Last update December 2023
Platform Privacy Policy
Thank you for using the BuildingMinds Platform (“Platform”) and/or your interest in other BuildingMinds products and services.
1. Introduction
At BuildingMinds (BuildingMinds GmbH, Schindler-Platz, 12105 Berlin, Germany, email: info@buildingminds.com), we strive to honour the privacy and security of our users, customers and suppliers, as well as their representatives, in relation to all products, services and websites or platforms provided by us and information exchanged with us. Please read this document (“Platform Privacy Policy”) carefully to understand our policies regarding the treatment of your personal data. This Platform Privacy Policy applies to individuals who interact with our Platform or related products and services, such as connected mobile and web applications, and only to the extent we act as controller under relevant data protection laws. Contact details of our data protection officer can be found at Section 4 below.
2. Purpose of the Platform and related products and services
The Platform may include, among other things, the following features and functionalities, depending on the Platform scope individually agreed upon in the Platform Services Agreement, Order Form, or Free Trial:
Integrate site and building master data as digital twin;
Visualize 3D models as extension of digital twins if provided;
Manage and report on energy performance certificates and green building certificates;
Manage energy and resource consumption data of buildings and track across funds;
Analyze the calculated operational emissions (operational CO2 footprint);
Analyze the stranding risk of single buildings or funds based on industry specific benchmarks;
Simulate regulatory CO2 costs;
Analyze the impact of retrofit measures on stranding risks, simulated energy and resource consumption data and operational emissions;
Report data and KPIs for industry specific ESG reporting frameworks;
Integrate and report on lease and operational cost data;
Manage workspaces and track space utilization.
3. Purpose of this Platform Privacy Policy
This Platform Privacy Policy explains how we handle and treat your personal data when you use the Platform and/or related products or services in case we act as controller of a processing of your personal data.
We treat personal data in accordance with applicable data protection laws. To this end, we have issued this Platform Privacy Policy. It describes how we collect and further process personal data in the role of a controller when you (i) use the Platform, (ii) use related products or services, such as connected mobile and web applications or demo/test versions of our products, or (iii) engage with us via the Platform, related products or services (e.g., through submitting data by way of filling out forms). This Platform Privacy Policy describes the type of personal data that we collect from users of the Platform and related products or services, the method of collection and the purposes for which we may use, share or disclose such personal data as controller. The term “personal data” in this Platform Privacy Policy means any information that identifies, or could reasonably be used to identify, any natural person. The term “controller” in this Platform Privacy Policy means anyone who, alone or jointly with others, determines the purposes and means of the processing of personal data.
If you provide us with personal data of other persons
If you provide us with personal data of other persons (such as work colleagues), it is your responsibility to ensure the respective persons are aware of this Platform Privacy Policy and only provide us with their data if you are allowed to do so and such personal data is correct.
4. How to contact us or our external data protection officer
If you have any questions or comments regarding this Platform Privacy Policy, your personal data or data privacy at BuildingMinds, please contact us at: privacy@buildingminds.com or our external data protection officer provided by:
intersoft consulting services AG
Beim Strohhause 17
20097 Hamburg DSB-BuildingMinds@intersoft-consulting.de
5. How we collect and process personal data when, how and what kind of personal data we collect
We treat personal data in accordance with applicable data protection laws. We may collect your personal data in the course of our business, including through your use of our Platform, or related products and services.
We may receive data submitted by you
The Platform and our related products and services may include specific forms through which you can request further information about our products and services and/or provide feedback to us. When you provide feedback or electronically pass any other information to us in any way (e.g., via a contact form, e-mail etc.) you may be asked to provide certain information, including, but not limited to, contact details (e.g., your name, title, company, address, phone number, e-mail address or line of business).
We may automatically log certain technical information
By using our Platform and/or related products or services, certain technical and other information is automatically disclosed by your computer or other electronic device that you use and logged by us (such as your network address or the type of your browser) for operational and security purposes, and to better understand the usage of our Platform and/or related products or services. Please see section 14 of this Platform Privacy Policy “Cookies and other means of identification” for further information.
6. Purpose of processing, categories of personal data, legal grounds
Please consult the table below to see, in cases in which you use our Platform and/or related products or services and we act as a controller of your data, for which purposes we process (use, store, share, etc.) personal data, which categories of personal data are being processed as well as the legal grounds for such processing.
