Nederlands
Privacy Policy
At New Day at Work B.V. we value your trust and your privacy. We process only the personal data we need to deliver, improve and secure our service.
This Privacy Policy explains what personal data we process, why we process it, and the rights you have. It applies to our website, demo requests, marketing activities and events. For personal data processed within the Workspace 365 platform on behalf of customers, the applicable Data Processing Agreement (DPA) applies.
Last updated: June 2026
Contact and Privacy
For all privacy related questions, requests or complaints, please contact us directly.
New Day at Work B.V.
trust@workspace365.net
+31 30 711 6725
Berencamperweg 6D, 3861 MC Nijkerk, Netherlands
Registered at the Dutch Chamber of Commerce under number 55440215.
About New Day at Work B.V.
New Day at Work B.V. operates the Workspace 365 intelligent workspace platform.
For personal data processed via our website, demo requests, marketing activities and events, we act as the data controller. This Privacy Policy describes those activities.
For personal data processed within the Workspace 365 platform on behalf of a customer, we act as a data processor. In that role we process data on the documented instruction of the customer, who is the controller. This is governed by the applicable Data Processing Agreement. In the partner model the end customer is normally the controller, the partner may act as a processor, and we act as a processor or sub-processor. In the direct customer model the customer is the controller and we act as the processor.
Purposes and Legal Basis
This section covers the personal data we process as a controller, through our website, demo requests, marketing and events. Personal data processed inside the Workspace 365 platform is covered by the applicable Data Processing Agreement and the customer's instructions.
When you request a demo or contact us, we process your name, email address and telephone number so we can reach you. When you attend a call, event or webinar, we process the contact details you share with us. We do not sell personal data. We share personal data only with sub-processors who support our service, under a written processing agreement, and with third parties where the law requires it.
The table below sets out the legal basis for each controller activity. The table below sets out the legal basis for each controller activity.
|
Purpose |
Data processed |
Legal basis |
|
Demo requests and follow up |
Name, email, telephone |
Consent |
|
Events and webinars |
Name, email, contact details |
Consent |
|
Website analytics and improvement |
Cookie data, behavioural data |
Consent |
|
Marketing and advertising |
Cookie data, contact details |
Consent |
|
Security and fraud prevention |
Log data, access data |
Legitimate interest |
|
Legal obligations and defence |
Relevant personal data |
Legal obligation or legitimate interest |
We rely on legitimate interest, we balance our interest against your rights and freedoms, and we process your data only where your interests do not override that interest.
Security and Hosting
We take appropriate technical and organisational measures to protect your data against loss and other forms of unlawful processing.
Workspace 365 is hosted on Microsoft Azure. Platform data is stored and processed within the Azure region agreed with the customer. The applicable data protection law for that region applies at all times. The technical and organisational measures for platform data are described in the applicable Data Processing Agreement.
ISO 27001:2022
Workspace 365 has renewed and retained its ISO 27001:2022 certification, renewed in December 2025. For our customers this confirms that information security is a core part of how we design, deliver and improve our intelligent workspace.
As digital collaboration, data exchange and AI become a bigger part of everyday work, trust and security are essential. We treat the information within your intelligent workspace with care, clear agreements and well defined responsibilities.
By working in line with the ISO 27001:2022 guidelines, we manage information security in a structured and demonstrable way. This supports the careful handling of personal data and aligns with GDPR compliance. For customers this means a reliable and secure foundation for daily work, collaboration and innovation.
To strengthen this approach, we have a dedicated Information Security Officer. From this role we give close attention to information security, awareness and the continuous improvement of our processes, together with all teams across the organisation.
Kelly, the digital guide. AI and Data Processing
Workspace 365 includes Kelly, your digital guide. Kelly is an AI powered knowledge assistant that operates within the customer's secured Workspace 365 environment. We always inform users clearly when they interact with an AI system.
Key principles.
- Kelly only accesses data the signed in user is authorised to see.
- We never use customer data to train public AI models.
- All AI processing stays within the customer's tenant and the agreed Azure region.
- Kelly is classified as a Limited Risk AI system under the EU AI Act.
- Kelly does not make autonomous or binding decisions.
For full details on how our AI functionality handles data, please refer to our AI Act and Responsible AI Policy and our Data Processing Agreement. For AI related questions, contact us at trust@workspace365.net.
