Hinweise zum Datenschutz

PRIVACY NOTICE
24.09.2024

As a leading European provider of open solutions for Building Information Modelling (BIM), we are aware of our data protection responsibilities towards our customers and their employees. Therefore, we process personal data exclusively in accordance with the applicable legal provisions.

Preamble
Hereinafter, we would like to inform you about the collection (and processing) of personal data when using the following software products and services (hereinafter referred to as “our Software Products and Services”):
• Allplan Products
• FRILO Products
• DC Products
• SCIA Products
• SDS2 Products
According to the legal definition, personal data is any data relating to an identified or identifiable natural person (e.g. name, address, email address, IP address, user behaviour).
You are under no legal or contractual obligation to provide us with your personal data. However, the provision of certain personal data may be necessary to make full use of our Software Products and Services.

I. Person responsible for data processing
The person responsible for data processing according to Art. 4 para. 7 EU-General Data Protection Regulation (GDPR) with respect to our Software Products and Services is
ALLPLAN GmbH
Konrad-Zuse-Platz 1
81829 München
Germany
E-Mail: info@allplan.com
Our Data Protection Officer can be reached under DATAPROTECTIONOFFICER[AT]ALLPLAN.COM or via mail by adding "Attn. of the Data Protection Officer".

II. Data collection when using our Software Products and Services
1. Activation / transfer / offline activation of our Software Products

1.1. To use your Allplan Software Product version 2024 or older or Service in accordance with your license agreement, you must activate your license online using the product key (26-digit character string) provided to you. Activation can take place during installation or later. Activation links the license to your computer or CM stick and enables you to start the Allplan Software Product on this computer or on a computer to which the CM stick is connected.
To check your contractual entitlement to the Allplan Software Product and to activate your license, the 26-digit product key, your system data including your host name and your IP address are transmitted to our license servers and stored there with the date and time of activation and a container number / CM stick number assigned to you.
The aforementioned data is collected during each re-activation (license return and re-activation), as well as during offline activation (incl. offline re-activation).
The legal basis for the above data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.
Our license servers are operated in the EU; a third country transfer does not take place and is not intended in the future. To protect your personal data, we have concluded data processing agreements with our service providers in accordance with the requirements of Art. 28 GDPR.
Your personal data will only be stored as long as it is necessary for the performance of our license agreement, and legal retention obligations do not prevent deletion.

1.2. To use your Allplan Software Product (version 2025 onwards) – Allplan and / or SCIA ID Login
When a User activates Allplan or SCIA product, the User's Allplan or SCIA ID (first name, last name, email address) together with certain technical data (e.g. timestamp, ip address, license details) is provided to our identity management and license management service provider (www.10Duke.com) to verify the eligibility for the service. No other personal data is transferred to Allplan, SCIA or other parties.
We process personal data only when authenticating Your Allplan or SCIA ID.
The collected data is pseudonymous.
The legal basis for the above data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.
Our license servers are operated in the EU; a third country transfer does not take place and is not intended in the future. To protect your personal data, we have concluded data processing agreements with our service providers in accordance with the requirements of Art. 28 GDPR.
Your personal data will only be stored as long as it is necessary for the performance of our license agreement, and legal retention obligations do not prevent deletion.

1.3. To use your FRILO Software Product
To activate a Frilo product the customer number is used and send to the license system. When consuming a license a unique hardware ID is send to the license server. Optional the hostname and the user name can be send, if activated by the user.

Updating the license
From time to time it may be necessary to update the license key. In this case, to check the entitlement to an update, the above-mentioned data will be transmitted to our license servers.

2. Update of the software product
For your computer to connect to our update servers to check for and download updates, it is technically necessary that your IP address is transmitted to our update servers.
The legal basis for the above data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.
Our update servers are operated in the EU; a third country transfer does not take place and is not intended in the future. To protect your personal data, we have concluded data processing agreements with our service providers in accordance with the requirements of Art. 28 GDPR.
Your IP address will only be stored on our update servers as long as it is necessary for the search and download of updates, but for no longer than 30 days after completion of the respective update process.
Without transmitting the IP address, a connection to our update servers cannot be established.

