This GRAPHISOFT LEARN Data Privacy Policy (the “Policy”) applies to the data processing taking place in relation to the personal data of participants (“Participants”) at the GRAPHISOFT LEARN Training Event (“Event”) organized by GRAPHISOFT SE (registered address: Zahony street 7, 1031 Budapest, Hungary); hereinafter: GRAPHISOFT or Data Controller).

Please read this document carefully. By registering for the Event, you as the Participant to the Event accept the terms of this Policy and approve the processing of your personal data described herein.

The data processing described in this Policy is in compliance with the applicable rules of law, in particular with the European General Data Protection Regulation (Regulation (EU) 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (“GDPR”).

1.      DATA CONTROLLER

For the purposes of this Policy GRAPHISOFT SE is the Data Controller.

2.     LEGAL BASES OF THE DATA PROCESSING

  • processing is necessary for performane of the agreement and legitimate interest of the Data Controller in order to duly perform the terms and conditions of the Event (point b) and f) of Article 6(1) of GDPR) in case of data enlisted in Section 3.1, 3.2, 3.3, 3.4, 3.5, 3.6, 3.7,
  • consent of the Participant according to point a) of Article 6(1) of GDPR in case of data enlisted in Section 3.8 and 3.9

3.     THE PERSONAL DATA CONTROLLED, PROCESSED BY THE DATA CONTROLLER

The list below includes all data that might be collected during the Event; for exact data not on the list below, please see the actual Event’s registration form:

  1. First name
  2. Last name
  3. E-mail address
  4. Job role
  5. Company name
  6. Country of Participant
  7. Bank card (credit or debit card) information and cardholder name
  8. Interest in receiving regular notifications about future Events
  9. Interest in receiving marketing materials

— hereinafter referred to together as “the Data” —

Data Controller hereby informs the Participants that the Data collected during the registration of the Participant at the Event and during the Event qualify as personal data.

4.     PURPOSE AND DURATION OF THE DATA PROCESSING

With respect to 3.1 – 3.7 Administering the registration and the participation of the Participant at the Event (including the payment transaction), as well issuing the BIM Manager certificate With respect to 3.8 Sending notification emails about future Events, and with respect to 3.9 sending relevant marketing materials about GRPAHISOFT’s products and services which also includes transferring of personal data to GRAPHISOFT’s local representatives.  

The Data Controller preserves the Data in question for a maximum time period of 3 (three) years after the Event.

5.     WITHDRAWAL OF CONSENT

Data Controller hereby informs Participants that regarding the processings based on consent, the consent can be withdrawn at any time based on Article 7. (3) of the GDPR. The withdrawal of the consent does not affect the processing of the data based on consent prior to the withdrawal or in case of data processings made under other legal bases. The consent may be withdrawn with the unilateral written (e-mail) statement of the Participant by listing the Data of which he or she withdraws the consent. Participants can submit their withdrawal to the Data Controller.

6.     DATA TRANSFER / USING DATA PROCESSORS

The Data Controller uses payment processor Stripe Inc (510 Townsend Street, San Francisco, CA 94103, USA) to facilitate the payment transactions When conducting payment transactions, payment processor receives the payment method information (such as credit or debit card number), purchase amount, date of purchase, and payment method. GRAPHISOFT does not retain any credit card related information.

The Data Controller transfers the personal data to its Local Representatives only if data subject consents to it at point 3.9. In no other case the personal data is transferred, in which case the Local Representative becomes Data Controller as well.

It might also happen that the Data is transferred to third persons exclusively in an anonymized manner, which means that the Participants cannot be identified from the transferred Data.

7.     RIGHTS OF THE PARTICIPANT CONCERNING THE DATA PROCESSING

Data Controller shall ensure that Participants may exercise his or her rights under this Policy in respect of and against the Data Controller.

