Privacy Policy
1. Introduction
- Purpose of the Privacy Policy
The purpose of this Privacy Policy is to provide transparency about how we collect, use, share, and protect your personal information when you interact with our platform. This policy outlines your rights regarding your data and explains the steps we take to ensure compliance with applicable data protection regulations. Our commitment is to handle your data responsibly and to give you control over how it is used
- Overview of the PaaS service
- Definitions of key terms
- Autodesk Forge / APS / Autodesk Platform Service = service for extracting data from Revit model
2. Data Collection
- Types of Data Collected:
- Personal Data: Identifiable information such as names, email addresses, phone numbers.
- Usage Data: Information on how users interact with the platform.
- Technical Data: IP addresses, browser type, device information.
- Cookies and Tracking Data: Details about the use of cookies, tracking pixels, and other similar technologies.
- Methods of Collection:
- Direct collection (through sign-up forms, user input)
- Automatic collection (through the platform’s infrastructure)
3. Use of Data
- Purpose of Data Use:
- Service provision and maintenance
- User account management
- Improving and personalizing the service
- Communication with users (updates, marketing, etc.)
- Compliance with legal obligations
- Data Analytics
Data collected from users may be analyzed for improving platform performance, user experience, and operational efficiency. This includes tracking usage patterns, system performance metrics, and user behavior to identify trends and optimize services. Data analytics may also involve the use of machine learning models to make predictions or provide insights, as well as enabling automated decision-making in real-time monitoring systems. These analyses help enhance security, detect anomalies, and personalize user experiences.
4. Data Sharing and Disclosure
- Third-Party Service Providers:
We may share your data with third-party service providers that assist in delivering our services. For instance, our cloud infrastructure is hosted by Hetzner Online GmbH, which provides secure data storage and processing services. Hetzner complies with strict data protection regulations, including the GDPR, and implements industry-standard security measures such as encryption and access controls to ensure the protection of your data. More details on Hetzner’s privacy practices can be found in their Privacy Policy.
- Legal Requirements:
We may disclose personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency). Additionally, data may be shared if disclosure is necessary to comply with legal obligations, enforce our terms of service, protect the rights, property, or safety of our company, users, or others, or in connection with an investigation of suspected illegal activities.
- Business Transfers:
In the event of a merger, acquisition, or sale of our assets, your personal data may be transferred to the acquiring organization. Any such transfer will be handled in accordance with applicable data protection laws, and we will ensure that the new entity continues to uphold the commitments made in this privacy policy. You will be notified if your data is transferred, and you will be informed of any changes in data processing or protection practices.
5. Data Storage and Security
Data Retention = One year
Security Measures:
- All Communication with Autodesk server is setup to their required standards
- All Communication between the DAQS Assist for Revit and the DAQS servers is encrypted
Data Breach Protocols:
- In the event of a data breach, we have established protocols to mitigate harm and notify affected users promptly. We will assess the breach, take immediate steps to contain it, and inform relevant regulatory authorities where required by law. Affected users will be notified if their data is at risk, and we will provide guidance on protective measures. We also implement corrective actions to prevent future breaches and improve data security
6. User Rights
Access and Correction:
- To access and correct their personal data, users can typically log into their account on the platform and navigate to the account settings or privacy settings section. Here, they can view, update, or correct any personal information they have provided. If the platform doesn’t offer direct access, users can contact customer support or the data protection officer to request access, correction, or updates to their personal data. Specific instructions should be outlined in the platform’s privacy policy, and response times may be regulated by applicable data protection laws like GDPR.
Data Portability:
- Users have the right to request a copy of their personal data in a structured, commonly used, and machine-readable format. This enables users to easily transfer their data to another service provider. To exercise this right, users can contact us via the provided support channels. We will process the request in accordance with applicable data protection regulations and ensure that the data is provided securely within the legally required timeframe.
Data Deletion:
- Users have the right to request the deletion of their personal data under certain circumstances, such as when the data is no longer necessary for the purpose it was collected, or if consent is withdrawn. To request deletion, users can contact us through the provided channels. We will evaluate each request in accordance with applicable laws, and where eligible, ensure that the data is securely deleted from our systems within the required timeframe.
7. International Data Transfers
Data Transfers:
- All data we collect is stored within the European Union, ensuring compliance with the strict data protection standards of the GDPR. If, in exceptional cases, data needs to be transferred outside the EU, we ensure that adequate safeguards are in place, such as Standard Contractual Clauses or other legally approved mechanisms, to protect your data. We will notify users of any such transfers and ensure that their data remains secure and protected in line with applicable regulations.
