Read in other languages:

This GRAPHISOFT Learn – Privacy Notice (the “Policy”) applies to the data processing taking place in relation to the personal data of user (“User”, “Registered User” or “You”) when accessing to digital content or purchasing product or services at www.learn.graphisoft.com (“Learn Portal”) operated by GRAPHISOFT SE (registered address: 1031 Budapest (GRAPHISOFT park), Záhony u. 7., Hungary) and its PARTNERS (subsidiaries and resellers, hereinafter: GRAPHISOFT PARTNERS who are listed at: https://graphisoft.com/contact-us/local-contacts)  and owned by GRAPHISOFT ASIA (registered address: Admiralty Centre, Tower 2/ Level 11, 18 Harcourt Road, Admiralty, Hong Kong).

The purpose of this document is to give clear explanation to you as Registered User of the Learn Portal  about all data processing activity taking place during the usage of Learn Portal made available for You at learn.graphisoft.com.

Learn Portal is a training delivery and content management platform with its own webshop functionality and integrated payment gateway.

Content could mean online or offline trainings, downloadable e-books, self-paced online courses and webinars (hereinafter “Content”)

The data processing described in this Policy is in compliance with the applicable rules of law, in particular with the European General Data Protection Regulation (Regulation (EU) 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (“GDPR”).

1. Data Controllers and Data Processors – in general

The Data Processing set out in this Privacy Notice shall be considered as joint processing defined by GDPR, as the personal data given by the User during the registration for the Training/Service, and during the use of the Portal will be transferred by one Data Controller to the other Data Controller, who will process the data in order to ensure the Training/Service. The responsibility and liability related to the joint processing shall be set out in the agreement concluded between the Data Controllers. According to this, the responsibility in connection to the Data Processing shall be shared between the Data Controllers as follows: each Data Controller is responsible for the Data Processing performed by them, therefore in particular, that the personal data collected by them shall be lawfully provided to the other Data Controller.

For the purposes of this notice, GRAPHISOFT ASIA (as being the contracting entity and owner of the Learn Portal ), GRAPHISOFT SE (as being the operator of the Learn Portal and providing the international content available within the Learn Portal), and the local GRAPHISOFT PARTNER (as being the operator of certain sub-pages of the Learn Portal and providing the local content available within the Learn Portal) determined on the basis of the Registered User’s place of origin) jointly determined the purposes and means of processing, consequently they shall be joint controllers as provided for under Article 26 GDPR, unless it is noted otherwise at each data processing activity.

In order to provide Learn Portal as service, GRAPHISOFT Asia is contracted with the following data processors:

  • Cypher Learning (4 Embarcadero Center, Suite 1400, San Francisco, CA 94111) – developer and technical provider of Learn Portal
  • Amazon Web Services – providing cloud based services for the Learn Portal
  • Stripe Inc (510 Townsend Street, San Francisco, CA 94103, USA) – facilitating payments made through GRAPHISOFT webshop
  • Microsoft Teams, Zoom, Skype, GoToWebinar, GoToTraining – applications used for providing the online trainings provided within the Learn Portal

2. Data processing activities

In order to provide trainings, knowledge and information about GRAPHISOFT SE products and services, support the professional development of the Registered Users, GRAPHISOFT ASIA has created the Learn Portal where digital online (and offline) free of charge and payable content are available. In details:

2.1. Eligibility checking, providing access to contents and developing the Learn Portal

Processing purpose: GRAPHISOFT SE wishes to make the content of the Learn Portal available only to its Registered Users, who do have GRAPHISOFT ID. Thus, in order to enter to the Learn Portal, the Registered User must have a GRAPHISOFT ID with which the Registered Users can authenticate themselves. Authentication is a must for the rightful provision of and the detection of illegal use of Learn Portal’s content. Once the Registered Users are logged in to Learn Portal, they are able to access to local and international content and related product and service updates. The data controller also wishes to ensure the information security of and the continuous improvement of the Learn Portal for safeguarding the data subjects’ data and the data controller’s interest.

