Privacy policy
Privacy & Cookie Policy – House Be
1 Introduction & About this Policy
House Be AB (reg. no. 559089-6451), Kurortsvägen 20 b, 837 52 Åre, along with its subsidiaries (collectively referred to as (“House Be”, “we”, “our” or “us”) is the data controller for the personal data outlined in this Privacy & Cookie Policy. For any Privacy Inquiries and Data Rights Requests, you can contact us at fredrik@housebe.com We process your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and other applicable data protection laws.
1.1 Purpose
- The purpose of this policy is to explain:
- what personal data we collect;
- why we collect it and the lawful bases we rely on;
- how we use and safeguard it;
- who we share it with and when we transfer it outside the EU/EEA;
- how long we keep it; and
- your rights and how to exercise them.
1.2 Scope
This Policy applies to members, prospective members, House Be website (https://www.housebe.com/) and application users, event attendees, newsletter subscribers, and any other individuals whose personal data we may process when providing our services.
2 Definitions
- Personal Data: Any information relating to an identified or identifiable natural person.
- Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, or deletion.
- Data Controller (or Controller): The party that determines the purpose and means of the processing of personal data (House Be is the Data Controller for the Personal Data covered by this Policy).
- Data Processor (or Processor): The party that processes personal data on behalf of the controller.
- Data Subject: The identified or identifiable natural person whose Personal Data is being processed.
Unless a term is expressly defined above, the meaning given to that term in the GDPR applies.
3 Data We Collect and Why
This section describes the types of personal data we collect, the purposes for which we use it, the lawful bases we rely on, and how long we retain the data.
3.1 Data Categories
| Data Categories | Source |
|---|---|
| Member administration data: Full name, profile name, mobile number, e-mail, and residential address. | Account creation form |
| Billing & company information: Company/organization name, billing address, organization number, or social security number (personnummer) for individuals, and payment history. | Account creation form |
| Optional profile information: Profile picture, company name, industry, role, skills, bio, website/social-media links. | Account creation form and member portal |
| Access control data: Access logs (all access-controlled entries) and check-in logs (first daily entry). | Electronic locking system |
| Service usage data: Meeting-room bookings, event registrations, and printing volumes. | Member portal |
| Communication data: E-mails, chat, support tickets, and feedback forms. | Directly from you |
| Marketing preferences: Newsletter opt-in/opt-out | Website (see https://www.housebe.com/) |
| Technical & cookie data: Necessary, functional, analytics, performance, advertising. For more information about cookies, see section 7. | Website |
| Content Cell | Content Cell |
3.2 Purpose and Lawful Basis
| Data Categories | Purposes for Processing | Legal Basis |
|---|---|---|
| Member administration data | Register and manage your membership account. | Contract Art 6 (1)(b) (we need these details to create and manage your membership). |
| Billing & company information | Process payments, manage billing, and financial records. | Contract Art 6 (1)(b) (process payments) |
| Optional profile information | Display your public member profile on our member website for other members to discover your skills and services. | Consent Art 6 (1)(a) (you choose whether to publish this profile and can withdraw consent at any time). |
| Access Logs (access control data) | Provide and monitor secure entry to our premises. | Contract Art 6 (1)(b) (provide secure entry) |
| Access Logs (access control data) | Troubleshoot access issues and investigate security incidents. | Legitimate interest Art 6 (1)(f) (maintaining site security). |
| Check-in Logs (access control data) | Billing for usage-based memberships and providing utilization reports on request. | Contract Art 6 (1)(b) (usage-based billing and presence reports). |
| Check-in Logs (access control data) | Internal statistics on space utilization to improve facility management. | Legitimate interest Art 6 (1)(f) (space-utilization analytics). |
| Service usage data | Manage and allocate bookable resources, facilitate event registrations, and billing for usage-based services. | Contract Art 6 (1)(b) (manage bookings, events, usage-based billing). |
| Service usage data | Analyze usage trends to optimize offerings and member experience. | Legitimate interest – Art 6 (1)(f) (service optimization and utilization analysis). |
| Communication data | Respond to enquiries and support requests. | Contract Art 6 (1)(b) (provide efficient member support and resolve issues). |
| Marketing preferences | Send newsletters and promotional messages in the channels you have opted into. | Consent Art 6 (1)(a) (send newsletters/promotions only if you opt in; you can opt out (withdraw consent) at any time).l |
| Technical & cookie data | Remember your settings, measure website and application performance, improve user experience, and deliver or suppress marketing content according to your preferences. | Consent Art 6 (1)(a) (analytics, preference cookies & marketing cookies). |
| Content Cell | Content Cell | Content Cell |
3.3 Data Retention
| Data Category | Data retention |
|---|---|
| Member administration data | Stored for the duration of your membership and for 2 years thereafter, to handle any outstanding matters. |
| Billing & company information | Stored for 7 years in accordance with Swedish bookkeeping law (Bokföringslag 1999:1078). |
