Policy active as of April 10th , 2018.
Means any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Means your employer or alike if it is your employer or alike who has decided that you will use The Service as a work tool and thus determine the purpose and the means of processing your Personal Data. If it is the Data Subject itself, who decided to enter into a subscription agreement or trial subscription, Rendra AS will be the Controller of your Personal Data.
Means Rendra AS if it is your employer or alike who has decided that you will use The Service as a work tool, as Rendra AS will Processes Personal Data on behalf of the Controller;
2. About this document
Your employer or the like has decided to make a subscription for our web-based solution StreamBIM (“The Service”) through our app and/or website for you as an end-user. As such your employer will be the Controller of your Personal Data.
If you, as a Data Subject, directly chose to make a subscription for The Service, Rendra AS will be the Controller of your Personal Data.
You can access The Service either by downloading the app in the App Store or Google Play, or by simply accessing your project from our website, www.streambim.com by using your Username and Password as subscribed to you by your employer.
3. Roles and purpose
If your employer or the like has decided that you will use The Service as a work tool and thus determine the purpose and the means of processing your Personal Data, your employer or the like will be the Controller of the Personal Data, which you, as an end user, provide when registering. If you have any inquiries or complaints, please contact your employer or the like directly.
Your employer or the like will provide all end users with a contact person within your employer’s company. The Service will register the contact person of your employer or the like as an “account owner” or “administrator,” which is authorized by your employer or the like to invite end-users by e-mail to participate in a specific project, as well as responding to requests regarding the data subject’s rights set forth in clause 7. The invitee has to accept this invitation and register before being able to join the project. There might be several Administrators as different companies may be part of the same project.
If it is you, the Data Subject, who has decided to enter into the subscription agreement or a trial agreement, Rendra AS will be the Controller of your Personal Data.
The purpose of The Service is to provide a fast and digital inspection and overview of the projects you are part of. Further, The Service aims to facilitate communication by showing all the reports of issues/tasks made by different users or administrators registered on the same project as you, as well as their contact information. For you to be able to participate as a member of a project, we need to collect some Personal Data. As long as the project and your account are active, this Personal Data will be visible for everyone within the projects that you are part of.
If you enter into a subscription agreement as a student or as a user of our 10 day free trial subscription, you will also use The Service for testing purposes.
The information we collect is used to provide, develop and improve The Service and The Service’s security features.
Our website contains links to other websites whose privacy practices may differ from ours. Rendra AS is not cooperating with such websites and we are not responsible for any of the companies running such websites. If you submit Personal Data to any of those sites, your information is governed by their privacy policies.
Protecting your privacy is a core part of Rendra AS’s mission. You trust us to take care of your data, and we strive to be worthy of that trust.
We pledge to:
- Be transparent about how we collect, use and store your data.
- Use your data only for the purpose for which we have collected it.
- Not to collect or process more Personal Data that we need in order to provide you with The Service and continue to develop those services for your benefit.
- Design The Service to inherently protect your privacy (privacy by design).
- Not to store Personal Data for longer than needed.
- Enable you to delete and correct Personal Data that is wrong or you do not wish to keep.
- Only to share your data when it benefits you as a customer and according to this privacy document.
- Use the appropriate security practices and tools to protect your data.
5. Legal basis for the processing
In order for you to use The Service in accordance with its purpose, it is required that you provide the name of your company, your name, email address and telephone number. Thus, the legal basis for processing is the performance of our contract with your employer or the like. Your employer has in place the legal basis for processing towards you. If it is you, the Data Subject, who has decided to enter into the subscription agreement or a trial agreement, the performance of our agreement will be the legal basis of our processing of your Personal Data.
However, StreamBIM uses a US-based provider, Intercom, for the purpose of handling customer support and customer chat. The transferring Personal Data to a Intercom entity outside the EEA area is mainly based on Intercom Binding Corporate Rules. If not applicable, the transfer is based on EU standard contractual clauses or the Privacy Shield Framework. Please see clause 9 for more information.
Rendra AS will send news and updates by e-mail. You may choose to stop receiving our newsletter or other emails by following the unsubscribe instructions included in these emails or you may contact us directly.
If you subscribe to The Service as a student, Rendra AS reserves the right to request an annual confirmation from the student mail to confirm that the Data Subject is still a student. The legal basis for this performance is the necessity for performing of the subscription contract you have entered into with Rendra AS.
Norwegian law applies.
6. Safety measures
The protection of your Personal Data is a high priority for us. We continuously work to protect Personal Data and other confidential information. Our security measures include physical, technical and administrative measures. In order to ensure good customer support, selected employees have access to the customers’ projects.
Our employees receive training and guidance on how to handle Personal Data safely. We have routines and access control to prevent unauthorized disclosure and unauthorized access to your Personal Data. We also have procedures and measures that prevent Personal Data loss, as well as loss and destruction of the systems where Personal Data is stored. We ensure that the processing of Personal Data is done correctly and safely and that the treatment is protected against harmful software.
All communication between users and Rendra’s servers are secured with HTTPS. Login information and all other data is encrypted, and server authenticity is verified. Full security depends on up-to-data software and patches; we regularly test our servers with SSLLabs online tools to check that we get an “A” grade, ie no known vulnerabilities.
Clients logging into StreamBIM get a unique session authentication key (OAuth protocol, JWT token). This key ensures that our servers know which user is attempting which operation, and is used to enforce access control rules. The key expires after a certain time, after which the user must login again.
All customer projects are separated from each other. A project is physically unable to access another project’s database.
We ensure that Personal Data is protected in connection with the transfer of Personal Data both internally and externally. We ensure that any external party handling the data complies with a satisfactory level of security. Any threats to data security are handled efficiently as security and the protection of your Personal Data is part of the daily work of our business. We comply with the requirements for the protection and safeguarding of Personal Data as provided by applicable privacy laws.
Any breach of security practices will be documented and we have procedures and capacity to detect and deal with any breaches of security. If a security breach is detected, this will be reported to the management, the risk of privacy breaches is assessed, and Datatilsynet will be notified where necessary. You will also be notified as a user if the breach poses a risk to you and your rights.
7. Your rights as data subject
Your Personal Data is processed in accordance with the Norwegian implementation of the General Data Protection Regulation (GDPR) (Regulation 2016/679). Hereunder you have the right to:
- Require that incorrect, unnecessary, inadequate or outdated Personal Data will be corrected or removed,
- Be informed about the Personal Data we are processing.
- Require that the Personal Data we process for you can be delivered in a structured, widely used and machine-readable format that allows you to bring the information to another business.
If you seek access to the Personal Data we are processing, or who seek to correct, amend, or delete inaccurate data, please direct your enquiry to your employer, or you may contact Rendra AS at: email@example.com.
8. What kind of data do we collect
8.1 The StreamBIM app collects:
- Your company’s name (if applicable), your name, telephone number and email address the first time you register as a customer or user.
- Information comprising the type of device you use, operating system version, and the device identifier.This is logged for diagnostic and security purposes.
8.2 The product website collects
- The product website (www.streambim.com) uses Google Analytics for statistical data analysis.
- Rendra AS uses “cookies,” a small amount of anonymous information, to store some relevant session information. Rendra AS may store and access such “cookies” on your computer.
- The product website employs both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. We set a persistent cookie to store your preferences. You can remove persistent cookies by following directions provided in your Internet browser. If you reject cookies, you may still use our site, but your ability to use The Service may be limited or not functioning at all.
- We employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that helps us better manage content on our site by informing us what content is effective. We do not tie the information gathered by clear gifs to personally identifiable information. The clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence.
9. How we use your data
The information we collect is used to provide, develop and improve The Service including The Service’s security features.
We may also use the information we collect in an aggregated, non-identified form of usage statistics for research purposes and to help us make decisions on marketing, product development and business activities.
We may share non-Personal Data (for example, aggregated or anonymized customer data) publicly and with our partners. For example, we may publish research on, or help us generally improve our system. We may also share non-Personal Data with our partners, for instance if they are interested in offering other services on StreamBIM.
10. Where we process your data/ third parties
Rendra AS will not sell this information, rent it or exchange it with any third party.
The following are the limited situations where we may share Personal Data:
Amazon Web Services (AWS):The personal data we collect from you is transferred to our European data processing centre. Currently this data centre is operated by AWS, which is the world largest data centre operator for cloud services. AWS is world renowned for its industry leading security and performance. Read more: https://aws.amazon.com/security/
The AWS data centres we use are placed within the European Union (EU) and/or European Economic Area (EEA). Audio and video data is never transferred out of the EU or EEA.
Rendra’s clients are provided with costumer support and customer chat from Intercom Inc. The company is located in the USA, however Intercom has certified adherence to and commits to apply the Privacy Shield. In the case of transferring Personal Data to a Intercom entity outside the EEA area, this will be done based on Intercom Binding Corporate Rules as described here, which establish adequate protection of the Personal Data and are legally binding on the Intercom Group. Where Intercom Binding Corporate Rules do not apply, Intercom will instead rely on other lawful measures to transfer your Personal Data outside the EEA and Switzerland, such as the EU standard contractual clauses or Privacy Shield Framework.
Rendra AS retains its right to share your information with the authorities as required by law when we believe in good faith that disclosure is necessary to; protect our rights, protect your safety or the safety of others; investigate fraud; or respond to a government request; to any other third party with your prior consent to do so.
11. How long we store your information
Rendra AS will not to store personal data for longer than needed or instructed by you. We will however retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Your personal data is only processed by Rendra AS for as long as your employer subscribes to The Service’s project that you are a part of.
Strandveien 37, 1366 LYSAKER
Postboks 577, 1327 Lysaker, NORWAY
Phone number: + 47 24 07 67 67