1. Mitwit
  2. PERSONAL DATA PROTECTION

PERSONAL DATA PROTECTION

PERSONAL DATA

1.1 – Processing of personal data as data controller: when the Service Provider processes personal data under this Contract as data controller, it undertakes to comply with the applicable data protection legislation, in particular the French Data Protection Act of 6 January 1978 as amended and Regulation (EU) 2016/679 of 27 April 2016 (hereinafter the “European Regulation”).

1.2 – Definitions of Personal Data (PD): any information relating to an identified natural person or a person who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more elements specific to him.

Data subject: natural person to whom the data subject to the processing of PD relates.

Data Controller (DC): the entity that determines the purposes and means of processing PD. Data processor: the natural or legal person, public authority, agency or other body that processes PD on behalf of the Data Controller.

Data processing: any operation or set of operations relating to PD, regardless of the process used, and in particular the collection, recording, organisation, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of provision, reconciliation or interconnection, as well as blocking, erasure or destruction.

1.3 – Identity of the Personal Data Controller

MWPI, whose registered office is located at 58 Avenue de la Grande Armée 75017 PARIS France

MULTBURO GARES, whose registered office is located at 4 place Louis Armand 75012 Paris France

NCI, whose registered office is located at 143 avenue Louise Box 4 1050 Brussels Belgium

Multiburo (Suisse) SA, whose registered office is located at 1, Rue de la Cité 1204 Geneva Switzerland

Means the Service Provider and the data controller, the purpose of the processing being described below.

1.4 – Purposes of personal data processing

The privacy policy below applies if the Service Provider acts as data controller for the processing of personal data received from the User under this Contract.

If, as a User, you share the personal data of employees, agents or other third parties with the Service Provider, you are required to inform your employees, agents or other third parties who benefit from the Service Provider’s offer of this privacy policy before providing their personal data to the Service Provider. For any questions or procedures relating to your personal data, we invite the data subject to contact our data controller and our data protection officer (Mr Laurent Reynaud) on dpo@mitwit.com.

The Service Provider implements PD processing for the purposes envisaged below:

Purpose
Categories of data subjects

Categories of personal data processed
Categories of recipients of personal data
Conclusion and management of the Contract (Management of the pre-contractual relationship and contracting, preparation of accounts and invoicing, collection of unpaid amounts, creation of a user profile), including the collection of data relating to the identity of the user and the user’s Employees pursuant to article 6.1 b of the GDPR


- Natural person user
 
- In the case of a User legal entity, natural person(s) representing the User
 
- The User’s employees benefiting from the Service Provider’s services
 
- Authorised personnel of the User (accountant etc.) interacting on behalf of the Beneficiary with the Service Provider		- Identification data: last name, first name, e.g. membership card no., identity card of the User or his representative

- Business data: business email address, business postal address (if Beneficiary), business telephone number, job function/position, company

- Economic and financial data: data relating to transactions (invoices, bookings, etc.) and bank details depending on the payment method chosen (bank details or SEPA mandate – if credit card, the number is not processed by the Service Provider but by its banking partners)

- Data on the use of the Service Provider’s Spaces and Services: printer logs for invoicing
- authorised internal departments of the Service Provider (sales department, finance department and legal department) 

- data processors or partners that need to know about the conclusion/management of the Contract (bank(s) of the Service Provider and the Beneficiary, banking partners for payment verification or transaction management, invoicing and accounting management solutions) 
- IT service providers (data hosting providers) – if necessary, certain regulated professions (e.g. lawyers)

Performance of the services provided for in the Contract (management of bookings of the Service Provider’s Spaces and Services; provision of the Spaces; management of complaints and assistance; physical reception; provision of IT/telecommunications equipment and systems), excluding the services referred to in Purpose 3, pursuant to article 6.1 b of the GDPR (performance of a contract or precontractual measures) when the Data Subject is the User or, pursuant to article 6.1 f of the GDPR (legitimate interests of the Service Provider to comply with its contractual commitments to the User) when it concerns Data Subjects who are not parties to the Contract (User’s Employees etc.).



Natural person user 
- In the case of a User legal entity, natural person(s) representing the User 

- The User’s employees benefiting from the Service Provider’s services 

- Authorised personnel of the User (accountant etc.) interacting on behalf of the Beneficiary with the Service Provider 

-Natural person(s) invited by the User (or by the Employees of the User) to a site
- Identification data: last name, first name, e.g. membership card no., identity card of the User or his representative

- Computer data: IP address and Wi-Fi login details

- Economic and financial data: billing address if User and information relating to the payment order

- Data on the use of the Service Provider’s Spaces and Services: office preferences, calendar of reserved Spaces or rooms, communications via our Services

- Location data on the Service Provider’s website and application (subject to consent pursuant to article 6.1 of the GDPR) to offer Spaces to the user based on its location
- authorised internal services of the Service Provider (operations, sales and finance services) 


- IT service providers (host or technical service provider) 


- data processors or partners that need to know about the conclusion/management of the Contract (if applicable, partner or manager of the Space concerned by the order) - service providers (banking partners, online booking system, etc.)

