1. Who We Are
Whose Room is provided by GUID Ltd, registered company in England no. 06053883. For this privacy notice, GUID Ltd is the controller for the personal data processed by the Whose Room service unless a separate agreement says otherwise.
You can contact us about privacy at info@whoseroom.com.
2. What This Notice Covers
This notice explains how Whose Room uses personal data when you visit the site, create an account, join a team, manage buildings or rooms, view calendars, make bookings, receive emails, upload images, or contact us.
The service is intended for room, building, calendar, team, and booking coordination. It is not intended for storing special category data, payment card data, identity documents, health records, safeguarding records, or other unnecessary sensitive information.
3. Personal Data We Collect
We collect account details such as your name, email address, password hash, email verification state, login sessions, account settings, and optional mobile number.
We collect team, building, room, calendar, timeslot, booking, invitation, contact visibility, and role information needed to operate the service.
We collect content you choose to provide, including booking descriptions, uploaded team icons, building images, room images, and messages or support requests you send to us.
We collect technical and security data such as IP address, browser details, request logs, session cookies, audit logs, abuse-prevention signals, and error information.
4. How We Use Personal Data
We use personal data to provide accounts, authentication, calendars, room availability, booking records, team membership, invitations, notifications, contact visibility controls, administration tools, and support.
We use personal data to keep the service secure, prevent abuse, investigate faults, maintain audit history, enforce the terms, and comply with legal obligations.
We may use aggregated or anonymized information to understand how the service is used and improve reliability, usability, and capacity.
5. Lawful Bases
We process account, team, building, calendar, and booking data because it is necessary to provide the service you ask us to use.
We process security, audit, abuse-prevention, and operational records because we have legitimate interests in protecting users, the service, and our organization.
We process some information because we must comply with legal obligations. Where consent is required, such as for certain cookies or similar technologies, we ask for it separately and you can manage it through the available consent controls.
6. Visibility Within The Service
Whose Room is designed so building, calendar, booking, team, and user data is not public. Other users may see information only where their account, team membership, calendar access, ownership role, or SystemAdmin role permits it.
Your name may be visible to users in your teams and to people who administer relevant buildings, calendars, bookings, or teams. Your email address and mobile number are shown only when your own settings and the relevant team settings allow it, except where an administrator needs limited access to operate or protect the service.
7. Cookies And Similar Technologies
We use necessary cookies to keep you signed in, protect forms, remember security state, and operate the service.
In production we may use consent management, analytics, advertising, or measurement tools where configured. Non-essential cookies and similar technologies are controlled through the consent choices made available on the site.
8. Emails And Notifications
We send service emails such as registration, verification, password reset, invitation, booking, moderation, account, and administrative messages.
These messages are part of operating the service. You should not use Whose Room if you cannot receive essential account, security, or booking-related emails.
9. Sharing Personal Data
We share personal data with users and administrators inside the service according to access rules and contact visibility settings.
We use service providers for hosting, email delivery, security, analytics, consent management, and other infrastructure. They may process personal data only as needed to provide their services to us.
We may share information if required by law, to protect rights and safety, to investigate abuse, or as part of a business transfer involving the service.
10. International Transfers
Some service providers may process data outside the UK or European Economic Area. Where this happens, we use appropriate safeguards such as adequacy regulations, standard contractual clauses, or equivalent protections where required.
11. Retention
We keep personal data only for as long as needed to provide the service, maintain security and audit history, resolve disputes, comply with legal obligations, and preserve operational booking records.
If you request account deletion, Whose Room anonymizes your user row and removes personal identifiers while preserving system history needed for bookings, audits, and operational stability.
12. Security
We use technical and organizational measures designed to protect personal data, including password hashing, session controls, access checks, CSRF protection, security headers, audit records, and role-based visibility.
No online service can guarantee perfect security. You are responsible for keeping your login details secure and telling us promptly if you suspect unauthorized access.
13. Your Rights
Depending on where you live and the data involved, you may have rights to access, correct, erase, restrict, object to, or receive a copy of your personal data.
You can update some information in your account settings. To make another privacy request, contact info@whoseroom.com. We may need to verify your identity before acting on a request.
14. Children
Whose Room is not directed at children. Accounts should be created and managed only by people who are old enough and authorized to use the service for their team or organization.
15. Complaints
Please contact us first if you have a privacy concern so we can try to resolve it. If you are in the UK, you also have the right to complain to the Information Commissioner's Office.
16. Changes To This Notice
We may update this privacy notice when the service, legal requirements, or our processing changes. The latest version will be published on this page.