Privacy Policy

PLEASE READ THIS POLICY CAREFULLY

Origin Workspace Limited (“Origin Workspace/We/Us/Our”) is incorporated in England (Company number 10976655).

Legal Basis for Processing

At Origin Workspace, we are committed to protecting and respecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

These laws govern how we collect, use, share, and store your personal data. They also grant you specific rights as a data subject, which we respect and uphold at all times.

What Is Personal Data?

Personal data refers to any information that relates to an identified or identifiable individual. This can include your name, contact details, membership information, payment history, and more.

Our Legal Basis for Processing Personal Data

Under the UK GDPR, we must have a valid legal basis to process your personal data. Depending on the purpose and context, we rely on one or more of the following legal grounds:

Consent (Article 6(1)(a))
We will ask for your clear, affirmative consent before sending you marketing emails or newsletters. You have the right to withdraw this consent at any time.
Contractual Necessity (Article 6(1)(b))
When you sign up as a member, book an event, or purchase a service, we need to process your data to enter into and perform our contract with you.
Legal Obligation (Article 6(1)(c))
We may process and retain certain data to comply with legal obligations, such as tax and financial reporting requirements.
Legitimate Interests (Article 6(1)(f))
We may process your personal data when it is necessary for our legitimate business interests, and where such interests are not overridden by your data rights. For example, we use CCTV for security, or may analyse usage patterns to improve our services.

Why We Process Your Data: Purposes of Processing

We process your personal data for the following purposes:

Membership Management: To create and manage your account, provide workspace access, and communicate service-related updates.
Payment and Invoicing: To process your payments and manage billing and accounting records.
Customer Support: To respond to your inquiries or service requests.
Marketing Communications: To send you information about our services, promotions, and events, subject to your consent.
Security: To monitor access to our premises and ensure the safety of our members, including the use of CCTV and entry systems.
Legal Compliance: To comply with applicable laws and regulations, including tax and anti-fraud obligations.
Service Improvement: To analyse how our services are used and improve the customer experience.

Your Data Protection Rights

Under the UK GDPR, you have the following rights:

Right to be informed – To know how we collect and use your data.
Right of access – To request access to the personal data we hold about you.
Right to rectification – To request correction of inaccurate or incomplete data.
Right to erasure – To request deletion of your data in certain circumstances.
Right to restrict processing – To ask us to limit how we use your data.
Right to data portability – To request a copy of your data in a structured, commonly used format.
Right to object – To object to processing based on legitimate interests or for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected].

Complaints

If you are concerned about how we have handled your personal data, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO). More information is available at: https://ico.org.uk/make-a-complaint

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

We review our data retention practices regularly to ensure data is not kept longer than necessary. Retention periods vary depending on the nature of the data and the purpose for which it is processed. Our standard retention periods are as follows:

Data Type	Purpose of Collection	Retention Period	Legal/Operational Basis
Contact details (name, email, phone)	To respond to enquiries, manage membership	2 years after your last interaction	Legitimate interests; consent for marketing
Account and membership records	To manage your workspace membership	6 years after termination of membership	Contractual necessity; legal obligation (HMRC)
Billing and transaction data	Invoicing, payment tracking	6 years from the end of the financial year	Legal obligation (tax law)
CCTV footage	Premises security	30 days unless required for investigation	Legitimate interests; public safety
Email marketing records	Consent and communications preferences	3 years after last engagement or until consent withdrawn	Consent
Event registration information	Administering bookings and follow-up communications	1 year after the event	Legitimate interests
Access control logs (e.g., key card use)	Facility access management and safety	90 days	Legitimate interests; security
Job application data	Recruitment and HR processing	6 months after application, unless employed	Legitimate interests; consent

After these periods, data is securely deleted or anonymised unless continued retention is required by law or for legitimate business purposes.

If you have any questions about how long we keep specific information, please contact us at [email protected].

Data Sharing and Third Parties

We do not sell your personal data to third parties. However, in the course of operating our business and delivering our services, we may share your personal data with selected third parties, only to the extent necessary for the relevant purpose.

All third-party service providers are contractually required to process your data securely, lawfully, and in accordance with the UK GDPR and the Data Protection Act 2018. We ensure appropriate safeguards are in place through data processing agreements and regular due diligence.

Who We Share Your Data With

We may share your data with the following categories of recipients:

Recipient / Category	Purpose of Sharing	Examples of Providers
Cloud hosting and IT infrastructure	To store and manage data securely	Microsoft 365, Google Workspace
Payment processors	To process transactions and manage billing	Stripe, GoCardless
Marketing and communication platforms	To send newsletters, service updates, and promotions	Mailchimp, HubSpot, KEAP
Membership management software	To administer member services and workspace bookings	E-Reception, KEAP and OfficeRnD
Access control and security systems	To manage access to premises and ensure safety	SALTO, Hikvision (CCTV management)
Professional advisers	For legal, financial, and compliance support	Accountants, legal counsel
Event management or booking tools	To manage event registrations or ticketing	Eventbrite, Calendly
Analytics and website providers	To improve our website and services	Google Analytics, Hotjar
Regulators and authorities	Where legally required or for regulatory compliance	HMRC, ICO, law enforcement

International Data Transfers

Some of our service providers may store or process data outside of the UK or European Economic Area, particularly in the United States. Where this occurs, we ensure that appropriate safeguards are in place, such as:

The use of providers certified under the UK-US Data Bridge or EU-US Data Privacy Framework
Standard Contractual Clauses approved by the UK Information Commissioner’s Office

We will only transfer your data outside the UK where there is a lawful basis to do so and adequate protections are in place.

Data Sharing Safeguards

All third parties that process personal data on our behalf are required to:

Enter into data processing agreements with us
Maintain adequate security measures to protect your data

If you have any questions regarding this Privacy Policy, please contact [email protected]

we care about your privacy

Copyright © 2026 Origin Workspace

Privacy Policy

Made with

in Bristol