Last updated: July 28th, 2021
Personal Information. “Personal Information” is data that relates to you and can — either on its own or in combination with other information — identify you as an individual. Personal Information does not include data that has been aggregated or made anonymous such that you can no longer be identified using means reasonably available to us. Our Services. The Services referenced in this Policy include the Services provided by buro. References to “you.” In this Policy, “you” means anyone who uses our websites, applications, or other Services. Authoritative Version. When the text of this Policy is available in multiple languages, the English version is the authoritative version, except where prohibited by applicable law.
COVID-19. We may collect, use, disclose, and otherwise process your Personal Information in connection with our response to COVID-19. For more information, please review the COVID-19 Privacy Notice at the end of this page.
2. INFORMATION WE COLLECT
The Personal Information that we collect, and our use of that information depends on your relationship with us and the requirements of applicable law as described below. We collect information:
- that you provide to us directly.
- that your company, broker, host, parent, or guardian provides to us;
- If you opt-in to certain features or depending on your device settings, we obtain geo-location data and information about your contacts;
- from third parties such as our landlords, building managers, licensees and property brokers; and
- that we obtain from other sources, including data brokers or information providers.
INFORMATION COLLECTED FROM YOU
buro. requests different types of Personal Information from you and your company or others, depending on the Services you use and your relationship with us. We may collect the following categories of information, depending on the Services that you use:
- Contact Information and other Identifiers, including your name, mailing address, phone number, email address, and other information that enables us to contact you;
- Verification Information, including your personal photograph, photo ID or government issued identification, and date of birth;
- Professional and Employment-Related Information, including your company name, title, role, team, and other information about your profession;
- Payment Information, including your credit or debit card details, bank account information, and payment or other information required when you make a purchase;
- Email Calendar Information, when we integrate with your corporate email calendar (e.g., Gmail or Microsoft Outlook) and collect data regarding the conference rooms you book;
- Office Preferences, including your requested or preferred temperature, fan speed, desk and chair height, desk location, phone booth, beverage, snack, and other preferences related to the Services;
- Utilization Information, including how frequently you visit, how long you stay, and what types of Services you use when you visit a buro. location. These include services such as printer or Wi-fi usage, and desk or conference room bookings;
- Communications, and any other information that you intentionally share, send, or receive using the Services, including your e-mail, SMS, Slack, requests made through feedback platforms, automated chatbots or similar technology, calendar invitations, and any other information you choose to share with us — including your photos, videos, blog entries, interests, hobbies, lifestyle choices, and groups with which you are affiliated — and that you send or receive using the Services;
- Device and Usage Information, including information about your computer or device and Internet or other electronic network activity information. This includes:
- Device identifiers, such as IP address, WIFI MAC address, and Bluetooth address.
- Geolocation information, such as through your mobile device’s GPS signal or WIFI signal, and information about your contacts, depending on your device settings;
Other Personal Information, including, in addition to all of the information described above, instant messenger and social media screen names, usernames and passwords, relationship to emergency point of contact, vehicle identification, and other details such as the time and purpose of your visit, photos of you, and data or files that you input, upload, or store with the Services, such as search queries that you submit, and documents that you upload to the Services. We will also process Personal Information included in content and information that you add to your member network or other community profile.
INFORMATION COLLECTED ABOUT YOU
Social Media. buro. collects Personal Information to enable you to use online social media resources, including the use of our Member Platform. If you register or log into your account through a third-party social media service, we will have access to some of your account information from that service, such as your name and other information in that account, as authorized by your settings on that service. You have the ability to disable the connection between our Services and your third-party social media account(s) at any time. Third-Party Sources. We obtain Personal Information about you from your company, broker, parent or guardian, or from your host if you are a visitor or guest to one of our spaces. We also may receive your Personal Information from publicly and commercially available sources, as permitted by law and other third parties with whom we have an arrangement . We combine this information with Personal Information or other information that we receive from or about you, where necessary to provide the Services you requested. If we obtain Personal Information about you from a third party, we will confirm that the Personal Information is from a legitimate source. Google and Other Third-Party Analytics. We use a tool called “Google Analytics” to collect information about the use of our Website Services (e.g., Google Analytics collects information such as how often users visit the Website Services, what pages they visit when they do so, and what other sites they used prior to visiting the Website Services). Google Analytics collects only the IP address assigned to you on the date that you visit the Website Services, rather than your name or other identifying information. The information collected through the use of Google Analytics is not combined with your Personal Information. You can learn more about how Google Analytics collects and processes data and opt-out options at http://www.google.com/policies/privacy/partners/. We also may use other third-party analytics tools to collect similar information about use of certain online Services. “Do Not Track.” If you have enabled the feature, your web browser may transmit “do-not-track” signals to our websites and other online services with which your browser communicates. We currently do not take any action in response to these signals. Mobile Computing. We provide websites and online resources that are specifically designed to be compatible and used on mobile computing devices. Mobile versions of the Services may require you to log in with an account. In such cases, information about use of each mobile version of the website may be associated with user accounts. In addition, buro. enables you to download an application, widget, or other tool that can be used on mobile or other computing devices. Some of these tools may store information on mobile or other devices. These tools transmit Personal Information to buro. to enable you to access your user accounts and to enable buro. to track use of these tools. Some of these tools enable you to email reports and other information from the tool.
