shoootin-photo-3-13

Privacy Policy

COMMON DESK PRIVACY POLICY

Last Updated: April 29, 2024

1. INTRODUCTION

Common Desk respects your privacy and is committed to maintaining your trust by protecting your personal data. This Privacy Policy (“Policy”) describes how Common Desk collects, uses, shares or otherwise processes data that (either in isolation or in combination with other information) enables you to be directly or indirectly identified (“Personal Data”) and explains the rights you may have in relation to your Personal Data.

This Policy is intended to help you understand how Common Desk processes your Personal Data when you:

  • interact with us on our websites that display or link to this Policy;
  • use our products and services, including our software and technology platform and applications made available for use online or through mobile devices;
  • register for, attend or take part in our events, webinars, programs, promotions or contests;
  • receive communications from us or otherwise communicate with us;
  • subscribe to receive our newsletters, updates or other communications; or
  • participate in surveys, research or other similar data collection activities facilitated by Common Desk.

2. WHO WE ARE

Common Desk Operations LLC (“Common Desk”, “we”, “our” or “us”) is responsible for the processing of your Personal Data as described in this Policy, and, unless otherwise specified, acts as the controller of such Personal Data. That means that Common Desk determines the purposes for which and the means by which your Personal Data is processed.

3. PERSONAL DATA WE COLLECT

As a regional provider of flexible workspace solutions, we collect different types of Personal Data about you based on how you interact with us and the products and services you access and use. The different types of Personal Data we may collect are categorized in the table below. Please note, however, that not all categories may be applicable to you.

CATEGORYDESCRIPTION OF INFORMATION
Contact InformationData such as your name, email address, physical address, phone number, date of birth, employer or educational institution name and your title or role (as that information relates to your use of our products and services) and other contact information.
Supplemental Identification (ID) InformationData such as your government-issued identity document, photo and other information collected for identity, age verification and fraud prevention purposes.
Account InformationData associated with your Common Desk account, such as username and password.
Payment InformationData about your billing address and method of payment such as bank details, credit, debit or other payment card information.
Activity & Usage InformationData associated with your activity and use of our products and services such as keycard access data (i.e. date and time of arrival or scan at access point), bookings and other information relating to your membership activity and use of our products and services.
Security InformationData such as your image and video footage captured by closed circuit television (CCTV), your access data logs, data collected about you in connection with security incidents that involve you and other information relating to the safety and security of our locations.
Event InformationData collected for purposes of registration and participation in events and webinars, such as attendee badge information (e.g., name, title and company name and image), email address, photographs and videos captured during events.
Device, Internet & Network Activity InformationData from which your device could be identified, such as device ID or other unique identifiers, or about your device, such as browser type, your geolocation information (taken through your mobile device’s GPS signal, browser’s WIFI signal or Bluetooth technology, if your device settings allow for this), IP address, MAC address, data and other information relating to your device and activity on and use of our websites, mobile applications, emails and online content, to the extent such data is considered Personal Data under applicable data protection laws.
Other Voluntary Personal DataData such as the content of your communications with us, including interactions with customer support and our social media channels, participation in surveys, questionnaires, contests or other promotional offers, data you provide when you sign up to receive news, promotions or other marketing communications from us or our partners and any other information you voluntarily provide to us.

 

 

In limited circumstances, we may also collect the following categories of Personal Data:

CATEGORYDESCRIPTION OF INFORMATION
Medical & Health InformationData collected in connection with incidents or medical emergencies involving you at our locations.
Other Sensitive Personal DataData collected with your consent and used as necessary to perform reasonably expected services or as required by law. Unless specifically requested, we ask that you not provide any Sensitive Personal Information.

 

4. HOW WE COLLECT YOUR PERSONAL DATA

4.1 Directly from You

We collect most of your Personal Data directly from you. The categories of Personal Data that we collect depends on how you interact with us. For example, you may provide us Personal Data when you sign-up for a Common Desk membership, contact us or inquire about our products or services, access our locations, use our mobile applications, participate in surveys, interact with our websites, attend or take part in events or webinars or provide services to us. You may not always be required to provide Personal Data that we request. If you do not wish to provide your Personal Data to us, you may choose not to do so or opt-out of our processing of your Personal Data when this option is offered to you. However, you should be aware that if you do not provide Personal Data that we request, we may not be able to provide you with our products or services or respond to your requests for which the provision of such Personal Data is necessary.

