Privacy Policy

Last updated: 26.2.2026

1. Who We Are

One Coworking GmbH ("One Coworking", "we", "us", or "our") operates the One Coworking platform at www.onecoworking.com and associated mobile applications (together, the "Platform"). We are the controller responsible for your personal data unless we process it on behalf of an enterprise client (in which case we act as a processor — see Section 10).

Contact details:

One Coworking GmbH
Rudi-Dutschke-Straße 23, 10969 Berlin, Germany
Email: privacy@onecoworking.com

2. What Data We Collect

We collect the following categories of personal data when you use the Platform:

Identity Data — First name, last name, profile picture

Contact Data — Email address, phone number

Account Data — User ID, login credentials (stored as hashed values only), role and permissions, account preferences, team memberships

Booking Data — Booking history, workspace preferences, check-in and check-out records, cancellations

Usage & Behavioral Data — Pages visited, features used, booking frequency, engagement metrics

Device & Technical Data — IP address, browser type and version, device type, operating system, app version

Payment Data — Credit purchase records, transaction history, Stripe customer ID. We do not store credit card numbers — all card data is handled directly by our payment processor, Stripe.

Communication Data — Content of transactional emails we send you (booking confirmations, invitations), customer support chat history

Diagnostic Data — Error logs and performance data used to maintain and improve the Platform

We do not collect special categories of personal data (e.g., health data, biometric data, political opinions) as defined under Article 9 GDPR.

3. How We Collect Your Data

We collect personal data in the following ways:

  • Directly from you — when you create an account, make a booking, contact support, or update your profile.
  • Automatically — when you use the Platform, we collect technical and usage data through cookies, server logs, and similar technologies (see Section 7).
  • From your employer — if you are an Authorized User under an enterprise account, your employer may provide us with your name and email address to set up your account.

4. Why We Process Your Data and Legal Basis

Providing the Platform and processing bookings
Legal Basis: Performance of a contract (Art. 6(1)(b))

Managing your account and authentication
Legal Basis: Performance of a contract (Art. 6(1)(b))

Processing payments and managing credits
Legal Basis: Performance of a contract (Art. 6(1)(b))

Sending transactional emails (booking confirmations, receipts, invitations)
Legal Basis: Performance of a contract (Art. 6(1)(b))

Customer support via in-app chat
Legal Basis: Legitimate interest (Art. 6(1)(f)) — providing effective user support

Error monitoring and platform stability
Legal Basis: Legitimate interest (Art. 6(1)(f)) — maintaining a reliable service

Platform analytics and usage statistics
Legal Basis: Legitimate interest (Art. 6(1)(f)) — improving our product

Marketing communications
Legal Basis: Consent (Art. 6(1)(a)) — you can withdraw consent at any time

Compliance with legal obligations (e.g., tax records)
Legal Basis: Legal obligation (Art. 6(1)(c))

5. Who We Share Your Data With

We share personal data only with service providers who process data on our behalf (processors), or where otherwise required. We do not sell your personal data.

Service Providers (Sub-Processors)

Supabase Inc. — Frankfurt, Germany (EU)
Purpose: Database hosting, user authentication, file storage

Stripe Inc. — United States
Purpose: Payment processing

Resend Inc. — United States
Purpose: Transactional email delivery

Intercom Inc. — United States
Purpose: Customer support messaging and in-app communication

Functional Software Inc. (Sentry) — Germany (EU)
Purpose: Error monitoring and diagnostics

Vercel Inc. — United States / Global Edge
Purpose: Application hosting and content delivery

Google LLC — United States
Purpose: Platform analytics (via Google Tag Manager), mapping services

Slack Technologies LLC (Salesforce) — United States
Purpose: Internal operational notifications

Workspace Hosts

When you book a workspace, we share your name and booking details with the relevant workspace host so they can provide access to the booked space. The host processes your data as an independent controller subject to their own privacy policies.

6. International Data Transfers

Your personal data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers located outside the EEA (see Section 5), we ensure appropriate safeguards are in place:

  • EU-U.S. Data Privacy Framework (DPF): Stripe and Google are certified under the DPF, which the European Commission has recognized as providing an adequate level of data protection.
  • Standard Contractual Clauses (SCCs): For providers not covered by an adequacy decision, we use EU Standard Contractual Clauses as adopted by the European Commission to ensure an equivalent level of protection.

7. Cookies and Tracking Technologies

The Platform uses cookies and similar technologies. Cookies are small text files stored on your device.

Strictly Necessary Cookies
Essential for the Platform to function (authentication, session management). Examples: Supabase auth cookies.

Analytics Cookies
Help us understand how you use the Platform so we can improve it. Examples: Google Tag Manager, Vercel Analytics.

Customer Support Cookies
Enable our in-app support chat. Examples: Intercom.

You can manage your cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the Platform.

8. How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy:

Account data — For the duration of your account, plus 30 days after deletion

Booking and transaction data — Up to 10 years after the transaction (German tax law, §§ 147 AO, 257 HGB)

Support chat history — Up to 2 years after your last interaction

Error logs and diagnostics — Up to 90 days

Analytics data — Aggregated and anonymized after 26 months

When data is no longer needed, we delete it or anonymize it so it can no longer be linked to you.

9. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access (Art. 15) — request a copy of the personal data we hold about you.
  • Rectification (Art. 16) — request correction of inaccurate data.
  • Erasure (Art. 17) — request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
  • Restriction (Art. 18) — request that we limit how we process your data.
  • Data Portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Objection (Art. 21) — object to processing based on legitimate interests, including profiling.
  • Withdraw Consent (Art. 7(3)) — where processing is based on your consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@onecoworking.com. We will respond within one month as required by law.

You also have the right to lodge a complaint with your local data protection supervisory authority. For Berlin, this is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
Friedrichstr. 219, 10969 Berlin
https://www.datenschutz-berlin.de

10. Enterprise Accounts

If you use the Platform as an Authorized User through your employer's enterprise account, your employer is the data controller and One Coworking acts as a data processor on their behalf. In this case, your employer's privacy policy governs the processing of your personal data, and any data subject requests should be directed to your employer in the first instance.

11. Children's Privacy

The Platform is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you believe a child under 16 has provided us with personal data, please contact us at privacy@onecoworking.com and we will delete it promptly.

12. Links to Third-Party Websites

The Platform may contain links to websites operated by third parties (e.g., workspace host websites). We are not responsible for the privacy practices of these websites and encourage you to review their privacy policies.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify you by email or through the Platform.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have concerns about how we handle your data:

One Coworking GmbH
Rudi-Dutschke-Straße 23, 10969 Berlin, Germany
Email: privacy@onecoworking.com

Exit icon
"