Data Retention
We retain personal data for as long as necessary for the purpose for which we collected it, or for as long as the law requires. The criteria we use to set retention periods include the duration of the relationship, legal retention obligations and limitation periods for potential legal claims.
For the controller activities in this policy we apply the following guideline periods.
- Demo and contact leads. Retained for up to 24 months after the last contact, unless you ask us to delete them earlier.
- Event and webinar registrations. Retained for up to 24 months after the event.
- Cookie data. Retained for the periods set out in the cookie table below.
Specific retention periods for personal data processed within the Workspace 365 platform are set out in the applicable Data Processing Agreement.
International Data Transfers
Some of our service providers, including Microsoft Azure, Google and LinkedIn, may process personal data outside the European Economic Area. Where such a transfer takes place, we make sure appropriate safeguards are in place in line with the GDPR, including Standard Contractual Clauses approved by the European Commission.
A current overview of our sub-processors and their locations is available in our Sub-Processor List.
Your Rights
Under the General Data Protection Regulation you have the following rights regarding your personal data.
- Right of access. You can request a copy of the personal data we hold about you.
- Right to rectification. You can ask us to correct inaccurate or incomplete personal data.
- Right to erasure. You can ask us to delete your personal data where there is no compelling reason for us to keep processing it.
- Right to restriction of processing. You can ask us to limit how we process your personal data in certain situations.
- Right to data portability. You can receive your personal data in a structured, commonly used and machine readable format, and ask us to send it to another controller.
- Right to object. You can object to processing where we rely on legitimate interest as the legal basis.
- Right to withdraw consent. Where processing is based on your consent, you can withdraw it at any time. This does not affect processing carried out before you withdrew.
To exercise any of these rights, contact us at trust@workspace365.net. We will respond within 30 days. We may need to verify your identity before we act on your request.
If you use Workspace 365 through your employer, school or another organisation, please contact that organisation to exercise your rights. In that setting they are the controller and we act on their instruction.
Right to Lodge a Complaint
If you believe your rights under the GDPR have been infringed, you can lodge a complaint with the Dutch Data Protection Authority.
Autoriteit Persoonsgegevens
www.autoriteitpersoonsgegevens.nl
+31 88 1805 250
Cookies
This Cookie Policy explains what cookies are and how we use them. It covers the types of cookies we use, the information we collect with them, how we use that information, and how you control your preferences.
You can change or withdraw your consent at any time from the Cookie Declaration on our website. Your consent applies to the domain workspace365.net.
What are cookies?
Cookies are small text files that store small pieces of information. Your browser stores them on your device when you load a website. They help us make the website work properly, keep it secure, improve your experience, and understand how the website performs so we can improve it.
How do we use cookies?
Like most online services, our website uses first party and third party cookies for a number of purposes. The first party cookies are mostly necessary for the website to work, and they do not collect personally identifiable data. We use third party cookies mainly to understand how the website performs, to keep our service secure, to show you relevant advertisements, and to improve your experience.
What cookies do we use?