4.2 From Automated Means, Devices and Our Networks

We may automatically collect your Personal Data, which we may observe or detect without directly asking you to provide the information to us. As is common practice among businesses that operate online and through technology, this will mainly include information gathered automatically through your activity on and use of our websites, mobile applications, emails and online content. This information includes Device, Internet and Network Activity Information and other information collected through cookies, web beacons and other similar technologies. For more information on how we use cookies, internet advertising and other tracking technologies, please see our Cookie Policy.

4.3 From Other Sources

We may also collect your Personal Data from other sources as described in the table below.

5. PURPOSES FOR WHICH WE PROCESS YOUR PERSONAL DATA

We collect and process your Personal Data for the following purposes:

  • To operate and administer our websites (including our social media pages) and to provide you with the content you access and request
  • To ensure the security of our online services and technology including the detection, prevention, and investigation of attacks
  • To analyze website usage patterns and to help us optimize the relevance and performance of our website and the user experience on our websites
  • To personalize and improve our products and services and your overall customer experience, in particular by improving our existing technologies and developing new products and services and to provide personalized information about us on and off our websites and to provide other personalized content based upon your activities and interests
  • To provide our products and services (e.g., access to Common Desk’s offices, rooms and/or workspaces, access to the shared Internet connection, use of printers, mail services, etc.) and contract with you, including payment processing and customer support
  • To manage our relationship with you, including feedback management and for customer surveys
  • To provide you with general and personalized electronic and non-electronic direct marketing, sales and promotional information and support our targeted advertising initiatives concerning our products and services (e.g., promotions, newsletters and event invites)
  • To send you transactional communications (e.g., service messages, invoices, receipts, registration emails, security alerts, updated terms and policy changes, booking confirmations and other non-marketing communications)
  • For business analytics, including consumer and operations research, to assess the effectiveness of our sales, online service, marketing, and advertising, and to analyze market trends and (future) customer demand
  • To register and activate your membership account, including activating your keycard to enable your physical access to our locations
  • To facilitate, monitor and manage your access to our locations and to monitor our locations using CCTV
  • To record phone or video calls (in accordance with law) or retain transcripts of dialogue for training, quality assurance and administration purposes
  • To manage registrations and participation in events that we organize, host and/or co-host (including to send you related communications, and where applicable, to send your registration information to third-party organizers and co-sponsors)
  • To create internal reports and models (e.g., utilization, forecasting, revenue, financial, capacity planning and management, product and services strategy)
  • To anonymize your Personal Data for further internal and external use in a manner that does not identify you
  • To comply with our responsibilities under data protection laws relating to your processing of Personal Data (e.g., to respond to and maintain records relating to data subject rights requests, to cooperate with supervisory authorities, to respond to inquiries and complaints and to maintain records of consent and suppression lists)
  • To respond to claims and complaints
  • To comply with public and government authorities, courts, law enforcement and regulators lawful requests, notices and orders (to the extent this requires us to process or disclose your Personal Data)
  • To protect the rights, safety, health, and security of our customers, our employees and guests and to protect our property
  • To respond to, handle and document incidents and medical and other emergencies occurring at our locations (including requests for medical assistance or emergency services, as applicable)
  • To enable us to reorganize, restructure, sell or license our business or our assets

6. HOW WE SHARE YOUR PERSONAL DATA

We consider the protection of your Personal Data to be a vital part of our relationship with you; therefore, we do not sell your Personal Data to third parties. There are, however, certain circumstances in which we may disclose, transfer or share your Personal Data with certain third parties (“Third Parties”) as set forth in this Policy. These Third Parties can be categorized as follows:

