top of page

Privacy Policy

Last updated: October 14, 2025

 

1. Introduction

FoodWorks is a collaboration between Embassy House Coworking AB (Embassy House), NEAT Innovation AB, and Ekebeck AB (together referred to as “we”, “our”, or “the FoodWorks partners”).

​

We are committed to protecting your personal data and respecting your privacy in accordance with the EU General Data Protection Regulation (GDPR) and Swedish data protection legislation.

 

This Privacy Policy explains how we collect, use, and share your personal data when you interact with FoodWorks — including through our website, coworking and lab facilities, rental services, and related communications.

​

2. Who We Are and Our Roles

The FoodWorks collaboration involves three partners, each with distinct responsibilities:

​

  • Embassy House

    • Coworking leases and membership administration

    • Coworking app usage and customer service

    • Responding to inquiries and requests sent through the website or via email

    • Collecting and retaining customer and company information (with consent)

    • Marketing communications, including use of photos and videos of customers (with consent)

    • Installing and maintaining surveillance cameras (CCTV) within the premises for safety and property protection

    • Collaborating with NEAT Innovation AB to support member networking and business development opportunities
       

  • NEAT Innovation AB

    • Rental and management of laboratory spaces and lab equipment

    • Facilitating innovation and collaboration within the FoodWorks network

    • Sharing relevant company and contact information (with consent) to enable business growth and development support in collaboration with Embassy House
       

  • Ekebeck AB

    • Property ownership and management

    • Administration of key tags and building access systems

 

All three partners may share customer information as necessary to deliver FoodWorks services efficiently, securely, and in a way that supports community and business collaboration.

​

3. Personal Data We Collect

Depending on your interaction with us, we may collect the following personal data:

  • Identification and contact details: Name, address, email, phone number, company name, and billing information.

  • Access and usage data: Key tag IDs, app login information, booking details, and facility usage logs.

  • Marketing materials: Photos, videos, or testimonials (only with your prior consent).

  • Communication data: Messages, forms, or emails you send to us through the website or other contact channels.

  • Professional information: Business sector, company role, and relevant project details (with consent), when used to facilitate networking or advisory support.

  • Video surveillance data: CCTV footage from security cameras installed in common areas of the premises (not in private offices, restrooms, or meeting rooms).

 

We collect this data directly from you or from our shared administrative systems as part of providing the FoodWorks services.

​

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes:

Managing coworking leases, lab rentals, and memberships - Performance of contract (Art. 6(1)(b) GDPR)

Providing customer support and communication - Legitimate interest (Art. 6(1)(f))

Managing building access and key tags - Performance of contract (Art. 6(1)(b))

Responding to requests or inquiries sent via the website or email - Consent (Art. 6(1)(a)) and/or legitimate interest (Art. 6(1)(f))

Retaining personal or company information shared by customers - Consent (Art. 6(1)(a))

Marketing, including photos or videos of events and community activities - Consent (Art. 6(1)(a))

Facilitating networking, collaboration, and business development between members - Consent (Art. 6(1)(a)) and legitimate interest (Art. 6(1)(f))

Fulfilling legal obligations (e.g. accounting, tax) - Legal obligation (Art. 6(1)(c))

Ensuring the safety of people, property, and equipment through CCTV surveillance - Legitimate interest (Art. 6(1)(f))

​

Embassy House specifically requires your consent to:

  • Receive and retain any personal or company information shared through the FoodWorks website or by email.

  • Respond to customer inquiries and requests made through digital communication channels.

  • Share relevant personal or company details with NEAT Innovation AB for the purpose of facilitating business networking and development opportunities within the FoodWorks community.

 

CCTV surveillance is carried out on the legal basis of legitimate interest, solely for the purpose of protecting individuals, property, and facilities. Signs will be clearly displayed in all areas under surveillance.

​

5. Sharing of Personal Data

Your personal data may be shared between Embassy House, NEAT Innovation AB, and Ekebeck AB for the purposes described above.

​

In particular, Embassy House and NEAT Innovation may share limited company and contact information to connect members, promote collaboration, and support business growth — always in line with your expressed preferences and consent.

 

Each partner acts as a joint controller under GDPR, meaning they collectively determine how and why your personal data is processed. The partners have agreed on their respective responsibilities in accordance with Article 26 of the GDPR.

​

You can contact Embassy House for general inquiries about data protection and to exercise your data rights.

 

We do not disclose your personal data to any third parties except:

  • Service providers assisting in our operations (e.g. IT, accounting, or marketing support), bound by confidentiality agreements.

  • When required by law or regulatory authorities.

  • In the event of security incidents, CCTV footage may be shared with law enforcement authorities where legally justified.
     

6. Data Retention

We retain personal data only for as long as necessary for the purposes it was collected, or as required by law. Typically:

  • Lease and membership records: up to 7 years (in line with Swedish accounting laws)

  • Key tag and access data: up to 12 months after contract termination

  • Marketing photos/videos: until consent is withdrawn

  • Website or email inquiries: up to 12 months after correspondence, unless ongoing consent for retention is provided

  • Business development and networking data: until consent is withdrawn or membership ends

  • CCTV footage: normally retained for up to 30 days, unless required longer for investigation of an incident
     

7. Your Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)

  • Request correction of inaccurate data (Art. 16)

  • Request deletion (“right to be forgotten”) (Art. 17)

  • Restrict or object to processing (Art. 18–21)

  • Withdraw consent at any time (Art. 7(3))

  • Lodge a complaint with the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY)
     

To exercise your rights, please contact us using the details below.
 

8. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. This includes secure IT systems, restricted access controls, and encrypted communication channels.

​

9. Contact Information

For questions or to exercise your data protection rights, please contact:

Anders Nilsson (Joint Controller Representative)
Embassy House Coworking AB 
Email: anders@embassy.house
Address: Embassy House, Östgötagatan 12, 116 25 Stockholm

​

10. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the date of last revision clearly stated.

bottom of page