3. Crash reports
If a program or software error (crash) occurs while using your Allplan software product, you will be asked via a dialogue window whether you want to send us a crash report.
If you click the "send crash report" button to send us a crash report, various information about you (customer number, computer name, user name) and the end device used is automatically collected in a file, compressed and encrypted and transmitted to our server so that we can evaluate and rectify the respective crash. In addition, you have the option of providing us with your e-mail address when sending the crash report so that we can contact you for any queries.
The legal basis for the above data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.
Our server is operated in the EU; a third country transfer does not take place and is not intended in the future.
Crash reports are only stored on our server as long as it is necessary for the evaluation and elimination of the respective crash, but at the longest until the release of a new version of your Allplan software product.
Without transmission of the above information, an evaluation and correction of the respective crash cannot take place.

4. Support requests
For our support team to be able to identify you as our customer, contact you and respond to your support request in accordance with the contract, you must provide an address as well as your name or the name of a contact person and telephone extension.
The legal basis for the above data processing is Art. 6 para. 1 s. 1 lit. b) GDPR.
Our support server is operated in the EU; a third country transfer does not take place and is not intended in the future.
Your data will only be stored as long as it is necessary to answer your support request and as long as legal storage obligations do not prevent deletion.
Our support team will not be able to answer your support request without your contact address, name, and telephone extension.

5. Help function
You can call up our online help in your browser via the "Help" dialogue box or the F1 key in your software product (link).
If you would like to find out about the collection and processing of data within the scope of our online help, please refer to our corresponding privacy information, which you can find on our help website.

6. Add-ons
When Users start using add-ons to our Software Products, it might happen that the add-on requests information from us that might constitute as personal date (e.g. license container code, 10Duke identifier technical data) . Personal data is collected for eligibility checking purposes whether the User is allowed to use the add-on. With respect to such data processing activities, we act as data processor, and the add-on developer acts as data controller. We share the requested data only with the add-on developer based on a contractual agreement.

7. Solibri Inside
We hand over the username and the e-mail address to initiate the account creation. This is not done automatically; This is done by the administrator of a company. Thereafter, everything is in the sphere of Solibri.
You need to create an account at Solibri (solibri.com) to be able to use the Solution. If you do so, please note Solibri’s legal notice.

8. Integration of the AI Visualizer

In Allplan, it is possible to use an interface to the AI Visualizer. The integration offers seamless communication that allows users to have sketches, plans or other graphics created in Allplan graphically supplemented or redesigned as a screenshot via the AI Visualizer.
For this purpose, the screenshots and the prompts entered by the user are sent to the application hosted at AWS. The application is not designed to process personal data in the prompts, so such use is expressly prohibited in our terms and conditions. For the purpose of user identification, the application receives the user's IP address, name and e-mail address via access token.
ALLPLAN will not pass on any data without the user's intervention.
The legal basis for accessing your data is your consent in accordance with § 25 Abs. 1 TDDDG. The legal basis for the described data processing is your consent in accordance with Art. 6 Abs. 1, S. 1, lit. a DSGVO.
The AI Visualizer is not permanently linked to your account, you can end the connection at any time by closing the browser. From this point on, no further data can be transferred to the AI Visualizer.
The purpose of the data transfer is to facilitate data use across both platforms so that you can work more efficiently with the ALLPLAN and Graphisoft SE solutions. After the data transfer, Graphisoft SE will take over data processing directly. Allplan GmbH is not responsible for data processing by Graphisoft SE.
Further information about the AI Visualizer and the respective storage period of the collected data can be found in the Graphisoft SE privacy policy.

9. Recording the use of our Software and Services with our customer experience improvement program
a. In order to continuously improve our software and services, we may automatically collect usage data of our products and services. This data helps us to improve our products, software and services. If this improvement program is activated, we may collect following data:
· IP address,
· date and time of access,
· function calls / user commands,
· customer number,
· workstation,
· Allplan product and product version.

