95desk

GDPR Information

Your Data Protection Rights Under the General Data Protection Regulation

1. Introduction to GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations that process personal data of individuals residing in the European Union, regardless of where the organization is located.

At 95desk, we are committed to protecting your personal data and ensuring full compliance with GDPR requirements. This page explains your rights under GDPR and how we fulfill our obligations as a data controller.

2. Your Data Protection Rights

Under GDPR, you have several important rights regarding your personal data:

2.1 Right to Information (Article 13-14)

You have the right to be informed about:

  • What personal data we collect about you
  • Why we process your personal data
  • How long we keep your data
  • Who we share your data with
  • Your rights regarding your data

This information is provided in our Privacy Policy.

2.2 Right of Access (Article 15)

You have the right to:

  • Request confirmation that we are processing your personal data
  • Obtain a copy of your personal data
  • Receive information about how we process your data

How to exercise: Submit a request through our contact form or email privacy@95desk.com

2.3 Right to Rectification (Article 16)

You have the right to:

  • Correct inaccurate personal data
  • Complete incomplete personal data
  • Update outdated information

How to exercise: Log into your account to update information or contact our support team

2.4 Right to Erasure ("Right to be Forgotten") (Article 17)

You have the right to request deletion of your personal data when:

  • The data is no longer necessary for the original purpose
  • You withdraw consent and there's no other legal basis
  • The data has been unlawfully processed
  • Deletion is required for legal compliance

Limitations: We may retain data if required by law or for legitimate interests

2.5 Right to Restrict Processing (Article 18)

You have the right to restrict processing when:

  • You contest the accuracy of the data
  • Processing is unlawful but you prefer restriction over deletion
  • We no longer need the data but you need it for legal claims
  • You've objected to processing pending verification

2.6 Right to Data Portability (Article 20)

You have the right to:

  • Receive your data in a structured, commonly used format
  • Transmit your data to another controller
  • Have your data transmitted directly to another controller (where technically feasible)

Applies to: Data processed based on consent or contract, and processed by automated means

2.7 Right to Object (Article 21)

You have the right to object to processing based on:

  • Legitimate interests (including profiling)
  • Direct marketing (including profiling for marketing)
  • Scientific/historical research or statistics

Marketing: You can opt out of marketing communications at any time

2.8 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

3. How to Exercise Your Rights

3.1 Contact Methods

Data Protection Contact

Email: messe.michaelis@gmail.com

Subject Line: "GDPR Request - [Type of Request]"

Address: Tim Michaelis
Theodor-Storm-Straße 9
67134 Birkenheide
Germany

3.2 Information Required

When submitting a request, please provide:

  • Your full name and email address
  • Specific details of your request
  • Proof of identity (for security purposes)
  • Any relevant account or reference numbers

3.3 Response Timeframes

  • Standard response: Within 1 month of receipt
  • Complex requests: Up to 3 months (with notification)
  • Urgent requests: We prioritize based on circumstances

4. Legal Bases for Processing

We process your personal data based on the following legal bases:

4.1 Contract (Article 6(1)(b))

  • Processing necessary for membership agreement performance
  • Providing access to coworking spaces and services
  • Processing payments and managing accounts

4.2 Legitimate Interest (Article 6(1)(f))

  • Improving our services and user experience
  • Security and fraud prevention
  • Direct marketing to existing customers
  • Business analytics and reporting

4.3 Consent (Article 6(1)(a))

  • Marketing communications to prospects
  • Optional features and services
  • Cookies and tracking (non-essential)

4.4 Legal Obligation (Article 6(1)(c))

  • Tax and accounting requirements
  • Anti-money laundering compliance
  • Health and safety regulations

5. Data Transfers Outside the EU

5.1 Adequacy Decisions

We may transfer data to countries with adequacy decisions from the European Commission, including:

  • United Kingdom
  • Switzerland
  • Canada (commercial organizations)
  • Japan

5.2 Appropriate Safeguards

For transfers to other countries, we use appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (BCRs)
  • Certification schemes
  • Codes of conduct

6. Data Breach Notification

6.1 Our Obligations

In case of a personal data breach, we will:

  • Notify the supervisory authority within 72 hours (if likely to result in risk)
  • Notify affected individuals without undue delay (if high risk)
  • Document all breaches and our response
  • Take measures to address the breach and prevent future occurrences

6.2 What We'll Tell You

If we need to notify you of a breach, we'll provide:

  • Description of the nature of the breach
  • Categories and approximate number of data subjects affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Contact details for further information

7. Children's Data

Our services are not directed at children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such data promptly.

If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately.

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements.

8.1 German Supervisory Authority

Federal Commissioner for Data Protection and Freedom of Information (BfDI)

Address: Graurheindorfer Str. 153
53117 Bonn, Germany

Phone: +49 228 997799-0

Email: poststelle@bfdi.bund.de

Website: www.bfdi.bund.de

8.2 Other EU Supervisory Authorities

If you reside in another EU country, you can contact your local supervisory authority. A complete list is available at: European Data Protection Board

9. Regular Updates and Training

9.1 Staff Training

We ensure GDPR compliance through:

  • Regular data protection training for all staff
  • Specialized training for data processing roles
  • Annual compliance assessments
  • Clear data protection policies and procedures

9.2 Technical and Organizational Measures

We implement appropriate measures including:

  • Data encryption and pseudonymization
  • Access controls and authentication
  • Regular security testing and monitoring
  • Data backup and recovery procedures
  • Incident response and breach notification procedures

10. Contact Information

For any questions about GDPR compliance or to exercise your rights:

Data Protection Contact

Email: messe.michaelis@gmail.com

Address: Tim Michaelis
Theodor-Storm-Straße 9
67134 Birkenheide
Germany

Business Hours: Monday-Friday, 9:00 AM - 6:00 PM CET

11. Additional Resources

For more information about GDPR and data protection: