GRAPHISOFT ANNUAL CUSTOMER SURVEY– PRIVACY NOTICE

This Graphisoft Customer Survey Privacy Notice (the “Notice”) applies to the data processing taking place in relation to the personal data of survey participants (“Participants” or “You”) (“Survey”) where the survey is organized by Graphisoft SE (registered address: 1031 Budapest (GRAPHISOFT park), Záhony u. 7., Hungary; (hereinafter: Graphisoft or Data Controller).

Please read this document carefully. By completing the survey, you as the Participant acknowledge the terms of this privacy notice.

The data processing described in this Policy is in compliance with the applicable rules of law, in particular with the European General Data Protection Regulation (Regulation (EU) 2016 / 679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC) (“GDPR”).

1) Data Controller

For the purposes of this Notice Graphisoft determined the purposes and means of processing, consequently Graphisoft acts as Data Controller.

2) Data Processors

In order to conduct the survey, Graphisoft uses Microsoft Forms provided by Microsoft. To ensure the technical availability and support of the platform, Microsoft acts as data processor of Graphisoft SE.

Collected data will be stored by using Atlassian’s Confluence who acts as data processor of Graphisoft SE.

Other than the above, Graphisoft does not transfer personal data to any other recipient.

3) Description of the data processing:

Graphisoft provides an annual survey to its customers because Graphisoft wishes to:

• Better understand Customer’s segmentations in terms of geography and responsibilities to accurately evaluate customer satisfaction;
• Measure customer satisfaction with Graphisoft’s products and services; whether the they would recommend Graphisoft’s products and services to others;
• Measure how the customers perceive Graphisoft; the content of its marketing topics and quality of its product and services;
• Measure the trends of the provided answers for the above areas year on year basis.

Within the survey You have the option to provide your email address; if You decide to provide it then Graphisoft will track your personalized responses and might contact You with further questions in relation to your survey responses.

Your personalized survey responses will be retained for 10 years to have sufficient timeline to evaluate your trend, or until you withdraw your consent. (see section 7.7)

If you do not provide your email address, then your survey responses will be anonymized. It means that Graphisoft will no longer be able to link the responses to You and will only retain them in relation to the responder’s region to achieve the above-mentioned goals.

4)Purpose, legal basis and duration of the data processing

The purpose of the data processing is to measure customer satisfaction and obtain valuable feedbacks on how to improve Graphisoft’s products and services.

To provide better understanding of Graphisoft's data processing purpose, it is further detailed in section 5) regarding the personal data processed.

The legal base is Your consent according to point a) of Article 6(1) of GDPR; data retention period is 10 years unless You withdraw your consent.

5) The personal data processed by the Data Controller

Personal data	Processing purpose
First name Last name Job title Email address Region Company name Marketing consent preference	To send out the survey to You.
First name Last name Job title Email address Your preference whether to be contacted concerning the survey responses	Contact You concerning your survey responses.
First name Last name Job title Email address Region Company name Your survey responses	Measure Your customer satisfaction on personalized level, Track your responses during the current and upcoming surveys

— hereinafter referred to together as “the Data” —

6) Data transfer

Graphisoft might share your personalized survey responses with its local subsidiaries (the one relevant in your region) to contact You concerning your survey responses if You have consented to it.

Graphisoft will not share your personalized data with 3rd parties, except with Microsoft via the survey platform and Atlassian’s Confluence where data transfer outside of the EU might occur. You can find more information about Microsoft's activities here: https://privacy.microsoft.com/hu-hu/privacystatement  and Confluence activities here: https://www.atlassian.com/legal/privacy-policy#what-this-policy-covers 

7) Rights of the Participant concerning the data processing:

Data Security Measures and Protection Rights

8) Miscellaneous Provisions

8.1. Data Controller does not verify the personal data provided to Data Controller. Only the person providing the data is liable for the veracity of the data.

8.2. Data Controller in certain cases set forth by law – in particular on official judicial or police request, legal process based on infringement or the suspected infringement of copyrights, property or other rights; the infringement of Data Controller’s interests; the endangerment of the provision of services; mandatory delivery of data based on the law (e.g. auditor), etc. – makes the personal data of the Participant available to third parties.

8.3. With regard to technology, Data Controller implements appropriate technical and organizational measures necessary to ensure a level of security appropriate to the risk likely to occur in relation to the data processing regulated herein.

9) Modifications to the present document

Data Controller reserves the right to unilaterally modify the present document or any part thereof. Participants will be informed of any such modifications via e-mail sent to their registered e-mail addresses.

Budapest, 4 March 2023.