Purpose | Categories of personal data | Legal grounds |
|---|---|---|
When you log in to the Platform or our mobile or web applications: The personal data we collect allow us to personalize your experience on our Platform or our mobile or web applications, to optimize our content for you and for your computer or other electronic device. | IP address, registration data, date and time. | The processing of your personal data is necessary to administer our Platform and related products and services. This may be to fulfil contractual obligations (vis-à-vis our customers) and/or to pursue other legitimate interests (e.g., maintaining Platform functionality, offering content). |
When you use our Platform: The personal data we collect allow us to optimize our content for you and for your computer or other electronic device (e.g., screen size and language), maintain the access and availability of your data. We use Microsoft Azure to host our Platform and store the data therein. We also use the Microsoft service Application Insights to ensure security and availability of our Platform. Data that is collected for the purpose of analysing user behaviour on the Platform is anonymized and therefore unrelated to any registration data. This service is provided by Microsoft Clarity. | IP address, session duration, user behaviour, type of browser and device. | The processing of your personal data is essential to provide our Platform and related products and services. This may be to fulfil contractual obligations (vis-à-vis our customers) and/or to pursue other legitimate interests (e.g. maintaining customer satisfaction and Platform functionality, offering content, improving and developing new products and services). The interest in continuing this processing due to stability and functional reasons regularly outweighs the data subject’s right to object. |
When you use a demo/test version of our products or services. When you use a demo/test version of our services or products, we collect and process personal data that is necessary to provide the access to the data, demo/test. We also collect personal email address data to ensure stability and security of the demo/test. | Registration data, IP address, e-mail address. | Contractual obligations (requested demo/test for contracted Proof of Concept or Free Trial) or to pursue other legitimate interests (e.g., maintaining functionality, offering content, security, stability). The interest in continuing this processing due to stability and functional reasons regularly outweighs the data subject’s right to object. |
When you submit data with a contact request. The personal data we collect allow us to process your specific request and our specific response thereto. | Contact details and information in your contact request. | The process of your personal data is necessary to administer your request and provide and appropriate response. This may be to pursue legitimate interests (e.g., maintaining customer satisfaction, improving and developing new products and services). |
7. Automated decision-making including profiling We make no automated decisions and profiling according to Art. 22 GDPR
We do not intend to use the personal data we collect from you to make decisions based solely on automated processing. In addition, we do not intend to process your data automatically with the aim of evaluating certain personal aspects.
8. How long do we retain your personal data
We take every reasonable step to ensure that your personal data is only processed for the minimum period necessary for the purposes set out in this Platform Privacy Policy. We process and retain your personal data as long as required:
for the purposes for which we collected it;
for the performance of our contractual obligations, i.e., for the duration of the entire business relationship (from the initiation, during the performance of the contract until it is terminated); or
for compliance with legal obligations or other purposes pursued with the processing, as well as beyond this duration in accordance with legal retention and documentation obligations.
Personal data may also be retained:
for the period during which claims can be asserted against us;
insofar as we are otherwise legally obliged to do so; or
if legitimate business interests require further retention (e.g., for evidence and documentation purposes).
if legitimate business interests require further retention (e.g., for evidence and
documentation purposes).
As soon as your personal data is no longer required for the above-mentioned purposes and if no other legal grounds require keeping that data, it will be deleted or anonymized.
9. Transfer of personal data to other parties (in-/outside of the European Economic Area (EEA))
Who has access to your personal data
We may, pursuant to valid legal process, such as a search warrant, subpoena, or court/governmental order, allow access to any information (including such categories of personal data) provided to us, in order to comply with such process and to protect our rights and property.
We may share your personal data with third parties who provide services for us
Your personal data may be transferred to third parties to whom we subcontract parts of our activities and who therefore take part in data processing. This may for instance include hosting providers, technical support and any other relevant roles.
They will process such personal data only for the purposes listed in this Platform Privacy Policy and agree to treat it in accordance with this Platform Privacy Policy under data processing agreements in line with market standards and applicable laws. They may only process your personal data in the same way as we are permitted to process it.
We may transfer your personal data outside of the European Economic Area (EEA)
As we are a worldwide acting company, your personal data may be transferred to countries with a different level of data protection than the country from where you have submitted the personal data. In the event of transfer of personal data to a country outside of the European Economic Area (EEA), we systematically ensure the application of an adequate level of protection of such personal data by approved means (e.g. putting in place standard contractual clauses on the processing of personal data, in accordance with the EU Commission model clauses). You can request more information about such measures (including copies where relevant) by getting in touch with us through the contact details above.
We do not sell your personal data
Except as otherwise set forth in this Platform Privacy Policy or other data protection statements applicable in specific circumstances, we do not sell, trade, license or rent your personal data with any third parties.
10. Your rights
How to access your personal data and to make use of your other rights
Subject to applicable law, you have the following rights in respect of your personal data. You can exercise these rights by submitting your request to privacy@buildingminds.com
You will need to include your personal details as well as some means of verifying your identity (e.g. copy of identity card or driving license). If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected. Please also note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process your personal data.
10.1. Access right and data portability
You have the right to obtain confirmation of whether we processes personal data in relation to you and, if so, gain access to a copy thereof, according to Art. 15 GDPR. For certain kinds of data, you may also have a right to data portability.
10.2. Right of rectification and right to erasure
You have the right to rectify according to Art. 16 GDPR or obtain the erasure according to Art. 17 GDPR of your personal data, provided that the applicable legal requirements are met. The right to erasure is subject to various exceptions, notably as regards personal data whose processing is necessary to support litigation or for compliance with statutory retention requirements.
