Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses or user behaviour. With regard to the other terms used below, such as “controller” or “processor”, we refer you to the definition catalogue of the definitions in Art. 4 GDPR.
The collection, processing and use of personal data in connection with the use of the www.holobuilder.com website and other herein described data processing is carried out by
274 Brannan Street, Suite 500
San Francisco, CA 94107, USA
2. Data Protection Officer
If you have any questions regarding data protection, please send us an e-mail or contact our Data Protection Officer directly. You can reach him under the following contact details:
aix privacy UG (haftungsbeschränkt)
attn. Burak Zurel
52074 Aachen, Germany
3. Collection, processing and use of personal data
We collect, process and/or use personal data only if you have consented or if this is permitted by law. This “prohibition without prejudice to permission” under data protection law means that processing may only be carried out on the basis of consent or a statutory basis of permission. The most important and for us relevant permissions can be found in Art. 6 para. 1 GDPR. These concern in particular the case,
§ that a consent of the concerning is present, see Art. 6 para. 1 lit. a, Art. 7 GDPR,
§ that the processing of the personal data is necessary for the fulfilment of our contractual obligations, see Art. 6 para. 1 lit. b GDPR,
§ or that the processing is based on our legitimate interests (e.g. analysis and further development of our products, increase in economic efficiency), see Art. 6 Para. 1 lit. f GDPR.
4. Type of data and purpose of collection, processing or use of personal data
A. Informational use of our Services
When using our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our servers.
When you call up our website, we collect the following data on the basis of our legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR, which is necessary for us to display our website to you and to guarantee data security as well as the stability and security of our IT systems:
§ IP address
§ browser and device information
§ operating system
§ language preferences
§ location data
§ referring URLs
§ the names of the retrieved files
§ date and time of a retrieval
§ the name of your Internet Service Provider
§ (encrypted) credentials used for logins
B. Third-Party Logins
We provide you with the option to register using third-party account details, like your Google+, Facebook, Autodesk, Procore or other account. If you choose to register in this way, we collect third-party information you disclose to us by integrating HoloBuilder with a third-party service to transfer data directly within the applications.
If you employ third-party software integrated with the Application (for example, Autodesk, Procore, Google Drive and Dropbox), authorizing HoloBuilder to access and import files of these third-party services, HoloBuilder processes and stores these files or converted versions of these files on our servers.
The profile Information we receive may vary depending on the service provider concerned, but will often include your name, e-mail address, profile picture as well as other information you choose to make public. If you login using Facebook, we may also request access to other permissions related to your account, such as friends, check-ins, and likes, and you may choose to grant or deny us access to each individual permission.
By registering or authenticating, you allow this Application to identify you and give them access to dedicated services. Depending on what is described below, third-parties may provide registration and authentication services. In this case, this Application will be able to access some Data, stored by these third-party services, for registration or identification purposes.
We may collect information regarding your geo-location, mobile device, push notifications, and Facebook permissions when you use our Apps.
If you use our Apps, we may also collect the following information:
Geo-Location Information: We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
Mobile Device Access: We may request access or permission to certain features from your mobile device, including your mobile device’s Bluetooth, calendar, camera, microphone, sensors, social media accounts, storage, and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
Mobile Device Data: We may automatically collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
Push Notifications: We may request to send you push notifications regarding your account or the mobile application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.
D. Contact by e-mail
When you contact us by e-mail, we process the data you provide us with (your e-mail address, your name, telephone number if applicable, and other details) in order to process and answer your questions; the legal basis is Art. 6 Para. 1 lit. f GDPR.
E. Web-Applications app.holobuilder.com workspace.holobuilder.com dashboard.holobuilder.com
We process stock data (e.g., names and addresses as well as contact data of users), contract data (e.g., services used, names of contact persons, payment information) for the purpose of fulfilling our contractual obligations and services pursuant to Art. 6 Para. 1 lit b. GDPR.
