a) Membership contracting
I. What we do with your dataTo make the co-working spaces available for our customers, we negotiate with a contact person from the potential Member Company, Day Pass User Company and Community Pass User Company. This involves all pre-contractual information, as well as the closing of the contract and all communication and follow-up.
The legal basis for this processing of your personal data is the necessity for the performance of a contract.
II. What data we process
Identification data, e.g. name and signatureContact data, e.g. email address and telephone numberFinancial data, e.g. bank account number
III. How we obtain your dataBy yourself
IV. How long we keep your dataWe delete your personal data 2 years after the end of the agreement.
b) Member mail & parcel handling
I. What we do with your dataLoT shall handle mail (letters, newspapers, etc.) addressed to Members. Members can receive (not send) parcels via courier services using the existing parcel lockers.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we process
Identification data, e.g. name and signatureContact data, e.g. email address and telephone number
III. How we obtain your dataBy yourself, postal operators or parcel deliverers.
IV. How long we keep your dataWe do not retain your data: as soon as you have received your mail or parcel, your data will be deleted.
c) Badge usage
I. What we do with your dataThe Member receives per Authorized User (including the Head User), Day Pass User and Community Pass User a personal Co-Working Space entrance card (“Badge”). The Badge is to be used for entrance to the Co-Working Space.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we processIdentification data, e.g. name and badge holding.
III. How we obtain your dataBy yourself or your company.
IV. How long we keep your dataWe delete your personal data 30 days after the registration of the badge usage.
d) Inviting guests
I. What we do with your dataMembers and Day Pass users can invite guests in the co-working space. All guests must be registered as such in the Portal before entering the Co-Working Space.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we processIdentification data, e.g. nameContact data, e.g. email addressProfessional data, e.g. your company relationships
III. How we obtain your dataYourself or the inviting Member or company.
IV. How long we keep your dataWe delete your personal data at the latest 2 years after your last activity in LoT.
e) Meeting room, focus booth, event space & Lab reservation
I. What we do with your dataMembers can reserve meeting rooms, focus booths, event spaces and labs through the portal and by using meeting room credits.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we processIdentification data, e.g. nameContact data, e.g. email address
III. How we obtain your dataBy yourself or your co-workers
IV. How long we keep your dataWe delete your personal data at the latest 2 years after your last activity in LoT.
f) Parking spot registration
I. What we do with your dataUsers of the co-working space can reserve parking spots based on their license plate number.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we processIdentification data, e.g. name and license plate numberContact data, e.g. email address and telephone number
III. How we obtain your dataBy yourself or your company
IV. How long we keep your dataWe delete your personal data at the latest 2 years after your last activity in LoT.
g) Portal and Lab of Tomorrow mobile app
I. What we do with your dataThe member receives access to the portal (web and/or mobile) through which all Lab of Tomorrow assets can be booked, event registration can be done & its membership can be managed.
The legal basis for this processing of your personal data is the necessity for the purposes of the legitimate interests pursued by the controller or by a third party.
II. What data we processIdentification data, e.g. nameContact data, e.g. email address and telephone number
III. How we obtain your dataBy yourself
IV. How long we keep your dataWe delete your personal data at the latest 2 years after your last activity in LoT.
h) Surveillance cameras
I. What we do with your dataTaking camera pictures at the entrances of the co-working spaces for security reasons.
The legal basis for this processing of your personal data is the consent of the data subject given by establishing the surveillance cameras via the icon.
II. What data we processCamera pictures and images
III. How we obtain your dataBy yourself (walking through the camera view)
IV. How long we keep your dataCamera images are deleted no later than 30 days after recording.
i) Newsletter
I. What we do with your dataMembers and subscribed individuals receive general informative news & updates about community activities (ex.Events, partner updates, etc.) The legal basis for this processing of your personal data is the consent of the data subject.
II. What data we processIdentification data, e.g. nameContact data, e.g. email address
III. How we obtain your dataBy yourself.
IV. How long we keep your dataImmediately after you withdraw your consent
Who do we share your personal data with?We depend on specialized service providers, known as “processors”, to carry out specific processing activities under our responsibility. These processors are contractually obligated to comply with the purposes of dataprocessing that we have established.
If we share your data with a third party outside the EU, we will do so only if it is authorized by law and under conditions equivalent to those we follow.
Your personal data will not be shared, sold, rented or disclosed for purposes other than those described in thisPolicy. We may, however, transmit your data for purposes other than those set out in this Policy, in particular when their communication is required by law and/or government authorities.