  • WeWork Group Companies. We may share your Personal Data with our parent companies, subsidiaries and/or affiliates (“WeWork Group Companies”) for purposes consistent with this Policy.
  • Our Service Providers. We use third-party companies, vendors, agents and contractors (“Service Providers”) to perform services or business-related functions on our behalf or to assist us with the provision of our products and services. We may share your Personal Data with such Service Providers as necessary for them to perform or provide services on our behalf.
  • Advertising Partners. As is common practice among companies that operate online, we may share limited Personal Data with certain third parties, including non-affiliated business partners, advertising networks, analytics providers and other advertising providers (“Advertising Partners”) for purposes of targeting advertisements on non-Common Desk websites, applications and services. In addition, we may allow certain Advertising Partners to collect limited information from our websites and services using cookies, web beacons, mobile advertising identifiers and other technologies. These Advertising Partners may use this information to display online advertisements tailored to your interests and preferences across your browsers and devices and to conduct ad campaign measurement and website analytics. We do not control the types of information collected and stored by these third-party cookies, web beacons, mobile advertising identifiers and other technologies. You should refer to the third-party’s website for more information on how they use cookies.
  • Our Professional Advisors. We may share your Personal Data with our professional advisors, including our lawyers, bankers, auditors and insurers who provide consultancy, legal, banking, auditing, insurance and accounting services to us.
  • The Member Company or Account Holder with Whom You are Associated. We may share your Personal Data with your employer or another organization (to the extent your account or use of our products or services is associated with such party’s contract for our products and services) (“Member Company” or “Account Holder,” as applicable) for purposes consistent with this Policy. For example, membership activity and usage data may be shared to enforce our terms and policies (including payment obligations) and to allow for Member Company or Account Holder to assess the effectiveness of our models and plans and to perform administrative functions such as utilization, forecasting, capacity planning and real estate strategy.
  • Organizers, Hosts and Sponsors. We may share your Personal Data with organizers, hosts and sponsors (“Sponsors”) when you register for, attend or take part in events, webinars, programs, promotions or contests associated with such Sponsors.
  • Our Landlords and Building Owners and Managers. We may share your Personal Data with our landlords and building owners and managers as necessary to comply with our lease and/or management agreements to provide services and facilitate access and security at the base building controls where our workspaces are located.
  • Third Parties Involved In Business Transactions. If we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of our assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities, your Personal Data may be shared or transferred, subject to standard confidentiality arrangements.
  • Other Third-Party Disclosures. We may share your Personal Data: (i) at your direction or with your consent, (ii) if required to do so by law in order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements) or (iii) in the good faith belief that such action is necessary to: (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of our employees, agents, members, customers and other third parties, (c) prevent or investigate possible wrongdoing in connection with our products and services, (d) enforce our terms and conditions, policies and agreements, (e) act in urgent circumstances to protect the personal safety of you, other individuals or the public or (f) protect against legal liability.

7. RETENTION OF PERSONAL DATA

We retain Personal Data for a period of time consistent with the original purpose of collection (see Section 5 [Purposes for Which We Process Your Personal Data] above) or as long as required to (i) comply with a legal obligation, (ii) protect or defend our rights, interests or property or that of our employees, agents, members, customers and other third parties, (iii) prevent or investigate possible wrongdoing in connection with our products and services, (iv) enforce our terms and conditions, policies and agreements, (v) protect against legal liability or (vi) pursue legitimate interests or essential business purposes. We determine the appropriate retention period for Personal Data on the basis of the length of time we have an ongoing relationship with you (e.g., for as long as you have an account with us or keep using our products and services), the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal obligations (such as applicable statutes of limitation).

8. SECURITY RELATING TO PERSONAL DATA

We use appropriate technical and organizational measures to protect your Personal Data against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. Such measures take into account the nature of the Personal Data and the processing and the threats posed.

While we endeavor to implement generally accepted security measures, no method of storage or transmission is 100% secure. In the event of a security incident, we will notify regulators and/or you as required by applicable laws and regulations. Such notice may come in the form of an email, postal mail, in-app notification or an electronic notice posted online or through our products and services.

9. AUTOMATED DECISION-MAKING

Currently, we do not make any decisions based solely on automated processing, including profiling, which produces legal effects (“Automated Decision-Making”). In the event our position changes, we will update this Policy and inform you as required by applicable data protection laws.

10. YOUR RIGHTS RELATING TO YOUR PERSONAL DATA

10.1 Your Rights

Depending on where you live, you may be able to exercise certain rights in relation to your Personal Data. These rights may include the right to:

  • Obtain confirmation as to whether or not your Personal Data is being processed by us, and where that is the case, access to such Personal Data (and related details);
  • Obtain rectification of inaccurate Personal Data and to have incomplete Personal Data completed;
  • Obtain erasure or deletion of your Personal Data;
  • Obtain restriction of our processing of your Personal Data or object to processing of your Personal Data;
  • Receive your Personal Data in a structured, commonly used and machine-readable format and to transmit such data to another controller where feasible;
  • Know about the existence of Automated Decision-Making and to not be subject to Automated Decision-Making; and
  • Withdraw your consent at any time, to the extent we rely on your consent as the legal basis for processing your Personal Data (without affecting the lawfulness of the processing based on such consent prior to your withdrawal or processing based on reliance on a legal basis other than consent).

You will not be discriminated against for exercising any of your rights described in this Policy. Please note that these rights may be subject to further conditions, limitations and/or exemptions under applicable data protection laws. If any of the rights listed above are not provided under law for your jurisdiction, we have absolute discretion in providing you with these rights.

10.2 How to Exercise Your Rights

To exercise your applicable rights, please email us at commondesk-privacy@wework.com  When you contact us, please indicate what right you wish to exercise.