b. The above data is processed exclusively for the following purposes:
· Ensuring smooth use of the software product,
· evaluating program security and stability,
· further development of our solutions,
· Supporting our customers and users in the optimal use of our solutions, as well as recommendations for the selection of suitable software modules or software solutions and services,
· Legal prosecution of licence violations
Our Allplan software products contain technical measures to check whether a valid licence is used for the respective Allplan software product or whether the agreed licence conditions are complied with (double or multiple use). If it is determined that the binary files of the respective Allplan software product responsible for the license enforcement function have been modified or exchanged or that unauthorized double or multiple use has taken place, certain information about the end device used and the user or company using it, is documented and transmitted to us (profiling). This may include, among other things, the start and end of use, the type and scope of the usage actions, the date and time of access, the name of the user/company as well as IP and MAC addresses.
We use this information to identify the responsible user or company and to assert our civil claims against them for unlicensed use of our Allplan software products and, if necessary, to initiate criminal proceedings against them.
The legal basis for the above data processing is Article 6 (1) s, 1 lit. f) GDPR. Our legitimate interest follows from the purposes for data collection and processing listed above.
The above information is stored and processed on a server in the EU; a third country transfer does not take place and is not intended in the future. To protect your personal data, we have concluded data processing agreements with our service providers in accordance with the requirements of Art. 28 GDPR. If the information on the unlicensed use of our software products is determined and/or (temporarily) stored by service providers, we have concluded a data processing agreement with them in accordance with the requirements of Art. 28 GDPR and have provided suitable guarantees for the transfer. In addition, it is possible that the information will be transferred to our (external) lawyers for (further) legal enforcement.
We store the above information only as long as it is necessary to achieve the respective purpose, but generally for a maximum of 60 days, or in the case of information required for the investigation and prosecution of an unlicensed use of our software products, for a maximum of three years after the conclusion of the prosecution. After the respective purpose has ceased or this period has expired, the corresponding data is routinely deleted or anonymised in accordance with the statutory provisions.

III. Data collection when using Allplan Services
You can connect to our (online) platforms Allplan Services via your Allplan software product. This is done automatically when you have a valid Allplan-ID in use.
For your Allplan software product to establish a connection with our (online) platforms, it is technically necessary that your IP address is transmitted to our servers each time you log in or use the product.
The legal basis for the above data processing is Art. 6 (1) s. 1 lit. b) GDPR.
Our servers are operated in the EU; a third country transfer does not take place and is not intended in the future. To protect your personal data, we have concluded data processing agreements with our service providers in accordance with the requirements of Art. 28 GDPR.
Your IP address is only stored on our servers for as long as is necessary for the respective connection, but for no longer than 60 days after the end of the respective connection.
Without transmission of the IP address, a connection to our servers cannot be established.
If you would like to find out more about the collection and processing of data within the scope of our (online) platforms Allplan Connect/Allplan Campus and Allplan Cloud, please refer to our corresponding data protection information, which you can find on the respective websites.

IV. Other processing or transfer of personal data
As a matter of principle, we do not transfer your personal data to third parties for purposes other than those listed above.
We will only pass on your personal data for purposes other than those listed above if
· you have given your (prior) express consent to this transfer,
· the disclosure is necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have an overriding interest worthy of protection by the non-disclosure of the data concerned,
· there is a legal obligation for the disclosure, or
· the disclosure is legally permissible and necessary for the processing of the contractual relationship with you.

V. Data subject rights
In principle, you have the right:
· in accordance with Art. 15 GDPR, to request information about the personal data we process,
· pursuant to Art. 16 GDPR, to demand the correction of your personal data stored by us,
· pursuant to Art. 17 GDPR, to request the deletion of your personal data stored by us,
· pursuant to Art. 18 GDPR, to request the restriction of the processing of your personal data,
· pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller.
The restrictions of §§ 34 and 35 BDSG apply to the right to information and the right to deletion.

VI. Right of objection
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) s. 1 lit. f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so which arise from your particular situation. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as described by us. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or explain to you our compelling reasons worthy of protection. If you wish to exercise your right of objection, simply send an e-mail to DATAPROTECTIONOFFICER[AT]ALLPLAN.COM.

VII. Revocation of consent
You can revoke your consent to the processing of your personal data at any time. Please note that the revocation only applies with effect for the future, which is why processing up to this point does not lose its permissibility. If you wish to revoke consent in an individual case, it is sufficient to send an e-mail to DATAPROTECTIONOFFICER[AT]ALLPLAN.COM.

A possible revocation if consent will end up, that you are no longer be able to use our Software Products and or Services.

VIII. Complaint procedure
In accordance with Art. 77 GDPR, you have the right to complain to the competent data protection supervisory authority about the processing of your personal data. This is usually the data protection supervisory authority of your usual place of residence or our company headquarters.

IX. Automatic decision-making / profiling
We do not use any methods of automated decision-making, including profiling, unless we have explicitly informed you of this.

X. Changes to the data protection information
We reserve the right to change or adapt this privacy notice at any time in compliance with the applicable data protection regulations. You can also access the current data protection information at any time (i) for Allplan Products via the "Allplan Data Protection Information" dialog box in your Allplan software product or via the following link:
· https://help.allplan.com/legal/1033-allplan-privacy.html