Last updated: Apr 01, 2018
This document is targeted towards all individual Mapiq users. Please note however that Mapiq is a product that is made available through your company or organization. That means that your company or organization has an agreement with us that states who can use Mapiq, what features are enabled and what information is being processed by Mapiq. Therefore, your own company’s service desk or privacy officer is a good starting point if you have any questions or privacy concerns about Mapiq. Feel free though to contact us directly at firstname.lastname@example.org if there is anything we can help you with.
What is personal data?
Personal data is all data that tells us something about you or that can be linked to you as a person. For example, when you log on to Mapiq with your corporate or institutional account Mapiq receives your name, email address and additional business contact information. A room reservation that you create within the Mapiq application becomes part of your personal data as well, as it is linked to you as a user. Your personal data might also exist of technical details, like your computer’s IP-address that is used to log on to the Mapiq web service.
In contrast to personal information Mapiq also handles anonymous information. The occupancy status of a room or flex desk that is measured with a sensor is no personal data, as Mapiq cannot link that data to who is keeping the room or workplace occupied.
In summary, personal information is all information that we have that links to you as a person.
Our vision on privacy
The goal of our Mapiq product is to give you a great and efficient day at work. Processing personal data is part of that and should always serve your interests.
We care for your private data. That means that we see it as our responsibility to keep your data secure, to handle your data according to the privacy laws and to only allow access to your data to systems or persons that have the right and need to access it. The Mapiq company is ISO-27001 certified, which means that we have security policies in place that are regularly verified by an independent external auditing party.
You are in control. Mapiq does not own the data we have on you. We handle (process) your data on behalf of your company or organization (that purchased the Mapiq service). We can only use your data for the purposes described in the agreement with your organization. Features of Mapiq that allow you to share information with your colleagues (such as our colleague-finding feature) are only enabled after you opt-in for that feature. You can opt-in and opt-out as frequently as you want. If you want to know what data Mapiq has on you, if you see that your data is incorrect, or if you want your data to be removed entirely we are happy to help you.
We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality and to keep Mapiq performing and secure.
For which purposes does Mapiq use personal data?
- Delivering our Mapiq service. This includes:
- Authenticating you to the Mapiq web app or Mapiq Now app.
- Authorizing you forx certain functionalities, such as booking a room or placing an order for catering. These functionalities depend on the functionalities that your organization has in its Mapiq subscription.
- Offering the functionalities of our web app and/or Mapiq Now mobile app, such as room booking, controlling light and temperature settings, finding a suitable available workplace.
- Determining your location within your office building to provide location-based services. Your location is only visible to your colleagues when you explicitly enable this functionality (opt-in). Mapiq only stores your last known location, so no location history is kept except that single last known location. Your last known location is also not stored for a period longer than 24 hours. Finally, Mapiq can only determine your location within the office building, so not outside or at home.
- Providing support and maintaining contact with your organization’s representatives.
- Keeping our services secure. We need to make sure that our software platform is secure and therefore need to be able to detect potential malicious activity or flaws in our systems. Web requests and security-sensitive actions (like logon attempts) are therefore logged and analyzed. These log files are kept no longer than required.
- Keeping our services performing. It is important to us to keep Mapiq performing optimally. When we detect a problem, like functionality slowing down, we need to investigate what actions have led to the problem. We use our log files to investigate and solve such issues.
- Improving our services. We always want to keep innovating. We therefore perform analytics on how our users use the product to gain insights in how we improve. Whenever possible these analyses are performed using anonymous data.
Whose personal data does Mapiq have?
Mapiq has personal data of the people that use Mapiq. That data is first transferred to Mapiq when you log on to Mapiq for the first time. Using a process called Single Sign On, your organization sends us the required information to log you on and get you started with Mapiq. That means that Mapiq only receives your personal data when you start using the Mapiq service.
Further, Mapiq may receive your personal data when you contact us directly, for instance when you create a support request or contact us by phone.