To protect your privacy and maintain security, we may ask you to provide certain information to verify your identity and residence before granting you access to your Personal Data or complying with your request. We will contact you if we need additional information in order to process your request. If we are unable to verify your identity or rights to the data, we may not be able to provide you with data rights until you are able to provide us with proper documents. Where permitted by law, we reserve the right to charge an appropriate fee to cover administrative costs incurred in responding to your request, for instance, if your request is manifestly unfounded or excessive.

Under certain data protection laws, you may designate an authorized agent to make requests on your behalf to exercise your rights. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.

10.3 Your Preferences for Email Marketing and Push Notifications

We want to make you aware of the fantastic products and services we offer! To do so, we may send you communications via email. If we process your Personal Data for the purpose of sending you marketing communications, you can manage your preferences in a number of ways. To opt out of email marketing communications, you can use the unsubscribe function in any email you receive from us or contact us using the information in Section 13 [Contacting Us]. Opt-out requests can take up to ten (10) business days to be effective. To control push notifications sent by our Common Desk app, you can change your notification settings on your device. Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as transactional communications about your memberships or event registrations, service messages, security alerts, invoices and updated terms and conditions..

10.4 Your Preferences for Telemarketing Communications

If you want your phone number to be added to our internal Do-Not-Call telemarketing register, please contact us by using the information in Section 13 [Contacting Us] below. Please include your first name, last name, company and the phone number you wish to add to our Do-Not-Call register.

Alternatively, you can always let us know during a telemarketing call that you do not want to be called again for marketing purposes.

10.5 Cookies, Targeted Online Advertising and Other Tracking Technologies

For more information on how to manage the use of cookies, targeted online advertising and other tracking technologies, please refer to Section 7 [How to Manage Cookies, Targeted Online Advertising and Other Tracking Technologies?] in our Cookie Policy.

10.6 Precise Location-Based Services

With your consent, we may collect the approximate physical location of your device by using GPS, Bluetooth, cell phone tower locations, Wi-Fi signals and/or other technologies to improve special offers and to enable location-based services. We collect this data if you opt in through the Common Desk Apps or other program (either during your initial login or later). If you have opted in to share your location, the Common Desk Apps or other program will be able to collect your location data based on how you chose to share the data. You can specify via your device’s operating system (such as through the “Settings” icon) to always share location data, only when the App is in use or never. If you choose only when the App is in use, we will have access to the data until you log off or close the application or if you use your phone’s or other device’s settings to disable location capabilities for the Common Desk App or other program.

10.7 Do Not Track

While some internet browsers offer a “do not track” or “DNT” option that lets you tell websites that you do not want to have your online activities tracked, these features are not yet uniform and there is no common standard adopted by industry groups, technology companies or regulators. Therefore, we currently do not participate in any “do not track” or “DNT” frameworks that would allow us to respond to signals or other mechanisms from you regarding the collection of your Personal Data.

11. CHILDREN AND PERSONAL DATA

Our products and services are not directed at children. We do not knowingly collect Personal Data from children under the age of 16, or such other applicable age of consent for privacy purposes in relevant individual jurisdictions, unless (a) we have obtained consent from a parent or guardian, (b) such collection is subject to a separate agreement with us or (c) the visit by a child is unsolicited or incidental. If you are a parent or guardian and believe your child has provided us with Personal Data without your consent, please contact us by using the information in Section 13 [Contacting Us] below, and we will take steps to delete their Personal Data from our systems.

12. CHANGES TO THIS POLICY

From time to time, we will update or modify this Policy, in our sole discretion, to reflect changes in legal and regulatory requirements and our business practices. The updated Policy will be posted to this website with a change to the “Last Updated” date (located at the top of this Policy). We encourage you to review this page periodically to stay informed, especially before you provide Personal Data. In circumstances where we make updates or modifications to this Policy that materially alter your privacy rights, we will provide additional notice, such as via email or with in-service notifications, as required by law. The updated Policy will take effect immediately after being posted or as otherwise notified by us. Your continued relationship with us or your continued use of our website, products or services after any such updates take effect will constitute acknowledgement and (as applicable) acceptance of the updated Policy.

13. CONTACTING US

If you have questions or concerns relating to this Policy or privacy-related issues, please email us at commondesk-privacy@wework.com or send a letter to the address below. When you contact us, please indicate which country and/or state you reside.

WeWork Privacy Team
c/o Common Desk
12 East 49th Street
3rd Floor Mailroom
New York, New York 10017 USA

14. SEPARATE AND/OR SUPPLEMENTAL PRIVACY NOTICES AND POLICIES

Please see each section below for more information on our separate and/or supplemental privacy notices and policies that may govern how we process your Personal Data in certain circumstances.

