Privacy Notice

UPFLEX INC. GLOBAL PRIVACY NOTICE

Date of Last Revision: December 27, 2022

Effective January 1, 2023

Upflex is a software-as-a-service platform that provides the ability for organizations and individuals to reserve workspaces with third-party space partners, and strategic business partners which may occur under a different brand such Optality or Colliers.

Upflex Inc., (“Upflex,” “we,” “us,” or “our”) knows you and your User’s (“you” or “your”) personal information is important. We appreciate the trust you place in us when you visit the Upflex platform and use our services. As a result, we process the personal information we receive from you responsibly and in accordance with applicable laws and regulations.

This Privacy Notice describes how we process the personal information collected when you and your Users access this website (“Website”) or our mobile application (“Mobile App”). Together the Website and Mobile App are the Upflex Platform (“Upflex Platform” or the “Services”). When you leave the Upflex Platform, this Privacy Notice no longer applies. Any subsequent website, application, or service you access will have its own privacy notice and other applicable terms.

This Notice tells you about your rights and choices with respect to your personal information, including how you can contact us if you have any questions or concerns. In this Privacy Notice “Personal Information“ means any information relating to an identified or identifiable individual.

Please read this Privacy Notice carefully. If you do not agree with this Privacy Notice or any part thereof, you should not access or use any part of the Services. If you change your mind in the future, you must stop using the Services. You may exercise your rights in relation to your Personal Information as set out in this Privacy Notice.

PLEASE NOTE: If you provide Personal Information to Upflex on behalf of your Users you must provide notice to your Users and this Privacy Notice must be incorporated into the privacy notice you provide to your Users.

PLEASE NOTE: If you are a third-party processing personal information generated by the Upflex Platform you must provide notice to your Users regarding how you are processing the personal information, and this Privacy Notice must be incorporated into your privacy notice. This includes space partners providing third-party spaces to be reserved via the Upflex Platform.

What’s Changing With This Update?

It’s important to us that you clearly understand how we process your personal information and that you understand the rights you have under privacy and data protection laws. We have updated our Privacy Notice to include new disclosures and choices under recently effective new laws. We welcome any questions, concerns, or feedback you may have about the updates to this Privacy Notice. You can review previous versions of this Privacy Notice here.

1. Our Relationship With You

In situations where you are subject to the Terms of Service for use of the Upflex Platform, Upflex is the processor/service provider (a provider that processes personal information on behalf of or at the direction of a controller, or other similar designation under the law) and you (usually a company or organization) are the controller/business (the entity that decides how and why information is processed) of the information provided to Upflex. In all other cases, Upflex is the controller of the personal information.

The Upflex Platform can be used by companies or by individual Users. If you’re using the Services through your company, educational institution, or with your company email address, your company or educational institution’s own Administrator is responsible for the accounts associated with that company or institution and can: restrict, suspend, or terminate your access to or ability to use the services, access information about you, access or retain information stored with us (including your workspace content and log data about your use of the Services), and restrict your ability to edit, restrict, modify, or delete information associated with your use of our products and services.

2. Personal Information We Collect

When you visit the Upflex Platform, we collect: (1) technical information that is used to deliver the contents and services and for other purposes as described below, and (2) information that you, or your Members, voluntarily submit.

Personal Information You Provide to Us

We collect a variety of information that you provide to us. The specific types of information we collect will depend upon your engagement with the Upflex Platform.

Account Information. If you create an account to use the Services as the account administrator (“Administrator”), or by accepting the invitation to register as a User (“User”) under an Administrator’s account, we collect Personal Information to allow you to use our Services via this account. When you sign up, you provide us with your name, password, email address, physical address, mobile phone number, job title, photograph (optional), geolocation, booking history, and other account information necessary to create and maintain your account.
Contact Information and Other Information You Choose to Provide to Us. You can provide a variety of information during your interactions with us, such as through emails or other communications. When you contact us via a website contact form, email, or other means, you provide us with Personal Information, such as your name and contact details, and the content of your communications.
Support Information. When you request technical support services, we will process your Personal Information such as your name and the contact details you use to contact us, as well as information regarding the reasons for your support request, the support that was provided, and any additional information you may provide in that context.
Financial Information. If you purchase our Services, you will need to provide payment information. We will use that information solely for the purpose of fulfilling your purchase request.
Other Information. You may choose to directly provide us with information associated with your use of the Services. For example, if you decide to use the Services offered, we will collect and store the content and information you create or upload to the account on the Upflex Platform (“User Content”).

