The company AutoM8 BIM (hereinafter referred to as “we” or “us”), in its capacity of data controller regarding the processing of Personal Data, is committed to protecting and respecting the privacy of its users, customers and suppliers, even prospective (hereinafter singularly and collectively referred to as the “you” or “your”), pursuant to the applicable national laws on data protection (hereinafter referred to as the “National Law”) and, if you are citizen of a Country in the European Economic Area, also pursuant to the European Regulation no. 679/2016 (hereinafter referred to as the “GDPR”) (hereinafter the National Law and the GDPR will be referred to as the “Applicable Law”).
“Personal Data” means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
PERSONAL DATA WE PROCESS
When you use the App or when we provide you with our Services, we may collect the following Personal Data:
Information you give us.
You may, through our App, our Services or other contact channel (e.g., e-mail, etc.), voluntarily provide us Personal Data and/or information and documents containing Personal Data. In particular, such Personal Data may include your name, email, address, order number content and type, and any other information you send through our customer support. We will process these data in accordance with the Applicable Law and on the assumption that they refer to you or to third parties who have authorized you to provide them pursuant to an appropriate legal basis which legitimize the processing at stake. In this case, you act as independent data controller, assuming all relevant obligations and responsibilities according to the Applicable Law. In this regard, you hence waive, in the full sense of the term, the right to all disputes, claims, claims for damages due to processing, etc., which may be submitted to us by the said third parties whose Personal Data have been processed through your use of the App or the Services in breach of the Applicable Law.
Information processed by us.
In order to provide you with the Services or in order to improve the performance thereof, we process your Personal Data and/or associate other data to your Personal Data, including: (i) license keys associated with the Services you requested; (ii) model data which you may send to us to review and assist with technical support, collection of this data is not done within the app but from models provided via email; (iii) developing or improving reporting tools; (iv) for general statistical purposes (e.g., case studies, business presentation, etc.).
PURPOSES AND LEGAL BASIS OF THE PROCESSING
Personal Data provided by you will be processed by us for the purposes and legal basis specified below:
To carry out our obligations arising from any contracts entered into between you and us and to provide you with Services that you requested from us (e.g., create and manage your account, provide our Services, process the subscription to our newsletter, etc.).
To communicate with you to verify your account and for informational and operational purposes (e.g., account management, customer service, system maintenance), including by periodically emailing you Services-related announcements.
To give you access to our support and customer care Services and to enable you to communicate with our team.
To send information to authorized third-parties (e.g., clients, processors, etc.).
To send marketing materials, as well as suggestions and recommendations on our services that may be of interest to you.
To carry on statistical research / analysis, as well as to report, measure and evaluate the Services’ operation, features and performance, as well as our App, its traffic and usability.
To the fulfill a legal obligation to which we are subject or to ascertain, exercise or defend a right in Court or whenever an authority exercises its jurisdiction.
This processing of each the above purposes is necessary for the performance of our mutual contractual obligations and/or carried out with your consent and/or necessary for the establishment, exercise or defence of legal claims.
Voluntary nature of the processing.
Providing your Personal Data for the above-mentioned purposes is voluntary and not mandatory. However, any refusal to provide any of such data may not allow us to establish and/or continue a contractual relationship with you, or to fulfill your requests, or to comply with legal obligations to which we are subject.
WHAT IS DATA RETENTION PERIOD AND WHAT SECURITY MEASURES HAVE BEEN TAKEN FOR YOUR PERSONAL DATA SAFEGUARD
Personal Data collected by us will be processed for the time strictly necessary to achieve the purposes referred to in above. In particular: Personal Data needed for the provision of our newsletter service will be processed until you decide to unsubscribe; Personal Data whose retention is mandatory under the applicable laws (e.g., tax laws, bookkeeping, etc.) will be retained for a period of time necessary or permitted to comply with such laws.
We warrant to maintain and continue to maintain appropriate and sufficient technical and organizational security measures to protect your Personal Data against accidental or unlawful destruction or accidental loss, damage, alteration, unauthorized disclosure or access, in particular where the Processing involves the transmission of data over a network, and against all other unlawful forms of processing. Please be aware that no security measures are perfect or impenetrable. So, while we strive to protect your data, we cannot guarantee that unauthorized access, hacking, data loss or a data breach will never occur. Notwithstanding the preceding, we operate with the aim of mitigating the risks associated with processing your Personal Data through several measures, including without limitation:
We only ever obtain, retain, process and share Personal Data that is essential to carry out our services and legal obligations: only that which is relevant and necessary is collected. In particular, by way of example, our electronic collections (i.e., via the App, etc.), have only fields that are relevant to the purpose of collection and subsequent processing, while the physical collection (i.e., face-to-face contacts, phone calls, etc.) is supported using scripts and internal forms using predefined fields.
Whenever possible, we utilize pseudonymization to record and store Personal Data in a way that ensures that such data can no longer be attributed to a specific data subject without the use of separate additional information (i.e., personal identifiers) which are protected with encryption, partitioning and other technical and operational measures of risk reduction and data protection.