Mapiq provides integrations with technical systems that your organization owns or maintains. For example, we may integrate with a room booking system to provide convenient meeting room reservations, or we may integrate with the Wi-Fi network to provide location-based services. It can happen, that the system that we integrate with also provides us with personal data of people who are not actively using Mapiq. That means that Mapiq receives more information than it asks for and strictly requires. When this happens, the non-required data is disposed directly upon receival, to ensure that we do not store personal data from non-Mapiq users.
We only use your data for the intended purpose. That means that Mapiq uses personal data only to deliver and improve the Mapiq functionality and to keep Mapiq performing and secure.
What personal data does Mapiq have?
Information on who you are
This is the basic personal information that we receive from your organization when you log on to Mapiq, like:
- Your name
- Your business email address
- Your business phone number
- Your job title
- The department you work in
We use this information to:
- Authenticate you for logging on to Mapiq
- To provide the Mapiq application functionality, like showing a welcome message or sending you a confirmation email after booking a meeting room.
- To determine authorizations, such as the meeting rooms that you may or may not book through Mapiq.
- To provide business contact information to your colleagues, if you have opted in for colleague finding.
Data that results from using the Mapiq applications
Using Mapiq may generate new personal information, as the new data can be linked to you as a user:
- The IP address of the computer or phone that was used to contact Mapiq webservices.
- Which functionalities of the Mapiq webservices you are using.
- Security logs of certain actions.
- Bookings (reservations) that are made through Mapiq.
- A profile picture that you may set for your account.
- You last known location, if you have enabled (opted in for) location based services.
We use this information to:
- Keep our systems secure. IP addresses and security logs are used to detect possible malicious activity.
- To analyze how our users use the Mapiq service, so we can keep improving our services and their performance. We anonymize data when possible.
- Cookies are small text files that are stored on your computer and can be used to keep you logged on to the Mapiq service and to keep track of which services (websites/ pages) of Mapiq you have visited. The most basic cookies serve a pure technical purpose (the ones logging you on), others help us to understand how our services are being used.
Data that is generated during the use of Mapiq (bookings, a profile picture, your last known location) are all stored with the purpose of delivering that exact functionality. We need to store bookings to correctly manage concurrent reservations and we need to store your profile picture if you have chosen to set one to personalize your Mapiq experience. A special note on last known location is that we only store a single last known location, and only if you have opted in for localization. Location data is erased after 24 hours.
Data that we receive from your organization to integrate with their systems
This category of data varies from customer to customer, but the purpose for receiving the data is generally the same. When connecting to a system of your organization, it may be necessary for your organization to deliver additional personal data to correctly match your data within that system. This is best explained by a real-life example.
Mapiq offers integration with smart lockers. That means that you can use the Mapiq application to find and claim an available locker, and to open it using the Mapiq application. Your organization’s locker system may be designed to use your badge number to uniquely identify you as the owner of the locker. For Mapiq to integrate with that system, it will need to also know that badge number to claim a locker on your behalf.
We store personal data no longer than required by law and no longer than required to deliver the Mapiq services. Retention varies between 24 hours (location data) and the duration of the subscription your organization has with Mapiq.
When your organization decides to stop their Mapiq subscription, your organization has two options to choose from:
- Mapiq hands over all data in the organization’s subscription to your organization and then deletes the data.
- Mapiq deletes the data and confirms that to your organization.
With whom do we share personal data?
In general, we do not share your data with other organizations unless there is a valid and legitimate reason. We do or may share your information with:
- Your own organization. As the subscription holder, they own the data in their subscription.
- Third parties that work for Mapiq. Third parties only receive the information that is strictly required to fulfill their services to Mapiq. These third parties are known by your organization. Our cloud hosting provider Microsoft for instance is used for hosting the Mapiq services.
- Governmental agencies, when legally required.
How we care for your personal data
We secure your data
Technical and organizational security is an important aspect of keeping your data secure. The Mapiq company is an ISO-27001 certified company. ISO-27001 is an international standard on information security. If defines both technical and organizational measures that a company should implement to ensure security throughout all business processes: from hiring staff, to software development and hosting a service.
Although the ISO standard is much broader than the few examples we can give here, the following should give an idea of the aspects of caring for your data:
- We use encryption for all internet communication.