- if necessary, certain regulated professions (e.g. lawyers)

Management of the business relationship (sending newsletters, emailing of information and targeted communications, commercial offers, quotes, sales canvassing, assessment of customer satisfaction and experience, establishment of attendance statistics) pursuant to article 6.1 a of the GDPR (consent of the Data Subject and for newsletters) or article 6.1 f of the GDPR (legitimate interest of the Service Provider or a third party to carry out promotional, marketing or sales canvassing operations on these services, to analyse the needs of the Beneficiaries or its Employees in accordance with the Service Provider’s corporate purpose).
- Natural person user

- In the case of a User legal entity, natural person(s) representing the User

- The User’s employees benefiting from the Service Provider’s services
- Identification and business contact data: last name, first name, job function/position, company, business email, business telephone number, member number. 

- IT and web browsing data: e.g. IP address 

- Data on the use of the Service Provider’s Spaces and Services: office preferences, calendar of booked Spaces or rooms, communications via our Services, access logs using badges, anonymous statistics for counting individuals from video surveillance systems, your opinions, recommendations, your questions/comments about the Spaces or Services


- authorised internal departments of the Service Provider (marketing department, sales department) 
- IT/telecommunications service providers (data hosting or IT service provider) 
- data processors or partners that need to know about the conclusion/management of the Contract 
– service providers (e.g. email solutions, gym, surveys, etc.) or third-party advertising partners 
- if necessary, certain regulated professions (e.g. lawyers)
Security of people, premises, information systems and property

(Physical access control by badge system, visitor keys or registers; accounting and control of the occupancy rate and flows; logical access control, management and security of access to the various applications of the IS; management, identification of fraud and security of the Wi-Fi network) pursuant to article 6.1 b of the GDPR primarily (performance of a contract or pre-contractual measures) and article 6.1 f of the GDPR (legitimate interest of the Data Controller to ensure the security of persons, information systems and property on its premises) on a subsidiary basis, excluding video surveillance (see below)

- Natural person user

- In the case of a User legal entity, natural person(s) representing the Beneficiary 
– Employees of the Beneficiary benefiting from the services of the Service Provider 
- Authorised personnel of the User (accountant, etc.) interacting on behalf of the User with the Service Provider 
- Natural person(s) invited by the User (or by the User’s Employees) to a site of the Service Provider
- Identification and business contact data: last name, first name, job function/position, company, membership card no., identity card for verification 


- Computer data: login credentials for the website or application, computer data on devices (IP address etc.), access logs for IS applications, network (Wi-Fi or internal network) and printers 


- Data on the use of the Spaces: badge access logs

authorised internal departments of the Service Provider (operations department, site manager, IT department) 
- IT/telecommunications service providers (hosting company or technical service provider) 
- data processors, partners or service providers relating to security (e.g. security and guarding company, IT support) 
- if necessary, certain regulated professions (e.g. lawyers)
Corporate reorganisation in respect of the legitimate interest of the Service Provider pursuant to article 6.1 f of the GDPR, including in the form of an assignment, merger or acquisition, sale or transfer of business or assets.



Natural person user - In the case of a User legal entity, natural person(s) representing the User

- Civil status and identification data: e.g. last name, first name – Business data: e.g. business email address, business postal address, business telephone number, capacity to act/functions
- authorised internal services of the Service Provider 


- IT service providers 


- In the context of due diligence, potential sellers or buyers and their advisors

(optional) Registered address of the Beneficiary: under the legal obligation of the Service Provider pursuant to article 6.1 c of the GDPR, to enable the Service Provider to comply with the obligations of article R. 123-168 of the French Commercial Code and ensure the collection of necessary data, the management, processing and monitoring of beneficiaries with registered address (file of supporting documents, information to the commercial court, communication to court bailiffs, list of persons with registered address, anti-money laundering, etc.).




- Natural person user 


- In the case of a User legal entity, natural person(s) representing the User


Civil status and contact data: e.g. last name, first name, telephone number and postal address, as well as corresponding supporting documents 


- Business data: e.g. business email address, business postal address, business telephone number, functions
- authorised internal services of the Service Provider 
- data processors or partners that need to know about the conclusion/management of the Contract (e.g. IT service providers hosting the data) 
- the recipients mentioned in article R. 123-168 of the French Commercial Code (clerk of the Commercial Court; bailiffs; tax centre and the competent social security contribution collection bodies) 
- if necessary, certain regulated professions (e.g. lawyers) Where necessary, it is specified that the Service Provider is authorised to disclose the aforementioned personal data when such data must be disclosed as a result of a judicial or administrative injunction or when its disclosure is necessary for the Service Provider to ensure its defence in the context of legal or administrative proceedings. The collection of data is limited to the information necessary to accomplish the purposes described below. Mandatory data are indicated as such in the collection forms.


Contact
PERSONAL DATA PROTECTION France
+33 (0)1 72 92 06 60
PERSONAL DATA PROTECTION Belgium
+32 (0)2 403 11 09
PERSONAL DATA PROTECTION Switzerland
+41 (0) 22 561 84 00
Our workspaces
Our services
Subscribe to our newsletter

Thank you for your request!

It’s in good hands. Those of our flexible real estate advisors: offices, coworking, meetings and domiciliation.

Our commitment: contact you within 24 hours!
Our Mitwit advisors will get back to you to finalise your request.

See you soon on the Mitwit Network!

Whoops ! Failed to submit the form, this could be from your security settings. Don't panic, you can try again by disabling your ad blocker and reloading the page 😊

Thank you for your subscription!