Privacy Notice

Last update: 9 December 2020


Thank you for choosing to be part of our community at SpaceIn. This Privacy Policy applies to the SpaceIn services offered by MCCGLC Limited, a company registered in England and Wales, under registration number 05563882 with registered address Arnold House, 21-33 Great Eastern Street, London, EC2A 3EJ, UK ("MCCGLC", "we", "us", "our"). 

 

We are committed to protecting your personal information and  we take your privacy very seriously.  We do not sell any personal information about our clients, suppliers, employees and other business associates.  We only use any information shared with us for provision of our services and in that capacity operate as a data controller and, to the extent that we process the data, as a data processor. 

 

In this privacy notice, we seek to explain to you in detail what information we collect, the steps we take to protect and secure it, how we use and share information, and finally, how you can contact us with questions or concerns. We hope you take some time to read through it carefully, as it is important. If there are any terms in this privacy policy that you do not agree with, please discontinue use of our Services.

 


APPLICABILITY OF THIS NOTICE


This Privacy Policy sets out the way in which we use any personal information that is collected from you whilst using our SpaceIn websites, such as https://spacein.co.uk and https://staging.spacein.co.uk/ (the “Sites”), our SpaceIn mobile applications (the “Apps”) or interacting with us via e-mail, text message or and/or any related services, sales, marketing or events; together “The Services”. 


Personal Information” means information that identifies you personally such as your name, photo or contact details or data that can be linked with such information in order to identify you.


You are provided with access to this Privacy Policy when you register with us and it is available on our Sites at all times.



WHAT PERSONAL INFORMATION WE COLLECT


We collect different types of Personal Information for different purposes. 


We collect Personal Information about you when you access our Sites and Apps, register with us, contact us, send us feedback, purchase our Services, and complete customer surveys. 


We collect this Personal Information from you either directly, such as when you register with us, contact us or purchase Services or indirectly, such as your browsing activity while on our Sites and Apps.


Account User Information

You give us the following personal information about yourself when you register for a SpaceIn Account or when you log in to our Sites and Apps. This information is required for setting up and maintaining access to your account. You can visit and browse our Sites without disclosing the data below. 


  • Name
  • E-mail address
  • Password, password hints, and similar security information used for authentication and account access
  • Meetings schedule
  • Profile picture for avatar (optional)
  • Department (optional)
  • Phone number (optional)
  • Billing name (if applicable)
  • Billing phone (if applicable)
  • Billing address (if applicable)
  • Payment method (if applicable)
  • Bank details (if applicable)
  • Company name (if applicable)
  • Employee count (if applicable)
  • Social media login data (if applicable)

 

SpaceIn Event Attendee Information

The following personal information about you is passed on to us for events being hosted on SpaceIn and organised by third parties. This information is required for allowing you to attend the event.


  • Event title & details
  • Consent to contact
  • Name
  • E-mail address
  • Employer (if applicable)
  • Job title (if applicable)

 

Automatically Collected Information

We may collect the following information by automated means whenever you visit and browse our Sites or use our Apps. This information is primarily needed to maintain the security and operation of our Sites and Apps, and for our internal analytics and reporting purposes.


  • IP address
  • Internet service provider (ISP)
  • Browser type
  • Operating system
  • Device characteristics
  • Referring URLs
  • Language preferences
  • Country
  • Location/geo-location
  • Persistent identifiers and third party cookies
  • Information on use of the Sites or Apps, including dates and times of use, interaction and activity
  • Other technical information, such as configuration data, meeting metadata, feature usage data, performance data

 

Support and Feedback Information

We may collect the following information when  you use our support services or participate in surveys.

  • Support data, that is information that has been provided by you or is otherwise processed in connection with support activities such as support chats or calls (including recordings of those calls) and service support tickets.
  • Survey data, that is feedback from or in relation to use of the relevant Services.

 

Marketing Related Information

You give us your Personal Information if you enter your details into the “Join” section of our Sites where we provide individuals the opportunity to be contacted by us and find out more about the SpaceIn Services, providing the following details:

  • Name
  • E-mail address
  • Company name (if applicable)
  • Employee count (if applicable)
  • Operational details (if applicable)


We also maintain a database of prospective clients justified under a Legitimate Interest Assessment where we collate names and contact details of business to business decision makers who are known buyers of our Services.


Children's Information

Our services are not intended for children and we do not knowingly collect data relating to children. By using the Sites or Apps, you represent that you are at least 18 years old or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Sites or Apps.


Cookies And Other Tracking Technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Policy.



WHY WE USE YOUR INFORMATION


We use the information held about you in the following ways and on the following legal bases. We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Where more than one ground has been set out in the list below, details of the specific legal ground we are relying on are available upon request.