- We always have our systems updated to include the latest security patches.
- All our databases are encrypted.
- We have backup-and restore systems in place that are regularly tested.
- Mapiq uses a software development cycle where each phase of development is securely separated from the next (the DTAP principle)
- The Mapiq services are regularly penetration tested: ethical hackers try to find flaws by trying to hack into our systems.
Our information security standard is audited by an external auditor on a yearly basis.
Privacy awareness amongst our personnel is an important aspect of caring for your data. All Mapiq employees have signed a confidentiality agreement. Only Mapiq employees that require access to personal data to fulfill their jobs (for instance our service administrators) can access personal data.
Requesting, correcting or deleting your personal data
You have the right to ask us:
- What personal data we have on you and have us send it to you.
- To correct an error in your personal data.
- To delete all personal data we have on you.
Mapiq processes personal data on behalf of your organization, who have taken a subscription to Mapiq. To streamline communications, the best starting point for such a request would be your own organization’s service desk or privacy officer.
Nevertheless, you may always directly contact us at email@example.com for such a request. By emailing to this address, a service ticket is created that will be handled by our support staff. Together with your organization we will then make sure to have your request handled within two weeks.
Further questions on privacy or personal data?
We are happy to answer any questions you may have on privacy or your personal data. Feel free to contact us at firstname.lastname@example.org.
TERMS & CONDITIONS MAPIQ B.V.
- These Terms & Conditions apply to all offers, quotations, order confirmations and agreements between Mapiq B.V. (hereinafter: “Mapiq”) and its client (hereinafter: “the Client”) and together referred to as “Parties”, regarding the Mapiq products (hardware) and services (installation, implementation, software subscription and customer support).
- These Terms & Conditions also apply if Mapiq makes use of third parties.
- Any deviating conditions apply only if they have been recorded in writing.
- The Terms & Conditions of the Client are rejected and not applicable.
2. Offers, prices, concluded agreements
- All offers and quotations of Mapiq are without obligation and apply for a maximum of 30 days, unless otherwise agreed in writing.
- All prices are in euros, VAT and any other charges if applicable.
- If, after the first full year of the agreement has passed, the date of December the 31st passes Mapiq is entitled to index the agreed fees. Indexing takes place based on the CBS Service Price Index from January of the new year compared to January of the previous year.
- Mapiq cannot be held to its offers if the Client in all fairness realises that the quotations contain an obvious mistake or error.
- An agreement with Mapiq comes into effect as soon as Mapiq has confirmed the order given in writing or as soon as Mapiq has started to implement the order given.
3. Delivery and transfer of risk of hardware
- Unless otherwise specifically agreed, delivery of the products is DAP (delivery at place). The purchased products are transported at the account and risk of Mapiq who will ensure adequate insurance. Mapiq is responsible for delivering the products up until the moment of unloading from the arriving conveyance at the agreed place. The risk transfers from Mapiq to the Client when the products are available for unloading. Therefore, unloading is at the Clients risk. The Client is responsible for import clearance and any applicable local taxes or import duties.
- If the Client declines to accept the shipment and/or delivery or is negligent in providing information or instructions necessary for the delivery, Mapiq is entitled to store the products at the expense and risk of the Client.
4. Performance of the agreement
- (Delivery) terms of Mapiq are indicative.
- If the Client wishes to (partly) move up the performance date of the agreement (i.e. delivery of the products and/or the services) after Parties agreed on the delivery date, the costs as a result of the performance date change will be fully borne by the Client.
- Mapiq is authorised to engage third parties in the performance of the agreement on behalf of the Client.
5. Term and extension
- The agreement will commence on the date of signing for a period of three (3) years, unless agreed otherwise in writing and unless terminated earlier in accordance with any other provision of the agreement or by operation of law. The term of the contract shall be tacitly extended with the same period of time originally agreed, unless Mapiq or the Client terminates the contract in writing with due observance of a notice period of six months prior to the end of the current term
- After the extension period the agreement will turn into a continuing performance agreement. If a Party wishes to terminate the continuing performance agreement, he must do so in writing and he must take a reasonable and fair notice period of six (6) months into consideration.
