Privacy policy of Seatsmatch
1. Introduction and Scope
Welcome to Seatsmatch GmbH ("Seatsmatch"). We provide a platform that enables users to flexibly rent or lease coworking spaces, office spaces, and other commercial workplaces across the European Union. This Privacy Policy explains how we collect, process, store, and share personal data from users ("users," "you").
Scope: This policy applies particularly to users in the European Union and the European Economic Area and considers the provisions of the General Data Protection Regulation (GDPR) and Austrian data protection law.
2. Responsible Entity and Contact
The entity responsible for data processing under Art. 4 No. 7 GDPR is:
Seatsmatch GmbH
Seitenstettengasse 5/37
1010 Vienna, Austria
Email: hello@seatsmatch.com
For any questions regarding data protection (access, deletion, complaints, etc.), please contact us at the email address provided above.
3. Types of Personal Data
3.1 Data Required for Platform Use
Registration and Account Data
First and last name
Email address
Password
Date of birth (if required for legal or security reasons)
Contact and Address Data
Postal address (for billing and contracts)
Additional address details (e.g., company address, if applicable)
Payment Information
Credit/debit card details, bank details
PayPal or other online payment providers
Billing address (if different)
Without this data, we cannot provide essential functions such as booking or renting workspaces.
3.2 Voluntarily Provided Information
Additional profile details (e.g., professional information, social media profiles)
Team member details (if booking for others as an office manager)
Reviews, comments, uploaded photos/documents
Forum posts or other communication content
3.3 Automatically Collected Information
Log and Usage Data
IP address, browser type, referrer URL, date/time of access
Visited subpages, clicked links, session IDs
Device Information
Operating system, screen resolution, language, and country settings
Location Data
Approximate IP-based location
GPS-based data (only with explicit consent)
Cookies and Similar Technologies (details in Section 7)
3.4 Data from Other Sources
Social LoginWhen signing in via third-party providers (e.g., Facebook, Google), depending on your privacy settings there.
Credit and Identity ChecksTo protect against fraud and misuse (e.g., IP checks, ID verification, external databases).
Advertising and Cooperation PartnersClick behavior, cookies/tracking information when visiting our platform through external links.
3.5 Special Notes on Fraud Prevention and IP Storage
Storage of IP addresses and usage data to detect and block potentially fraudulent activities.
In case of concrete suspicion, data may be shared with relevant authorities if legally permitted.
4. Purposes of Data Processing
Operating and Providing the Seatsmatch PlatformUser account management, booking and payment processing, listing creation, and management.
Contract FulfillmentFacilitating agreements between tenants and hosts, invoicing, customer support.
Security and Abuse PreventionIdentity verification, fraud prevention, compliance with our terms of use.
Marketing and AnalyticsNewsletters (with consent), personalized offers, usage analysis (e.g., Google Analytics), tracking.
Legal ObligationsCompliance with tax and accounting regulations under Austrian law, cooperation with authorities.
5. Legal Bases for Processing
Art. 6 para. 1 lit. b GDPR – Contract fulfillment (e.g., account creation, booking processing).
Art. 6 para. 1 lit. c GDPR – Legal obligations (e.g., tax and reporting duties).
Art. 6 para. 1 lit. f GDPR – Legitimate interests (e.g., IT security, fraud prevention, direct marketing).
Art. 6 para. 1 lit. a GDPR – Consent (e.g., newsletters, certain cookies, GPS location data).
6. Data Sharing and Disclosure
6.1 Processors (External Service Providers)We use specialized service providers for:
Hosting, maintenance, IT support
Payment processing, newsletter distribution
Analytics and marketing tools
These service providers are contractually bound to comply with strict data protection regulations under Art. 28 GDPR.
6.2 Data Sharing with Hosts or TenantsWhen a booking or inquiry is made, necessary data (e.g., names, email, booking details) is shared with the other party to facilitate contract completion.
6.3 Authorities and Law EnforcementData is shared with Austrian courts, law enforcement, or tax authorities only when legally required.
6.4 Data Transfers to Third CountriesIf data is transferred outside the EEA (e.g., to US service providers), we ensure appropriate safeguards (standard contractual clauses, adequacy decisions, etc.). For further details, please contact us (see Section 15).
6.5 Business TransfersIn case of mergers, acquisitions, or reorganization, data may be transferred. We will inform users in advance.
7. Cookies and Similar Technologies
7.1 General InformationCookies are small text files stored on your device when visiting our website. They help manage sessions, analyze usage, and personalize content.
7.2 Categories of Cookies
Essential CookiesRequired for fundamental functions (e.g., login, shopping cart, cookie banner).