  • To create and manage your account with us, on “Contract”, “Consent” or “Legitimate Interests” bases
  • To verify your identity, on “Contract”, “Legitimate Interests” or “Legal Obligation” bases
  • To provide Services to you, on “Contract”, “Consent” or “Legitimate Interests” bases
  • To send you marketing and promotional communications and other information, that you request from us or which we feel may interest you, on a “Legitimate Interests” or “Consent” basis
  • To customise our Sites and Apps content to your particular preferences, on “Contract”, “Consent”,  “Legitimate Interests” or  “Legal Obligation” bases
  • To notify you of any changes to our Services that may affect you, on “Contract”, “Legitimate Interests”,  or “Legal Obligation” bases
  • To improve or protect our Services, on “Contract”, “Legitimate interests” or “Legal Obligation” bases
  • To enable user-to-user communications, on “Contract” or “Consent” bases


WHO WE SHARE YOU INFORMATION WITH

 

We only share and disclose your Personal Information with clients (where the data has been collected on their behalf in the first instance) and/or with the following third parties and suppliers where required operationally, and in order to provide our Services:

 

  • Gmail and Google Calendar - for connecting to your third-party account and retrieving meetings information
  • Cloud Firestore, Cloud Functions for Firebase, Firebase Hosting, Firebase Realtime Database and Cloud Storage for Firebase -  for functionality and infrastructure optimisation
  • Google API Services and Firebase Authentication - for user account registration and authentication
  • Google Cloud Platform - for data storage
  • Google Analytics for Firebase - for web and mobile analytics
  • Typeform - for signups and surveys
  • Sendgrid Email API - for email distribution 
  • Google Maps APIs - for geolocation
  • Crashlytics and Firebase Crash Reporting - for website performance monitoring
  • Beta by Crashlytics - for website testing


We reserve the right to share your Personal Information with parties other than those identified above under the following circumstances:


  • In response to lawful requests by public authorities, including but not limited to national security or law enforcement requests. We may also disclose your personal information as required by law, such as to respond to court orders, or similar legal processes, to establish or exercise our legal rights or, defend against legal claims, or if in our judgment in such circumstances disclosure is required or appropriate
  • If we believe it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our various terms of use, or as otherwise required by law
  • In order to enforce or apply our Terms and Conditions and other agreements; or to protect the rights, property, or safety of our clients, suppliers or others.
  • If we or substantially all of our assets are acquired by a third party, in which case personal data held by it about our customers will be one of the transferred assets.


INTERNATIONAL TRANSFERS


We operate globally, which means personal data may be stored and processed in any country where we or our service providers have facilities or hold events. By using our Sites, Apps or Services or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the UK or in other countries around the world. Such countries may have data protection rules that are different and less protective than those of your country.

 

If you are a resident of the European Economic Area (EEA), and your personal data is transferred outside of the EEA, we will:

 

  • Process it in a territory which the European Commission has determined provides an adequate level of protection for personal information; or
  • Implement appropriate safeguards to protect your personal information, including transferring it in accordance with applicable transfer mechanisms such as the European Commission's standard contractual clauses.

 


RETENTION OF INFORMATION


We will retain your information for as long as you are our client or as needed to provide our Services – and where required to comply with our legal obligations, resolve disputes, and enforce our agreements.  We will retain your data until any such time that we receive a request to opt-out.


Details of retention periods for different aspects of your personal data are available upon request.


 

KEEPING YOUR INFORMATION SAFE


We use physical, electronic, and procedural safeguards to protect personal information – our IT arrangements aspire to “Data Protection by Design” and should be able to detect a significant data breach. Where such a breach could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage we will notify the ICO, if we are the Controller, or our client, in the event they are the Controller.   Where a breach is likely to result in a high risk to the rights and freedoms of individual data subjects, we will also notify those concerned directly and at the earliest practical opportunity. We shall then fully investigate a data breach and implement corrective action to prevent recurrence.


By using our Services or providing personal information to us, you are consenting to MCCGLC communicating with you electronically regarding security, privacy, and administrative issues related to your use of our services. We may email you if a security breach occurs at the email address you have provided to us.


Data transmissions over the Internet are not 100% secure. Consequently, we cannot guarantee or warrant the security of any information you transmit to us and you do so at your own risk. Once we receive your transmission, we use reasonable efforts to ensure security on our systems.


YOUR RIGHTS


By law, you have a number of rights (subject to certain conditions) when it comes to your personal information. 


In relation to personal information we process for the purposes of providing services to you on behalf of your company or event organiser, you will need to contact them to exercise or enquire about these rights. 