Personal data processed:

  • In general: first name, last name, email address, country and GSID, IP address
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None),
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage and social media contacts

Data controller(s): GRAPHISOFT SE (for being the operator of the Learn Portal) and GRAPHISOFT ASIA (for being the owner of the platform and Your contracting entity)

Data transfer: if marketing consent has been provided, then the above mentioned personal data are transferred to local GRAPHISOFT PARTNER (the one located in the country of Registered User).

Legal base:

  • in case of natural person: legitimate interest(point f of Article 6(1) of GDPR)
  • in case of legal entity (with respect to company representative’s / contact’s personal data): legitimate interest

2.2. Accessing to and using Learn Portal’s free content

Processing purpose: providing access for the Registered Users to local and international content and providing the respective service; issuing training certificate if learn content is completed; checking eligibility for free of charge content.

For SSA customers certain content is offered for free of charge if they use the provided 100% discount code (coupon) when purchasing the payable content in the webshop. Though the content is free for them, the applicable data processing information is written at point 2.3.

Personal data processed:

  • In general: first name, last name, email address, country, GSID and IP address
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None) to check eligibility for free content
  • Product / service specific: content(s) selected, progress and status of content usage, results and date & time of these
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage and social media contacts

Data controller(s): GRAPHISOFT SE (for being the operator of the platform) and GRAPHISOFT ASIA (for being the owner of the platform and Your contracting entity)  

Data transfer: personal data is transferred to GRAPHISOFT PARTNER (the one located in the country of Registered User) who will act as Data Processor in order to provide the localized content (e.g. local training or webinar) and issue the training certificates to Users (if applicable). If the content is not applicable locally, then data is still transferred to GRAPHISOFT PARTNER if marketing consent has been provided by the Registered User.

Legal base:

  • in case of natural person: performance of the contract (point b of Article 6(1) of GDPR)
  • in case of legal entity (with respect to company representative’s / contact’s personal data): legitimate interest (point f of Article 6(1) of GDPR)

2.3 Accessing to and using Learn Portal’s payable content via webshop

The Registered User is able to select and purchase the desired content on the Learn Portal via GRAPHISOFT webshop. When the Registered User purchases on the Learn Portal via its integrated webshop, the Registered User enters into contract with  GRAPHISOFT ASIA which also facilitates the payment and invoicing related activities; for  payment transactions GRAPHISOFT ASIA uses  Stripe Inc as data processor.

Processing purpose: providing access for the Registered Users to local and international payable content and providing the respective service; issuing certificate if learn content is completed; payment transactions and invoicing.

Personal data processed:

  • In general: first name, last name, email address, country and GSID, IP address
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None)
  • Product / service specific: content(s) selected, progress and status of content usage, results and date & time of these
  • Transactional and payment information (but not the bank card information)
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage and social media contacts

Data controller(s): GRAPHISOFT SE (being the service provider in case of international content), GRAPHISOFT PARTNER (being the service provider in case of local content) and GRAPHISOFT ASIA (being the facilitator of payment and invoicing activities, as well as the contracting entity).

Data transfer: personal data is transferred to Stripe Inc (510 Townsend Street, San Francisco, CA 94103, USA) who will act as Data Processor for facilitating payment transactions via the webshop. Personal data is also transferred to local GRAPHISOFT PARTNER if the selected content is local, or the marketing consent has been provided.

Legal base:

  • in case of natural person: performance of the contract (point b of Article 6(1) of GDPR)
  • in case of legal entity (with respect to company representative’s / contact’s personal data): legitimate interest (point f of Article 6(1) of GDPR)

2.4 Accessing to and using Learn Portal’s payable content – payment via the local GRAPHISOFT PARTNER

The Registered User is able to select the desired content on the Learn Portal and purchase it from the local GRAPHISOFT PARTNER.

Processing purpose: providing access for the Registered Users to local and international payable content and providing the respective service; issuing certificate if learn content is completed.

