Privacy policy

Last updated: April 19th, 2022

Why this Privacy Policy?

Workspace management is about more than just room booking. Mapiq provides users with one application to arrange their daily office routines.  

To deliver the Mapiq One solution to our users and provide the best user experience, we need to process personal information. We want to assure you that your employer is the data controller regarding the processing of your personal data. We are the processor on behalf of your organization.

In this privacy policy, we explain how we use that information, how we safeguard that information, and how you can contact us for queries about your personal information. This document explains in non-technical terms how Mapiq makes sure your data is safe and how we comply with the latest privacy regulations (the GDPR).  

This document is targeted toward all Mapiq One users. However, if you are a user, please note that Mapiq is a product made available through your organization. That means that your organization has an agreement with us that states who can use Mapiq, what features are enabled, and what information is being processed by Mapiq.

Therefore, your own company’s service desk or privacy officer will be a good starting point if you have any questions or privacy concerns about Mapiq. Feel free to contact us directly at privacy@mapiq.com if there is anything we can help you with.

The vision of Mapiq on privacy

The goal of our Mapiq product is to give you a meaningful day at work.  

Processing personal data is part of that and should always serve your interests.  

We care for your private data. We see it as our responsibility to keep your data secure, handle your data according to privacy laws, and only allow access to your data to systems or persons that have the right and need to access it. The Mapiq company is ISO-27001 certified, which means that we have security policies in place that an independent external auditing party regularly verifies.  

You are in control. Mapiq does not own the data we have on you. We handle (process) your data on behalf of your organization (which purchased the Mapiq service). We can only use your data for the purposes described in the agreement with your organization. You can opt in and opt out as frequently as you want. If you see that your data is incorrect, want to know what data Mapiq has on you, or if you want your data to be removed entirely, we are happy to help you. Please note that you should first reach out to your organization.

We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality, keep Mapiq performing, and secure and achieve the intended processing purposes of your organization.

What personal data does Mapiq processes on behalf of your organization?

Information on who you are  

For Mapiq's basic functionality, we require the following personal information:  

  • Your first and last name  
  • Your business email address  

Depending on the features your organization has chosen, Mapiq may also receive additional information, such as:  

  • Your business phone number  
  • Your job title  
  • The department you work in  

We use this information to:  

  • Authenticate you when logging into Mapiq.  
  • Determine authorizations, such as the meeting rooms you may or may not book through Mapiq.  
  • Provide the possibility to set up hybrid meetings in case you opted in for this feature; in this case, we will need access to your agenda.  
  • Provide information to your organization that you are in the office through our check-in feature.  
  • Book shifts for you so you can come to your organization's office.
  • Connect you to your colleagues who also use Mapiq.  
  • Send you notifications through our application.

For which purposes does Mapiq use personal data?

Delivering our Mapiq service. This includes:

  • Authenticating you in the Mapiq One web app or Mapiq One mobile app.  
  • Authorizing certain functionalities. These functionalities depend on the functionalities that your organization has in its Mapiq subscription.  
  • Offering the functionalities of our web app and/or our mobile app, such as room booking.  
  • Providing support and maintaining contact with your organization’s representatives.  
  • Keeping our services secure. We need to make sure that our software platform is secure and therefore need to be able to detect potentially malicious activity or flaws in our systems. Web requests and security-sensitive actions (like logon attempts) are therefore logged and analyzed. These log files are not kept longer than required.  
  • Keeping our services performing. It is important to us to keep Mapiq performing optimally. When we detect a problem, like functionality slowing down, we need to investigate what actions have led to the problem. We use our log files to investigate and solve such issues.  
  • Improving our services. We always want to keep innovating. Therefore, we perform analytics on how our users use the product to gain insights into how we improve. Whenever possible, these analyses are performed using anonymous data.

Whose personal data does Mapiq have?

Mapiq has the personal data of the people that use Mapiq. That data is first transferred to Mapiq when you log on to Mapiq for the first time. Using a single sign-on process, your organization sends us the required information to log you on and get you started with Mapiq. That means that Mapiq only receives your personal data when you start using the Mapiq service.  

Further, Mapiq may receive your personal data when you contact us directly, for instance, when you create a support request or contact us by phone.  

Mapiq provides integrations with technical systems that your organization owns or maintains. We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality and to keep Mapiq performing and secure.  

