Booking is now open. Give us a try with a Day Pass!

en flag
Join NEST
en flag
Join NEST

Privacy Policy

NEST CoWork & Play GmbH Last updated: March 2026

1. Who We Are & How to Contact Us

This website is operated by NEST CoWork & Play GmbH, registered in Hamburg, Germany, HRB197575 Amtsgericht Hamburg. We are the data controller responsible for your personal data.

Data Controller: NEST CoWork & Play GmbH, Hofweg 70, Hamburg, Germany hello@nestcoworkandplay.com

Data Protection Officer (DPO): datenschutz@nestcoworkandplay.com

If you have any questions about how we handle your data, please don't hesitate to reach out.

2. What Data We Collect & Why

We collect and process personal data only to the extent necessary for the purposes described below.

2.1 Website Visitors

When you visit our website, we automatically collect certain technical information, including your IP address, browser type, time zone, and browsing behaviour on our site. This data is collected via cookies and analytics tools (see Section 5) and is used solely to ensure the technical functioning of the website and to generate anonymised usage statistics.

Legal basis: Art. 6(1)(f) GDPR – legitimate interests (website security and optimisation).

2.2 Newsletter & Contact Forms

If you sign up for our newsletter or contact us via a form, we collect your name and email address. This data is used solely to respond to your enquiry or to send you the newsletter you requested.

Legal basis: Art. 6(1)(a) GDPR – your consent, which you may withdraw at any time.

2.3 Membership Registration & Booking

When you register for a membership or make a booking, we collect and process the following data:

  • Full name, date of birth, and contact details (of the member)

  • Name and date of birth of your child or children

  • Payment information (processed via Stripe)

  • Booking history and membership status

  • Photos or images, where provided for your member profile

Legal basis: Art. 6(1)(b) GDPR – performance of a contract.

2.4 Special Categories of Personal Data

In connection with your membership, we also process the following sensitive data, as defined under Art. 9 GDPR:

  • Measles vaccination status of your child, as required under the German Measles Protection Act (Masernschutzgesetz, § 20 IfSG)

  • Health information such as allergies or medical conditions, disclosed voluntarily by parents to ensure the safety of their child

Legal basis: Art. 9(2)(b) GDPR – processing necessary for the fulfilment of obligations in the field of social protection law (Masernschutzgesetz); and Art. 9(2)(a) GDPR – explicit consent for health information relating to allergies and medical conditions.

We treat all health-related data with the highest level of care and confidentiality. Access is restricted to authorised staff only.

2.5 Photos & Images

If we take photographs or videos on our premises (e.g. for social media or marketing), we will always obtain your explicit consent beforehand. You may withdraw this consent at any time by contacting us at datenschutz@nestcoworkandplay.com.

Legal basis: Art. 6(1)(a) GDPR – consent.

3. How Long We Retain Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law.

Data TypeRetention PeriodMembership & booking dataDuration of membership + 3 years (statutory limitation period)Payment records10 years (German commercial law, § 257 HGB)Health data (vaccination, allergies)Duration of membership, then deletedPhotos / imagesUntil consent is withdrawnNewsletter / contact dataUntil unsubscription or withdrawal of consentWebsite analytics dataAs per tool settings (see Section 5)

4. Who We Share Your Data With

We do not sell your personal data. We share data only with trusted third-party service providers who process data on our behalf, and only to the extent necessary:

SimplyBook.me: Booking & membership management; EU / international
Stripe: Payment processing, USA (see Section 6)
Google Analytics: Website analytics, USA (see Section 6)
Google Ads: Online advertising, USA (see Section 6)
Meta (Facebook/Instagram): Advertising via Meta Pixel, USA (see Section 6)
Hostinger Reach: Email marketing, EU / international
Cookiebot (Usercentrics): Cookie consent management, EU

All third-party providers are contractually bound to process your data only in accordance with our instructions and applicable data protection law.

5. Cookies & Tracking Technologies

Our website uses cookies – small text files stored on your device. We use Cookiebot to manage your cookie consent. When you first visit our website, you will be asked to consent to the use of non-essential cookies.

Types of cookies we use:

  • Strictly necessary cookies: Required for the website to function. No consent needed.

  • Analytics cookies (Google Analytics): Help us understand how visitors interact with our website. Only active with your consent.

  • Marketing cookies (Google Ads, Meta Pixel): Used to show you relevant advertising. Only active with your consent.

You may withdraw or change your cookie consent at any time by clicking the cookie settings link in the footer of our website.

Legal basis: Art. 6(1)(a) GDPR – consent (for non-essential cookies); Art. 6(1)(f) GDPR – legitimate interests (strictly necessary cookies).

6. International Data Transfers

Some of our service providers – including Google, Meta, and Stripe – are based in the United States. When data is transferred to countries outside the European Economic Area (EEA), we ensure appropriate safeguards are in place in accordance with Art. 46 GDPR, including Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information on the safeguards applied by individual providers, please refer to their respective privacy policies.

7. Your Rights Under GDPR

As a resident of the European Economic Area, you have the following rights regarding your personal data:

  • Right to be informed – to know how your data is used (this policy)

  • Right of access – to request a copy of the data we hold about you

  • Right to rectification – to correct inaccurate data

  • Right to erasure – to request deletion of your data ("right to be forgotten")

  • Right to restrict processing – to limit how we use your data

  • Right to data portability – to receive your data in a structured, machine-readable format

  • Right to object – to object to processing based on legitimate interests or for direct marketing

  • Rights related to automated decision-making – we do not use automated decision-making or profiling

To exercise any of these rights, please contact us at datenschutz@nestcoworkandplay.com. We will respond within 30 days.

You also have the right to lodge a complaint with the competent supervisory authority. In Hamburg, this is:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit (HmbBfDI) www.datenschutz.hamburg.de

8. Links to Third-Party Websites

Our website may contain links to external websites. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies independently.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. The date at the top of this page indicates when it was last updated. We encourage you to review this policy periodically.

10. Contact

For any questions about this Privacy Policy or your personal data, please contact us at:

datenschutz@nestcoworkandplay.com

Contact

Give us a follow and don't miss out on any important updates and special offers:

Email

Sign Up For Our Newsletter

hello@nestcoworkandplay.com

© 2026. All rights reserved.

Privacy Policy

Impressum (Legal Notice)

Terms & Conditions (AGB)