Personal data processed:

  • In general: first name, last name, email address, country and GSID, IP address
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None)
  • Product / service specific: content(s) selected, progress and status of content usage, results and date & time of these
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage contacts

Data controller(s): GRAPHISOFT SE (for being the operator of the Learn Portal and facilitating delivery),  GRAPHISOFT ASIA (for being the owner of the platform and Your contracting entity)and GRAPHISOFT PARTNER (for being the local content provider as well as the contracting entity).

Data transfer: personal data is transferred between the data controllers.

Legal base:

  • in case of natural person: performance of the contract (point b of Article 6(1) of GDPR)
  • in case of legal entity (with respect to company representative’s / contact’s personal data): legitimate interest (point f of Article 6(1) of GDPR)

2.5 Professional learning path

GRAPHISOFT wishes to provide tailored learning path to the Learn Portal’s Registered Users which allows the Registered Users to exploit the most out of the Learning Portal’s content and to help Registered Users in progressing in their professional development. By this activity GRAPHISOFT analysis what contents have been selected and completed, what are the progress of them.

Processing purpose: to support Registered Users in their professional development with tailored recommendations and to create and maintain Registered Users’ learn history.

Personal data processed:

  • In general: first name, last name, email address, country and GSID, IP address
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None)
  • Product / service specific: content(s) selected (paid or enrolled), progress and status of content usage, results and date & time of these
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage contacts

Data controller(s): GRAPHISOFT SE (as service provider)

Data transfer: personal data is transferred to GRAPHISOFT PARTNER if marketing consent has been provided, otherwise no data transfer occurs.

Legal base:

  • in case of natural person: performance of the contract (point b of Article 6(1) of )

2.6 Marketing

Processing purpose: offering relevant GRAPHISOFT products and services.

Personal data processed:

  • In general: first name, last name, email address, country and GSID
  • If linked to provided service or product: SSA status (yes/no), education status (Student/Teacher/School/Trial/None)
  • Product / service specific: content(s) selected (paid or enrolled), progress and status of content usage, results and date & time of these
  • Marketing preference (yes / no)
  • If optional fields were populated: city, company name, company address, tax number, company contact, date of birth, phone number, skype / webpage contacts

Data controller(s): GRAPHISOFT SE, GRAPHISOFT ASIA and local GRAPHISOFT PARTNER

Data transfer: personal data is transferred between data controllers if marketing consent has been provided.

Legal base: consent of the Registered User (point a of Article 6(1) of GDPR)

3. Withdrawal of Consent

Data Controllers hereby inform Registered Users that regarding the processings based on consent, the consent can be withdrawn at any time based on Article 7. (3) of the GDPR. The withdrawal of the consent does not affect the processing of the data based on consent prior to the withdrawal or in case of data processings made under other legal bases.

The consent may be withdrawn with the unilateral written (e-mail) statement of the Registered User by listing the Data of which he or she withdraws the consent.

Registered User can submit their withdrawal to privacy@graphisoft.com

4. Rights of the User concerning the data processing:

Data Controllers shall ensure that Registered Users may exercise his or her rights under this Policy in respect of and against each of the Data Controllers.

4.1. The possibility of getting information

Data Controllers hereby inform Registered User that the contact information of the Data Controllers’  contact persons are the following:

For GRAPHISOFT SE:

E-mail address: privacy@graphisoft.com
Phone number:  +3614373000
Post address: 1031 Budapest (GRAPHISOFT park), Záhony u. 7., Hungary

For Local GRAPHISOFT Partner: See the link of GRAPHISOFT Partners.

In the event any Registered User requests more information regarding the data processing, the Registered User can send the request to one of the addresses above, by listing specific questions. Data Controllers guarantee that in the event of a request for information, Registered User receives a confirmation within 15 days, and meaningful information within 25 days.

4.2. Right of access:

Registered User has the right to obtain from the controller confirmation as to whether or not personal data concerning him/her are being processed, and, where that is the case, access to the personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients the personal data;
  • the duration of the data processing;
  • the data subject’s data protection rights and possibilities of seeking a legal remedy;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

In the event of any Registered User requests, the controller shall provide him/her with a copy of the Registered User’s personal data undergoing processing. For any further copies requested by any Registered User, the controller may charge a reasonable fee based on administrative costs. The right to obtain a copy shall not adversely affect the rights and freedoms of others.