- If parties make use of a Statement of Work that Statement of Work (unless otherwise terminated in accordance with the agreement) should be fulfilled for the full period contemplated by that Statement of Work, even if the agreement expires or is otherwise terminated.
6. Invoicing and payment
- The hardware will be invoiced as follows: 100% directly after the order date by the Client.
- The subscription fee will be invoiced as follows: in advance per year from the date of the acceptance of the purchase order by Mapiq onwards and subsequently 30 days prior to the new contract year.
- The implementation will be invoiced as follows: 50% at delivery view model (3D model of the building, without connections with client’s ICT systems and/or systems of external vendors) and the other 50% after acceptance by Client.
- The terms of payment are 30 days after date of invoice, unless agreed otherwise in writing.
- An appeal by the Client for adjustment, suspension or deduction is not permitted.
- After expiry of the payment term, the Client is legally in default. From that point on, the amount due is liable to the statutory commercial interest rate.
- All costs necessarily incurred by Mapiq to settle the claim in and out of court are at the Client’s expense. The extrajudicial costs are calculated in accordance with the Staffel extrajudicial collection costs, with a minimum of €150,-.
- Objections to invoices must be brought to the attention of Mapiq in writing within five working days of the invoice date. In the absence of a timely claim, the Client is deemed to agree to the invoice sent. A claim does not suspend the payment obligation.
- If, according to the contract concluded between the parties, the Client consists of several natural persons and/or legal entities, each of these natural persons and/or legal entities shall be jointly and severally liable towards Mapiq for performance of the contract.
7. Dissolution and suspension
- Either Party can, in addition to the legal provisions for dissolution, dissolve the agreement at any time and without further notice of default or judicial intervention and without liability for damages to the other Party,
- if the other Party is declared bankrupt;
- if suspension of payment is requested for the other Party;
- if the other Party ceases its business and/or its assets are sequestrated; or
- if the other Party otherwise loses the right to dispose of (a part of) its assets.
- Mapiq can, in addition to the legal provisions for dissolution, dissolve the agreement with the Customer at any time and without judicial intervention and without liability for damages to the Customer, if the Customer leaves its due and payable debts unpaid, but only after Mapiq has given a written notice with a final payment term of 14 days and the payable debts remain unpaid.
- If the Customer fails to fulfil one or more of its obligations (not being unpaid fees as stated in sub b of this article), or does so not on time or not fully, Mapiq is entitled to fully or partially suspend the fulfilment of the agreement or to fully or partially dissolve the agreement without further notice of default or judicial intervention and without being required to pay any compensation, all this without prejudice to the right of Mapiq to claim compensation.
- The Client is obliged to check the delivered products at the time of delivery.
- Complaints must be submitted in writing to Mapiq immediately after the moment the Client discovers them, but at the latest within a week following receipt of the products. Complaints concerning outwardly visible damage must be recorded by the Client on the receipt note.
- Non-visible defects must be reported to Mapiq in writing within the guarantee period as stipulated in these Terms & Conditions.
- If a complaint has not been reported to Mapiq within the aforementioned periods, no claim can be made.
- Complaints do not give the Client the right to defer payment of amounts owing.
- Mapiq can only deal with a complaint submitted in a timely fashion, after the Client has provided the information necessary to assess the complaint. The Client must give Mapiq the opportunity to verify the complaint. If the complaint proves justified, Mapiq must be given the time necessary to replace the delivered products free of charge against the return of the originally delivered products.
- Mapiq will endeavour to deliver in accordance with the agreed order. Variations in the agreed quantities, sizes, compositions, formatting and/or other indications of version do not give any right of non-acceptance of delivery, unless the variation is such that it is unacceptable.
9. Service Level Agreement
- In addition to these Terms & Conditions, specific requirements and response times with regard to the services are described in our Service Level Agreement (SLA).
- The SLA shall only be expressly agreed to in writing.
- The Client shall always inform Mapiq without delay about any circumstances that affect or that could affect the service level and the availability.
