For the purposes of applicable UK data protection law, (in particular, the UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018), we are the controller of personal data obtained via our Website and Products. This means we are the organisation legally responsible for deciding how and for what purposes it is used.
2 TYPES OF PERSONAL INFORMATION WE COLLECT
The personal information we collect may include the following:
(b) mailing or street address;
(c) email address;
(d) social media information;
(e) telephone number and other contact details;
(f) age and date of birth;
(g) credit card, PayPal or other payment information;
(h) details relating to your Autodesk Revit account and usage;
(i) details relating to your usage of our Products;
(j) purchase history;
(k) Website or Product account details;
(l) information about your business, employment or personal circumstances;
(m) information in connection with client surveys, questionnaires and promotions;
(n) when we use analytical cookies, your device identity and type, I.P. address, geo-location information, page view statistics, advertising data and standard web log information;
(o) information about third parties; and
(p) any other information provided by you to us via our Website or Products, in the course of us providing services to you, or otherwise required by us or provided by you.
3 HOW WE COLLECT PERSONAL INFORMATION
We endeavour to ensure that information we collect is complete, accurate, accessible and not subject to unauthorised access.
We may collect personal information either directly from you, or from third parties, including where you:
(a) contact us through on our Website;
(b) have connected your Autodesk Revit account to our Products;
(c) make a purchase on our Website;
(d) create an account on or use our Products;
(e) sign up for our newsletter subscriptions;
(f) communicate with us via email, telephone, SMS, social applications (such as LinkedIn, Facebook or Twitter) or otherwise;
(g) engage us to perform services to you;
(h) when you or your organisation offer to provide, or provides, services to us;
(i) interact with our Website, social applications, services, content and advertising; and
(j) invest in our business or enquire as to a potential purchase in our business.
We may also collect personal information from you when you use or access our website or our social media pages. This may be done through use of web analytics tools, ‘cookies’ or other similar tracking technologies that allow us to track and analyse your website usage.
Our website is powered by the Shopify platform. As such, Shopify may place a number of cookies on our website some of which collect personal information we are provided. For more information related to Shopify’s cookies, please visit www.shopify.com.au/legal/cookies.
4 USE OF YOUR PERSONAL INFORMATION
4.1 USE UNDER THE UK GDPR
Where you are a “data subject” under the UK GDPR, we can only use your personal information if we have a proper reason, for example:
(a) where you have given consent;
(b) to comply with our legal and regulatory obligations;
(c) for the performance of a contract with you or to take steps at your request before entering into a contract; or
(d) for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against your own.
We do not knowingly process any special category data (as defined by the UK GDPR) as this is not required for the provision of our services. Where we process such special category personal data, we will also ensure we are permitted to do so under data protection laws.
4.2 GENERAL USE
We otherwise collect and use personal information for the following purposes:
(a) to provide services or information to you;
(b) for record keeping and administrative purposes;
(c) to comply with our legal obligations, resolve disputes or enforce our agreements with third parties;
(d) to customise and improve our Products and Website;
(e) to create and manage your account with us;
(f) where we have your consent, including to send you marketing and promotional messages and other information that may be of interest to you. In this regard, we may use email, SMS, social media or mail to send you direct marketing communications. You can opt-out of receiving marketing materials from us by using the opt-out facility provided (e.g. an unsubscribe link);
(g) for protecting the security of our systems and data;
(h) for external audits and quality checks (e.g. for the audit of our accounts);
(i) to enforce legal rights or defend or undertake legal proceedings;
(j) to develop and carry out marketing activities and to conduct market research and analysis and develop statistics;
(k) to improve and optimise our service offering and customer experience;
(l) to send you administrative messages, reminders, notices, updates and other information requested by you;
(m) to consider an application of employment from you; and
(n) the delivery of our services.
5 SHARING YOUR DATA
We may share your personal information in certain circumstances, as follows:
(a) to Shopify where you visit or otherwise interact with our website;
(b) to related entities within our corporate group for business purposes;
(c) to third party service providers or contractors (such as web hosting providers, payment service providers, cloud hosting providers and disaster recovery service providers) to enable us to provide our services to you, to process sales and payments, provide web support, store and analyse data and information and send marketing messages; and
(d) third party professional advisers such as accountants, or auditors and/or lawyers.
Where personal information is shared with the third parties outlined above, we will take all reasonable steps to ensure that third parties observe the confidential nature of such information and are prohibited from using any or all of the personal data other than for the purpose for which it was provided.
We will not sell or trade your personal information to third parties for marketing purposes.
We may also share your personal information in the following circumstances:
(a) where there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer to the extent permissible at law our user databases, together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would seek to only disclose information in good faith and where required by any of the above circumstances;
(b) to law enforcement agencies if we are requested to do so in relation to suspected unlawful activity;
(c) credit-checking agencies for credit control reasons; and
(d) disclosures required by law or regulation.
We take reasonable steps to ensure your personal information is secure and protected from misuse or unauthorised access. Our information technology systems are password protected, and we use a range of administrative and technical measures to protect these systems. However, we cannot guarantee the security of your personal information.
Our website may contain links to other websites. Those links are provided for convenience and may not remain current or be maintained. We are not responsible for the privacy practices of those linked websites and we suggest you review the privacy policies of those websites before using them.
8 YOUR RIGHTS
Where you are a “data subject” under the UK GDPR, you have various rights with respect to our use of your personal information:
(a) Access: You have the right to obtain access to your information (if we’re processing it) and certain other information (similar to that provided in this privacy notice). This is so that you’re aware and can check that we’re using your information in accordance with data protection law.
(c) Rectification: We aim to keep your personal data accurate, current, and complete. We encourage you to contact us using our contact form to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.
(d) Objecting: You also have the right to object to processing of your personal data in certain circumstances, including processing for direct marketing.
(e) Restricting: You have the right to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further.
(f) Erasure: You have the right to ask us to erase your personal data when the personal data is no longer necessary for the purposes for which it was collected, or when, among other things, your personal data have been unlawfully processed.
(g) Portability: You have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format.
(h) Complaints: If you believe that your data protection rights may have been breached, you have the right to lodge a complaint with the applicable supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office.
(i) Withdraw consent: If you have given your consent to anything we do with your personal information, you have the right to withdraw your consent at any time. This includes your right to withdraw consent to us using your personal information for marketing purposes.
You may, at any time, exercise any of the above rights, by contacting our email address provided below.
9 HOW LONG WE KEEP DATA
We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We will securely destroy your personal information in accordance with applicable laws and regulations.
If you would like further information about our specific retention periods for your personal information, please contact us using our email address provided below.
10 TRANSFERS OUTSIDE THE UNITED KINGDOM (‘UK’)
As an Australian entity with service providers located globally, to provide our services, we will need to transfer the personal information we collect to countries outside of the UK which do not provide the same level of data protection as the country in which you reside and are not recognised by the UK Information Commissioner as providing an adequate level of data protection.
When we do this, we will make sure that it is protected to the same extent as in the UK as we will put in place appropriate safeguards to protect your personal information, which may include standard contractual clauses.
For more information, please contact us at our email address provided below.
12 CONTACT US
You also have the right to lodge a complaint with the Information Commissioner in the UK, which may be contacted at https://ico.org.uk/make-a-complaint or by telephone: 0303 123 1113.