ANONYMOUS, AGGREGATED, AND OTHER INFORMATION
We also collect certain information about you that is not Personal Information. This may include intellectual property or other company information you share with us or through the Services, in accordance with any applicable agreements between you or, if applicable, your company, including, for example, trademarks, logos, and other intellectual property you own. In addition, we collect and/or generate anonymized and aggregated information from your use of the Services. We use anonymized and aggregated information in various ways, including to measure your interest in and use of portions or features of the Services. Anonymized or aggregated information is not Personal Information.
3. USE OF PERSONAL INFORMATION
How we use your Personal Information depends on your relationship with us. In general, we use your Personal Information to: provide you with our products and Services, including online and offline events, and other materials you request; protect against fraud, abuse, or harm and to otherwise provide a Secure Environment (“Secure Environment” as used in this Policy means both physical and online environments); respond to or fulfill customer service requests; analyze, better tailor, and improve our products and Services; contact you about our Services, promotions, and sweepstakes, tailor and provide you with relevant advertising, enhance your engagement with us, and otherwise communicate with you through various means, which may include by email, telephone, post, or by other means as communicated to you from time to time; and comply with our legal obligations and enforce our legal rights, such as, among other things, to exercise contractual rights, to comply with financial reporting obligations, court orders, warrants, or subpoenas in accordance with applicable law. LEGAL BASES FOR PROCESSING PERSONAL INFORMATION IF RESIDENT IN THE UK AND EU The processing of your Personal Information as described above is necessary to meet our contractual obligations to you or your company, to meet our legal obligations, or to meet our legitimate interests in providing our Services. Our legitimate interests may include providing you and others with a secure environment, analyzing, improving, and better tailoring our products and Services, being more efficient, fulfilling any contracts you have with us and helping to prevent fraud. We also generally rely on our legitimate interests in marketing our Services to you, whether on our own websites or on third-party websites, and in providing promotions or sweepstakes, where permitted by applicable law. We provide you with choices about how we use your Personal Information, in accordance with applicable law, by allowing you to opt-out of receiving all such communications (unless they are transactional solely related to the provision of our Services to you and have no marketing element) and, where required, by not sending you any such messages without your prior consent. Where applicable, we also may process Personal Information with your consent. Remember that in certain circumstances, and where permitted by applicable law, you may have the right to object to our uses of your Personal Information as further described in Section 5 of this Policy.
4. SHARING OF PERSONAL INFORMATION
4.1 THIRD PARTIES THAT PROVIDE CONTENT OR FUNCTIONALITY ON OUR SERVICES
4.2 SOCIAL MEDIA
We are active on social media (e.g., Twitter, Facebook, etc.) and share information, images, and videos with the public through unaffiliated external social media sites. We encourage you to read their policies. Remember that the social media sites are public, which means that anyone can see your posts, and your posts may even show up in search engine results. While we will not edit comments, we may delete a comment from our page on a social media site if it, for example, does not relate to the post, promotes a commercial product or service, uses obscene, threatening, or harassing language, or if it is a personal attack or hate speech that targets or disparages any ethnic, racial, age, or religious group (or other legally protected group), or if it advocates illegal activity or violates copyright laws.
5. RIGHTS IN YOUR INFORMATION: ACCESS, RECTIFICATION, ERASURE, AND RESTRICTION
We value your rights to your data. In accordance with applicable law, you may have the right to:
request confirmation of whether we store, use, or share any of your Personal Information and be informed about third parties with whom your Personal Information has been shared;
obtain access to or a copy of your Personal Information;
receive an electronic copy of the Personal Information that you have provided to us, or ask us to send that information to another company (the “right of data portability”);
restrict our uses of your Personal Information or, as described above, object to those uses or restrict our sharing of your Personal Information;
seek correction of inaccurate, partial, untrue, or incomplete Personal Information; In some cases, we may provide self-service tools that enable you to update your Personal Information;
request erasure, anonymization, or blocking of Personal Information held about you by buro., subject to certain exceptions prescribed by law, when processing is based on your consent or when processing is unnecessary, excessive or noncompliant; withdraw your consent to our processing of your Personal Information. If you refrain from providing Personal Information or withdraw your consent to processing, some features of our Service may not be available; cancel your online account if one has been created.