Information Collected Automatically

We may automatically collect certain information based upon your behavior on the Upflex Platform. We use this information to conduct internal research on system usage, demographics, interests, and behavior to better understand who is visiting the Upflex Platform, for marketing purposes and to improve our Services. Whenever possible, the collected data is de-identified, aggregated and/or anonymized.

Single Sign-On Through Internet Service Providers. We may collect Personal Information from internet service providers when you decide to use their single sign-in servers to connect to our Services. Your interactions with these tools are governed by the privacy notices of the corresponding platform.
Device and Usage Information. When you access and use the Upflex Platform, we receive and store information about your interactions, such as date/time stamps, usage information and statistics, your internet protocol (IP) address, hardware and software information (including operating system version and type), browser type, device identifiers, device event information, crash data, cookie data, and the pages you have viewed or engaged with before or after accessing the Upflex Platform including content accessed, time viewed, links clicked, referring/exit pages, and clickstream data. This information could be used to identify you or your device and may provide us with your location.
Cookies and Similar Technologies. We collect Personal Information via cookies, pixel tags, or similar technologies on the Upflex Platform (collectively referred to as “Cookies“). For more information on our use of Cookies, please read our Cookie Notice.
Location Information. When you use the Services, we may collect general location information (such as general location inferred from an IP address).
Information from Other Sources. We may collect information about you from third parties, such as marketing partners and researchers. We may combine this information with information we collect from you and use it as described in this Privacy Notice.

3. How We Use the Personal Information We Collect?

We use the Personal Information we receive or collect for the following purposes:

To create your account for your use of the Services.
To provide our Services, including to operate, maintain and support our Services by making available our online database with business contact details to Administrators and Users.
For personalization to customize our Services to meet your specific needs.
For product improvement as described in our Terms of Service and other collateral documentation to improve the Services and to develop new products, services, and features.
To communicate with you, by phone, text, email, or chat. This may include contacting you for administrative purposes such as security or support and maintenance advisories, to provide services and information that you request, to respond to comments and questions, to contact you regarding issues concerning your use of our Services, including changes to this Privacy Notice, and to otherwise provide customer support.
Subject to any consent requirements, to send marketing materials, alerts about the latest developments and features or other promotional materials, and to develop new promotional materials that can be useful or relevant to you. You will always be provided with an opportunity to opt out of receiving such communications. For example, You opt out by following the instructions located at the bottom of any commercial emails you may receive or by contacting us as described in the Contact Us section in this Privacy Notice.
For customer and third-party relationship management including to track emails, phone calls, and other actions you have taken as a prospective customer or our customer or other third-party such as our space partners.
For aggregation or anonymization of Personal Information which is a format that does not allow our Administrators or Users to be personally identified. We use the resulting information for statistical analysis regarding the use of the Services, such as to better understand our customer base, or for other purposes.
For administrative and legal purposes, such as for compliance purposes, including enforcing our Terms of Service or enforcing or defending other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency, and to comply with our legal obligations and internal policies as permitted by law.
For safety, security and integrity focused on investigating in good faith alleged violation of our Terms of Service.

