Workland Group (and all its entities listed below) processes customer and other relevant data subjects' data: collect, store, publish, transmit and store customer data in accordance with the laws and legislation of the country where the business is located for the best service of clients and for the performance of contractual relations.

Workland Group is responsible for data processing activities and is the authorized data controller. This privacy policy (the “Policy”) explains how we collect and use information when you use any of the services located on our website at www.wrkland.com (the “Website”), booking.wrkland.com, Wrkland mobile application or if you use any other services (the “Services”) that we provide to you. 

By confirming your acceptance while using or interacting with the Website or our Services, you, as a user of our website or as our client, (“User”, “Client” or “you”) agree to the provisions of this Policy and confirm that you have read and understood all of the provisions stated in the Policy. 

We process Personal Data under this Privacy Policy and in accordance with applicable legislation, including the General Data Protection Regulation (2016/679) (the “GDPR”) and the applicable national data protection laws in Finland, Estonia, Latvia, and Lithuania (“Data Protection Law”). 

We are committed to ensuring the privacy and confidentiality of the information pertaining to our clients, potential clients, their affiliates, and affiliated individuals, and to adhering to the policy set out below in congruence with our professional responsibilities and the applicable Data Protection Laws. 
We are the controller of the Personal Data that falls under the scope of this Policy. 

Workland Group entities:

·       Workland Estonia OÜ; 

·       Workland Tallinn OÜ; 

·       Workland Maakri OÜ; 

·       Workland M25 OÜ; 

·       Workland Telegraph SIA;

·       Workland Latvia SIA; 

·       Workland Riga SIA; 

·       Workland Lithuania UAB;

·       Workland Lithuania Didžioji UAB; 

·       Workland Quadrum UAB; 

·       Workland G9 UAB; 

·       Workland Vilnius UAB; 

·       WL Finland Oy.

1. The scope of the Policy 

This Policy describes how we process Personal Data in connection with: 

• All matters related to our clients, former clients, and potential clients; 

• Newsletters and marketing information; 

• Recruitment processes; 

• The use of cookies on our Website

• Compliance with all statutory obligations under the GDPR, relevant data protection laws, and any other applicable laws and regulations. 

2. Purposes, means and retention terms of data processing 

a) News, publications and events: We may use the information that you have provided (name, title, position, your e-mail address, any provided phone numbers, your address and other information) to send you news about the latest developments at the Workland, the scope of services that we provide to you, as well as information about any upcoming events that may be of interest to you, including educational seminars. We will use your Personal Data for this purpose based on your consent (Art. 6(1)(a) GDPR) until you inform us that you no longer wish to receive such information from us. 

b) Cookies: We use cookies to obtain information about your use of our Website. Cookies allow us to provide you with a more streamlined and accessible experience when using the Website. Third-party cookies help us to improve the relevancy of the advertisements we run in different channels. The information generally does not comprise any data that would allow us to individually identify you as a natural person. We process this information based on your consent (Art. 6(1)(a) GDPR). More information about the use of cookies can be found in our Cookie Policy. 

c) Recruitment: We may use Website and other contact channels that are listed on the Website to collect information about your employment or internship application. We will utilize the Personal Data that has been included in the documents that you have provided to us in your application. Additionally, we may request your permission to contact your employers for reference purposes. We process this data based on our legitimate interests (Art. 6(1)(f) GDPR) to evaluate your application and your consent (Art. 6(1)(a) GDPR) for contacting employers. We will retain the data that we have obtained via our recruitment processes for as long as necessary to evaluate the application and in accordance with all relevant laws and regulations. Furthermore, we may ask for your consent to retain your Personal Data for some time after we have evaluated your application. 

d) Purchases: All personal information provided while making a purchase in the web environment are confidential and are treated by the requirements of the Data Protection Law. Personal data is processed by the information as prompted by the Client placing the booking or purchasing a service (first and last name, e-mail address and telephone number and if applicable company details).  