7.1. The possibility of getting information

Data Controller hereby informs Participant that the contact information of its contact person is the following:

E-mail address: privacy@graphisoft.com
Phone number:  +3614373000
Post address: 1031 Budapest (GRAPHISOFT park), Záhony u. 7., Hungary

In the event any Participant requests more information regarding the data processing, the Participant can send the request to the address above, by listing specific questions. Data Controller guarantees that in the event of a request for information, Participant receives a confirmation within 15 days, and meaningful information within 25 days.

7.2. Possibility of the correction of personal data

Participant can request the Data Controller to correct the wrongly indicated personal data of the Participant. In the event the data to be corrected is subject to regular data transmission, the Data Controller notifies the recipient of the data transmission, if necessary, and draws the attention of Participant to initiate the correction at other controllers.

7.3. Right to object

Participant may object to the processing of his or her personal data in compliance with the prevailing legal regulations, by the GDPR.

7.4. Right to the restriction of the processing

Participant may request the restriction of the processing of his or her personal data, in case Participant disputes the correctness of the personal data processed. In this case the restriction is applied for the period that enables Data Controller to verify the correctness of the personal data. Data Controller marks the processed piece of personal data if Participant disputes the correctness or accuracy, but the incorrectness or inaccuracy cannot be established.

Participant may also request the restriction of the processing of his or her personal data if the processing is unlawful, but Participant does not want the personal data to be deleted, instead requests the restriction of the processing.

Furthermore, Participant may also request the restriction of the processing of his or her personal data in case the purpose of the processing was accomplished, but Participant requests the processing of the data by a controller in order to submit, vindicate or protect Participant’s legal claims.

7.5. The right to release or forward the data

Participant may request thee Data Controller to hand over or forward to another controller the personal data provided by the Participant and processed by Data Controller. The release and forwarding of the personal data shall be made in a widely used format that can be read by computers.

7.6. Notifications, legal remedies

Participant may submit the request for information, for correction or deletion, or any other above-mentioned statement in writing, in a letter addressed to the Data Controller or in an e-mail sent to the address of the contact person indicated above.

In the event Data Controller does not fulfil the request for correction, sealing or deletion of Participant, Data Controller communicates the reasons of the rejection of the requests in writing, within 25 days from the confirmed receipt date. In the event of the rejection of the request for correction, sealing or deletion Data Controller informs Participant of the possible legal remedies in front of the court, and the possibility of lodging an appeal to the Hungarian National Authority for Data Protection and Freedom of Information.

Participant may lodge an appeal directly to the Hungarian National Authority for Data Protection and Freedom of Information (address: Szilágyi Erzsébet fasor 22/c.; phone number: +36-1-391-1400; e-mail: ugyfelszolgalat@naih.hu; website: www.naih.hu) as well. The Participant is entitled to go to court in the event of the infringement of his or her rights. The regional court has jurisdiction to decide the case. The case may be submitted to the court of the permanent or habitual residence of the Participant, based on the decision of the Participant. At the request of the Participant, Data Controller will give detailed information on the possibilities and means of legal remedies.

8.     MISCELLANEOUS PROVISIONS

8.1. Data Controller does not verify the personal data provided to Data Controller. Only the person providing the data is liable for the veracity of the data.

8.2. Data Controller in certain cases set forth by law – in particular on official judicial or police request, legal process based on infringement or the suspected infringement of copyrights, property or other rights; the infringement of Data Controller’ interests; the endangerment of the provision of services; mandatory delivery of data based on the law (e.g. auditor), etc. – makes the personal data of the Participant available to third parties.

8.3. With regard to technology, Data Controller implements appropriate technical and organizational measures necessary to ensure a level of security appropriate to the risk likely to occur in relation to the data processing regulated herein.

9.     MODIFICATIONS TO THE PRESENT DOCUMENT

Data Controller reserves the right to unilaterally modify the present document or any part thereof. Participants will be informed of any such modifications via e-mail sent to their registered e-mail addresses.

 

Budapest, 9th April, 2020