Although we use encryption (i.e., using a secret key to make Personal Data indecipherable unless decryption of the dataset is carried out using such assigned key) as a form of pseudonymization, we also utilize it as a secondary risk prevention measure for securing the Personal Data that we process. In particular, we utilize VPN (Virtual Private Network) with secure keys to keep safe our processing, and SSL (Secure Socket Layer) protocols for transferring Personal Data to any party external to us (i.e., clients, processors, etc.).
We use company-wide restriction methods for restricting access into the foundation of our processes, systems and structure, in order to ensure that only those with authorization and/or a relevant purpose, have access to Personal Data and always with their private keys.
No hard copy data.
We never store any Personal Data in hard copy format.
WHO ARE THE RECIPIENTS OF YOUR PERSONAL DATA
Third-party service providers or consultants.
We engage certain trusted third parties to perform functions and provide services to us, License checking, performance monitoring, billing, customer relationship, database storage and management, and direct marketing campaigns. We may share your Personal Information with these third parties, but only to the extent necessary to perform these functions and provide such services. We also require these third parties to maintain the privacy and security of your Personal Data they process on our behalf. In particular, without limiting the foregoing, our principal third-party service providers are: (i)our platform provider (i.e Autodesk https://www.autodesk.com/company/legal-notices-trademarks/privacy-statement) (ii) our licensing service provider (i.e., LicenseSpring, see https://licensespring.com/privacy); (iii) our Customer relation service provides (i.e., Zoho, see https://www.zoho.com/privacy.html); (iv) our online payment service provider to which your Personal Data are communicated at the purpose to invoice our Services that you purchased (i.e., PayPal, see https://www.paypal.com/en/webapps/mpp/ua/privacy-full); (v) our email, calendar, meeting and file transfer service provider (i.e Google, https://policies.google.com/privacy?hl=en); (vi) Project management and code base tool (i.e Github, see https://docs.github.com/en/free-pro-team@latest/github/site-policy/github-privacy-statement)
Other Third Parties.
Third parties required by laws or authorities.
We may disclose your data to a third party if (i) we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request (including to meet national security or law enforcement requirements), (ii) to enforce our agreements and policies, (iii) to protect the security or integrity of our services and products, (iv) to protect ourselves, our other customers, or the public from harm or illegal activities, or (v) to respond to an emergency which we believe in good faith requires us to disclose data to assist in preventing a death or serious bodily injury. If we are required by law to disclose any of your Personal Data, then we will use reasonable efforts to provide you with notice of that disclosure requirement, unless we are prohibited from doing so by statute, subpoena or court or administrative order. Further, we object to requests that we do not believe were issued properly.
Aggregated or de-identified data.
We may also make certain non-Personal Data (i.e., data which has been de-identified or aggregated in a way that does not directly identify you) available to third parties for various purposes, including for business or marketing purposes or to assist third parties in understanding our users’ interest, habits, and usage patterns for certain programs, content, services, advertisements, promotions, and functionality available through the Services.
WHERE YOUR PERSONAL DATA MAY BE TRANSFERRED
Right of access.
You are always entitled to receive confirmation as to whether or not your Personal Data are being processed and, where that is the case, access and receive copy of such Personal Data in an intelligible form. Furthermore, you are also entitled to receive information concerning: the purposes of the processing; the categories of Personal Data concerned; the recipients (or categories thereof) to whom the Personal Data have been or will be disclosed; where possible, the envisaged period for which the Personal Data will be stored, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification or erasure of personal data or restriction of processing of your Personal Data or to object to such processing; the right to lodge a complaint with a supervisory authority; the source of the Personal Data; the existence of automated decision-making; where Personal Data are transferred to a third country or to an international organization, the appropriate safeguards relating to the transfer.
Right to withdraw consent.
You are always entitled to withdraw, at any time, your consent to the processing of your Personal Data, both on legitimate grounds (even though they are relevant to the purpose of the collection) and if the processing is carried out for direct marketing purpose. The preceding will not affect the lawfulness of processing based on consent before the withdrawal.
Right to rectification, erasure and restriction.
You are always entitled to obtain from us, without undue delay: the rectification or integration of your Personal Data that are inaccurate or incomplete; the erasure of your Personal Data that have been processed unlawfully or whose retention is unnecessary for the Purposes; the restriction of processing, in case you challenge either the accuracy of your Personal data or the lawfulness of the processing, or in case we no longer need the Personal Data for the Purposes, but they are required by you for the establishment, exercise or defence of a legal claim.
Right to data portability.
You have the right to receive your Personal Data in a structured, commonly used and machine-readable format, as well as the right to transmit those data to another controller without hindrance from us, where technically feasible.
Right to lodge a complaint before a European supervisory authority.
In case you are a European citizen, you have the right to lodge a complaint with the Supervisory Authority located in your place of residence.
Requests to exercise the rights above must be sent to AutoM8 BIM by e-mail to firstname.lastname@example.org. Any access request is always completed within one month; however, where the retrieval or provision of information is particularly complex or is subject to a valid delay, the period may be extended by two further months. If this is the case, we will write to the individual within one month and keep him/her informed of the delay and the reasons thereof.
AMENDMENTS TO THIS POLICY