LIVINK

Privacy policy

Information on personal data protection

Note: This is an English translation provided for convenience. The legally binding version is the Spanish original at /es/legal/privacidad. In case of conflict, the Spanish version prevails.

Data Controller

  • Entity: Cofactory Startup Resort, S.L.
  • VAT / CIF: B87617148
  • Address: Calle Irún, 23, Planta 1, 28008 Madrid, Spain
  • Email: hello@livinkcoworking.com
  • Phone: +34 644 55 96 61

Purposes of processing

In compliance with European Regulation 2016/679 General Data Protection Regulation (RGPD/GDPR) and Spanish Organic Law 3/2018 on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), we inform you that, depending on the relationship you have with us, at Cofactory Startup Resort, S.L. we process the data you provide for some, or all, of the following purposes:

  • Sending commercial information about our company by postal mail, email or other means.
  • Accounting, administrative, invoicing and collections management.
  • Information from cookies.
  • Purchases via the online store on our website or platform.
  • Managing service bookings.

Data retention period

We retain data for different periods depending on the purpose:

  • Tax and invoicing data (issued invoice, tax ID): 6 years, in line with article 30 of the Spanish Commercial Code and article 66 of the General Tax Law.
  • Contractual data (purchases, bookings, physical access): for the duration of the service plus 5 years for the defence of civil claims (article 1964 of the Spanish Civil Code).
  • Contact-form data without a subsequent purchase: up to 24 months from the last interaction, unless you ask us to delete it sooner.
  • Marketing opt-in data: until you withdraw consent.
  • Server access logs: up to 12 months for security and diagnostics.
  • Aggregated analytics data (Google Analytics 4): up to 14 months (default setting).
  • Session recordings and heatmaps (Microsoft Clarity): up to 12 months per Microsoft's retention policy.

Once the data is no longer necessary for the purpose for which it was collected, it is blocked and only remains available to the competent authorities for the applicable legal periods.

Legal basis

The legal basis for each processing activity depends on its purpose:

  • Performance of a contract (Art. 6(1)(b) GDPR) — processing purchases, bookings, physical access, invoicing and order-related communications.
  • Legal obligation (Art. 6(1)(c) GDPR) — retention of invoices and tax-related obligations.
  • Consent (Art. 6(1)(a) GDPR) — sending commercial communications, activating analytics and marketing cookies, and the contact form.
  • Legitimate interest (Art. 6(1)(f) GDPR) — fraud prevention, site security (Cloudflare Turnstile) and incident handling.

Recipients and data processors

To provide the service we rely on providers acting as data processors. They only access the data strictly necessary for their function and have signed the corresponding contract (Art. 28 GDPR). The currently active processors are:

  • Vercel Inc. (USA, EU-US Data Privacy Framework certified) — website hosting and delivery.
  • SumUp Limited (United Kingdom / EEA) — card payment gateway.
  • CoinGate UAB (Estonia, EU) — cryptocurrency payment gateway, only when the user chooses this method.
  • Holded Technologies, S.L. (Spain) — invoice issuance and management.
  • Resend, Inc. (USA) — transactional email delivery (purchase confirmations, contact form).
  • Akiles Tech, S.L. (Spain) — issuance of temporary physical-access credentials to the coworking.
  • Google Ireland Ltd. / Google LLC (EU / USA, DPF) — Google Workspace (internal email and calendar), Google Analytics 4 and Google Tag Manager (the last two only if you accept analytics cookies).
  • Microsoft Ireland Operations Ltd. (EU) — Microsoft Clarity, heatmaps and session recordings with form-field masking (only if you accept analytics cookies).
  • Cloudflare, Inc. (USA, DPF) — Cloudflare Turnstile bot-verification on the contact form.
  • Telegram FZ-LLC (United Arab Emirates) — internal notification to the LIVINK team about new orders. Your name, email, phone and order summary are sent as an operational alert; the data is not published.

Beyond these processors, your data is not shared with third parties unless required by law. If we add new providers with access to personal data in the future, we will update this policy before activation.

International transfers

Some of the processors above handle data outside the European Economic Area (USA, UK, UAE). Transfers are covered by:

  • EU-US Data Privacy Framework adequacy decision — Vercel, Google and Cloudflare are certified.
  • Standard Contractual Clauses approved by the European Commission — Resend and Telegram.
  • UK adequacy decision — SumUp Limited (UK entity).

You can request a copy of the applicable safeguards by writing to hello@livinkcoworking.com.

Your rights

You have the right to obtain confirmation as to whether at Cofactory Startup Resort, S.L. we are processing personal data concerning you. You also have the right to:

  • Access your personal data.
  • Rectification of inaccurate data.
  • Erasure ("right to be forgotten") when the data is no longer necessary for the purposes for which it was collected.
  • Restriction of processing: we will then only keep your data for the exercise or defence of claims.
  • Object to processing: Cofactory Startup Resort, S.L. will stop processing the data, except for compelling legitimate grounds or the exercise or defence of possible claims.
  • Data portability.
  • Withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights you may write to us at hello@livinkcoworking.com or by postal mail to Calle Irún, 23, Planta 1, 28008 Madrid, Spain, attaching a copy of your ID or equivalent identification document and providing as much information as possible about your request (full name, email address used in the account or service that is the subject of your request).

Lastly, we inform you that you may lodge a complaint with the Spanish Data Protection Agency (Agencia Española de Protección de Datos, www.aepd.es) and other competent public bodies regarding any matter arising from the processing of your personal data.

Cookie policy

To learn more about the cookies we use on our website, see our Cookie policy.