Preference and Functionality CookiesStore language or layout settings, enable additional features like live chat or social sharing.
Performance and Analytics CookiesGather statistical data (e.g., via Google Analytics) to optimize our platform.
Advertising and Marketing CookiesCreate pseudonymized profiles for personalized advertising (e.g., Google Ads, DoubleClick, social media pixels).
Unclassified CookiesCookies that are still being analyzed for their specific purpose.
7.3 Managing and Disabling Cookies
You can delete or block cookies in your browser settings. However, this may limit functionality.
Through our cookie banner, you can manage or withdraw consent for non-essential cookies when visiting our site.
7.4 Additional Tracking Technologies and PixelsWe may use tracking pixels (e.g., Facebook Pixel, LinkedIn Insight Tag) for targeted advertising and conversion tracking.
These technologies collect usage information (e.g., visited pages, clicks) and may share data with external ad networks, subject to your consent.
8. Data Retention Period
Contract Fulfillment: Data is retained as long as necessary to provide our service (e.g., existing rental or leasing agreements).
Legal Retention Obligations: In Austria, tax-related records must be retained for seven years under § 132 BAO.
Fraud Prevention: Certain data (e.g., IP addresses, blocklists) is stored for an appropriate period to prevent misuse.
Afterwards: Routine deletion or anonymization.
9. Automated Decision-Making and Profiling
We generally do not make fully automated decisions (Art. 22 GDPR).
Profiling elements (e.g., for fraud prevention, personalized offers) are used only after careful assessment or based on your consent.
If you are affected, you can contact us anytime to present your perspective or object to the decision.
10. Special Provisions for Minors
Our services are not intended for individuals under the age of 16.
We do not knowingly collect data from children under 16.
If we inadvertently receive such data, we will delete it as soon as we become aware of it.
11. Security and Protection of Your Data
SSL/TLS Encryption: Your data is transmitted securely (e.g., during registration or payment processing).
Access Controls: Only authorized employees or service providers bound by confidentiality obligations have access to personal data.
Firewalls, Anti-Malware Software: To protect against cyber threats.
Regular Security Updates and Audits to maintain a high level of security.
12. Your Rights Under the GDPR
12.1 Right to Access (Art. 15 GDPR)
You can request confirmation of whether and what personal data we process about you.
12.2 Right to Rectification (Art. 16 GDPR)
If your data is incorrect or incomplete, you have the right to correct or complete it.
12.3 Right to Erasure (Art. 17 GDPR)
You can request deletion of your data, e.g., when its purpose has expired. Legal retention periods remain unaffected.
12.4 Right to Restriction of Processing (Art. 18 GDPR)
Under certain conditions (e.g., if you dispute the accuracy of your data), you can request restricted processing.
12.5 Right to Data Portability (Art. 20 GDPR)
You have the right to receive the data you have provided in a structured, commonly used, and machine-readable format or request its transfer to a third party.
12.6 Right to Object (Art. 21 GDPR)
If we process your data based on legitimate interests, you may object to the processing if there are specific reasons related to your situation.
12.7 Withdrawal of Consent (Art. 7 para. 3 GDPR)
You can withdraw your consent (e.g., for cookies, newsletters) at any time with future effect.
13. Data Breach Notification
In the event of a data breach (e.g., hacking attack) with a likely high risk to your rights and freedoms, we will notify you and the Austrian Data Protection Authority promptly (typically within 72 hours).
14. Updates and Changes to This Policy
We may update this privacy policy due to legal, technical, or organizational changes. The latest version is always available on our website.
Significant changes will be announced at least 30 days in advance (e.g., via email or pop-up notification on our website).
If you disagree with the changes, you are free to delete your account and discontinue using our service.
15. Data Protection Contact
For data protection inquiries, please contact us at:
Seatsmatch GmbH
Seitenstettengasse 5/37
1010 Vienna, Austria
Email: hello@seatsmatch.com
Additionally, you are free to file a complaint with the Austrian Data Protection Authority (www.dsb.gv.at) if you believe we are processing your data unlawfully.
16. Additional Information, Jurisdiction, and Final Provisions
Jurisdiction: Any disputes related to this privacy policy and the use of our platform shall, where legally permissible, be settled in the competent court in Vienna, Austria.
Applicable Law: Austrian law applies, excluding the conflict-of-law rules of international private law and the UN Convention on Contracts for the International Sale of Goods.
External Website References: Our platform may contain links to external websites, for which we are not responsible. Please refer to the privacy policies of these providers.
Confidentiality: All our employees and external service providers are obligated to maintain confidentiality and comply with applicable data protection regulations.