Users can create a user account. In the context of the registration, the necessary compulsory data are communicated to the users. The user accounts are not public and cannot be indexed by search engines. It is incumbent upon the users to secure their data before the end of the contract in the event of termination. In the event of termination of the user account, we are entitled to irretrievably delete all user data stored during the term of the contract.
Within the scope of registration and renewed registrations as well as use of our online services, we store the IP address and the time of the respective user action. The storage is based on our legitimate interests, as well as the user’s protection against misuse and other unauthorized use. A passing on of these data to third parties does not take place in principle, unless it is necessary for the pursuit of our claims or there is a legal obligation according to Art. 6 para. 1 lit. c GDPR.
We process usage data (e.g., the websites visited on our website, interest in our products) and content data (e.g., entries in the contact form or user profile) for advertising purposes in a user profile in order to display to the user, e.g. product information based on the services they have previously used.
Purpose of data processing, legal basis and content of consent: Within the scope of registration, only your e-mail address is required. We send our newsletter only on the basis of the consent of the recipient according to Art. 6 Para. 1 lit. a, Art. 7 GDPR. By subscribing to our newsletter, you agree to receive information and promotional materials regarding HoloBuilder’s offers and promotions.
Double Opt-In procedure: We use the so-called double opt-in procedure when registering for the newsletter. After registration, the interested party receives an e-mail with a confirmation link to the given e-mail address, which he must click to confirm registration for the newsletter. We log the registrations for the newsletter in order to be able to prove the registration process according to the data protection requirements. In this context, we store the time of registration and confirmation as well as the IP address.
Statistical survey and analysis: The newsletters contain a so-called “web-beacon”, i.e. a file the size of a pixel, which is called up by the server of the dispatch service provider when the newsletter is opened. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are first collected. This information is used for the technical improvement of the services on the basis of the technical data or the target groups and their reading behaviour on the basis of their retrieval locations (which can be determined with the help of the IP address) or the access times. The statistical surveys also include determining whether the newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is neither our nor the shipping service provider’s intention to observe individual users. The evaluations serve us much more to recognize the reading habits of our users and to adapt our contents to them or to send different contents according to the interests of our users.
Termination/revocation: You can cancel the receipt of our newsletter at any time, i.e. revoke your consent. At the same time, your consent to its dispatch by the dispatch service provider and the statistical analyses will expire. A separate revocation of the dispatch by the dispatch service provider or the statistical evaluation is unfortunately not possible. You will find a link to cancel the newsletter at the end of each newsletter. If users have only subscribed to the newsletter and cancelled their subscription, their personal data will be deleted.
G. Google Analytics
Functionality: This website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymisation is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA where it will be shortened. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google.
This website uses Google Analytics with the extension “_anonymizeIp()”. This shortens the processing of IP addresses, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is excluded immediately and the personal data is deleted immediately.
Purpose: We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained allow us to improve our services and make them more interesting for you as a user. This website also uses Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. In the exceptional cases where personal data is transferred to the United States, Google has adopted the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework. The legal basis for the use of Google Analytics is Art. 6 Para. 1 Cl. 1 lit. a GDPR.
Third party information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland
Fax: +353 (1) 436 1001
Right of revocation: The person concerned has the right to revoke his/her declaration of consent under data protection law at any time. The revocation of the consent does not affect the legality of the processing carried out on the basis of the consent up to the revocation. You can revoke your consent by calling up the cookie settings on our website.
Pardot is a marketing automation software provided by Salesforce.com EMEA Limited. We use Pardot as a marketing analysis service that enables us to maintain, measure, expand our web offering and marketing communications and optimize our website content.
Pardot tracks visitor and prospect activities on our websites and landing pages by setting cookies in their browsers. Pardot registers a unique ID that is used to generate statistical data on how the visitor uses the websites and tracks what Pardot forms get submitted. Cookies are also set to remember preferences (like form field values) when a visitor returns to our site. Pardot also sets a cookie for logged-in users to maintain the session and remember table filters.
