Privacy Policy

Last updated: April 28, 2025

Lab28 - Floorspace Manager App ("we," "us," "our") operates a mixed-use commercial building: the Lab28 Public Event Zone and the Lab28 Offices Zone. We collect personal data—identifiers, access logs, bookings, and elevator calls—to manage access, optimize space, and ensure emergency evacuation.

Data is stored in Google Cloud EU data centers via Google Firebase Services, encrypted at rest and in transit, and processed under GDPR, Slovakia's Act No. 18/2018 Coll., the Labour Code (Act No. 311/2001 Coll.), and the Commercial Code (Act No. 513/1991 Coll.).

1. Information We Collect

1.1 Lab28 Public Event Zone

• First and last names, email addresses, and event-specific info.
• Device and usage data: IP address, device type, OS version, App interaction metrics.
• Analytics data: Website usage patterns, page views, and interaction data via Google Analytics.

1.2 Lab28 Offices Zone (Secured Access)

• Credentials: name, verified email, and authentication method.
• Door-access logs: door ID, timestamp, user ID.
• Elevator-call records: call time, floor, user ID.
• Meeting-room bookings: room ID, time, names and emails of participants.

2. How We Use Your Data

• Authenticate users and maintain access logs.
• Check-in, communications, and analytics for events.
• Utilization reports for managers.
• Share logs and bookings with security during emergencies.

3. Data Storage & EU Compliance

3.1 EU-Based Data Residency

Stored in Google Cloud EU multi-region with Assured Workloads.

3.2 Firebase GDPR Controls

• Processing limited to EU regions with encryption.
• Customer-managed encryption keys (CMEK) supported.

3.3 Google Analytics

Google Analytics data is processed by Google LLC. We have enabled IP anonymization and consent management. Analytics data is retained for 26 months and can be opted out through our cookie consent banner or browser settings.

4. Data Sharing and Disclosure

• Shared during emergencies or audits with authorized personnel.
• Third-party providers bound by GDPR-compliant contracts.
• Disclosures for lawful investigations or safety concerns.

5. Data Retention

• Public event data: 6 months, then anonymized or deleted.
• Offices zone logs/bookings: 12 months unless extended.

6. Data Security

TLS encryption in transit, AES-256 at rest, role-based access controls, regular audits, and secure key management via Secret Manager.

7. Legal Framework & Employee/Contractor Compliance

7.1 Slovak Data Protection Law

Act No. 18/2018 Coll. (GDPR implementation), overseen by OPDP SR (Úrad na ochranu osobných údajov Slovenskej republiky).

7.2 Employment Data (Labour Code)

Under Act No. 311/2001 Coll., data processed for contracts, safety, and protection with privacy safeguards.

7.3 Contractor Data (Commercial Code)

Governed by Act No. 513/1991 Coll. and GDPR Articles 6(1)(b) and 6(1)(f), with documentation and privacy-by-design.

8. Your Rights

GDPR (EU Residents)

• Access & Portability
• Rectification & Erasure
• Restriction & Objection
• Right to lodge a complaint

CCPA (California Residents)

• Right to Know
• Right to Delete
• Right to Opt-Out
• Non-Discrimination

9. Children’s Privacy

Services are for adults (18+). Contact us if you believe minor data was collected.

10. Changes to This Policy

Updates may occur due to service or legal changes. Significant updates will be announced via the App or email.

11. Contact Us

Privacy Officer

Lab28 - Floorspace Manager App – The Lab28 Events Zone – The Lab28 Offices Zone