4. Who We Share Personal Information With

We may disclose Personal Information about you under the following circumstances:

Group Entities. We may disclose Personal Information about you to our affiliates and subsidiaries, if any, for the purpose of providing the Services and conducting business.
Service Providers. We work with third parties for the purpose of providing the Services such as hosting, maintenance, and support. These third parties may have access to or process your Personal Information as part of providing those services to us. For example:
- We use service providers such as payment providers to process credit card payments on the Upflex Platform. When you use a credit card to pay for our Services, information such as your name, billing address, phone number, email address and credit card information will be submitted to service providers for verification and to manage any recurring payments.
- We use cloud service providers who we rely on for data storage, disaster recovery and to perform our obligations to you.
- We use service providers of business communication tools.
- We use space partners who are service providers offering third-party spaces to be reserved via the Upflex Platform.
Native Integrations. You can use native integrations to share data with other work applications. Upflex does not share data from integrated apps with any other services or clients. For example, when you integrate your Google account, we access your Google account to gather information that is required for the integration endpoint.
Change of Corporate Ownership. Personal information about our Administrators or Users, including Personal Information, may be disclosed, and otherwise transferred to an acquirer, successor, or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which personal information is transferred to one or more third parties as one of our business assets.

Legal. Personal information about our Administrators and Users will be disclosed to law enforcement agencies, regulatory bodies, public authorities or pursuant to the exercise of legal proceedings if we are legally required to do so, or if we believe, in good faith, that such disclosure is necessary to comply with a legal obligation or request, to enforce our terms and conditions, to prevent or resolve security or technical issues, or to protect the rights, property or safety of Upflex, our Administrators or Users, a third party, or the public.
Strategic Business Partners. We may share your Personal Information with our strategic business partners for the following purposes:
- Expanding our sales and marketing efforts,
- Expanding the number of spaces available via the Upflex Platform,
- To integrate Upflex Platform via API into a specific organizations IT infrastructure,
- To embed the Upflex Platform into a device,
- To add features and functionality to the Upflex Platform for resale to a unique customer-base, and
- To offer “white label” versions of the Services under a different brand, such as Optality or Colliers.

Your personal information will only be shared with a strategic business partner if you have a direct relationship with the strategic business partner. For example, if you book a space via a white label offering your personal information will be shared with that strategic business partner, and their privacy notice will apply.

5. Subprocessors

A list of current sub-processors is located on the Website in the footer of the home page. https://upflex.com/legal/subprocessor-list/ We will provide notice if this list of sub-processors changes. If you do not agree with the changes, you may terminate your use of the Upflex Platform in accordance with the Upflex Platform Terms of Service.

6. Your Rights

You have the following rights associated with the processing of your personal information:

Right to Access or Right to Know. You have the right to obtain access to the Personal Information we hold about you and to request certain information about our processing. You have the right to receive an explanation of (i) why we process your Personal Information, (ii) the categories of Personal Information we have about you, (iii) who we share your Personal Information with, (iv) how long we store your Personal Information and (v) who we received your Personal Information from if it was not collected from you directly. We will also inform you about your privacy rights.
Right to Rectification or Correction. You have the right to correct, update or complete any Personal Information we hold about you that is inaccurate or incomplete. Please note that we may rectify or remove incomplete or inaccurate information, at any time and at our own discretion.
Right to Erasure or Deletion. You may request to have your Personal Information anonymized, erased, or deleted, as appropriate. In this case, if there is no overriding legitimate interest to continue processing your Personal Information, we will erase your data.
Right to Object to Processing. You have the right to object to our processing of your Personal Information where we are relying on a legitimate interest or if we are processing your Personal Information for direct marketing purposes.
Right to Restrict Processing. You have a right in certain circumstances to stop us processing your Personal Information other than for storage purposes.
Right to Portability. You have the right to receive, in a structured, commonly used, and machine-readable format, Personal Information that we hold about you, if we process it based on our contract with you, or with your consent, or to request that we transfer such Personal Information to a third party.
Right to Withdraw Consent. You may withdraw any consent you previously provided to us regarding the processing of your Personal Information at any time and free of charge. We will apply your preferences going forward. This will not affect the lawfulness of the processing before you withdrew your consent.
Right to Lodge a Complaint. You may lodge a complaint with a supervisory authority, including in your country of residence, place of work, or where you believe an incident took place.
Right Against Discrimination. We will not discriminate against your for exercising your rights.
Right to Opt Out of Targeted Advertising or Sale. You can ask us to stop using your personal information for targeted advertising when required by law.