Data is processed in the Salesforce CRM on our behalf using cookies and the Salesforce – Pardot connector. Voluntarily provided personal data (e.g. in forms) is first stored in Pardot and then processed with the Salesforce CRM system for the purpose of establishing contact and/or sending information. Salesforce does not store IP addresses but uses the unique visitor ID and unique identifier attributes.
Terms of Service: https://www.pardot.com/legal/prospect-insight-terms-of-service/
Further Tracking Information: https://help.salesforce.com/articleView?id=pardot_basics_cookies.htm&type=5
If you would like to opt out of having this information collected by or submitted to any service, please disable the service in the Cookie Manager on our websites or contact us at firstname.lastname@example.org.
I. Other sources
We may obtain information about you from other sources, such as public databases, joint marketing partners, social media platforms (such as Facebook), as well as from other third parties. Examples of the information we receive from other sources include: social media profile information (your name, gender, birthday, e-mail address, current city, state and country, user identification numbers for your contacts, profile picture URL and any other information that you choose to make public); marketing leads and search results and links, including paid listings (such as sponsored links).
5. Purpose of the collection, processing or use of personal data
Unless otherwise stated, we collect, process or use your personal data in order to fulfil our obligations under the underlying contracts (e.g. ordering goods or services, sending the newsletter, enabling access to various platforms), cf. Art. 6 Para. 1 lit. b GDPR.
In all other respects, we collect, process or use the personal data presented under point 3 lit. a on the basis of our legitimate interest to enable the use of our website and to guarantee its IT security, cf. art. 6 para. 1 lit. f GDPR.
We use personal information collected via our Sites for a variety of business purposes described below. We process your personal information for these purposes in reliance on our legitimate business interests (“Legitimate Interests” according to Art. 6 Para. 1 lit. f GDPR), in order to enter into or perform a contract with you (“Contractual” according to Art. 6 Para. 1 lit. b GDPR), with your consent (“Consent” according to Art. 6 Para. 1 lit. a GDPR), and/or for compliance with our legal obligations (“Legal Reasons” according to Art. 6 Para. 1 lit. c GDPR). We indicate the specific processing grounds we rely on next to each purpose listed below.
We use the information we collect or receive:
§ To facilitate account creation and logon process with your Consent. If you choose to link your account with us to a third party account *(such as your Autodesk, Procore, or Google account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process. See the section below headed “Third-Party Logins” for further information.
§ To send you marketing and promotional communications for Business Purposes and/or with your explicit Consent. We and/or our third party marketing partners may use the personal information you send to us for our marketing purposes, if this is in accordance with your marketing preferences. You can opt-out of our marketing e-mails at any time (see the “Your Privacy Rights” below).
§ To send administrative information to you for Business Purposes, Legal Reasons and/or possibly Contractual. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
§ Fulfill and manage your orders for Contractual reasons. We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Sites.
§ To post testimonials with your Consent. We post testimonials on our Sites that may contain personal information. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. If you wish to update, or delete your testimonial, please contact us at email@example.com and be sure to include your name, testimonial location, and contact information.
§ Administer prize draws and competitions for our Business Purposes and/or with your Consent. We may use your information to administer prize draws and competitions when you elect to participate in competitions.
§ Request Feedback for our Business Purposes. We may use your information to request feedback and to contact you about your use of our Sites.
§ To protect our Sites for Business Purposes and/or Legal Reasons. We may use your information as part of our efforts to keep our Sites safe and secure (for example, for fraud monitoring and prevention).
§ To enable user-to-user communications with your consent. We may use your information in order to enable user-to-user communications with each user’s consent.
§ To enforce our terms, conditions and policies for Business Purposes, Legal Reasons and/or possibly Contractual.
§ To respond to legal requests and prevent harm for Legal Reasons. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
§ For other Business Purposes. We may use your information for other Business Purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Sites, products, services, marketing and your experience.
6. Duration of storage of personal data or criteria for storage duration
The data stored with us will be deleted as soon as they are no longer required for their intended purpose, or the storage is no longer necessary for the execution of the contract or execution and the deletion does not conflict with any justified interests on our part or legal storage obligations. If the user’s data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and not processed for other purposes. This applies, for example, to user data which must be stored for commercial or tax reasons.