- The availability of software, systems and related services shall always be measured such that unavailability due to preventive, corrective or adaptive maintenance or other forms of service announced by Mapiq in advance and circumstances beyond Mapiq’s control are not taken into account. The availability measured by Mapiq shall count as conclusive evidence, subject to evidence to the contrary produced by the Client.
- Mapiq warrants that the hardware to be delivered meets the usual requirements and standards that could reasonably be set at the time of delivery and for which they are designed in normal use.
- The warranty period for the hardware is twelve (12) months after delivery to the Client.
- Mapiq has, after receiving back the hardware to investigate a reported defect by the Client, the right at its own choice, to replace the hardware, to repair the hardware or to reimburse the Client for payment made for the hardware in question, provided that the return of the hardware was done during the warranty period.
- Mapiq does not guarantee that the software made available and held in the context of the SaaS is free of errors and functions without interruption. Mapiq shall make efforts to fix the errors in the software within a reasonable term, as specified in the SLA.
- Parties will establish a procedure in mutual consultation with regard to conducting the acceptance test. The acceptance test concerns the Mapiq products and services mentioned in the agreement.
- In case Parties have not agreed on an acceptance test, the Client accepts the products and services in the state in which it is at the time of delivery, therefore with all visible and invisible defects. In the aforementioned situation, the products and services will be deemed to have been accepted by the Client upon delivery or, if the installation to be performed by Mapiq is agreed upon in writing, upon completion of the installation. Notwithstanding the absence of a mutually agreed acceptance test, the SLA and other warranties given by Mapiq are still applicable on the Mapiq products and services.
12. Intellectual property rights and license
- Unless otherwise provided, neither Party will gain by virtue of the agreement any rights, title or interest in or to the other Party’s intellectual property. For the purposes of the agreement, intellectual property shall be understood in the broadest sense, including copyright, neighboring rights, database rights, patents, utility models, design models, trademarks, trade names, trade secrets and know how. Mapiq grants the Client a non-exclusive license to use the Mapiq intellectual property rights solely for purposes of receiving the products and services.
- Without prejudice to the right of the Client to use the products and services no Party shall use, for other purposes than the execution of the agreement, the other Party’s trademark, trade name and logo without the prior written approval of the other Party.
- Each Party’s ownership of its own intellectual property shall survive any termination or expiration of the agreement and shall remain in full force and effect thereafter.
13. Liability and indemnity
- If Mapiq should be liable, then this liability is limited to what is arranged in this article.
- The liability of Mapiq is in all cases limited per incident to a maximum of the total invoice value of the twelve (12) months prior to the incident that has led to the liability and with a maximum of 100.000 euros in total per year.
- Mapiq excludes any liability for damages which are the result of inexpert use, or for the use of products for purposes for which they were not designed, or for any use of the products that could not be reasonably expected.
- Mapiq is not liable for indirect damages, including but not limited to consequential damages, trading loss, loss of production, turnover and/or loss of profits, lost savings, loss due to business interruption, depreciation, and costs that would have been involved in the execution of the object if the order had been carried out properly from the outset.
- Mapiq is authorised to engage third parties in the performance of the agreement and to accept any liability limitation of that third party on behalf of the Client.
- Mapiq is never liable for any damage that is caused by a third party engaged by Mapiq.
- Mapiq is not liable for damage of any kind, which is a result of incorrect and/or incomplete information as provided by or on behalf of the Client.
- The limitations of liability included in this article do not apply if the damage is due to intent or gross negligence on the part of Mapiq.
- A claim for compensation must be submitted to Mapiq within one (1) month after the Client has discovered the damage or could reasonably have discovered it. Failing to submit a claim will result in the fact that the right to compensation will lapse.
14. Force majeure
- Deficiencies of Mapiq in the fulfilment of the agreement cannot be imputed to Mapiq if the deficiencies are not attributable to Mapiqs fault and do not come to its account either under the law, the agreement or under generally accepted understandings.
