Privacy Policy

Update: July 2022

1. Who are we and what is CIAO?

We are Ciao Nederland B.V., also trading under the name Ciao, and we offer an innovative workplace management solution to better manage flexible and hybrid workplaces, allow employees to book a space in the office and avoid overcrowded offices. 

Employers (our “Clients” and “Controllers” – see below) use the CIAO management console (“Admin Portal”) to indicate which offices, floors, zones and workplaces can be reserved. Teams and employees can easily be added. 

Employees simply reserve a workplace via an online web-based application (“ Web App”) or a mobile app  (“App”). 

The App and management console do not use any location data or distance-tracing Bluetooth technology. You can find more information about our Services on our website (the “Website”).The Admin Portal, Web App and App will jointly be referred to as the “Application”, and all services related to the Platform will be referred to as the “Services”.

2. Our commitment to Data Privacy

We are all about respecting your privacy and protecting your Personal Data. We process Personal Data.
Personal Data means all information by which a person can be directly or indirectly identified – in line with the definitions of the General Data Protection Regulation (GDPR) and other relevant legislation on the protection of Personal Data (collectively referred to as the Privacy Regulation).

3. Privacy Policy

This is our Privacy Policy. In this document, we explain what kind of Personal Data we collect via our Services. We also explain what role we have in the processing of Personal Data, how long we retain them, and what rights you have as a data subject.

This Privacy Policy applies when you ("you", the "Customer", the "User") access, visit or use any portion of the Services.

For the purposes of this Privacy Policy: 

4. Our role as Processor and Controller

Ciao as Processor
As for most Personal Data that is processed within the context of our Services, we act as Processor within the meaning of the Privacy Legislation. This means we process the Personal Data on behalf of our Clients and will not carry out any processing activity without specific instruction of our Customers. In this respect, we sign a Data Processing Agreement with all of our Customers, in which the instructions and our obligations are specified.
Our Customers define the purpose and the means of such processing of Personal Data, which means they act as Controller within the meaning of the Privacy Regulation. 
In our role as Processor, we e.g. process the following information: login credentials, team, role, and workplace reservations. This data is only used by your employer to gain insight into the number of occupied and available workplaces at your office and to allocate available workspace - and not to track any form of performance. 

Ciao as Controller 
Apart from the processing of Personal Data on behalf of our Customers we also collect and process some Personal Data for our own purposes. The Personal Data we process on our own behalf mainly relates to our Clients (employers) and not to their employees. Within this context we act as Controller ourselves within the meaning of the Privacy Regulation.
See chapter 5 for a further explanation of the Personal Data we process as a Controller. 

5. How we process your Personal Data

5.1 Personal Data collected by Ciao

Ciao is the “data controller” of Personal Data collected via e.g. its Website.

What Personal Data is collected?

Personal Data we process through messages sent via our contact form or to one our email addresses:
Your name, e-mail address and other (personal) data you share with us in your message.

Why is this Personal Data being collected?

We use these data to contact you about your message and/or to provide you information and/or support.
We may process these Personal Data, because we have a legitimate interest to process these data. We need these data to contact you about your message and/or to provide you support. 

5.2 Processing of Personal Data related to the use of the Application

As Controller we collect and process the following Personal Data of our Customer and the Users of our Services:

What Personal Data is collected?

Why is this Personal Data being collected?
We use this information to contact our Customers regarding the Services we (may) provide them.
We use these data to:

We may process these Personal Data of our Customers, because we need these Personal Data to perform our contract with our Customers, i.e. to enable you to use our Services, and to enter into a contract with a potential Customers. 

Furthermore, we may process these Personal Data of potential Customers, because we have a legitimate interest to do so.
We are also obligated to share (some of) these data with the national tax authorities.
We have a legitimate interest to use technical information, functional cookies and your IP-address, namely to analyse and improve our Services.

6. Cookies

In our Application, we use technical cookies. These are cookies that are essential for the operation of our App. They enable you to move around our App and use our features.

7. How long do we keep the Personal Data?

Ciao as Processor
We retain the Personal Data we process on behalf of our Customers for as long as the Customer instructs us to do so. As a rule, our Customers ask us to delete the retained Personal Data after two weeks. We may however retain the Personal Data for a longer period if our Customer explicitly asks for this.

Ciao as Controller
We retain the Personal Data we process as Controller as long as this is necessary for the purposes for which we process them. If we no longer need such Personal Data we delete them, unless we are legally obliged to store them for a longer period.

8. Do we share your Personal Data with others?

Ciao as Processor
We may use Sub-Processors to assist us in our Services. Within this context these Sub-Processors receive Personal Data from us which they process by our order, in accordance with the instructions from the Customer, our Controller. 
We use, for instance, Sub-Processors for the identification of users when logging in. We enter into a Sub-Data Processing Agreement with all our Sub-Processors. Our use of Sub-Processors is in accordance with the Privacy Regulation.

Ciao as Controller
We may also use (Sub-)Processors to assist us in our Services provided as Controller. We enter into a Data Processing Agreement with all our Processors. Our use of (Sub-)Processors is in accordance with the Privacy Regulation.
In addition, we may share some of the Personal Data processed as Controller with other controllers. For example, we share our financial administration with the tax authorities, because we are legally obliged to do so.
Apart from the above, we will not share your Personal Data with third parties, unless we are legally obliged to do so.

9. Export of Personal Data outside the European Union

We may transmit Personal Data to parties outside the European Union, if one of our (Sub-)Processors is established outside the European Union. The Personal Data will only be transferred to countries and/or parties that provide an adequate level of protection in accordance with the European standards.

The transmission of data outside the European Union will always happen in conformity with the Privacy Legislation (chapter 5 of the GDPR).

10. Data security

We protect all Personal Data we process from unauthorized and unlawful access, change, disclosure, use and destruction. For instance, we take the following technical and organizational measures to protect the Personal Data:

11. Links to other websites

You can find (hyper) links on our Website or in our App which link to the websites of partners, providers, advertisers, sponsors, licensors or any other third parties. We have no control of the content or the links which appear on said websites and we are not responsible for the practices of websites linked to. Furthermore, these websites, including their content and links, may constantly change. These websites may have their own privacy policies, user conditions and customer policies. Browsing and interaction on any other website, including websites linked to, are subject to the terms and conditions of such website.

12. Changes of the Privacy Policy

The Privacy Policy may be changed from time to time. Please check our Privacy Policy frequently and take note of any changes. The new Privacy Policy will be effective immediately upon posting on our Website. If we change our Privacy Policy significantly, then we will state so on our Website together with the revised Privacy Policy.

13. Your rights and our contact data

As laid down in the Privacy Legislation, you have the right to:

As for the Personal Data we process as Processor, your first contact point for the actions above will be your employer (our Customer), acting as Controller. If needed, we will assist your employer in executing the rights stated above. If you approach us with one of the mentioned requests directly, we will forward such request to your employer.

Ciao Nederland B.V.
Kingsfordweg 151
1043 GR Amsterdam
The Netherlands
Or use the contact form on our Website.