According to legal requirements, data is stored for 6 years in accordance with § 257 para. 1 HGB (German Commercial Code) (commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting records, etc.) and for 10 years in accordance with § 147 para. 1 AO (German Tax Code) (books, records, management reports, accounting records, commercial and business letters, documents relevant for taxation, etc.).
7. No unauthorized disclosure to third parties
We treat your personal data with the utmost care. We only transfer the data to third parties if this is necessary for the execution and processing of contractual relationships, if you have given us your consent to do so, or if the transfer is otherwise permitted by relevant statutory provisions.
We only share and disclose your information in the following situations:
§ Compliance with Laws: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
§ Vital Interests and Legal Rights: We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
§ Vendors, Consultants and Other Third-Party Service Providers: We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing (e.g. Stripe), data analysis (e.g. Google Analytics), e-mail delivery (e.g. SendGrid), hosting services, communication service (e.g. Intercom), customer service and marketing efforts (e.g. Salesforce). We may allow selected third parties to use tracking technology on the Sites, which will enable them to collect publicly available contact and social information related to you and data about how you interact with the Sites over time. This information may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. Unless described in this Policy, we do not share, sell, rent or trade any of your information with third parties for their promotional purposes. For more information on the privacy practices of these services, please visit the service’s Terms and Policies sites.
§ Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
§ Third-Party Advertisers: We may use third-party advertising companies to serve ads when you visit the Sites. These companies may use information about your visits to our Website(s) and other websites that are contained in web cookies and other tracking technologies in order to provide advertisements about goods and services of interest to you. Read more about our Cookie handling below.
§ Business Partners: We may share your information with our business partners to offer you certain products, services or promotions.
§ With your Consent: We may disclose your personal information for any other purpose with your consent.
§ Other Users. When you share personal information (for example, by posting comments, contributions or other content to the Sites) or otherwise interact with public areas of the Site or App, such personal information may be viewed by all users and may be publicly distributed outside the Site and our App in perpetuity. Similarly, other users will be able to view descriptions of your activity, communicate with you within our Sites, and view your profile.
8. International Transfer
We may transfer, store, and process your information in countries other than your own.
Our servers are located in the US. If you are accessing our Sites from outside the US, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information (see “Disclosure of Your Information” above), in the US and other countries .
9. Protection of personal data
By means of a bundle of technical and organisational measures in accordance with the current state of the art, we protect both our website and the data stored in our area of responsibility against loss, destruction, unauthorised access, alteration or publication by unauthorised persons.
The input and transmission of personal data is encrypted using the SSL procedure (Secure Socket Layer).
A. What is SSL?
A website encrypted with SSL transmits personal data encrypted to the server so that it is impossible for third parties to intercept or read it. A certificate verifies our identity. Depending on your browser, you can recognize that a secure connection exists by the green address bar and/or the lock. By clicking on the lock or the green address bar you can read our online proof of identity.
B. What does SSL do?
By encrypting the transmission, you can assume that your entered data can only be read by us. You can see from the green address bar that you are connected to our server and that it is not a third-party site.
In order to make visiting our website attractive and to enable the use of certain functions, we use so-called cookies on various pages on the basis of our legitimate interests in accordance with Art. 6 Para. 1 lit. f GDPR.
Cookies are pieces of information that are transferred from our web server or third-party web servers to the user’s web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.
We use “session cookies, for example, to store your login status or the shopping cart function and thus enable the use of our online services at all. In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about the e-mail address of a visitor and the language selected on our site. These cookies cannot store any other data.
11. Integration of third-party services and content
Within the scope of our online offer, we act on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offer within the meaning of Art. 6 Para. 1 lit. f. of the German Civil Code). GDPR) content or service offers from third parties in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as “content”). This always presupposes that the third-party providers of this content perceive the IP address of the user, since they could not send the content to their browser without the IP address. The IP address is therefore required for the presentation of this content. We make every effort to use only those contents whose respective providers only use the IP address to deliver the contents. Third party providers may also use so-called pixel tags (invisible graphics, also known as “web beacons”) for statistical or marketing purposes. Pixel tags” can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user’s device and may contain, among other things, technical information about the browser and operating system, referring web pages, visit times and other information about the use of our online offering, as well as may be linked to such information from other sources.
