Privacy Policy

www.joinplaces.co

1. Introduction

Places AB, org. nr 559213-9694 (hereinafter "Places," "we," "us," or "our"), is the data controller responsible for processing your personal data in connection with our coworking services. We operate coworking spaces in Stockholm at Östermalm (Artillerigatan 55), Kungsholmen (Fridhemsgatan 45), Telefonplan (Tellusgången 2), and Sickla (Järnvägsgatan 30).

This Privacy Policy explains how we collect, use, store, and share your personal data when you visit our website (www.joinplaces.co), use our community platform (community.joinplaces.co), enquire about our services, or become a member. It also describes your rights under the EU General Data Protection Regulation (GDPR) and Swedish data protection law.

By using our services or website, you acknowledge that you have read and understood this Privacy Policy.

2. Data Controller and Contact Details

Data Controller: Places AB

‍Address: Järnvägsgatan 30, 131 54 Nacka

‍Email: hello@joinplaces.co

‍Phone: +46 (0) 76 184 98 97

If you have any questions about how we process your personal data, please contact us using the details above.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data you provide directly

Contact information: name, email address, phone number, and company name (when you book a viewing, register as a member, or contact us)
Billing and payment information: invoicing details, company registration number, and payment data processed through our payment provider Stripe
Membership information: membership type (Light, Flex, or Fixed), preferred location, locker assignment, and postal/business address registration
Communication data: messages, enquiries, and feedback you send us via email, phone, or our website forms
Community platform data: profile information, posts, and interactions on our member community platform

3.2 Data we collect automatically

Website usage data: IP address, browser type, device information, pages visited, time spent on pages, and referring URLs
Cookies and tracking technologies: data collected via cookies, Facebook Pixel, and LinkedIn Insight Tag (see Section 8 for details)
Access data: entry logs and timestamps when you access our coworking spaces using your digital key or access code

4. Purposes and Legal Bases for Processing

We process your personal data for the following purposes:

Managing your membership and providing coworking services

‍Data used: Contact, billing, membership, and access dataLegal basis: Performance of a contract (Art. 6(1)(b))

Responding to enquiries and booking viewings

‍Data used: Contact and communication dataLegal basis: Legitimate interest (Art. 6(1)(f)) — responding to prospective members

Processing payments

‍Data used: Billing and payment dataLegal basis: Performance of a contract (Art. 6(1)(b))

Sending newsletters and marketing communications

‍Data used: Name and email addressLegal basis: Consent (Art. 6(1)(a))

Website analytics and improvement

‍Data used: Website usage data and cookiesLegal basis: Consent (Art. 6(1)(a)) for non-essential cookies; Legitimate interest (Art. 6(1)(f)) for essential cookies

Targeted advertising via social media platforms

‍Data used: Website usage data via Facebook Pixel and LinkedIn Insight TagLegal basis: Consent (Art. 6(1)(a))

Security and safety of our premises

‍Data used: Access dataLegal basis: Legitimate interest (Art. 6(1)(f)) — protecting our property and members

Compliance with legal and accounting obligations

‍Data used: Billing, payment, and membership dataLegal basis: Legal obligation (Art. 6(1)(c)) — Swedish bookkeeping and tax law

Where we rely on legitimate interest, we have carried out a balancing test to ensure that our interests do not override your fundamental rights and freedoms. You may request details of these assessments by contacting us.

5. Sharing of Personal Data

We do not sell your personal data. We may share your data with the following categories of recipients:

Payment processors: Stripe processes payments on our behalf and acts as an independent data controller for payment card data. See Stripe's privacy policy for details.
Website and platform providers: Webflow (website hosting), and our community platform provider
Advertising partners: Meta Platforms (Facebook Pixel) and LinkedIn Corporation (Insight Tag), where you have given consent
IT service providers: cloud hosting, email services, and CRM systems that help us operate our business
Professional advisors: accountants, auditors, and legal advisors, where necessary
Authorities: Swedish tax authorities, law enforcement, or other public authorities when required by law

All service providers who process data on our behalf do so under data processing agreements (DPAs) that comply with Article 28 of the GDPR.

6. International Data Transfers

Some of our service providers and advertising partners (such as Stripe, Meta, and LinkedIn) may transfer your personal data to countries outside the European Economic Area (EEA), including the United States.

When personal data is transferred outside the EEA, we ensure appropriate safeguards are in place, including:

The European Commission's adequacy decisions (where applicable)
EU Standard Contractual Clauses (SCCs) approved by the European Commission
The EU–U.S. Data Privacy Framework, where the recipient is certified

You may request a copy of the safeguards in place by contacting us.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Membership and contract data: Duration of membership plus 24 months
Billing and accounting data: 7 years (Swedish Bookkeeping Act, Bokföringslagen)
Enquiry and viewing booking data (non-members): 12 months from last contact
Marketing consent records: Until consent is withdrawn, plus 12 months for documentation
Access logs: 12 months
Website analytics and cookie data: As defined by cookie settings (see Section 8)

After the applicable retention period, data is securely deleted or anonymised.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device that help us improve your experience and understand how our website is used.

8.1 Types of cookies we use

Strictly necessary cookies: Required for the website to function. These do not require consent.
Analytics cookies: Help us understand how visitors use our website. Placed only with your consent.
Marketing cookies: Used by Facebook Pixel and LinkedIn Insight Tag to deliver targeted advertising. Placed only with your consent.

8.2 Managing your cookie preferences

When you first visit our website, you are asked to give or refuse consent for non-essential cookies via our cookie banner. You can change your preferences at any time through the cookie settings on our website, or by adjusting your browser settings.

9. Your Rights Under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

Right of access (Art. 15): You may request a copy of the personal data we hold about you.
Right to rectification (Art. 16): You may request correction of inaccurate or incomplete data.
Right to erasure (Art. 17): You may request deletion of your data, subject to legal retention requirements.
Right to restriction (Art. 18): You may request that we limit processing of your data in certain circumstances.
Right to data portability (Art. 20): You may request to receive your data in a structured, commonly used, and machine-readable format.
Right to object (Art. 21): You may object to processing based on legitimate interest, including direct marketing.
Right to withdraw consent (Art. 7(3)): Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise your rights, please contact us at hello@joinplaces.co. We will respond within 30 days. If your request is complex or numerous, we may extend this period by an additional 60 days, in which case we will inform you.

You also have the right to lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY):Website: www.imy.seEmail: imy@imy.se

10. Security Measures

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or destruction. These measures include encrypted data transmission (TLS/SSL), access controls, secure payment processing via Stripe, regular review of our security practices, and data processing agreements with all service providers.

11. Children's Data

Our services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will notify members by email and/or by posting a notice on our website.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Places AB

Email: hello@joinplaces.co