If you would like to exercise any of these rights, please contact us at [email protected] We will process all such requests in accordance with local laws. To protect your privacy, buro. will take steps to verify your identity before granting access or making any changes to your Personal Information. The California Privacy Rights section below provides additional information for California residents. 6. OPT-OUT and WITHDRAWAL OF CONSENT You may have the right to opt-out or withdraw your consent for certain uses and disclosures of your Personal Information.
6.1 SENSITIVE PERSONAL INFORMATION
Where you have consented to buro.’s use of “sensitive” Personal Information (e.g., Personal Information relating to your health, religious or philosophical beliefs, or biometric information which is used to uniquely identify you) (“Sensitive Personal Information”), you may withdraw that consent, in accordance with applicable law. Prior to disclosing Sensitive Personal Information to a third party or processing Sensitive Personal Information for a purpose other than its original purpose or a purpose authorized subsequently by the data subject, buro. will endeavor to obtain your explicit consent (opt-in). Where your consent for the processing of Personal Information is otherwise required by law or contract, buro. will comply with the law or contract.
6.2 EMAIL AND TELEPHONE COMMUNICATIONS
We retain the personal information we receive for as long as you use our Services or as necessary to fulfill the purpose(s) for which it was collected, provide our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws. When determining how long this retention period will last once the purpose of processing the Personal Information has been satisfied, we take into account the length of time Personal Information is required to: Continue to develop, tailor, upgrade, and improve our Services; Maintain business records for analysis and/or audit purposes; Comply with record retention requirements under the law; Defend or bring any existing or potential legal claims; or Address any complaints regarding the Services.
8. INFORMATION SECURITY
The security of all Personal Information provided to buro. is important to us. buro. takes reasonable steps endeavoring to use appropriate technical or organizational measures to protect your Personal Information, including against unauthorized or unlawful processing and accidental loss, destruction, or damage. By using our Services or providing Personal Information to us, you agree that we may communicate with you electronically regarding security, privacy, and administrative issues relating to your use of our Services. If we learn of a security system’s breach, we may attempt to notify you electronically by posting a notice on our Services, by mail or by sending an email to you.
9. OTHER RIGHTS AND IMPORTANT INFORMATION
9.2 COLLECTION OF INFORMATION FROM CHILDREN
Generally, our Services are not directed to children, and we do not knowingly collect Personal Information from children except as permitted under applicable law. If we become aware that a child has provided us with Personal Information, we will delete such information from our files or obtain parental consent in accordance with applicable law.
9.3 THIRD PARTIES
9.4 CHANGES TO THIS POLICY IN THE FUTURE
Any information that is collected via the Services is covered by the Policy in effect at the time such information is collected. We reserve the right to change, modify, add, or remove portions of this Policy at any time and at our sole discretion. If we make any material changes to this Policy, we will notify you of those changes by posting them on the Services or by sending you an email or other notification, as required by applicable law, and we will update the “Last Updated” date to indicate when those changes became effective. We encourage you to review this Policy periodically to remain informed of how we use and protect your information, and to be aware of any policy changes. Your continued relationship with us after the posting or notice of any amended Policy shall constitute your agreement to be bound by any such changes. Any changes to this Policy take effect immediately after being posted or otherwise provided by buro..
9.5 QUESTIONS OR COMMENTS
If you have any questions or comments regarding this Policy, please contact us at [email protected]. buro. will address your concerns and attempt to resolve any privacy issues in a timely manner. Sensitive Information. Because email communications are not always secure, please do not include credit card or other Sensitive Personal Information (e.g., racial or ethnic origin, religion, health, or the like) in your emails to us.
1. PERSONAL INFORMATION WE COLLECT ABOUT YOU
In connection with buro.’s response to COVID-19, we may collect Personal Information, including Health Data (defined below): (i) directly from you; (ii) obtained about you from others; (iii) when you visit buro. office; and (iv) from other sources. For employees:
- your contact details;
- information relating to your employment with us;
- household information (in particular, whether you live with a person who is considered vulnerable to complications from COVID-19 infection);
- information relating to how you travel/commute to your buro. office;
- recent travel history;
- information relating to your health, including your temperature;
- whether you have been infected by, may currently have, have previously had, are at risk of contracting, at risk of spreading or if you are considered vulnerable to complications from, COVID-19;
- COVID-19 symptoms; and
- antibody test results (“Health Data”); and
- other information you provide to us
For members, visitors and guests:
- recent travel history;
- Health Data; and
- other information you provide to us;
Information we may collect about you, including when you visit our office:
- Thermal Scanning:
We may require employees, members, visitors and guests to have their temperature taken in some buro. offices via a thermal scanning device (“Thermal Scanning Device”), before entering the building. The Thermal Scanning Device uses thermal imaging technology to determine whether you have a temperature above or below the local temperature threshold that indicates whether a COVID-19 infection may exist (e.g. 38°C, 99.5°F, etc.).