The following presentation provides an overview of third-party providers and their contents, along with links to their data protection declarations, which contain further information on the processing of data and, in some cases already mentioned here, possibilities of objection (so-called opt-out)
§ If our customers use the payment services of third parties (e.g. PayPal or Worldpay), the terms and conditions and data protection notices of the respective third parties, which are available within the respective websites or transaction applications, apply.
§ External fonts and Google Maps APIs from Google, Inc., https://www.google.com/fonts (“Google Fonts”). The integration of the Google Fonts takes place by a server call with Google. Our website and mobile application uses Google Maps APIs. By using our Maps API Implementation, you agree to be bound by Google’s Terms of Service. For a full list of what we use information for, please see the previous sections titled “Use of Your Information” and “Disclosure of Your Information.” You agree to allow us to obtain or cache your location. You may revoke your consent anytime. We use information about location in conjunction with data from other data providers.
§ The Maps APIs that we use store and access cookies and other information on your devices.
§ Within our online presence, functions of the Instagram service may be integrated. These functions are offered by Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. If you are logged into your Instagram account, you can link the contents of our pages to your Instagram profile by clicking the Instagram button. This allows Instagram to assign the visit to our pages to your user account. We would like to point out that as the provider of the pages, we do not have any knowledge of the content of the transmitted data or of its use by Instagram.
12. Rights of data subjects
You have the following rights with regard to personal data concerning you:
§ Right of access according to art. 15 GDPR,
§ Right to rectification or cancellation according to Art. 16 GDPR or Art. 17 GDPR,
§ Right to limitation of the processing according to art. 18 GDPR,
§ Right to data transferability according to Art. 20 GDPR,
§ Right to object to the processing under Art. 21 GDPR.
You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. The data protection supervisory authority is the „Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen“, P.O Box 20 04 44, 40102 Düsseldorf, Germany.
13. California Civil Code Section 1798.83
California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
If you are under 18 years of age, reside in California, and have a registered account with the Sites/ Mobile Application, you have the right to request removal of unwanted data that you publicly post on the [Sites/ Mobile Application/ Facebook Application]. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Sites/ Mobile Application, but please be aware that the data may not be completely or comprehensively removed from our systems.
14. Objection or revocation to the processing
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation influences the permissibility of the processing of your personal data after you have given it to us.
IF WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF THE BALANCE OF INTERESTS ACCORDING TO ART. 6 ABS. 1 LIT. F GDPR, YOU MAY OBJECT TO THE PROCESSING. IF YOU OBJECT, PLEASE EXPLAIN WHY WE SHOULD NOT PROCESS YOUR PERSONAL DATA AS WE DID. IN THE EVENT OF YOUR REASONABLE OBJECTION, WE WILL EXAMINE THE FACTS AND EITHER DISCONTINUE OR ADAPT DATA PROCESSING OR SHOW YOU OUR COMPELLING REASONS WORTHY OF PROTECTION ON THE BASIS OF WHICH WE WILL CONTINUE PROCESSING.
YOU CAN OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA FOR ADVERTISING AND DATA ANALYSIS PURPOSES AT ANY TIME. YOU CAN INFORM US ABOUT YOUR ADVERTISING OBJECTION UNDER THE CONTACT DATA LISTED IN PARAGRAPH 1.
We reserve the right to change the data protection declaration in order to adapt it to changed legal situations or in the event of changes to the service or data processing. However, this only applies to declarations on data processing. If the user’s consent is required or if elements of the data protection declaration contain provisions governing the contractual relationship with the user, the changes will only be made with the user’s consent. Users are requested to inform themselves regularly about the content of the data protection declaration.
16. Questions, comments, hints
274 Brannan Street, Suite 500
San Francisco, CA 94107, USA
* * * * *