Please consider your request responsibly before submitting it. We will respond as soon as we can. Generally, this will be within one month from when we receive your request but, if the request is going to take longer to deal with, we’ll come back to you and let you know.


(A) Right to be informed

We strive to ensure that all those engaging with us are informed of our arrangements for processing personal data through this  Notice. 


(B) Right of access

We will respond to data requests within 1 month and will only charge for requests that are manifestly unfounded or excessive. If we have grounds to refuse a request we will inform the data subject and make them aware of their right to complain to the ICO or to seek civil action – again within 1 month of receiving the request.


(C) Right to rectification

For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will correct any inaccuracies in a data subject’s personal data upon receipt of a request.  For personal data held under the legal basis of “Contract” or “Legitimate Interest” or “Legal Obligation” we will endeavour to correct the data upon request but may not be able to do so if changing the data may conflict with our legal obligations or disadvantage us in a future legal action.  In cases where we cannot rectify the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.


(D) Right to erasure

For personal data obtained directly from a data subject under the legal basis of consent – and obtained indirectly from a data subject under the legal basis of legitimate interest – we will erase a data subject’s personal data upon receipt of a request / opt-out notification.  For personal data held under the legal basis of “Contract” or “Legitimate Interest” or “Legal Obligation” we will endeavour to erase data upon request but will not be able to do so if holding the data is necessary to fulfil our legal obligations or may be necessary as evidence in a future legal action involving us.  In cases where we cannot erase the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.


(E) Right to restrict processing

For personal data obtained directly from a data subject under the legal basis of “Consent” – and obtained indirectly from a data subject under the legal basis of “Legitimate Interest – we will restrict the processing of a data subject’s personal data upon receipt of a request / opt-out notification.  For personal data held under the legal basis of “Contract” or “Legitimate Interest” or “Legal Obligation” we will endeavour to facilitate the requested restriction upon request but will not be able to do so if restricting the processing of the data prevents us from fulfilling our legal obligations or the current processing of the data may be necessary as evidence in a future legal action involving us.  In cases where we cannot restrict the processing of the data for these reasons we shall inform the data subject and make them aware of their right to complain to the ICO or to seek civil action.


(F) Right to data portability

For personal data obtained directly from a data subject under the legal basis of consent – we shall provide, upon receiving a request, the data that we hold in a standard, widely accessible format.


(G) Right to object

For personal data obtained directly from a data subject under the legal basis of “Consent” – and obtained indirectly from a data subject under the legal basis of “Legitimate Interest” – we will cease to process a data subject’s personal data upon receipt of a request / opt-out notification.


You have the right to withdraw consent to marketing at any time by sending an email to dpo@mccglc.com. We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising.


 

HOW TO EXERCISE YOUR RIGHTS


To exercise any of the rights above, email us at dpo@mccglc.com. You may also submit a request to the following address:

 

MCCGLC Limited

FAO: Data Protection Officer

Arnold House

21-33 Great Eastern Street

London EC2A 3EJ

UK

 

Please identify yourself and specify your request. If you have a password protected SpaceIn account, we will use your account information to verify your identity. If not, we will ask you to provide additional verification information. What we request will depend on the nature of your request, how sensitive the information is, and how harmful unauthorized disclosure or deletion would be.


We usually act on requests and provide information free of charge. Where legally permitted, we may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Further, we may be entitled to refuse to act on the request, if deemed to be unreasonably repetitive or systematic, requires disproportionate technical effort, or jeopardises the privacy of others.



USER CONTENT


User Content” is the “in-event” & ”in-space” information you give us directly through your use of the Sites and Apps, such as meeting recordings, files and chat logs, and any other information shared or uploaded while using the Sites and Apps. SpaceIn uses User Content only in connection with providing the Sites and Apps e.g. optimising an event – we do not monitor, sell or use customer content for any other purposes.

 

We cannot and do not (a) control the information a user may choose to share during a meeting or event, (b) control the actions of anyone with whom you or any other user may choose to share information when using the Sites and Apps and (c)  guarantee that any User Content you or any user provides will not be viewed by unauthorised third parties.  SpaceIn users and account holders should be cautious about the access granted to others and the information shared when using the Sites and Apps and be aware that no security measures are perfect or impenetrable. SpaceIn is not responsible for circumvention of any security measures contained in the Sites or Apps. 

 


CHANGES TO THIS PRIVACY STATEMENT


MCCGLC reserves the right to revise, modify, or update this notice at any time. We will notify you via email about material changes in the way we treat personal data or by placing a prominent notice on this website.



CONTACTING  MCCGLC


If you have a privacy concern regarding MCCGLC or this notice, you may contact us at legal@mccglc.com.


For exercising your rights as data subject, please contact us at dpo@mccglc.com (see “How to exercise your rights”)