BIMWorkplace

Privacy Policy

This Privacy Policy explains how BIMWorkplace Lda. (“BIMWorkplace”, “we”, “our”, “us”) collects, uses, stores, and protects your personal data when you access and use our websites, software, and services (the “Services”).

Compliance notice. This Policy complies with the EU General Data Protection Regulation (GDPR – EU 2016/679) and, where applicable, the Brazilian General Data Protection Law (Lei nº 13.709/2018 – LGPD).

If you have any questions about this Policy or how we handle your data, contact us at:
BIMWorkplace Lda.
Rua Luís Barroso, Nº 590, 4ºA, 4760-153 Vila Nova de Famalicão, Portugal
Email: info@bimworkplace.com

Data Controller

BIMWorkplace Lda., headquartered at Rua Luís Barroso, Nº 590, 4ºA, 4760-153 Vila Nova de Famalicão, Portugal, is the data controller of your personal data for the purposes described in this Privacy Policy.

When our Services are provided to organizations (e.g., companies or institutions), the organization acts as the data controller, and BIMWorkplace acts as the data processor, in accordance with the relevant contract and applicable data protection laws.

What Personal Data We Collect

We collect and process the following categories of data:

  • Account information: name, email address, phone number, company name, payment information, billing address, and details of users you invite to your BIMWorkplace account.

  • Services data: information you upload, submit, or process in our Services (including BIM models, documents, metadata).

  • Usage data: technical information such as browser type, device, operating system, add-ons, IP address, log data, and interactions with our Services.

  • Cookies and similar technologies: used for authentication, session management, and to remember your preferences. Analytics or marketing cookies are used only with your consent.

We do not intentionally collect sensitive personal data (e.g., data relating to health, religion, political beliefs, or biometric identifiers).

Why We Collect and How We Use Data

We process personal data for the purposes below under the corresponding legal bases. The legal bases used include consent, contract performance, legal obligation, legitimate interests, and other grounds provided under the GDPR and the LGPD as applicable.

  • Contractual necessity: create and manage your account, provide and maintain the Services, process payments, and deliver customer support.

  • Legitimate interests: improve the Services and user experience; ensure security and integrity; prevent fraud and misuse; generate anonymized or aggregated statistics. We carry out a legitimate-interest assessment and apply safeguards when required.

  • Consent: send marketing communications (email, phone, social media) and use non-essential cookies/technologies. You can withdraw consent at any time without affecting prior lawful processing.

  • Legal obligation: comply with accounting, tax, or regulatory requirements and respond to lawful requests from authorities.

  • Other lawful bases under GDPR/LGPD, where applicable: e.g., protection of credit, exercise of rights in judicial/administrative/arbital proceedings (LGPD), or vital interests where strictly necessary.

Cookies

We use cookies and similar technologies to operate the Services (e.g., authentication, session management, preferences). Analytics and marketing cookies are used only if you consent through our cookie banner or settings. You can change your preferences at any time.

Data Sharing

We do not sell your personal data. We may share data as follows:

  • Trusted service providers (processors): hosting, payment processing, email/SMS services, analytics—only as necessary and under contracts requiring confidentiality, security, and compliance with applicable law.

  • Your organization: if you access the Services via a company account, your administrator may control and access certain account information.

  • Authorities and legal requests: where required by law, court order, or to protect rights, safety, property, and to prevent fraud or abuse.

International Data Transfers

Your personal data may be stored or processed in the European Union. Where transfers outside the EEA (including to the United States) occur, we implement appropriate safeguards such as the European Commission’s Standard Contractual Clauses (SCCs) and equivalent protection mechanisms under the GDPR and the LGPD. Where relevant, we may also rely on participation frameworks (e.g., EU–U.S. Data Privacy Framework) or local equivalents and additional technical/organizational measures. Details of applicable safeguards are available upon request.

Data Retention

We retain personal data only as long as necessary for the purposes described or as required by law:

  • Account and usage data: retained while your account is active and for a short period thereafter for deactivation and audit purposes.

  • Billing and payment records: retained for 10 years to meet tax and accounting obligations.

  • Backups: may persist for a limited, defined period and are securely deleted thereafter.

When you delete your account or request erasure, data will be deleted or anonymized unless retention is legally required or permitted.

Security Measures

We implement technical and organizational measures to protect your data, including encryption in transit and at rest, secure authentication, role-based access controls, event logging and monitoring, and hosting in certified data centers (e.g., ISO/IEC 27001 or equivalent). We regularly review and improve our security controls and train staff with access to personal data.

Your Rights

Under the GDPR and, where applicable, the LGPD, you have the following rights (subject to legal conditions and limitations):

  • Access: obtain a copy of your personal data.

  • Rectification: correct inaccurate or incomplete data.

  • Erasure (“right to be forgotten”) / Deletion.

  • Restriction: limit processing in certain circumstances.

  • Portability: receive your data in a structured, commonly used, machine-readable format and transmit it to another controller where technically feasible.

  • Objection: object to processing based on legitimate interests and to direct marketing at any time.

  • Withdraw consent: when processing relies on consent.

  • Anonymization, blocking, or deletion of unnecessary or excessive data or data processed in non-compliance (LGPD, where applicable).

  • Information about processing and sharing with public and private entities (LGPD, where applicable).

  • Lodge a complaint:

    • In Portugal, with the Comissão Nacional de Proteção de Dados (CNPD).

    • In Brazil, with the Autoridade Nacional de Proteção de Dados (ANPD).

How to exercise your rights: contact info@bimworkplace.com. For users in Brazil, the same contact serves as the Data Protection Officer (“DPO”) and “Encarregado” under the LGPD.

Children’s Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a notice on our website before the changes take effect. The “Last updated” date at the top will reflect the latest version.

 

Contact: BIMWorkplace Lda. — Rua Luís Barroso, Nº 590, 4ºA, 4760-153 Vila Nova de Famalicão, Portugal
Email: info@bimworkplace.com

en_US
pt_PT en_US