The Thermal Scanning Device will momentarily collect and process data relating to your temperature – this information is personal information relating to your health.
- Health Screening Questionnaires: We may require employees, members, vendors, visitors and guests to complete a health screening questionnaire (“Questionnaire”) before entering our offices in order to detect whether any COVID-19 infection may exist. This is to assist in the prevention and containment of the infection in our workspaces.
- Completed Questionnaires will be retained for up to 60 days or as otherwise required by applicable law.
- Additional Screening or Monitoring Measures:
- We may, from time to time, implement additional screening or monitoring measures as official recommendations and regulations regarding COVID-19 continue to evolve. We will implement and adjust these measures to the extent permitted or required under applicable laws and regulations, which may vary depending on location. We may also leverage the information obtained from Thermal Scanning Devices, Health Screening Questionnaires, and additional measures to provide anonymized reporting and assist in notifying individuals who may have come in close contact with a COVID-19 affected individual on an anonymous, ‘no names’ basis.
Information we collect about you from other sources: We may obtain the following Personal Information about you from the following sources, which we use in the ways described in the section below:
- Third Party Name
- Categories of Data Collected
Our vendors (including security personnel): Your contact details, Health Data.
Our members: Your contact details, Health Data.
Visitors and guests: Your contact details, Health Data.
Co-workers and your employer: Your contact details, Health Data.
2. HOW AND WHY WE USE YOUR INFORMATION
2.1 Personal Information and Health Data Data protection law requires us to have a valid reason to process your Personal Information. The law refers to each reason as a ‘lawful basis’. The purposes for which we use your Personal Information and the lawful basis on which we rely are to comply with our legal obligations, to protect you or another’s vital interests, and in furtherance of our legitimate interests, as detailed below. In addition, to the extent Personal Information is considered Health Data (i.e., a special category of information under applicable law), we will process this information: (i) only where our processing is necessary for us to carry out our obligations in the field of employment (these obligations include protecting the health and safety of our employees and workspaces); (ii) with your explicit consent (we will rely on explicit consent only where we rely on consent as a lawful basis in this paragraph); or (iii) where relevant, in defense of legal claims. Where necessary to comply with our LEGAL OBLIGATIONS We will use your Personal Information to comply with our legal obligations: to protect the health and safety and well-being of our employees and workspaces (e.g. implementing measures that prevent individuals who have been infected with COVID-19 from infecting employees); to anonymise or delete your Personal Information when it is no longer required for the purposes described in this COVID-19 Privacy Notice; to comply with court orders or other notices where failure to do so would result in us breaking the law; to comply with any reporting obligations or government requests under applicable laws or legal mandates, including contact tracing; and to handle and resolve any complaints we receive relating to our processing of your Personal Information as described in this COVID-19 Privacy Notice. Where it is in your or another individual’s VITAL INTERESTS We will use your Personal Information to notify individuals you have been in close contact with and who may now be at risk of COVID-19 infection. We will do this in order to protect the health of our employees, members, visitors and guests. Any such notifications will be conducted on an anonymous basis. Where there is a LEGITIMATE INTEREST We may use and process your Personal Information where it is necessary for us to pursue our legitimate interests as a business, or that of a third party, for the following purposes: Processing is necessary for us to effectively operate our business and ensure our office spaces remain open to monitor and reduce the spread of COVID-19 infection; to decide and plan how and when our workforce will physically return to our offices; Processing is necessary for our members to ensure their businesses can remain operational to monitor and reduce the spread of COVID-19 infection; and to protect the health and safety and wellbeing of our members’ workforce and workspaces.
3. DISCLOSURE OF YOUR PERSONAL INFORMATION BY US
Your information may be disclosed to or processed by our third party service providers, agents and subcontractors (“Suppliers”) and other individuals for the purposes set out above as follows: Recipient / relationship to us Industry sector (& sub-sector) Security vendors Security Facilities and technology service providers including saas, scanning, and data destruction providers IT (Data Management) Insurers and insurance brokers Insurance (Underwriting & Broking) Legal, security and other professional advisers, auditors, and consultants Professional Services (Legal & Accounting) Health officials Healthcare Members, Visitors, Guests, Employee Various
If you have symptoms associated with COVID-19 or report that you have tested positive for COVID-19, we will use your Personal Information to notify individuals you have been in close contact with and who may now be at risk of COVID-19 infection. We will do this in order to protect the health of our employees, members, visitors and guests. Any such notifications will be conducted on an anonymous ‘no names’ basis.
4. DATA STORAGE, RETENTION AND YOUR RIGHTS