BIM360-TECH
Privacy Statement

Effective Date: January 1, 2025

BIM360-TECH (“BIM360-TECH”, “we”, “us”, or “our”) is committed to the lawful, transparent, and secure processing of personal data in the course of delivering advanced technology solutions, software licensing, technical support, and related services to our clients, partners, and authorized users. This Privacy Statement establishes the principles, scope, and mechanisms through which we collect, use, store, transfer, disclose, and protect personal information, in strict adherence to applicable international, federal, and local data protection laws, including but not limited to the EU General Data Protection Regulation (GDPR), the UK Data Protection Act 2018 (DPA), the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Brazil’s Lei Geral de Proteção de Dados (LGPD), Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), and other jurisdictional frameworks, as applicable.

This Statement applies to all personal data obtained through BIM360-TECH’s websites, cloud-hosted applications, licensed software products, hardware-integrated solutions, in-person and virtual events, webinars, surveys, support interactions, marketing activities, and visits to our physical or virtual offices (“offerings”). It also governs personal data we process on behalf of our enterprise and governmental customers under written contracts, in which cases we act as a data processor, subject to the instructions and governance of the data controller.

1. Definitions and Interpretive Scope

For the purposes of this Statement, “personal data” means any information that directly or indirectly identifies an individual, such as name, email address, telephone number, government-issued identifiers, geolocation data, online identifiers, or any combination of data elements that permits identification. “Processing” encompasses any operation performed on personal data, whether automated or manual, including collection, recording, organization, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, combination, restriction, erasure, or destruction. “Sensitive personal data” refers to categories subject to heightened legal protection, such as biometric identifiers, precise location data, financial account numbers, or data relating to minors.

2. Lawful Basis and General Principles of Processing

We process personal data exclusively under lawful bases as defined by applicable legislation: (i) to fulfill contractual obligations; (ii) to comply with legal and regulatory requirements; (iii) to serve legitimate interests that do not override individual rights and freedoms; or (iv) pursuant to explicit consent, which may be withdrawn at any time without retroactive effect. Our processing adheres to the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

3. Collection of Personal Data

We acquire personal data through three primary channels:

1. Direct Collection: Information voluntarily provided by individuals during account creation, licensing registration, technical support requests, training enrollment, participation in events or webinars, submission of surveys, communication via email or chat, or interaction through official BIM360-TECH social media channels. This may include identifiers (name, phone, email), professional data (title, employer, certifications), commercial data (purchases, subscriptions), educational data (qualifications, training history), payment data (processed through secure third-party providers), and multimedia content (profile images, recorded support calls, or event participation footage).

2. Automated Collection: Data generated or captured through interaction with our offerings, including IP addresses, device and browser fingerprints, operating system metadata, license activation telemetry, crash diagnostics, usage metrics, navigation patterns, and cookie-based identifiers. Automated collection methods may employ cookies, beacons, pixels, and equivalent tracking technologies, with opt-out mechanisms where legally mandated.

3. Third-Party Sources: Data supplied by authorized resellers, integration partners, industry networks, business contact databases, enrichment service providers, social networking platforms, and public registries. Such data may include professional profiles, corporate affiliations, licensing history, or publicly disclosed contact details, which we integrate and reconcile with existing records to maintain accuracy and relevance.
   

4. Purpose and Scope of Processing

The personal data we process is used strictly for purposes consistent with the context of collection, including:

• Establishing and managing user accounts and license entitlements.

• Providing, maintaining, and enhancing our offerings, including delivery of updates, security patches, and feature improvements.

• Fulfilling transactions, processing payments, and issuing invoices through secure payment processors (BIM360-TECH does not store full financial account information).

• Delivering technical support, troubleshooting services, and operational communications.

• Enforcing license agreements, detecting and preventing fraud or unauthorized use, and ensuring compliance with contractual terms.

• Conducting analytics to improve performance, usability, and reliability of offerings.

• Administering training programs, certifications, and continuing professional education.

• Complying with legal obligations, regulatory inspections, and law enforcement requests.

• Sending marketing communications and event invitations, where legally permissible or with consent.

• Aggregating, anonymizing, or de-identifying data for research, statistical analysis, and product development, ensuring that such data cannot be re-identified without lawful justification.
  
  

5. Data Sharing and Disclosures

BIM360-TECH may disclose personal data solely under lawful conditions and subject to contractual safeguards, to:

• Service Providers: Entities engaged under written agreements to provide hosting, cloud infrastructure, payment processing, marketing, analytics, customer relationship management, localization, or event management.

• Business Partners: Resellers, distributors, integration partners, and event sponsors, where necessary to fulfill transactions or joint service delivery.

• Affiliated Entities: Subsidiaries or controlled entities that operate under this Privacy Statement for integrated operations.

• Legal Authorities: Governmental, regulatory, or judicial bodies, in response to lawful requests, subpoenas, or court orders, or to establish or defend legal claims.

• Corporate Transactions: Potential or actual acquirers, investors, or successors in the event of a merger, acquisition, restructuring, or asset sale, subject to confidentiality obligations.
  We expressly prohibit our service providers and partners from using personal data for any purpose beyond the contracted service delivery.
  

6. International Transfers and Cross-Border Compliance

Given the global nature of our operations, personal data may be transferred to jurisdictions outside the country of collection. Where such transfers involve countries lacking an adequacy decision by the relevant data protection authority, we implement recognized transfer mechanisms, including Standard Contractual Clauses (SCCs), the EU–U.S. and UK–U.S. Data Privacy Frameworks, the Swiss–U.S. Data Privacy Framework, and Binding Corporate Rules (BCRs), as applicable. Copies of the applicable safeguards may be requested via the contact details below.

7. Data Retention and Disposal

We retain personal data only for the duration necessary to fulfill the purposes outlined herein, including compliance with legal obligations, resolution of disputes, enforcement of agreements, and continuity of operations. Retention periods are determined based on the nature of the data, contractual requirements, statutory limitations, and technical feasibility. Upon expiration of retention periods, data is securely erased, anonymized, or rendered permanently inaccessible.

8. Security and Incident Response

We employ layered security measures incorporating administrative controls, physical safeguards, and technical protections such as encryption in transit and at rest, role-based access controls, multi-factor authentication, and regular penetration testing. In the event of a personal data breach, we will follow a structured incident response plan, notify affected parties as required by law, and cooperate fully with competent supervisory authorities.

9. Individual Rights and Requests

Subject to applicable law, individuals have the right to:

• Access and obtain a copy of their personal data.

• Rectify inaccuracies or incomplete information.

• Request deletion, subject to legal and contractual exceptions.

• Restrict or object to processing under specific conditions.

• Port their data to another controller in a structured, machine-readable format.

• Withdraw consent for processing where consent is the legal basis.
  

Requests may be submitted to info@bim360tech.com. Verification of identity will be required before fulfilling any request.

10. Cookies and Tracking Preferences

BIM360 TECH uses cookies and equivalent technologies for authentication, preference management, analytics, and, were lawful personalized marketing. Users can adjust preferences through browser settings or our Cookie Preference Center.

11. Minors’ Data Protection

Our offerings are not intended for children under 13 years of age (or higher minimum age in certain jurisdictions). We do not knowingly collect personal data from minors without verifiable parental consent.

12. Updates to this Statement

This Privacy Statement may be amended to reflect legal, technical, or operational changes. Material changes will be communicated through our website or directly to affected individuals, where legally required.

13. Contact Information

BIM360-TECH – Privacy Office
info@bim360tech.com
911 Western Ave, Seattle, WA 98104

You may also lodge a complaint with the competent data protection authority in your jurisdiction.