- Force majeure is in any case (but not limited to) understood to mean: non-delivery by the postal company, incomplete and/or delayed delivery by factory/importer, import and export bans, measures of Dutch and/or foreign governmental bodies that make performance of the agreement onerous and/or more expensive than was envisaged when concluding the agreement, walk-outs, traffic disruptions, loss or damage during transport, fire, theft, telecommunication failures/malfunctions in electronic messaging, the unexpected loss of third parties, business disruption, technical defects, transport problems, strike, the consequences of natural disasters, etc. All of this also applies where these difficulties occur with third parties engaged in the implementation of the agreement by Mapiq.
- Except to the extent set out in this clause or otherwise expressly permitted in the agreement, each Party shall treat the other Party’s data as confidential, use the other Party’s data solely for the specific purpose or purposes for which it was disclosed, take all action reasonably necessary to secure the other Party’s data against theft, loss or unauthorised disclosure and not publish or otherwise disclose to any person the other Party’s data without the owner’s prior written consent other than to:
- its affiliates and its respective directors, officers, employees and representatives who need to receive the data in connection with the agreement or the relevant Statement of Work;
- its professional advisors (including auditors) as necessary for the purposes of receiving professional advice (including audit services) in relation to the agreement and/or the relevant Statement of Work, who have agreed to be bound by a duty of confidentiality relating to the data at least as stringent as the obligations and covenants in this clause.
- Each Party may disclose Data which would otherwise be subject to this clause but only if it can demonstrate that:
- such disclosure is required by Law, or by order of a court of competent jurisdiction or pursuant to a binding order or direction or other formal written request of a tax or fiscal authority or other regulator; or
- the Data is already and lawfully in the receiving Party’s possession without an obligation restricting disclosure at the time of receipt from the disclosing Party; or
- the Data became part of the public domain, other than through a breach of this clause.
16. Retention of title
- The products delivered by Mapiq remain the property of Mapiq until the Client has or will have paid to Mapiq all monies that Mapiq claims from the Client, including interest and costs, and including any (damage) compensation.
- The Client is not entitled to pledge the products delivered by Mapiq or to encumber them in any other way.
- If third parties sequestrate the products delivered under retention of title or wish to claim or assert rights thereon, then the Client is obliged to inform Mapiq immediately.
- Mapiq may, within a reasonable period to be determined by Mapiq, require the Client to recall products that it has put on the market and which are defective or which are at risk of becoming defective (hereinafter: ‘recall action'). The Client is obliged to sell back and deliver to Mapiq the products that are the subject of the recall action at the price the Client was originally charged. All other costs associated with the recall action are for the Client’s account.
- The Client is obliged to implement a request from Mapiq to carry out a recall action without delay, failing which it is immediately in default and the costs related to the recall action and the damage resulting from the default will be fully for the account of the Client, regardless of who bears the risk of the recall action.
- In so far as personal data is used/processed for carrying out its activities, this personal data will be used and protected by Mapiq with a high degree of care in accordance with the General Data Protection Regulation.
- Mapiq will take appropriate technical and organisational measures to ensure the protection of personal data in the possession of, and used by, Mapiq. These technical and organisational measures will also serve to prevent loss or any other form of unlawful processing of personal data. In doing so, Mapiq will weigh the nature of the processing against the measures to be taken.
- The Mapiq Data Processing Terms are applicable on the agreement.
- For questions relating to the data processing, the Client can get in contact with Mapiq via email@example.com.
19. Applicable law and dispute settlement
- Dutch law is exclusively applicable to the legal relationship between Mapiq and the Client.
- Disputes will be adjudicated by the competent judge of the Court The Hague or on the request of the Customer by the competent judge of the Netherlands Commercial Court in Amsterdam.
20. Final provisions
- Mapiq has the right to change these Terms & Conditions without prior notice. In that event, the Client has the right to cancel orders that have already been placed, in so far as not (partially) executed, within 8 calendar days after this change.
- Cancellation or modification of an agreement by the Client is only possible following explicit written consent from Mapiq.
- If one or more of the provisions of these Terms & Conditions is invalid or inoperative, the remaining provisions will remain in force.
- The most recent version of these Terms & Conditions, as can be found on the website of Mapiq (www.mapiq.com), will apply.