Privacy policy

Privacy Policy

1. Terminology
In order for you to understand this privacy policy we have defined some important concepts:

2. About this document

Your employer or the company which has invited you to start using a StreamBIM subscription, has decided to make a subscription for our web-based solution StreamBIM (“The Service”) through our app and/or website for you as an end- user. As such your employer or the company which has invited you to start using a StreamBIM subscription will be the Controller of your Personal Data.

This privacy policy describes how Rendra AS as a processor will protect and process your personal data when you are using The Application Service.

If you, as a Data Subject, directly chose to make a subscription for The Application Service, Rendra AS will be the Controller of your Personal Data.

You can access The Application Service either by downloading the app in App Store or Google Play, or by simply accessing your project from AppStore, Google Play or our website, www.streambim.com by using your Username made by your employer or the company which has invited you to start using a StreamBIM subscription and the Password you create yourself.

3. Roles and purpose

If your employer or the like has decided that you will use The Application Service as a work tool and thus determine the purpose and the means of processing your Personal Data, your employer or the company which has invited you to start using a StreamBIM subscription, will be the Controller of the Personal Data, which you, as an end user, provide when registering. If you have any inquiries or complaints, please contact your employer or the like directly.

Your employer or the company which has invited you to start using a StreamBIM subscription will provide all end users with a contact person within your employers company or the company which has invited you to start using a StreamBIM subscription. The Application Service will register the contact person of your employer or the like as an “account owner” or “administrator”, which is authorised by your employer or the company which has invited you to start using a StreamBIM subscription, to invite end-users by e-mail to participate in a specific project, as well as responding to request regarding the data subject’s rights set forth in clause 7. The invitee has to accept this invitation and register before being able to join the project. There might be several Administrators as different companies may be part of the same project.

If it is you, the Data Subject, who has decided to enter into the subscription agreement or a trial agreement, Rendra AS will be the Controller of your Personal Data.

The purpose of The Application Service is to provide access to the 3D BIM models and drawings for all disciplines  for the project you are working with. The application service also aim to make different workflows less paperbased, such as digital defect management, digital inspection, handovers, documentation of the executed work and overview of the projects you are part of. Further, The Application Service aims to facilitate the communication by showing all the reports of issues/tasks made by different users or administrators registered on the same project as you, as well as their contact information. For you to be able to participate as a member of a project, we need to collect some Personal Data. As long as the project and your account are active, this Personal Data will be visible for everyone within the projects that you are part of.

If you enter into a subscription agreement as a student or as a user of our 10 days free trial subscription, you will use The Application Service for testing purposes.

The information we collect is used to provide, develop and improve The Application Service and The Application Service’s security features.

Our website contains links to other websites whose privacy practices may differ from ours. Rendra AS is not cooperating with such websites and we are not responsible for any of the companies running such websites. If you submit Personal Data to any of those sites, your information is governed by their privacy policies.

4. Principles

Protecting your privacy is a core part of Rendra AS’ mission. You trust us to take care of your data, and we strive to be worthy of that trust.

We pledge to:

1. Be transparent about how we collect, use and store your data.
2. Use your data only for the purpose for which we have collected it.
3. Not to collect or process more Personal Data that we need in order to provide you with The Service and continue to develop those services for your benefit.
4. Design The Service to inherently protect your privacy (privacy by design).
5. Not to store Personal Data for longer than needed.
6. Enable you to delete and correct Personal Data that is wrong or you do not wish to keep.
7. Only to share your data when it benefits you as a customer and according to this privacy document.
8. Use the appropriate security practices and tools to protect your data.

5. Legal basis for the processing

In order for you to use The Service in accordance with its purpose, it is required that you provide the name of your company, your name, email address and telephone number. Thus, the legal basis for processing is the performance of our contract with your employer or the like. Your employer has in place the legal basis for processing towards you. If it is you, the Data Subject, who has decided to enter into the subscription agreement or a trial agreement, the performance of our agreement will be the legal basis of our processing of your Personal Data.

However, StreamBIM uses an US. based provider, Intercom, for the purpose of handling costumer support and costumer chat. The transferring Personal Data to a Intercom entity outside the EEA area is mainly based on Intercom Binding Corporate Rules. If not applicable, the transfer is based on EU standard contractual clauses or the Privacy Shield Framework. Please see clause 10 for more information.

Rendra AS will send news and updates by e-mail. You may choose to stop receiving our newsletter or other emails by following the unsubscribe instructions included in these emails or you may contact us directly.

If you subscribe to The Application Service as a student, Rendra AS reserves the right to request an annual confirmation from the student mail to confirm that the Data Subject are still a student. The legal basis for this performance is the necessity for performing of the subscription contract you have entered into with Rendra AS.

Rendra AS may update this Privacy Policy from time to time on the web page https://streambim.com/ In case of a significant change in the way Personal Data is used that is outlined in this Privacy Policy, we will alert account owners of The Service prior to the change. We may also update this privacy statement to reflect changes to our Personal Data practices.

Norwegian law applies.

6. Safety measures

The protection of your Personal Data is a high priority for us. We continuously work to protect Personal Data and other confidential information. Our security measures include physical, technical and administrative measures. In order to ensure good customer support, selected employees have access to the customers’ projects.

Our employees receive training and guidance on how to handle Personal Data safely. We have routines and access control to prevent unauthorized disclosure and unauthorized access to your Personal Data. We also have procedures and measures that prevent Personal Data loss, as well as loss and destruction of the systems where Personal Data is stored. We ensure that the processing of Personal Data is done correctly and safely and that the treatment is protected against harmful software.