10.3. Right to restriction, right to object and right of consent withdrawal
You have the right to object to the processing of your personal data according to Art. 21 GDPR and we will implement such request
if we are relying on our own or someone else’s legitimate interests to process your personal data, except
if we can demonstrate compelling legal grounds for the processing of your personal data.
You can object to the use of your data for advertising purposes using electronic mail at any time without incurring any costs other than the transmission costs according to the basic tariffs.
You also have the right to request restriction of processing of your personal data according to Art. 18 GDPR in accordance with legal requirements, e.g., when the processing is unlawful and you oppose an erasure.
Where any processing is based on consent, you have the right to withdraw such consent at any time (without this affecting the processing prior to the consent withdrawal).
10.4. Right to lodge a complaint with the supervisory authorities
You have the right to lodge a complaint with the supervisory authority, in particular the data protection authority that is competent for your place of residence or our lead supervisory authority, namely:
Berliner Beauftragte für Datenschutz und Informationssicherheit Alt-Moabit 59-61
10555 Berlin
Entrance: Alt-Moabit 60
Tel.: +49 30 13889-0
Fax: +49 30 2155050
Email: mailbox@datenschutz-berlin.de
11. How we protect your personal data Security and confidentiality of your personal data
We are committed to keeping your personal data secure and we have implemented appropriate information security policies, rules and technical measures to protect your personal information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss.
All of our employees, partners, consultants, workers and data processors (i.e., those who process your personal data on our behalf, for the purposes listed above), who have access to, and are associated with the processing of your personal data, are obliged to respect the confidentiality of such data.
12. Personal data of children No collection of personal data from children
We do not knowingly collect information from children, in particular below the age of 13. If we learn that a child has provided us with personal data, we will remove such information from our files, unless we have the parents’ consent.
13. Links to third-party websites We may provide links to third-party websites
This Platform Privacy Policy applies only to the Platform as well as related products and services, but not to websites owned by third parties.
We may provide links to websites which we believe may be of interest to you. However, due to the nature of the internet, we cannot guarantee the privacy standards of such websites or assume responsibility for their contents.
This Platform Privacy Policy is not intended to be applicable to any linked, non-BuildingMinds website.
Whenever you open a link to other websites, you should exercise caution and read the privacy policies of the website in question. With respect to our public website (www.buildingminds.com), we refer to the applicable Privacy and Cookie Policy that can be found on that website.
14. Cookies and other means of identification
What is a cookie
A cookie is a small file that a website or online platform store on the visitor’s computer or mobile device. They are widely used in order to make websites and online platforms work, or work more efficiently, as well as to provide information to the owners of the website or online platforms.
Why we use cookies
We use cookies to distinguish you from other users of our Platform, or mobile or web applications to let you get access to the registered user area, to protect your data and our products and services, to let you navigate between Platform pages efficiently and to store your preferences. Cookies provide you with a good experience when you browse on our Platform or mobile or web applications and they help us tailor our Platform and related products services to your personal needs (e.g., by automatic choice of languages, changing Platform appearance according to devices used). They also allow us to gain customer feedback and improve our Platform. For this purpose, our cookies may contain your IP-address, the time of your access to our Platform, the duration of your stay on our Platform, or mobile or web applications, and similar information.
If you revisit our Platform, or mobile or web applications, we may recognize you, even if we do not know your identity.
Cookies set by us or third parties In many cases, these cookies lead to the use of your device’s processing or storage capabilities. Some of these cookies are set by us, others by third parties; some only last as long as your browser session, while others can stay active on your device for a longer period of time. Details are set out under the heading “What specific cookies we use” below.
The types of cookies we use
We may use the following types of cookies:
Functionality cookies (essential) are necessary for functionality purposes or services that you request or for the transmission of communications on our Platform. They cannot be switched off in our systems. Functionality cookies are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of our Platform will then not work as a consequence
Analytical cookies are used to carry out performance and audience metrics regarding our Platform. These cookies allow us to measure and improve the performance as well as the stability and security of our Platform. They help us to know which pages are the most and least popular and see how visitors move around the Platform. All information these cookies collect is aggregated and therefore anonymous. The legal basis for the use of the analytical cookie is your consent in accordance with Art. 6 para. 1 lit. a GDPR.
What specific cookies we use
Type of cookie | Cookie Name | Purpose | Duration/Expiry |
|---|---|---|---|
Analytical cookie | Azure Application Insights (User) | Improve Platform performance, design and features | 1 year |
Analytical cookie | Microsoft Clarity | Improve Platform performance, design and features | 1 year |
Functional cookie | Google firebase session cookie | Authenticate user during session = Persist authentication token locally | 1 hour |
15. Changes to this Platform Privacy Policy
We reserve the right, at our sole discretion, to change, modify, add, or remove portions from this Platform Privacy Policy at any time. We shall notify any such changes in according with applicable data protection legislation. We encourage you to regularly review this Platform Privacy Policy to make sure you are familiar with how we use your personal data.