You may exercise these rights by contacting us as set out in the “Contact Us“ section below.

Please note that, prior to any response to the exercise of such rights, we will require you to verify your identity. In addition, we may have valid legal reasons to refuse your request and will inform you if that is the case. Note that applicable laws contain certain exceptions and limitations to each of these rights. Subject to certain restrictions, you can ask an agent to exercise your rights for you. If you have an agent exercising your rights, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny the agent’s request if we are not reasonably able to confirm proper authorization and/or verify your identity as the requestor.

To appeal any refusal by us to act on a data subject rights request by contacting us by email at [email protected].

PLEASE NOTE: Only the registered account Administrator may close an account. The Administrator may decide to terminate the ability of one or more of the invited Users to use their account. Only the User’s manager may request the deletion of the User Content in the account.

7. Retention of Information

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Notice, to make the Services available to you, or as instructed by you, unless a longer retention period is required or permitted by law.

8. Security and Storage

We implement a variety of security measures that are reasonably designed to protect the safety of your Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, or destruction when you enter or submit your Personal Information on the Upflex Platform. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us via the Internet. IF YOU BELIEVE YOUR PRIVACY HAS BEEN BREACHED THROUGH USE OF THE SERVICES, PLEASE CONTACT US IMMEDIATELY AT: [email protected].

When you use the Services, personal information about you will be stored in the United States. For more information about our EU data storage options, please contact: [email protected].

9. Analytics & Advertising

Analytics. We will use first-party analytics to provide the Services, including analyzing the performance of the Upflex platform, for product improvement, or for marketing purposes as described above. We may also use third-party web analytics services on the Upflex Platform, such as those of Google Analytics. These third-party services use the sort of technology described in the “Information We Collect Automatically” section above to help us analyze how Users use the Upflex Platform, including by noting a third-party website from which you arrive. The information collected by the technology will be disclosed to or collected directly by these third parties, who use the information to evaluate your use of the Services. We also use Google Analytics for certain purposes related to advertising, as described above. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-Out Browser Add-on.

Advertising. Third-party services, including Google Analytics, Hubspot, LinkedIn, Intercom, and Datum Decipher, may use cookies and web beacons to collect information about your activities on the Upflex Platform to provide you targeted advertising based upon your interests. This means these third-party services may show our ads on sites across the Internet based upon your previous visits to the Upflex Platform. Together with these third-party services, we may use these cookies and web beacons to report how your ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to your visits to the Upflex Platform.

The use of tracking technologies by third-parties, technology partners or other third-party assets (such as social media links) on the site is not covered by this Privacy Notice. We do not have access or control over these technologies.

If you would like to learn more or opt out of receiving online display advertising tailored to your interests, please visit the Networking Advertising Initiative at: www.networkadvertising.org/managing/opt_out.asp or the Digital Advertising Alliance at: http://aboutads.info/choices.

Please note this does not opt you out of being served advertising. You will continue to receive generic ads. If you delete your cookies, use a different browser, or buy a new computer, you will need to renew your online display advertising opt-out choice. To opt out of Google Analytics for Display Advertising or customize Google Display Network ads, you can visit the Google Ads Settings page.

10. Third Party Links and Websites

This Privacy Notice does not address, and we are not responsible for, the privacy practices of any third parties, including those that operate websites to which the Upflex Platform links. The inclusion of a link on the Upflex Platform does not imply that we or our affiliates endorse the practices of the linked website.

11. Co-Branded Websites

If our Website links to other websites that include our branding, this Privacy Notice does not apply to those other websites. Visitors to those websites are advised to carefully read the notices on those individual websites.

12. Children’s Online Privacy Protection Act Compliance

Our Services are all directed to people who are at least 18 years old or older. We do not knowingly collect any “Personal Information” (as defined by the U.S. Children’s Online Privacy Protection Act) from anyone under 18 years of age. If we become aware that we have collected the Personal Information of an individual under 18 years of age, we will take reasonable steps to delete it as soon as possible.