When paying by credit card, the data provided by the Client is protected by the SSL security protocol, ensuring that the information provided cannot be viewed or modified by persons who do not have access to such information. Payment transactions with Visa and MasterCard payment systems are carried out with the help of payment service provider, which stores the data of the Customer’s cards in accordance with the current legislation of local jurisdictions and the European Union. The payment solution provider is a PCI-DSS service provider that meets all the requirements and offers payment solutions, including exchanging payments through Visa and MasterCard between the Parties.  We process this data based on the performance of a contract (Art. 6(1)(b) GDPR).

e) Analytics – we also collect analytics data (browser version, language preference, location, time spent on the page, etc.), which usually cannot be directly linked to one specific person and it is treated as a generalized customer behavior in the web environment of Workland Group. This aggregated data is used for upgrading our products and services.  We process this data based on our legitimate interests (Art. 6(1)(f) GDPR).

f) Facilities Management and Service Provision: We collect personal data to manage access to our facilities and allocate resources such as desks and rooms. This includes processing reservations, payments, and usage of services such as internet access, printing, and support services. We process this data based on the performance of a contract (Art. 6(1)(b) GDPR). We retain this information as needed to ensure efficient management and provision of our facilities and services.

g) Security and Safety: To ensure the safety and security of our premises, we process personal data through CCTV surveillance and access control systems that monitor when individuals enter and leave our spaces. This data is used strictly for security purposes and is kept in accordance with legal and regulatory requirements. We process this data based on our legitimate interests (Art. 6(1)(f) GDPR).

h) Communication: We process the contact details of our members to send regular updates, newsletters, or notifications about events or changes within the workspace. We process this data based on your consent (Art. 6(1)(a) GDPR). We will continue to use your Personal Data for this purpose until you opt out or inform us that you no longer wish to receive such communications.

i) Marketing and Customer Relations: Our marketing activities, aimed at attracting new members and retaining existing ones, involve processing personal data. This includes sending promotional materials, managing loyalty programs, and conducting market research to better understand your needs and preferences. We process this data based on your consent (Art. 6(1)(a) GDPR) for direct marketing, and our legitimate interests (Art. 6(1)(f) GDPR) for market research and customer relations.

j) Legal Compliance: We process personal data in compliance with various legal obligations, such as tax requirements, adhering to health and safety laws, or responding to legal requests from authorities. We process this data based on compliance with a legal obligation (Art. 6(1)(c) GDPR). This data is processed as necessary to fulfill these legal obligations.

k) Feedback and Improvements: We collect feedback from our users to improve our services and facilities. This involves processing data regarding members' experiences and preferences, which helps us to enhance our offerings and better meet your needs. We process this data based on our legitimate interests (Art. 6(1)(f) GDPR).

3. How we protect personal data

We limit the processing of your Personal Data to the scope of purpose for which the data was collected. 

Access to your Personal Data will be restricted to personnel who are required to process the Personal Data to fulfil their professional responsibilities and their duties to you as the Client. Your Personal Data is not stored or processed longer than is necessary with respect to the data processing purposes that we have listed above. 

We have taken the appropriate technical and organizational measures to ensure the secure processing of your Personal Data. Your data will be processed in such a manner to ensure confidentiality and data integrity. 

4. The transfer of your Personal Data to third parties 

We do use the services of certain third parties (e.g., cloud storage providers, customer management systems) to ensure the functionality of our services and the Website. It is necessary for us to transfer specific types of your personal data to these providers, which may include your contact details and transaction history. Each third-party provider acts as a data processor and is contractually bound by data processing agreements that align with GDPR requirements. The Personal Data that will be transferred to these third-service providers will be limited to the minimum that is required to ensure the provision of third-party services. 