Data that results from using the Mapiq applications

Using Mapiq may generate new personal information, as the new data can be linked to you as a user. This data may include:

  • The IP address of the computer or phone that was used to contact Mapiq web services.  
  • Which functionalities of the Mapiq web services you are using.  
  • Security logs of certain actions.  
  • Cookies.  
  • Bookings (reservations) that are made through Mapiq.  
  • A profile picture that you may set for your account.

We use this information to:

  • Keep our systems secure. IP addresses and security logs are used to detect possible malicious activity.  
  • Analyze how our users use the Mapiq service, so we can keep improving our services and their performance. We anonymize data when possible.

We use cookies to keep our systems secure and analyze how the Mapiq service is used. Cookies are small text files stored on your computer and can be used to keep you logged on to the Mapiq service and track which services (websites/ pages) of Mapiq you have visited. The most basic cookies serve a purely technical purpose (the ones logging you on), while others help us understand how our services are used.

Data generated during the use of Mapiq (bookings, a profile picture) are all stored to deliver the correct functionalities. We need to store bookings to manage concurrent reservations correctly, and we need to store your profile picture if you have chosen to set one to personalize your Mapiq experience.

Data that we receive from your organization to integrate with their systems

This category of data varies from customer to customer, but the purpose for receiving the data is generally the same. When connecting to your organization's system, it may be necessary for your organization to deliver additional personal data to correctly match your data within that system.  

Since it differs from customer to customer it is not possible to exactly specialize this category of data in this privacy policy. This type of data is governed by the data processing agreement between Mapiq and your organization, which assures that Mapiq can only use the data for the purpose intended by your organization.

Data retention

We store personal data no longer than required by law and no longer than required to deliver the Mapiq services. Retention varies between 24 hours and the duration of the subscription your organization has with Mapiq.  

When your organization decides to stop its Mapiq subscription, your organization has two options to choose from:

  • Mapiq hands over all data in the organization’s subscription to your organization and then deletes the data.  
  • Mapiq deletes the data and confirms that to your organization.  

With whom do we share personal data?

We do not share your data with other organizations unless there is a valid and legitimate reason. We do or may share your information with:

  • Your own organization. As the subscription holder, they own the data in their subscription.  
  • Third parties that work for Mapiq. Third parties only receive the information strictly required to fulfill their services to Mapiq. These third parties are known by your organization. For instance, our cloud hosting provider Microsoft is used for hosting the Mapiq services, and we use SendInBlue to provide e-mail notifications.  
  • Governmental agencies, when legally required.

How we care for your personal data

We secure your data

Technical and organizational security is an essential aspect of keeping your data secure. The Mapiq company is an ISO-27001 certified company. ISO-27001 is an international standard on information security. It defines both technical and organizational measures that a company should implement to ensure security throughout all business processes: from hiring staff, to software development and hosting services.  

Although the ISO standard is much broader than the few examples we can give here, the following should give an idea of the aspects of caring for your data:  

  • We use encryption for all internet communication.  
  • We always have our systems updated to include the latest security patches.  
  • All our databases are encrypted.  
  • We have backup-and-restore systems in place that are regularly tested.  
  • Mapiq uses a software development cycle where each phase of development is securely separated from the next (the DTAP principle)  
  • The Mapiq services are regularly penetration tested: ethical hackers try to find flaws by trying to hack into our systems.

An external auditor audits our information security standard on a yearly basis.

Confidentiality

Privacy awareness amongst our personnel is an important aspect of caring for your data. All Mapiq employees have signed a confidentiality agreement. Only Mapiq employees who require personal data access to fulfill their jobs (for instance, our service administrators) can access personal data.

Data ownership

Mapiq has no ownership over your data and never sells or shares your data. Data collected from your account is owned by your company/organization, or is owned by you. Please consult your company or organization if you have any questions about how your data is collected by using Mapiq.

Requesting, correcting or deleting your personal data

Mapiq processes personal data on behalf of your organization, which has undertaken a subscription to Mapiq. The best starting point for such a request would be your own organization’s service desk or privacy officer, in order to streamline communications.

Further questions on privacy or personal data?

We are happy to answer any questions you may have on privacy or your personal data. Feel free to contact us at privacy@mapiq.com.