13. Change of Ownership

In the event of a change in ownership, or a merger with, acquisition by, or transfer or sale of all or a portion of our assets to, another entity, we reserve the right to transfer all your Personal Information to that entity. We will use reasonable efforts to notify you of a transfer to an unaffiliated third party (by a posting on our homepage, or by email to your email address that you provided to us, as chosen by us in our discretion).

14. Changes to Our Privacy Notice

We reserve the right to amend this privacy notice at any time to reflect changes in the law, our data collection, use or sharing practices or advances in technology. We will make the revised Privacy Notice accessible throughout the Upflex Platform. You should review this privacy notice periodically. The “Date of Last Revision” included at the beginning of this privacy notice will indicate when it was last updated.

By continuing to access or use our Upflex Platform, you are confirming you have read and understand the latest version of this Privacy Notice.

15. Complaints

If you wish to lodge a complaint about how we process your Personal Information, please contact us as described in the Contact Us section below. We will endeavor to respond to your complaint as soon as possible. You may also lodge a claim with the applicable supervisory authority.

16. Contact Us

If you have any questions or comments about this Privacy Notice, our privacy practices, or if you would like to exercise your rights with respect to your Personal Information, please contact us by one of the following methods:

Send us an e-mail at: [email protected], or
Write to us at: 27 E 28th St Floor 8, New York, NY 10016, or
Via the Contact Us web form located on the Upflex Platform

Supplemental Privacy Notice

(EU, Turkey, Switzerland, and the United Kingdom (EEA+))

Date of Last Revision: 4 April 2022

Effective January 1, 2023

This Supplemental Privacy Notice applies to you only if you are a natural person and you are located in the European Union, Switzerland, or the United Kingdom. This Supplemental Privacy Notice is incorporated into and forms part of the Upflex Global Privacy Notice.

This Supplemental Privacy Notice provides supplemental notices that are unique to the EEA+ region.

1. Legal Bases for the Processing of Personal Information

If you are located in the EEA, UK or Switzerland, our legal basis for processing your Personal Information is described in this section:

Consent. This is the case where you have consented to the use of your Personal Information.
Contract. We need your Personal Information to provide you with our Services to perform our obligations associated with our contract with you, such as to create and secure your account, or to respond to your inquiries.
Legitimate Interest. We have a legitimate business interest in processing your Personal Information to provide the Services to our Customers. We only rely on legitimate interest as a legal basis when our legitimate interests do not override your fundamental rights and freedoms associated with privacy and data protection on balance. We ensure we comply with any requests you make to exercise your associated rights.
Legal Obligation. We may have a legal obligation to process your Personal Information, for example to comply with tax and accounting obligations, and we may process your Personal Information when necessary to establish, exercise, or defend legal claims. We may also process your Personal Information when necessary to protect your or another individual’s vital interests.

2. Data Protection Officer

The Upflex, Inc. Data Protection Officer can be reached at: [email protected].

3. Data Protection Representative

If you are located in the EEA, the UK, Switzerland, or Turkey you may also contact our data protection representative. We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact. Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website https://prighter.com/q/12321850633”

4. International Data Transfers

If you provide us with your Personal Information when using the Services from the EEA, Turkey, Switzerland or the UK or other regions of the world with laws governing data collection and use that may differ from U.S. law, then please note that you are transferring your Personal Information outside of those regions to the United States for storage and processing.

If we transfer your Personal Information internationally, we will ensure that relevant safeguards are in place to afford adequate protection for your Personal Information and we will comply with applicable data protection laws, by relying on an EU Commission adequacy decision, or the current standard contractual protections for the transfer of your Personal Information or if a derogation is available.

The specific legal basis for the international or cross-border transfer of your Personal Information is described in your Data Processing Agreement with Upflex (“DPA”), which is located here.

5. Complaints

You have the right to contact the appropriate supervisory authority at any time to lodge a complaint regarding the processing of your data. The list of EU supervisory authorities is located here. All other supervisory authorities can be located via a search for their website homepage.