14.1 Utah Supplemental Privacy Notice for Utah Residents Only

This Utah Notice is intended to provide you with additional information with regard to our handling of your personal data and certain consumer rights.

When we use the terms “consumer” and “personal data” in this Utah Notice, we are using those terms as Utah’s Consumer Privacy Act (“UCPA”) defines them, which the UCPA generally defines a “consumer” as an individual who is a resident of Utah acting in an individual or household context, but does not include an individual acting in an employment or commercial context and “personal data” as information that is linked or reasonably linkable to an identified individual or identifiable individual, but does not include de-identified data, aggregated data or publicly available information.

UCPA NOTICES
Categories of Personal Data, Purpose for Processing, Categories of Personal Data Shared with Third Parties and Categories of Third Parties with Whom We Share Personal Data
In this Policy,

  • Section 3: “Personal Data We Collect” describes the categories of personal data we process;
  • Section 5: “Purposes for Which We Process Your Personal Data” describes the purposes for processing personal data; and
  • Section 6: “How We Share Your Personal Data” describes the categories of third parties with whom we share personal data.

Some or all of the categories of personal data we process may be shared with third parties. The categories of personal data that we share with third parties depends upon the purposes for which we process personal data. If we engage a third party in connection with any of the purposes for which we process personal data, the categories of personal data associated with that purpose will be shared with the associated third party. Please refer to Sections above for more context.

Sharing of Personal Data for Targeted Advertising
As is common practice among companies that operate online, we may share limited personal data with certain third parties, including non-affiliated Advertising Partners for purposes of targeted advertising on non-WeWork websites, applications and services. In addition, we may allow certain Advertising Partners to collect personal data from our websites and services using cookies, web beacons, mobile advertising identifiers and other technologies. These Advertising Partners may use this information to display online advertisements tailored to your interests and preferences across your browsers and devices and to conduct ad campaign measurement and website analytics. Any personal data we may have shared for the purpose of targeted advertising is limited to Device, Internet & Network Activity Information. For more information on how we use cookies, targeted online advertising and other tracking technologies, please see our Cookie Policy.

YOUR RIGHTS RELATING TO YOUR PERSONAL DATA
Your Rights
As a Utah resident, you may have the rights listed below in relation to personal data that we have collected about you. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include the right to:

  • To confirm whether or not we are processing your personal data and to access such personal data;
  • To delete personal data provided by you;
  • To obtain a copy of your personal data that you previously provided to us in a format that: (i) to the extent technically feasible, is portable, (ii) to the extent practicable, is readily usable and (iii) allows you to transmit the data to another controller without impediment, where the processing is carried out by automated means; and
  • To opt out of the processing of the personal data for purposes of (i) targeted advertising or (ii) the sale of personal data.

How to Exercise Your Rights
You may exercise your rights by emailing commondesk-privacy@wework.com. To protect your privacy and maintain security, we may take steps to verify your identity before complying with your request, and may decline your request if we are unable to verify your identity. To verify your identity, we may collect information such as your email address, government issued ID or date of birth, before providing a substantive response to the request.

We do not sell your personal data (as that term is defined under UCPA). To opt out of targeted advertising, please refer to Section 7: “How to Manage Cookies, Targeted Online Advertising and Other Tracking Technologies?” in our Cookie Policy.

14.2 Cookie Policy

For more information on how we use cookies, targeted online advertising and other tracking technologies, please see our Cookie Policy.

15. OTHER IMPORTANT PROVISIONS

15.1 Non-Common Desk Companies

This Policy does not address, and we are not responsible for the privacy, data, or other practices of any entities other than Common Desk (except as otherwise provided in this Policy), including Sponsors and Landlords and Building Owners and Managers. In addition, we are not responsible for the privacy, data collection, use, disclosure, or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through our software and technology platform and applications or our social media pages.

15.2 Third-Party Links

Our website or products and services may contain links to other websites or services. If you click on a third-party link you will be directed to that third party’s website or service. We do not exercise control over, nor do we assume responsibility for, any third-party websites or services or their privacy, data collection, use, disclosure or security policies or practices. In addition, these other websites may place their own cookies or other files on your computer, collect data or solicit Personal Data from you. We encourage you to read the privacy policies or statements of the other websites or services you visit. The fact that we link to a website or service is not an endorsement, authorization, or representation of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices.

15.3 Anonymized Data

We use anonymized data. Anonymised data is data from which individuals cannot be identified or made identifiable neither by us nor anyone else. Anonymized data is not Personal Data and is not subject to data protection laws.

Book a Tour

Join our Newsletter