Welcome Workdays Privacy Policy
Version. 1.2
1. About Welcome Workdays and the Services
Welcome Workdays AS, including its affiliates, ("Welcome Workdays", "we", "us" or "our") owns and operates business related to the provision of a digital services platform for commercial real estate (the "Service").
Welcome Workdays is a private limited company established in Norway, registered under organization number 931 614 916 and with business address Skippergata 3, 0152 Oslo,
This privacy policy (the "Privacy Policy") contains information about Welcome Workday's processing of personal data that Welcome Workdays carries out in the role of data controller and for its own purposes in connection with the provision of digital services offered via the Services platform (collectively the "Platform"). The Platform include various products that simplify the user journey for people staying in and using facilities in the properties linked to the Platform, for example in connection with registration, meeting room booking, canteen purchases and the like.
This Privacy Policy explains what personal data Welcome Workdays processes, how we process it, for what purposes and on what basis as a data controller. The Privacy Policy also explains what rights you have and how you can enforce these with regard to our processing of your personal data.
Welcome Workdays also processes a number of personal data in the role of data processor for other third parties. This applies, for example, when we receive and process information on behalf of our customers that is linked to the Service, which may be, for example, tenant, landlord or other third parties. Welcome Workday's customers use the Service for their own processing purposes and Welcome Workdays processes personal data on behalf of our customers on the basis of further instructions from these. Our customers are then responsible for the processing of personal data in the solution. The processing we do on behalf of our customers is governed by a data processing agreement we have entered into with the relevant customers. The processing purposes as well as the legal basis and other relevant information about the processing are described in more detail in the customers' (landlord, tenant, canteen service provider, etc.) own privacy statements. Please refer to these statements for more information.
If you wish to contact Welcome Workdays regarding our processing of personal data in the Platform as data controller, please use the contact details included at the bottom of this Privacy Policy.
2. Definitions
The terms used in this Privacy Policy have the following meanings:
Welcome Workdays means Welcome Workdays AS, a Norwegian legal entity, with its principal office in Oslo, Norway.
Building shall mean the property referred to as “the building” or a complex of buildings with office spaces, for the operation of which the Platform has been designed.
Platform shall mean the software information system with respective web application and mobile application interface, and all services, mobile applications, software, features, and products that are provided by Welcome Workdays or its affiliates, including the software information system with an internet and application interface referred to as ‘Welcome Workdays, and any and all integration and support services related.
Visitor is an individual who has been invited by any User to the Building via the Platform. Examples of Visitors are guests invited to the Building to attend business meetings with companies seated in the Building.
User is an individual who is registered and assigned a personal account in the Platform, regardless of whether the User actually uses the Platform, or the User was registered to the Platform by a third party specified in this Privacy Policy or by the User themselves. A typical example of Users are employees of companies operating in the Building, usually as tenants.
Building admin means any User who is authorized by the Controller to perform management tasks on behalf of that Controller through the Application web admin interface that administrates the instance of Welcome Workdays relevant for the particular building
Tentant Admin means a User assigned by a Tenant with administrative privileges to manage their organization's settings, access permissions, and other functionalities within the Platform.
Services means any product, service, or information provided, offered, or addressed by the Controller to Users through the Platform, if the provision thereof requires the processing of Personal Data. Examples of Asset Services include meeting rooms, bicycle sharing, the use of certain equipment, the booking of shared spaces, car wash services, shared laundry facilities, etc.
3. Who controls your personal data
Welcome Workdays is a processor of your personal data on behalf of one or more personal data controllers specified below.
There are three different “Controller” roles, depending on the activities of the respective Controller and the purpose for which the personal data are processed:
Property owner/manager – A Controller who carries out the management and maintenance of the Building in the capacity of its owner or on behalf of its owner (the “Property Manager”).
Tenant – A Controller who uses a commercial space in the Building as a tenant and uses the Platform in connection therewith (the “Tenant”).
4. Data processing subjects
Welcome Workdays processes personal data of registered users who use the Services Platform or when users provide us with personal data when they request information or other Services from us in connection with the Platform.
Who we process personal data about depends on who uses the Service and purchases the Services from us, but these will typically be the following persons:
Administrative employees or other contact persons at landlords, tenants, canteen service providers, conference hosts, etc.
Administrative employees or contact persons of customers or business associates of landlords, tenants, etc.
Visitors and other guests of the buildings.
Contact persons at Welcome Workday's own suppliers and partners.
Other persons about whom we process personal data due to stay in or near the buildings.
Visitors to the Welcome Workdays website.
