Privacy Policy

This Privacy Policy explains how RunDesk collects, uses, and protects personal data when you visit our website, request a demo, join the waitlist, or use the RunDesk platform. It is designed to comply with the EU General Data Protection Regulation (GDPR) and Spain's Organic Law 3/2018 (LOPDGDD).

1. Scope and roles

When you visit our website or interact directly with RunDesk, we act as the data controller. When your organization uses the RunDesk platform, your organization is the data controller and RunDesk acts as a data processor on your behalf under a data processing agreement (DPA).

2. Personal data we collect

• Identity & contact: name, role, company, email, phone.
• Account & billing: login identifiers, invoices, payment status, tax details.
• Platform usage: bookings, check-ins, CRM notes, messages, and files you upload.
• Support & communications: support tickets, chat history, feedback.
• Technical data: IP address, device identifiers, logs, and security events.
• Cookies & analytics: usage metrics and preferences (see section 5).

3. Purposes and legal bases

We process personal data for the following purposes and legal bases under GDPR:

• Provide the service (contract performance).
• Account management, billing, and support (contract performance).
• Security, fraud prevention, and reliability (legitimate interests).
• Compliance with legal obligations (legal obligation).
• Product analytics and improvements (legitimate interests or consent where required).
• Marketing communications (consent, which you can withdraw anytime).

4. Cookies and similar technologies

We use cookies and similar technologies to operate the website, remember preferences, and measure performance. Where required, we request your consent before placing non-essential cookies.

5. Sharing and disclosures

We share personal data with trusted service providers who help us operate the service, such as:

• Cloud hosting, storage, and security providers.
• Email and messaging providers.
• Payment and invoicing providers.
• Analytics and error monitoring services.

We may also disclose data when required by law or to protect our rights and users.

6. International transfers

If personal data is transferred outside the European Economic Area, we use appropriate safeguards such as standard contractual clauses or adequacy decisions in accordance with GDPR requirements.

7. Data retention

We retain personal data only for as long as necessary to provide the service, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods may vary depending on the type of data and legal requirements.

8. Security

We implement technical and organizational measures to protect personal data, including access controls, encryption in transit, logging, and security monitoring. No system is 100% secure, but we work continuously to improve safeguards.

9. Your rights under GDPR and LOPDGDD

You have the right to:

• Access your personal data.
• Rectify inaccurate or incomplete data.
• Request erasure of your data (right to be forgotten).
• Restrict processing in certain circumstances.
• Data portability.
• Object to processing based on legitimate interests.
• Withdraw consent at any time (where consent is the basis).
• Not be subject to decisions based solely on automated processing, where applicable.

10. How to exercise your rights

You can exercise your rights by contacting us at info@demo-coworking.at. We may request additional information to verify your identity.

11. Complaints

If you believe your rights have been violated, you can file a complaint with the Spanish Data Protection Authority (AEPD) at their website or by mail to Calle Jorge Juan 6, 28001 Madrid, Spain.

12. Changes to this policy

We may update this Privacy Policy from time to time. The latest version will always be available at /privacy with the date of the last update.