 

4.3. Possibility of the correction of personal data

Registered User can request any of the Data Controllers to correct the wrongly indicated personal data of the Registered User. In the event the data to be corrected is subject to regular data transmission, the  Data Controllers notify the recipient of the data transmission, if necessary, and draws the attention of Registered User to initiate the correction at other controllers.

4.4. Right to object

Registered User may object to the processing of his or her personal data in compliance with the prevailing legal regulations, by the GDPR.

 

4.5. Right to erasure:

The Registered User shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • if the Registered User withdraws consent on which the processing is based, and there is no other legal ground for the processing;
  • if the Registered User object to the processing and there are no overriding legitimate grounds for the processing;
  • if the personal data have been unlawfully processed;
  • if the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
  • if the personal data have been collected in relation to the offer of information society services.

4.6. Right to the restriction of the processing

Registered User may request the restriction of the processing of his or her personal data, in case Registered User disputes the correctness of the personal data processed. In this case the restriction is applied for the period that enables Data Controllers to verify the correctness of the personal data. Data Controllers mark the processed piece of personal data if Registered User disputes the correctness or accuracy, but the incorrectness or inaccuracy cannot be established.

Registered User may also request the restriction of the processing of his or her personal data if the processing is unlawful, but Registered User does not want the personal data to be deleted, instead requests the restriction of the processing.

Furthermore, Registered User may also request the restriction of the processing of his or her personal data in case the purpose of the processing was accomplished, but Registered User requests the processing of the data by a controller in order to submit, vindicate or protect Registered User’s legal claims.

4.7. The right to release or forward the data

Registered User may request any of the Data Controllers to hand over or forward to another controller the personal data provided by the Registered User and processed by Data Controllers. The release and forwarding of the personal data shall be made in a widely used format that can be read by computers.

4.8. Notifications, legal remedies

Registered User may submit the request for information, for correction or deletion, or any other above-mentioned statement in writing, in a letter addressed to any of the Data Controllers or in an e-mail sent to the address of the contact person indicated above.

In the event Data Controllers do not fulfil the request for correction, sealing or deletion of Registered User, Data Controllers communicate the reasons of the rejection of the requests in writing, within 25 days from the confirmed receipt date. In the event of the rejection of the request for correction, sealing or deletion Data Controllers inform Registered User of the possible legal remedies in front of the court, and the possibility of lodging an appeal to the Hungarian National Authority for Data Protection and Freedom of Information.

Registered User may lodge an appeal directly to the Hungarian National Authority for Data Protection and Freedom of Information (address: 1055 Budapest,
Falk Miksa utca 9-11.; phone number: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) as well. The Registered User is entitled to go to court in the event of the infringement of his or her rights. The regional court has jurisdiction to decide the case. The case may be submitted to the court of the permanent or habitual residence of the Registered User, based on the decision of the Registered User. At the request of the Registered User, Data Controllers will give detailed information on the possibilities and means of legal remedies.

5. Miscellaneous Provisions

5.1. Data Controllers do not verify the personal data provided to Data Controllers. Only the person providing the data is liable for the veracity of the data.

5.2. Data Controllers in certain cases set forth by law – in particular on official judicial or police request, legal process based on infringement or the suspected infringement of copyrights, property or other rights; the infringement of Data Controllers’ interests; the endangerment of the provision of services; mandatory delivery of data based on the law (e.g. auditor), etc. – makes the personal data of the Registered User available to third parties.

5.3. With regard to technology, Data Controllers implements appropriate technical and organizational measures necessary to ensure a level of security appropriate to the risk likely to occur in relation to the data processing regulated herein.

5.4 For any other provision which is not covered in this Notice, refer to GRAPHISOFT’s Privacy Policy at https://graphisoft.com/legal/privacy-policy

6. Modifications to the present document

Data Controllers reserve the right to unilaterally modify the present document or any part thereof. Registered Users will be informed of any such modifications via e-mail sent to their registered e-mail addresses.

Budapest, 5 March 2021