5. Purpose and basis for processing personal data in the Platform
5.1. Registering and managing user accounts
In order for us to be able to set up and manage user accounts using the Platform, we need to process the personal data of the person who registers the account. When creating a user account on our website or in the Platform, the users' personal details, such as name, phone number and email. We also require a personal profile picture the access card ordering module is to be used. We need this information in order to provide the services and distinguish between users. Users will also be associated with their employer who leases office space from the building. The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.2. Provide access to the Services through a third-party ID
Welcome Workdays may allow access to the Services using a third party ID/login solution. To facilitate this, we process personal data associated with usernames from third-party IDs. The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.3. Order and booking management and payment processing
In the event of booking of goods and services, including payments, for the services available on the platform, we will need to process personal data, such as username, full name, e-mail address, postal / billing address, credit card information and Public IP address of the person to whom the payments apply or the person who makes the booking and or payment. The timestamp of the order or booking is also processed. The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.4. Visitor Management
In the event of visitors being registered or granted temporary access via the platform, we process personal data such as full name, email address, phone number, company affiliation (if applicable), host name, and check-in/check-out timestamps. This information is used to facilitate visitor access, improve security, and enable smooth reception processes within the premises. Additionally, visitor logs may be retained for security and compliance purposes.
The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.5. Access Card Management and Ordering
To provide users with physical or digital access cards for building entry, we process personal data such as full name, email address, phone number, company affiliation (if applicable), card identifier, and access level permissions. If the access card is linked to a digital identity, we may also process device-related information, such as a mobile phone’s unique identifier for NFC or mobile access solutions.
This data is processed to issue, manage, and revoke access cards, ensuring that authorized users can securely enter designated areas. In the case of lost or revoked access, logs may be maintained for security and audit purposes.
The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.6 Mobile Access
Access to certain parts of the Building may require an authorization, where the Services serves as a tool for identifying the User and verifying the User’s access rights.
Approximate GPS location of the User received from User’s mobile device will be processed in order to enable the scanning function of the Application on the device that allows the User to pass through the Building’s turnstiles or similar access points, and to enhance the reliability of the Mobile Access function in the background of the Application. Location data is not disclosed to any recipient.
Your turnstile entry data will be processed to schedule delivery of relevant system messages to your device when you enter the Building.
The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller and physical security measures.
5.7. Customer service and feedback
In order to provide answers to customer feedback or other questions about the Service, as well as offer assistance in connection with the use of the Services, we process personal data to identify the person with whom we communicate and to provide customer service. Depending on the assistance requested, we may request additional personal data to provide proper and good customer service. The legal basis for processing personal data as described in this section is to fulfill an agreement on behalf of the Data Controller.
5.8. Prevent and detect misuse of the Service
If we suspect or detect irregular activity on the Platform, including in relation to user accounts, we will take appropriate action. This may include processing personal data relating to the account in question. The legal ground for processing data as described in this section is our legitimate interests in preventing and detecting misuse of the Services.
5.9. Improve and development of the Services
When users use our Services, we collect and use personal data related to user activity to analyze how our Services work and improve them accordingly. For example, we will retain and evaluate information about recent visits to and use of our Services, as well as how users move around different parts of our Services. Such user analysis helps us understand how visitors and customers, etc. use and navigate the Welcome Workdays service, so that we can make our Services better and even more user-friendly. Although some of the data collected for these purposes contains personal data about users, the data collected from the analysis will not contain any personal data. The Services use different techniques to remember the settings and preferences of users, to customize the appearance and experience of the Services or analytics.
6. Access to personal data
6.1. Sharing with third parties
Certain Services offered by Welcome Workdays use subcontractors and third party services to provide authentication of the Service. In connection with such use, certain personal information regarding User Information will automatically be transferred to and from Welcome Workdays. The purpose of this sharing is to provide the Service.
In addition, Welcome Workdays may use third parties, including affiliates, to collect and process personal data on Welcome Workdays' behalf, to provide the Services, as well as improve and develop the Services platform. Such subcontractors of IT services include those set out in clause 4.2. These subcontractors may have access to personal data if the personal data is stored by the subcontractor or otherwise accessible to the subcontractor in accordance with their contract with us. Welcome Workdays has entered into data processing agreements with these subcontractors, who process the data in accordance with the terms of the data processing agreement and in accordance with our instructions. The subcontractor may only use the personal data for the purposes determined by Welcome Workdays and as described in this Privacy Policy.
To learn more about how third-party service providers handle personal data, we encourage you to visit the website of the relevant third-party service provider and review their respective privacy policies.
Information about users of the Services will be treated in a secure and confidential manner and will only be available to personnel or third parties if necessary to provide the Services.
Welcome Workdays does not disclose personal information in circumstances or ways other than those described in this Privacy Policy, unless you explicitly request or consent to such disclosure or unless Welcome Workdays is expressly required to disclose such information to relevant authorities, etc. by applicable laws and regulations applicable to Welcome Workday's business (such as accounting or tax laws or similar).