How do we secure your personal data?We are aware of the importance of the security of your personal data. We do our best to protect your personal data from misuse, interference, damage, unauthorised access, alteration or disclosure. We have implemented numerous security measures to help you protect your personal data. In particular, we use access controls, transmission controls, input controls and availability controls.
We take appropriate technical and organisational measures to protect your personal data and ensure an appropriate level of security.
What are your rights as data subject?Data protection legislation provides various rights for the data subject with regard to the processing of personal data to ensure the data subject has sufficient control over the processing of their personal data.
If you wish to exercise your rights, you may send a request to this effect to our Data Protection Officer at the following email address: dpo@tomorrowland.com. This request should be formulated clearly and as concretely as possible, in order to give us the opportunity to respond as specifically as possible.
If there is any doubt about the identity of the person concerned, we may ask to verify it, in order to prevent an unauthorised person from exercising your rights. In that case we will contact the person concerned and together with him/her seek the most appropriate way to establish his/her identity.
We aim to comply with a request within one month. If this is not possible, we will inform the person concerned as soon as possible of its option to extend this period by two months. If we are unable to comply with your request, we will inform the person concerned, giving reasons, within an appropriate period.
Please be aware that exercising certain rights may affect the performance of our services.
a) Right of informationYou are entitled to be informed about the processing of your personal data. This information must be provided in an accurate, transparent, comprehensible and easily accessible manner, in clear and simple
language. In concrete terms, one can exercise this right by consulting this privacy policy. For more information, one can contact our data protection officer using the aforementioned details.
b) Right of accessYou are entitled to receive confirmation from us whether your personal data is processed by us, at your request. If we do process your personal data, you are entitled to request to view your personal data.
We will produce a copy of the personal data relating to you in our records upon request. Should you make repeated and disproportionate requests for copies of the said data, we reserve the right to charge you a reasonable fee.
c) Right of rectificationYou have the right to obtain the rectification of your inaccurate or incomplete personal data.
d) Right to be forgottenYou are entitled to request we delete your personal data under the following circumstances:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
You withdraw your consent, in cases where the processing is based on your consent and there is no other legal basis for the processing.
Your object to the processing and your personal interests prevail over the legitimate interests of LoT.
Your personal data have been processed unlawfully.
The erasure of your data is necessary to comply with a legal obligation in accordance with European or Belgian law.
We will comply with your erasure request unless one of the following situations occurs:The processing is in the context of exercising the right of freedom of expression and information.For reasons of public interest in the area of public health.To meet the need for archiving in the public interest or for statistical purposes.To comply with a legal obligation to keep records.To establish, exercise or defend a legal claim
e) Right to restriction of processingYou are entitled to request we limit the processing of your personal data if:the accuracy of your personal data has been called into question during the period required to check the accuracy thereofthe processing is unlawful and you do not wish the data to be deleted;we no longer require the data but you do not request we delete the data because the data is required for the pursuance or defence of legal claimsan objection is made to the processing pending an explanation of the legitimate interests that outweigh your interests.
f) Right to data portabilityYou are entitled to receive the data you have provided to us in a structured, standard and machine-readable format.You are entitled to request we transfer the personal data to another data controller (directly from us). This is an option when the processing is based on your consent or on the necessity of the performance of a contract and processing happens via an automated procedure.
g) Right to objectYou are entitled to object to the processing of your personal data based on the public interest or on the legitimate interest of LoT or a third party. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which outweigh your interests or the interests of the pursuance or defence of legal claims.
Where your personal data is processed for direct marketing purposes (including profiling), you remain entitled to object to the said processing.
h) Automated individual decision-makingYou are entitled not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.You may not oppose such a decision if:it is necessary in the performance of the contract;it is authorized on the basis of Union or Belgian law;it is based on your explicit consent.If the data subject cannot oppose for the aforementioned reasons, LoT provides for human intervention, the possibility for the data subject to express his/her point of view and to challenge the decision.
i) Right to withdraw consentIf you have consented to the processing of your personal data for a specific purpose of processing, you are entitled to withdraw your consent at any time.The withdrawal of consent only operates for the future and does not affect processing operations prior to the withdrawal.
j) Procedure to exercise rights and other provisionsYou are entitled to lodge a complaint with the Data Protection Authority (DPA). If you are dissatisfied with the way we process your personal data or if you intend to lodge a complaint, we encourage you to first get in touch with our data protection officer using the aforementioned details, in order to reach a quick solution to this problem together.
www.gegevensbeschermingsautoriteit.be
Contact@apd-gba.beDrukpersstraat 35, 1000 Brussel
Telephone number: +32 (0)2 274 48 00