|
Cookie key |
Domain |
Path |
Type |
Expiration |
Category |
Description |
|---|---|---|---|---|---|---|
|
Strictly necessary (16) |
||||||
|
|
.hs-analytics.net |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
__cf_bm |
.hubspot.com |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hsforms.com |
/ |
Third-party |
29 min 53 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.linkedin.com |
/ |
Third-party |
29 min 53 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hs-sites-eu1.com |
/ |
Third-party |
29 min 53 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hubspotusercontent-na1.net |
/ |
Third-party |
29 min 53 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.workspace365.net |
/ |
First-party |
29 min 50 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hubspotusercontent-eu1.net |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.usemessages.com |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hs-banner.com |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hsappstatic.net |
/ |
Third-party |
29 min 54 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.hsadspixel.net |
/ |
Third-party |
29 min 51 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
/ |
Third-party |
29 min 58 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
|
.hubspot.net |
/ |
Third-party |
29 min 58 sec |
Strictly necessary |
Distinguishes humans from bots to enable valid website usage reports. |
|
|
.linkedin.com |
/ |
Third-party |
5 months 4 weeks |
Strictly necessary |
Stores guest consent for the use of non-essential cookies. |
|
|
.workspace365.net |
/ |
First-party |
180 days |
Strictly necessary |
Stores the visitor's cookie consent preferences set via the HubSpot cookie banner. |
|
Performance (8) |
||||||
|
|
.workspace365.net |
/ |
First-party |
1 year 1 month |
Performance |
Used by Google Universal Analytics to distinguish unique users via a randomly generated client identifier. Collects visitor, session, and campaign data for analytics reports. |
|
|
.workspace365.net |
/ |
Third-party |
1 year 1 month |
Performance |
Used by Google Universal Analytics to distinguish unique users via a randomly generated client identifier. Collects visitor, session, and campaign data for analytics reports. |
|
|
.workspace365.net |
/ |
First-party |
1 year 1 month |
Performance |
Used by Google Analytics to persist session state. |
|
|
.workspace365.net |
/ |
First-party |
1 year 1 month |
Performance |
Used by Google Analytics to persist session state. |
|
|
.workspace365.net |
/ |
Third-party |
1 year 1 month |
Performance |
Used by Google Analytics to persist session state. |
|
|
.workspace365.net |
/ |
First-party |
1 year 1 month |
Performance |
Used by Google Analytics to persist session state. |
|
|
.workspace365.net |
/ |
First-party |
179 days |
Performance |
HubSpot analytics tracking cookie. Used to track a visitor's identity and session data across pages. |
|
|
.workspace365.net |
/ |
First-party |
29 minutes |
Performance |
HubSpot session cookie. Used to track sessions and determine whether to increment the session number and timestamp in the __hstc cookie. |
|
Targeting (3) |
||||||
|
|
.linkedin.com |
/ |
Third-party |
11 months 4 weeks |
Targeting |
Used by Microsoft/LinkedIn to enable sharing of website content via social media. |
|
|
.workspace365.net |
/ |
First-party |
2 months 4 weeks |
Targeting |
Used by Meta to facilitate advertising products, including real-time bidding by third-party advertisers. |
|
|
.linkedin.com |
/ |
Third-party |
1 day |
Targeting |
Used by Microsoft/LinkedIn to ensure proper website functionality. |
|
|
.workspace365.net |
/ |
First-party |
89 days |
Targeting |
Used by Google AdSense and Google Tag Manager to experiment with advertisement efficiency across websites. |
|
Functionality (5) |
||||||
|
|
.workspace365.net |
/ |
First-party |
Session |
Functionality |
Used to maintain session consistency and deliver personalised services. |
|
|
.hubspot.com |
/ |
Third-party |
Session |
Functionality |
Used by Cloudflare to maintain session consistency for HubSpot-served content. |
|
|
.workspace365.net |
/ |
First-party |
Session |
Functionality |
Used by HubSpot to determine whether a visitor has started a new session, ensuring accurate session tracking. |
|
|
support.workspace365.net |
/ |
First-party |
Session |
Functionality |
Records the most recent user interaction to improve functionality and user experience. |
|
|
.workspace365.net |
/ |
First-party |
29 minutes |
Functionality |
Hotjar session cookie. Used to maintain the current session state and link page views to the same session during a browsing visit. |
We use the following tools and services to collect web analytics.
- Google Analytics. https://privacy.google.com/businesses/compliance/
- HubSpot. https://www.hubspot.com/
- Pendo. https://www.pendo.io/privacy-policy/
- LinkedIn Insight Tag. https://www.linkedin.com/legal/cookie-policy
- Google Remarketing. https://support.google.com/adwords/answer/2453998
- Microsoft Advertising. https://about.ads.microsoft.com/en/resources/policies/privacy-cookies
Based on your visit to our website, we may show you advertisements when you visit other websites. We have embedded the following tools, which may install cookies.
How can I manage my cookie preferences?
You can manage your cookie preferences by clicking the Settings button and enabling or disabling the cookie categories in the popup. To change your preferences later, click the Privacy and Cookie Policy tab on your screen. This shows the consent notice again, so you can change your preferences or withdraw your consent.
Most browsers also let you block and delete cookies. You can change your browser settings to block or delete cookies. To learn more, visit allaboutcookies.org.
Governing Law
This Privacy Policy is governed by and construed in line with the laws of the Netherlands.
Questions? Contact us at trust@workspace365.net