Supplemental Privacy Notice to Residents of California, Colorado, Connecticut, Virginia, and Utah

Date of Last Revision: 4 April 2022

Effective January 1, 2023

This Supplemental Privacy Notice applies to you only if you a natural person and you are a resident of California, Colorado, Connecticut, Virginia, or Utah. This Supplemental Privacy Notice is incorporated into and forms part of the Upflex Global Privacy Notice.

This Supplemental Privacy Notice provides supplemental notices that are unique to the US states listed above.

1. Categories of Personal Information We Collect, and How We Use and Share that Information

During the past twelve (12) months, we have collected, used, and shared the following categories of personal information:

Category of Personal Information	Category of Source	Business or commercial purpose(s) for collection	Categories of third parties with whom we share
Personal identifiers	Directly from you or your agents From your Organization From your Vendors or Customers From other third parties you choose to interact with From our service providers From public sources	To provide our Service to you To communicate with you To verify your identity To protect your account To prevent fraud or illegal activity Our marketing activities	Our service providers Your authorized service providers Other third parties that you authorize Our business and marketing partners Third parties as required by law
Financial information, including bank account number, credit card number	Directly from you or your agents From your Organization From your Vendors or Customers From other third parties you choose to interact with From our service providers From public sources	To provide our Service to you To verify your identity To protect your account To prevent fraud or illegal activity
Commercial information, including use of products/services	Directly from you or your agents From your Vendors or Customers	Provide our Services to you Prevent fraud or illegal activity Product Improvement
Internet or other electronic network activity information	Directly from you From our service providers	Provide our Services to you Protect your account Prevent fraud or illegal activity Debug or repair our Services Maintain reliability, quality, or safety of our Services Improve our Services Our marketing activities
Photograph	Direction from you	Profile picture that may be used to identify you by our space partners
Geolocation data	Directly from you From your mobile provider or ISP	Provide our Service to you Protect your account Prevent fraud or illegal activity Debug or repair our Service Maintain reliability, quality, or safety of our Services
Audio, electronic, visual, or similar information	Directly from you	Provide our Service to you Prevent fraud or illegal activity Improve our Services Maintain reliability, quality, or safety of our Services
Professional or employment-related information	Directly from you From your Organization From your Vendors or Customers	Provide our Service to you Prevent fraud or illegal activity Our marketing activities
Inferences drawn to create a profile about a consumer	All personal information collected directly or indirectly as described in the Global Privacy Notice	Provide our Service to you Prevent fraud or illegal activity Maintain reliability, quality, or safety of our Services Our marketing activities

2. Sensitive Personal Information

When we collect your photo, geolocation, or financial details (such as your bank account or credit card numbers), we are deemed to be collecting data that is “sensitive” under state privacy laws. Where legally required, we will obtain your consent for collecting this information. For our California Users, we do not use or disclose sensitive personal information for any purpose other than as permitted by law, such as to provide our Service to you, to detect security incidents, and protect against malicious or fraudulent actions, nor do we use or disclose such information to build a profile about you.

3. Sales/Sharing

In the last 12 months, we have allowed third party ad providers to collect personal information from our Upflex Platform visitors to provide them with targeted advertising and analytics. This practice may constitute a sale of personal information under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes) of personal information.

In the last 12 months, we have also transferred personal information with our strategic business partners as described in the Global Privacy Notice, which may also constitute a sale of personal information under certain state laws and, in California, may also constitute “sharing” (which is a term used to address the sharing of information for advertising purposes) of personal information.

To the extent that our practices constitute a sale or sharing of your personal information, you have the right to opt-out of the sale or sharing of your personal information with the third parties in this Privacy notice by filling out this Opt-Out Form Privacy and by enabling Global Privacy Control on your browser or opting-out of cookies by clicking here.

4. Manage Cookies

Global Privacy Control (“GPC”) is a setting you can enable in your web browser to communicate your privacy preference for not having certain information about your webpage visits collected across websites. For all the details, including how to turn on GPC, visit https://globalprivacycontrol.org/. Our websites that link to this Privacy Notice recognize and respond to GPC signals.