All communication between users and Rendra’s servers are secured with HTTPS. Login information and all other data is encrypted, and server authenticity is verified. Full security depends on up-to-data software and patches; we regularly test our servers with SSLLabs online tools to check that we get an “A” grade, ie no known vulnerabilities.

Clients logging into StreamBIM get a unique session authentication key (JWT token) from AWS. This key ensures that our servers know which user is attempting which operation, and is used to enforce access control rules. The key expires after a certain time, after which the user must login again. AWS store e-mail, IP-adresses and login attempts for diagnostic purposes.

All customer projects are separated from each other. A project is physically unable to access another project’s database.

We ensure that Personal Data is protected in connection with the transfer of Personal Data both internally and externally. We ensure that any external party handling the data complies with a satisfactory level of security. Any threats to data security are handled efficiently as security and the protection of your Personal Data is part of the daily work of our business. We comply with the requirements for the protection and safeguarding of Personal Data as provided by applicable privacy laws.

Any breach of security practices will be documented and we have procedures and capacity to detect and deal with any breaches of security. If a security breach is detected, this will be reported to the management, the risk of privacy breaches is assessed, and Datatilsynet will be notified where necessary. You will also be notified as a user if the breach poses a risk to you and your rights.

7. Your rights as data subject

Your Personal Data is processed in accordance with the Norwegian implementation of the General Data Protection Regulation (GDPR) (Regulation 2016/679). Hereunder you have the right to:

• Require that incorrect, unnecessary, inadequate or outdated Personal Data will be corrected or removed,
• Be informed about the Personal Data we are processing.
• Require that the Personal Data we process for you can be delivered in a structured, widely used and machine-readable format that allows you to bring the information to another business.

If you seek access to the Personal Data we are processing, or who seek to correct, amend, or delete inaccurate data, please direct your enquiry to your employer, or you may contact Rendra AS at: office@rendra.io.

8. What kind of data do we collect

8.1 The StreamBIM app collect:

• Your company’s name (if applicable), your name, telephone number and email address the first time you register as a customer or user. This information can be edited by you at anytime, and is available for the project members.
• Information comprising the type of device you use, operating system version, and the device identifier. This is logged for diagnostic and security purposes.
• User activity and usage of features provided by the application Service for diagnostic purposes.

8.2 The product website collect

• The product website (www.streambim.com) uses Google Analytics for statistical data analysis.
• Rendra AS uses “cookies”, a small amount of anonymous information, to store some relevant session information. Rendra AS may store and access such “cookies” on your computer.
• The product website employs both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. We set a persistent cookie to store your preferences. You can remove persistent cookies by following directions provided in your Internet browser. If you reject cookies, you may still use our site, but your ability to use The Service may be limited or not functioning at all.
• We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective. We do not tie the information gathered by clear gifs to personally identifiable information. The clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.

9. How we use your data

The information we collect is used to provide, develop and improve The Service including and The Service’s security features.

We may also use the information we collect in an aggregated, non-identified form of usage statistics for research purposes and to help us make decisions on marketing, product development and business activities.

We may share non-Personal Data (for example, aggregated or anonymized customer data) publicly and with our partners. For example, we may publish research on, or help us generally improve our system. We may also share non-Personal Data with our partners, for instance if they are interested in offering other services on StreamBIM.

10. Where we process your data/ third parties

Rendra AS will not sell this information, rent it or exchange it with any third party.

We will share your Personal Data with third parties only in the ways that are described in this Privacy Policy.

The following are the limited situations where we may share Personal Data:

Amazon Web Services (AWS): The personal data we collect from you is transferred to our European data processing centre. Currently this data centre is operated by AWS, which is the world largest data centre operator for cloud services. AWS is world renowned for its industry leading security and performance. Read more: https://aws.amazon.com/security/

The AWS data centres we use are placed within the European Union (EU) and/or European Economic Area (EEA). Audio and video data is never transferred out of the EU or EEA.

Intercom

Rendra’s clients are provided with costumer support and customer chat from Intercom Inc. The company is located in USA, however Intercom has certified adherence to and commits to apply the Privacy Shield. In the case of transferring Personal Data to a Intercom entity outside the EEA area, this will be done based on Intercom Binding Corporate Rules as describe here, which establish adequate protection of the Personal Data and are legally binding on the Intercom Group. Where Intercom Binding Corporate Rules do not apply, Intercom will instead rely on other lawful measures to transfer your Personal Data outside the EEA and Switzerland, such as the EU standard contractual clauses or Privacy Shield Framework.

For more information about Intercom´s privacy policy: https://www.intercom.com/terms-and-policies#privacy

Cognito

Clients logging into StreamBIM get a unique session authentication key (JWT token) from AWS. This key ensures that our servers know which user is attempting which operation, and is used to enforce access control rules. The key expires after a certain time, after which the user must login again. AWS store e-mail, IP-adresses and login attempts for diagnostic purposes.

Rendra AS retains its right to share your information with the authorities as required by law when we believe in good faith that disclosure is necessary to; protect our rights, protect your safety or the safety of others; investigate fraud; or respond to a government request; to any other third party with your prior consent to do so.

11. How long we store your information

Rendra AS will not to store personal data for longer than needed. We will however retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Your personal data is only processed by Rendra AS for as long as your employer subscribes to The Application Service’s project that you are a part of.

12. Contact information

Rendra AS

Address:

Strandveien 37, 1366 LYSAKER

Postboks 577, 1327 Lysaker, NORWAY

Mail; office@rendra.io

Phone number: + 47 24 07 67 67