings
- Recent Bookings: Quick access to frequently used workspaces
7.3 Analytics Cookies
- Usage Analytics: Understand how users interact with the Service (anonymized data)
- Performance Monitoring: Identify and fix technical issues
7.4 Managing Cookies
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Note: Disabling essential cookies will prevent you from using the Service.
8. HOW LONG WE KEEP YOUR DATA
We retain your personal data only as long as necessary for the purposes described in this Privacy Policy:
| Data Type |
Retention Period |
Reason |
| Account information |
Duration of account + 90 days |
Service provision and account recovery |
| Booking history |
Duration of account + 90 days |
Service provision and dispute resolution |
| Payment records |
7 years after last transaction |
Tax and legal compliance |
| Support communications |
1 year after last contact |
Customer service and quality improvement |
| Usage logs |
90 days |
Security monitoring and troubleshooting |
| Backup data |
90 days from backup creation |
Disaster recovery |
| Marketing consent data |
Until consent withdrawn + 6 months |
Respect opt-out preferences |
When data is no longer needed, we securely delete or anonymize it so it can no longer identify you.
9. YOUR PRIVACY RIGHTS
Under GDPR and other privacy laws, you have important rights regarding your personal data. Here's how to exercise them:
9.1 Right of Access
You can request a copy of all personal data we hold about you. We'll provide it in a commonly used electronic format within 30 days.
How to request: Email privacy@deskbookr.com with "Data Access Request" in the subject line.
9.2 Right to Rectification
If your personal data is inaccurate or incomplete, you can ask us to correct it.
How to update: Most information can be updated directly in your account settings. For other changes, contact privacy@deskbookr.com.
9.3 Right to Erasure ("Right to be Forgotten")
You can request deletion of your personal data in certain circumstances:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent was the legal basis)
- You object to processing based on legitimate interests
- The data was processed unlawfully
How to request: Email privacy@deskbookr.com with "Deletion Request" in the subject line.
Note: We may need to retain certain data for legal or legitimate business reasons (e.g., financial records for tax purposes).
9.4 Right to Restrict Processing
You can ask us to limit how we use your data while we investigate a concern you've raised.
9.5 Right to Data Portability
You can receive your personal data in a structured, machine-readable format (e.g., CSV, JSON) and transmit it to another service provider.
How to request: Email privacy@deskbookr.com with "Data Portability Request" in the subject line.
9.6 Right to Object
You can object to processing based on legitimate interests or for direct marketing purposes.
Marketing opt-out: Click "Unsubscribe" in any marketing email or update preferences in your account settings.
9.7 Right to Withdraw Consent
If we process your data based on consent, you can withdraw it at any time. This won't affect the lawfulness of processing before withdrawal.
9.8 Right to Lodge a Complaint
If you're unhappy with how we handle your data, you can complain to your local data protection authority:
9.9 Automated Decision-Making
The Service may use automated processing in the following ways:
- Automatic Unit Booking: Based on your booking requests, preferences, and availability, the system may automatically assign and book workspace units (desks, parking spaces) that match your criteria. You can review, modify, or cancel any automated booking at any time through your account.
- Smart Recommendations: The system may suggest workspaces based on your booking history, preferences, and usage patterns. These are recommendations only and never binding.
These automated processes are designed to enhance your experience and convenience. You always maintain full control over your bookings and can:
- Review and modify any automated booking
- Delete automated bookings
- Opt out of creating booking requests for automatic booking feature
- Contact your administrator to request human review of any automated decision
No automated decisions are made that significantly affect your legal rights or have similarly significant effects without your ability to intervene.
10. SECURITY MEASURES
We implement appropriate technical and organizational measures to protect your personal data:
10.1 Technical Security
- Encryption: Data encrypted in transit (TLS/SSL) and at rest (AES-256)
- Authentication: Authentication support, secure password policies
- Access Controls: Role-based access, principle of least privilege
- Monitoring: Security monitoring and intrusion detection
- Backups: Regular encrypted backups
10.2 Organizational Security
- Employee Training: Regular data protection and security training
- Confidentiality: All employees must sign confidentiality agreements
- Vendor Management: Due diligence on all third-party processors
- Incident Response: Planned documented procedures for data breach notification
- Audits: Planned security assessments and penetration testing
While we implement strong security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.
11. DATA BREACH NOTIFICATION
If we discover a data breach that may affect your rights, we will:
- Notify you without undue delay (within 72 hours if feasible)
- Describe the nature of the breach and data affected
- Explain the likely consequences and our response measures
- Provide contact information for further inquiries
- Report to supervisory authorities as required by law
12. MARKETING COMMUNICATIONS
We only send marketing emails with your explicit consent.
12.1 What We Send
- Product updates and new features
- Tips for better workspace management
- Webinar invitations and educational content
- Special offers and promotions
12.2 How to Opt Out
- Click "Unsubscribe" at the bottom of any marketing email
- Update your communication preferences in account settings
Note: Even if you opt out of marketing, you'll still receive important service-related emails (booking confirmations, security alerts, account changes).
13. CHILDREN'S PRIVACY
Our Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@deskbookr.com and we will delete it promptly.
14. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.
How we notify you:
- We'll update the "Last Updated" date at the top of this page
- For significant changes, we'll email you at your registered email address
- You may also see an in-app notification about important changes
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.
15. CONTACT US
If you have questions, concerns, or requests about this Privacy Policy or how we handle your personal data, please contact us:
Email: privacy@deskbookr.com
General Support: support@deskbookr.com
We aim to respond to all privacy inquiries within 5 business days and resolve requests within 30 days as required by GDPR.
16. ADDITIONAL INFORMATION FOR B2B CUSTOMERS
If your organization has a subscription with DeskbookR and you process personal data through our Service:
- Your organization is the data controller for end-user data
- DeskbookR acts as a data processor on your behalf
- Our Data Processing Agreement (DPA) terms are in Section 9 of our Software Service Agreement
- Your organization is responsible for complying with GDPR and informing your users about data processing