We have ensured that all third-party service providers to whom we transfer your Personal Data will follow our instructions with respect to how they process your Personal Data. The transfer of your Personal Data is regulated by the data processing agreements or data processing terms that exist between us and third-party service providers. Any third-party service providers – as the data processors, must ensure that they process your Personal Data with the same level of care and diligence as we do and are legally liable to you and to us if the data processors act contrary to those warranties. Furthermore, these third-party service providers are required to implement technical and organizational measures to ensure an equal level of data protection to the one that we bring to our data processing efforts. 

Our data processing agreements include standard contractual clauses or other legally approved mechanisms to safeguard the transfer of your personal data, especially for transfers outside the European Economic Area (EEA).

5. Your rights as a data subject 

We are committed to keeping your Personal Data accurate and up-to-date. We kindly request your assistance in ensuring that any changes to your Personal Data are communicated to us promptly. 

You may, at any time, exercise the following rights with respect to our processing of your Personal Data: 
a) Right to access: You have the right to request access to any data that can be considered your Personal Data. This includes e.g. the right to be informed on whether we process your Personal data, what Personal Data categories are being processed by us, and the purpose of our data processing. 
b) Right to rectification: You have the right to request that we correct any of your Personal Data if you believe that it is inaccurate or incomplete. 
c) Right to object: You are entitled to object to certain types of processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing based on our legitimate interests. 
d) Right to erasure (“Right to be forgotten"): You may also request that your Personal Data be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement. 
e) Right to data portability: For Personal Data processed automatically and based on your consent or a contract, you have the right to receive this data in a structured, commonly used, and machine-readable format. You can also request the transfer of this data to another controller, where technically feasible. 
f) Right to withdraw your consent: In cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time. 
g) Opt-out of marketing: You have the opportunity to opt out of our communication with you whenever we send you information about us, the events that we organize or any other information that we believe may be of interest to you. Additionally, you can also opt out at any time by contacting us. 

If you have complaints on how we process your Personal Data, or you would simply like to know more about our data processing activities, feel free to contact us at any time by using the contact details provided at the end of this Policy. We will respond to your request within the applicable legal time frame. 

If you have concerns about our processing of your Personal Data, you are encouraged to contact us first. However, you have the right to lodge a complaint with a Data Protection Authority (“DPA”) if you think that your Personal Data is being processed incorrectly or your data protection rights have been breached. You can lodge a complaint by contacting the DPA that is local to your jurisdiction i.e. the location of the alleged violation of your data subject rights or the inappropriate processing or your data, or the place you live and work.  

This is the list of DPAs that are relevant to the scope of this Policy: 

• The Estonian Data Protection Inspectorate in Estonia: http://www.aki.ee/en 

• The Data State Inspectorate in Latvia: http://www.dvi.gov.lv/en/ 

• The State Data Protection Inspectorate in Lithuania: https://www.ada.lt/go.php/lit/Eng 

• Office of the Data Protection Ombudsman in Finland: https://tietosuoja.fi/en/home

6. The location of the processing of your data 

Workland Group keep personal data in their databases located within the European Union and the customer has the right at any time to access his/her personal data and information about the actions performed by him/her. 

By submitting your Personal Data to us or by consenting to the processing of your Personal Data you agree to the processing of your data, including data storage. We will take all reasonably necessary precautions to ensure that your data is treated securely and in accordance with the applicable Data Protection Laws. We will not store any of your Personal Data longer than necessary to fulfil the purposes set out in this Policy. As with all of your Personal Data, you may request that we inform you on the details of the processing of your Personal Data on the basis of Article 15 of the GDPR. You may, as with the exercise of any your rights as a data subject, do so by contacting us via the information that has been provided at the end of this Policy. 

7. Contacts 

Feel free to contact us with regards to any questions, inquiries, requests or complaints with respect to the processing of your Personal Data at: [email protected].

8. Changes to the Policy 

We may make any changes to this Policy as we see fit. If the Policy has been changed in any way, then the newest edition of this Policy will be published on our website. We encourage you to check whether any changes have been made to the Policy from time to time.