6.2. List of Third-Party Service Providers
Welcome Workdays uses several third party vendors who process personal data on Welcome Workday's behalf for the purpose of providing the Services. The full list can be found here:
6.3. Transfer of personal data to third countries
In order to provide the Services, Welcome Workdays may need to transfer personal data to countries outside the EU/EEA ("third countries") using the above-mentioned third party service providers, if such service providers are located in a third country or use sub-processors located in third countries. Welcome Workdays will not transfer personal data to third countries outside the EU/EEA that do not offer adequate protection, unless appropriate safeguards are in place, such as entering into EU standard contractual clauses. Welcome Workdays may transfer aggregated personal data to both domestic and international third parties in order to i) improve or develop the Services and ii) ensure the proper functioning of the Services.
7. Information security
We handle your personal data in a secure manner and have established procedures that meet the requirements described in data protection legislation. The security measures are technical, contractual and organisational. We conduct regular assessments of the security of all central systems used for handling personal data. We have also entered into agreements with our subcontractors who handle personal data on our behalf, which require them to ensure satisfactory information security in connection with the products/services they provide to us.
We restrict access to personal data processed in the Service to personnel who need access to perform their duties. We have mechanisms and procedures for access control so that personal data is only available to personnel with a legitimate need.
We have adopted internal IT guidelines, and we regularly train employees with regard to security and use of IT systems.
8. Storage time and deletion
We delete personal data when there is no longer a need to keep it for the purposes for which it was collected, see section 3.
When a user account is deleted, we will delete all personal data we hold in relation to your account no longer than 90 days after confirmation of deletion. We keep the personal data for 90 days in case the account was accidentally deleted or the user regrets the decision to terminate the use of the Service.
Please note that certain types of information may be retained for a longer period of time if such retention is necessary to comply with legal requirements, such as requirements imposed by accounting law, or to resolve disputes, enforce Welcome Workday's agreements, or to comply with technical and legal requirements or limitations related to the security, integrity and operation of the Services or Service.
9. Data Subject Rights
Users about whom we have registered personal data have a number of rights in relation to Welcome Workdays' processing of their personal data. The rights of the data subjects depend on the circumstances. If you have any questions or wish to exercise your rights, we encourage you to contact us using the contact information included at the bottom of this Privacy Policy. We will, if necessary, ask you to confirm your identity or to provide additional information in connection with exercising your rights under the data protection regulations. This is done to make sure that it is only you who is given access to your personal information – and not someone who pretends to be you.
Right of access: You have the right to access what personal data we have registered about you, and to receive copies of these. If you have your own user account, you will also have access to the information registered in the Service via your user account.
Right to rectification or deletion: You can contact us to correct information registered about you in the Service, or ask us to delete personal data. Note that you can also update/correct and delete some information yourself if you have your own user account with us. You can then access the data registered in the Service Portal via your user account. As far as possible, we will respond to a request to delete personal data, beyond what you can delete yourself. However, if there are compelling reasons not to delete, such as that we need to store the information for documentation purposes, we cannot comply with such a deletion request.
Right to withdraw consent: If you have consented to us processing your personal data, you can withdraw this consent at any time in the Service. If you have consented to other processing of personal data, you may also withdraw your consent at any time with regard to this processing in the same way.
Right to object to or restrict a processing activity: Under certain conditions, you may have the right to object to, or request that we restrict the processing of your personal data. This may be the case where we process your personal data based on the basis of legitimate interest.
Right to data portability: In some cases, you may have access to the personal data you have provided to us in order to have these transferred in a machine-readable format to another controller. If relevant and technically feasible, it will in some cases be possible to have these transferred directly to another data controller.
Right to complain to supervisory authority: If you disagree with the way Welcome Workdays processes your personal data, you may lodge a complaint with the relevant supervisory authority (in Norway: Datatilsynet). We hope that you choose to contact us first using the contact information provided at the bottom of this Privacy Policy.
10. Cookies and similar technologies
In the scenarios we use cookies and similar technologies, a cookie is a small text file that is stored in your browser or device, causing a web page to recognize your browser or device each time. Both the website and the partners may use cookies and similar technologies.
Cookies contain, among other things, information about navigation, visit time, browser version, etc., to provide you with a better user experience.
11. Changes to this Statement
Welcome Workdays may make changes to this Privacy Policy. The latest version is available on http:/welcomeworkdays.com/privacy. We will provide Policy in a convenient and accessible manner in the event of material changes.
12. Contact information
If you have any questions or comments regarding this Privacy Policy, how Welcome Workdays processes personal data as a data controller in connection with the Services Platform, or you would like to exercise your rights vis-à-vis Welcome Workdays in this role, please contact us in the following ways: