Inspace

Privacy Policy

Last updated: August 25, 2025

Table of Contents

1. Overview

Inspace S.à r.l. ("Inspace," "we," "us," or "our") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and protect your information when you use our furniture procurement platform and services.

This policy applies to all users of our website, platform, and services located at inspace.lu and any related services, applications, or tools.

Data Controller: Inspace S.à r.l., Luxembourg
Contact: privacy@inspace.lu

Quick Summary: We collect personal data to provide our furniture procurement services, and we protect your data in accordance with GDPR and Luxembourg law.

2. Data We Collect

2.1 Account Information
  • Registration Data: Email address, display name, password (encrypted)
  • Profile Information: Company details, address, phone number
  • Verification Data: Email verification status and tokens
2.2 Project and Usage Data
  • Project Information: Project names, descriptions, addresses
  • Furniture Configurations: 3D configurator settings and customizations
  • Order Data: Offers, orders, item specifications, pricing information
  • Communication: Support messages, feedback, and correspondence
2.3 Technical Data
  • Log Data: IP addresses, browser type, device information
  • Session Data: Login sessions, activity timestamps
  • Performance Data: Platform usage analytics and error reports
  • Cookies: Authentication cookies, preferences, and analytics cookies
2.4 Optional Data
  • Marketing Preferences: Email subscription choices
  • Survey Responses: Feedback and satisfaction surveys
  • Additional Profile Data: Optional company and contact information

3. How We Use Your Data

3.1 Service Provision (Legal Basis: Contract Performance)
  • Creating and managing your user account
  • Processing furniture orders and configurations
  • Coordinating with suppliers and manufacturers
  • Providing customer support and technical assistance
  • Managing project collaboration and team access
3.2 Platform Improvement (Legal Basis: Legitimate Interest)
  • Analyzing usage patterns to improve our services
  • Developing new features and functionality
  • Ensuring platform security and preventing fraud
  • Optimizing performance and user experience
3.3 Communication (Legal Basis: Contract/Consent)
  • Sending order confirmations and status updates
  • Providing important account and service notifications
  • Marketing communications (with your consent)
  • Responding to inquiries and support requests
3.4 Legal Compliance (Legal Basis: Legal Obligation)
  • Meeting regulatory and tax requirements
  • Maintaining records for business purposes
  • Responding to legal requests and court orders
  • Preventing and investigating fraud or illegal activity

4. Data Sharing and Disclosure

4.1 Service Partners

We share data with trusted partners who help us provide our services:

  • Furniture Suppliers: Order details and specifications for fulfillment
  • Logistics Partners: Delivery addresses and contact information
  • Payment Processors: Payment information for transaction processing
  • Technical Providers: Cloud hosting and infrastructure services
4.2 Legal Requirements

We may disclose data when required by law or to:

  • Comply with legal processes and court orders
  • Respond to government requests and regulatory inquiries
  • Protect our rights, property, and safety
  • Prevent fraud and ensure platform security
4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, subject to the same privacy protections.

4.4 Data Protection Measures
  • All partners must sign data processing agreements
  • We conduct due diligence on data security practices
  • Data sharing is limited to what's necessary for the specific purpose
  • We monitor and audit partner compliance

5. Data Security

5.1 Technical Safeguards
  • Encryption: Data encrypted in transit (TLS) and at rest
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Secure Hosting: Professional cloud infrastructure with security certifications
5.2 Organizational Measures
  • Staff Training: Regular privacy and security training for all employees
  • Access Policies: Need-to-know basis for data access
  • Incident Response: Procedures for detecting and responding to breaches
  • Regular Audits: Internal and external security assessments
5.3 Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify supervisory authorities within 72 hours when required
  • Inform affected users without undue delay
  • Provide details about the nature and scope of the breach
  • Offer guidance on protective measures you can take

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use
Type Purpose Duration Required
Authentication Keep you logged in securely Session/30 days Yes
Security (CSRF) Prevent security attacks Session Yes
Preferences Remember your settings 1 year No
Analytics Understand platform usage 2 years No
6.2 Managing Cookies

You can control cookies through:

  • Browser Settings: Most browsers allow you to block or delete cookies
  • Privacy Settings: Manage preferences in your account settings
  • Opt-out Tools: Use industry opt-out mechanisms for analytics
Note: Disabling essential cookies may affect platform functionality and your ability to use certain features.

7. Your Privacy Rights

Under GDPR and Luxembourg law, you have the following rights regarding your personal data:

7.1 Access and Portability
  • Right of Access: Request a copy of your personal data
  • Data Portability: Receive your data in a machine-readable format
  • Information Rights: Understand how your data is processed
7.2 Correction and Deletion
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restriction: Limit how we process your data
7.3 Consent and Objection
  • Withdraw Consent: Revoke consent for data processing at any time
  • Right to Object: Object to processing based on legitimate interests
  • Marketing Opt-out: Unsubscribe from marketing communications
7.4 Exercising Your Rights

To exercise your privacy rights:

  1. Account Settings: Many rights can be exercised directly in your account
  2. Contact Us: Email privacy@inspace.lu with your request
  3. Identity Verification: We may need to verify your identity for security
  4. Response Time: We'll respond within 30 days of receiving your request
Supervisory Authority: You have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) if you believe your privacy rights have been violated.

8. Data Retention

8.1 Retention Periods
Data Type Retention Period Reason
Account Information Until account deletion + 30 days Service provision
Order Records 7 years after completion Legal/tax requirements
Communication Logs 3 years Support and legal compliance
Analytics Data 2 years Service improvement
Security Logs 1 year Security monitoring
8.2 Deletion Process
  • Data is automatically deleted when retention periods expire
  • Secure deletion methods are used to prevent data recovery
  • Backup systems are included in deletion procedures
  • Legal hold exceptions may apply in case of litigation

9. International Data Transfers

9.1 Data Location
  • Primary Processing: European Union (Luxembourg)
  • Hosting Infrastructure: EU-based cloud services
  • Partner Services: May include providers outside the EU
9.2 Transfer Safeguards

When we transfer data outside the EU, we ensure adequate protection through:

  • Adequacy Decisions: Countries approved by the European Commission
  • Standard Contractual Clauses: EU-approved contract terms
  • Certification Schemes: Recognized privacy certifications
  • Binding Corporate Rules: Internal privacy policies for multinational companies

10. Children's Privacy

Our services are designed for business users and are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16 without proper consent, we will take steps to delete such information promptly.

Parents or guardians who believe their child has provided personal data to us should contact us immediately at privacy@inspace.lu.

11. Changes to This Policy

11.1 Policy Updates

We may update this Privacy Policy to reflect:

  • Changes in our services or business practices
  • New legal requirements or regulatory guidance
  • Improvements in data protection practices
  • User feedback and requests
11.2 Notification Process

When we make significant changes, we will:

  • Update the "Last updated" date at the top of this policy
  • Send email notifications to registered users
  • Display prominent notices on our platform
  • Provide a summary of key changes

Continued use of our services after policy changes constitutes acceptance of the updated terms.

12. Contact Information

12.1 Data Protection Officer

For privacy-related questions, concerns, or requests:

  • Email: privacy@inspace.lu
  • Subject Line: Privacy Inquiry - [Your Request Type]
  • Response Time: Within 30 days
12.2 Company Information
  • Company: Inspace S.à r.l.
  • Address: Luxembourg
  • Registration: Luxembourg Trade Register
  • General Contact: info@inspace.lu
12.3 Supervisory Authority
  • Authority: Commission Nationale pour la Protection des Données (CNPD)
  • Website: cnpd.public.lu
  • Address: 15, boulevard du Jazz, L-4370 Belvaux, Luxembourg

Note: This Privacy Policy is available in multiple languages. In case of discrepancies, the English version shall prevail. For the most current version, please visit our website at inspace.lu/privacy.