Compliance with Local Laws:
- We adhere to all applicable local and international data protection laws, including the General Data Protection Regulation (GDPR) within the European Union. Depending on your location, we ensure that data is processed in compliance with relevant laws such as the California Consumer Privacy Act (CCPA) or other local regulations. Our commitment to legal compliance ensures that your data is handled lawfully and transparently, regardless of where you reside.
8. Children's Privacy
No children are allowed on the system.
9. Changes to the Privacy Policy
Notification of Changes:
- We will notify users of any significant changes to this Privacy Policy by sending an email or by posting an update on our platform. Changes will be effective from the date specified in the notice. We encourage users to regularly review this policy to stay informed about how we protect their data. If required by law, we will obtain user consent before implementing any material changes.
10. Contact Information
Data Controller Details:
- If you have any questions or concerns about this Privacy Policy or how your data is processed, you can use the contact form on the website.
User Support:
- If you have any questions or concerns about this Privacy Policy or how your data is processed, you can use the contact form on the website.
11. Legal Bases for Processing (if applicable)
Consent:
- Consent is obtained from users before collecting or processing their personal data. Users are informed about the type of data being collected, the purpose of collection, and how it will be used.
Contractual Necessity:
- Personal data may be processed when necessary to fulfill a contract with the user or to take steps prior to entering into a contract. This includes processing required for providing services, managing accounts, delivering products, or processing payments. If users choose not to provide the necessary data, we may not be able to fulfill the contract or offer certain services. Processing under this legal basis is limited to the data needed to meet contractual obligations.
Legitimate Interests:
- We may process personal data based on our legitimate interests, which include improving our services, ensuring platform security, preventing fraud, and engaging in direct marketing. We always balance these interests against the user’s rights and freedoms, ensuring that data processing is necessary and minimally invasive. Users have the right to object to processing based on legitimate interests, and we will carefully consider any such requests in compliance with applicable data protection laws
12. Data Subject Rights (if applicable)
Details under GDPR or other local regulations:
- Users have the right to object to the processing of their personal data in certain circumstances, such as for direct marketing or based on legitimate interests. Users can also request the restriction of processing if they contest the accuracy of their data or if the processing is unlawful. Additionally, users have the right to lodge a complaint with a supervisory authority if they believe their data protection rights have been violated.
13. Cookies and Tracking Technologies
Types of Cookies Used:
We use cookies to enhance your experience and ensure the proper functioning of our website. Below is a list of the essential cookies we use and their purposes:
ASP.NET_SessionId
This is a session cookie used by ASP.NET to maintain the user’s session across different pages of the website. It helps track user actions, like remaining logged in. The cookie is deleted when the session ends or the browser is closed.
Type: Session
Purpose: Session Management
Expires: End of session
RequestVerificationToken
This is an anti-forgery cookie used to protect against Cross-Site Request Forgery (CSRF) attacks. It ensures that any form submissions or actions on the website come from the authenticated user and not from external malicious sources.
Type: Security
Purpose: Preventing CSRF attacks
Expires: End of session
TawkConnectionTime
This cookie is set by our live chat service (Tawk.to) to manage real-time chats with users. It helps identify users during their chat session to provide seamless support.
Type: Functionality
Purpose: Live chat service
Expires: End of session
UMB-XSRF-TOKEN & UMB-XSRF-V
These are anti-forgery tokens set by Umbraco CMS to protect the site against Cross-Site Request Forgery (CSRF) attacks. They ensure that form submissions are made by the authenticated user.
Type: Security
Purpose: Preventing CSRF attacks
Expires: End of session
UMB_UCONTEXT & UMB_UCONTEXT_C
These cookies are used by Umbraco CMS to manage session data for users who access the administrative section of the website. They help ensure that the user remains logged in and can navigate through the administrative interface without re-authenticating on every page.
Type: Session
Purpose: User authentication for CMS
Expires: End of session
Umbraco Cookie Popup
This cookie is used to manage the cookie consent popup that appears when you first visit the site. It stores your preference regarding cookies to ensure you do not see the popup again once you have made your selection.
Type: Functionality
Purpose: Cookie consent management
Expires: 1 year
Managing Cookies
You can control and manage cookies through your browser settings. Most browsers allow you to block or delete cookies; however, blocking some cookies may impact the functionality of the website, especially those necessary for security or session management.
15. Links to Other Websites
Third-party Links:
- Our website may contain links to third-party websites or services that are not operated by us. Please be aware that we do not control and are not responsible for the content, privacy practices, or cookies used by these external sites. We recommend reviewing the privacy policies and terms of service of any third-party websites you visit through our platform to understand how they collect, use, and share your personal data. We are not liable for any damages or issues arising from interactions with these third-party links.