| Optional profile information | Kept until you delete it, withdraw consent, or for the duration of your membership. |
| Access Logs (access control data) | Kept for 60 days, unless a security incident is under investigation, in which case, relevant entries are retained for as long as necessary to fulfill that purpose. |
| Check-in Logs (access control data)l | Kept for the duration of your membership and 2 years thereafter for utilization analysis. Logs for usage-based billing are retained for 7 years in accordance with Swedish bookkeeping law. |
| Service usage data | Kept for the duration of your membership and 2 years thereafter for optimization and utilization analysis. Booking or usage data for usage-based billing is retained for 7 years, in accordance with Swedish bookkeeping law. |
| Communication data | Stored 1 year after our last interaction, unless necessary for ongoing disputes. |
| Marketing preferences | Stored until you withdraw consent (or unsubscribe). |
| Technical & cookie data | The retention period of cookies is stated in the cookie settings on our website (see https://www.housebe.com/). For additional information on cookies, see section 7. |
Once the retention periods expire or data is no longer needed for its purpose, it will be securely deleted or anonymized. Anonymized data may be kept for statistics and operational analysis.
4 Sharing Your Personal Data and International Transfers
We never sell your personal data. We only share your personal data with the categories of third parties listed below.
- Group Companies: We share your data internally to manage customer relationships, consolidate data, and deliver our services. Such processing is always in line with this Policy.
- Service Providers: We may engage trusted third-party service providers to perform functions and provide services (e.g., IT hosting, maintenance, cloud services, payment processing, marketing tools, and CRM). These providers will only process your personal data on our instructions and for the purposes listed above (see section 3.2).
- Legal Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities.
4.1 International Transfers
We may transfer your personal data to service providers located outside the European Union (EU) or European Economic Area (EEA), we will ensure that appropriate safeguards are in place to protect your data to a standard equivalent to that within the EU/EEA. These safeguards may include:
- Ensuring the country has been deemed by the European Commission to provide an adequate level of data protection.
- Implementing Standard Contractual Clauses (SCCs) approved by the European Commission with the recipient.
5 Your Data Protection Rights
Under the GDPR, you have several rights concerning your personal data. These include:
- Right to Information: You have the right to request copies of your personal data that we hold.
- Right to Rectification: You have the right to request correction or completion of any information you believe is inaccurate or incomplete.
- Right to Erasure: You have the right to request that we erase your personal data.
- Right to Limitation of Processing: You have the right to request that we restrict the processing of your personal data.
- Data Portability: You have the right to request that we transfer your personal data to another controller or directly to you.
- Right to Object: You have the right to object to our processing of your personal data based on our legitimate interests.
- Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw that consent at any time.
- Right to file a complaint: You have the right to file a complaint to the Swedish supervisory authority, Integritetsmyndigheten (IMY). Some of these rights may only be available under certain conditions. To exercise any of these rights, contact us using the contact information in Section 9. We may need to verify your identity before we act.
6 Data Security
We are committed to ensuring that your personal data is secure. We have implemented appropriate technical and organizational security measures to prevent unauthorized access, use, alteration, disclosure, or loss of your personal data. These measures include, but are not limited to:
- Restricting access to personal data to authorized personnel only.
- Using secure servers and networks.
- Implementing data encryption where appropriate.
- Regularly reviewing our security policies and procedures.
- Ensuring our third-party service providers have adequate security measures in place.
While we strive to protect your personal data, no method of electronic transmission or storage is ever completely secure, and we therefore cannot guarantee absolute security.
7 Cookies
A cookie is a small file containing a string of characters that is sent to your device when you visit a website. When you return, the cookie lets the site recognize your browser, so it can retrieve information you previously provided. Cookies can store your preferences and other data to improve your experience on the site, or they can be used to track you across other websites. You have the right to decide whether to allow non-essential cookies. You can do this by:
- You can at all times select and change your preferences in the banner that appears in the lower left corner when you arrive on our website (https://www.housebe.com/).
8 Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new policy on our website and updating the "Last Updated" date at the top of this policy.
9 Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our processing of your personal data, please do not hesitate to contact us: House Be AB, reg. no. 559089-6451 Address: Kurortsvägen 20 b, 837 52 Åre Email for privacy inquiries & data rights requests: fredrik@housebe.com