Graphisoft Asia Personal Information Collection Statement (“PICS”)

This document is effective from 10 August, 2020

Please note that due to differences between Hong Kong Privacy Law and the EU General Data Protection Regulation, this PICS is applicable only where the Hong Kong Privacy Policy Statement (“PPS”) applies.

1. INTRODUCTION

This PICS is issued by Graphisoft Asia Limited (registered address: Admiralty Centre, Tower 2/ Level 11, 18 Harcourt Road, Admiralty, Hong Kong); hereinafter: Graphisoft) acting as data user while complying with the requirements of the Personal Data (Privacy) Ordinance, Cap. 486 of the laws of Hong Kong (the “PDPO”).

This statement intends to notify you why your personal data (defined below) is collected, how it will be used, to whom the personal data will be transferred and to whom data access and correction requests are to be addressed.

2. WHAT IS “PERSONAL DATA”?

“Personal data” is defined under the PDPO to mean any data:

relating directly or indirectly to a living individual;

from which it is practicable for the identity of the individual to be directly or indirectly ascertained; and

in a form in which access to or processing of the data is practicable.

3. PURPOSE OF COLLECTION

From time to time, Graphisoft may collect your personal data to provide Graphisoft’s services to you and to improve Graphisoft’s system so as to make your customer experience better. The personal data collected from you will be used by Graphisoft for one or more of the following purposes:-

registering you as a new customer or user of Graphisoft websites as listed in the PPS (“Websites”) or Graphisoft’s applications;

processing, administering and managing any contract entered into between you and Graphisoft;

ascertaining the kind of information and services to be provided to you;

processing any transactions or payments made by you and maintaining payment records;

contacting you or communicating with you via telephone call, text message, fax message, email and/or postal mail;

providing information and Graphisoft’s services to you;

improving Graphisoft Websites;

managing Graphisoft’s business relationship with you including but not limited to providing you with customer services and customer support, notifying you about changes to Graphisoft’s terms or the PPS and asking you to leave a review or take a survey (e.g. the Graphisoft Development Consultation Program);

administering and protecting Graphisoft’s business and Websites including but not limited to troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data);

delivering relevant content and advertisements to you and making recommendations to you about goods and service that may be of interest to you, if Graphisoft has obtained your express consent to the use of your personal data for this purpose;

preventing and detecting frauds, malicious software and managing security incidents;

complying with court orders and/or any disclosure requirements under the laws of Hong Kong;

processing your application (if any) for a job advertised by Graphisoft;

collecting and recovering money owed to Graphisoft; and

managing and resolving disputes between you and Graphisoft including but not limited to responding to legal process, pursuing legal rights and remedies, defending litigation and managing any complaints or claims.

Please note that you are not obliged to provide your personal data to Graphisoft but if you do not, Graphisoft may not be able to provide you with Graphisoft’s services and/or products.

Graphisoft will indicate in the relevant forms or applications if the required personal data is for obligatory or voluntary purposes. If personal data is to be used for an obligatory purpose, Graphisoft will not be able to provide the service for which you are applying if you fail to supply such personal data to Graphisoft. If personal data is only to be used for a voluntary purpose, you can choose not to supply such personal data to Graphisoft.

4. CLASSES OF TRANSFEREES

Please note that Graphisoft may disclose or transfer your personal data to one or more of the following parties in or outside Hong Kong for one or more of the purposes set out in this statement:-

Graphisoft’s head office, affiliates, subsidiaries and agents, including “Graphisoft Partners” as defined under the PPS, which operate the business of providing similar services as those provided to you by Graphisoft;

third party service providers facilitating Graphisoft’s provision of services and information to Graphisoft;

third party service providers providing software applications, functionality, data processing and/or IT systems and services to Graphisoft;

third party service providers assisting Graphisoft in Graphisoft’s internal administration and management;

third party service providers assisting Graphisoft with Graphisoft’s marketing activities;

auditors, lawyers, accountant and other professional advisers;

financial institutions, credit card companies, payment processors, credit information or reference bureau, collection agencies;

governmental, regulatory or judicial authorities and/or law enforcement body as required by, or in accordance with the applicable laws and/or regulations to which Graphisoft is subject;

third parties to whom Graphisoft may choose to sell, transfer, or merge parts of Graphisoft’s business or Graphisoft’s assets. Alternatively, Graphisoft may seek to acquire other businesses or merge with them. If a change happens to Graphisoft’s business, then the new owners may use your personal data in the same way as Graphisoft;

any other person or company who is under a duty of confidentiality to Graphisoft and has undertaken to keep such information confidential, provided that such person or company has a legitimate right to use such information; and

data processors as listed in the PPS.

5. USE OF PERSONAL DATA IN DIRECT MARKETING

Graphisoft intends to use “Identity Data” (including your full name, company, positon in company, user status), “Contact Data” (including your postal address, billing address, delivery address, location, company name, email address, phone number and contact preferences) and “Profile data” (including username, password, Graphisoft ID, purchases or orders made by you, your interests, preferences, feedback and survey responses and other similar interactions, data collected from and via emails and phone calls and other communications and other personal data derived from such data and decisions made on the basis of Profile Data) for direct marketing purposes to provide you with information relating to goods and / or services of Graphisoft and / or Graphisoft Partners via email, private messages, telephone, SMS, MMS, and other electronic means.

Graphisoft cannot use your personal data in direct marketing unless Graphisoft have your consent which includes an indication of no objection to the intended use.

If you consent to Graphisoft’s use of your personal data for the relevant direct marketing purposes, please indicate accordingly in the relevant forms and/or applications in the designated place by ticking the relevant box. If you tick the box, you agree that Graphisoft may use your personal data for the relevant direct marketing purposes.

If you want to withdraw your consents for Graphisoft to use your personal data for direct marketing purposes, you may, at any time without charge, (1) contact Graphisoft’s Data Protection Officer by sending an email to both privacy@graphisoft.com and to the relevant email based on your location (i.e. mail@graphisoft.com.sg for Singapore, mail@graphisoft.com.hk for Hong Kong, mail@graphisoft.cn for Mainland China) or (2) by adjusting your preferences in the privacy dashboard provided as part of some of Graphisoft’s services (e.g. “my profile”).

6. YOUR RIGHT TO ACCESS

You have the right to access your personal data, including requesting information on whether Graphisoft processes your data, which data are processed, and you may also request a copy of the data that you or a third person provided to Graphisoft and which data is being processed by Graphisoft.

If you submit the completed Data Access Request Form (Form OPS003) (the “DAR Form”) specified by the Privacy Commissioner for Personal Data to Graphisoft’s Data Protection Officer to confirm whether or not Graphisoft processes your personal data, then you have the right that obliges Graphisoft to confirm that it processes your personal data, or does not process your personal data.

Your right to obtain confirmation whether Graphisoft processes (or does not process) your personal data

1. does not include data that is anonymous;
2. includes the personal data that concern you;
3. does not include personal data that does not concern you; and
4. includes pseudonymous data that can be clearly linked to you.

Graphisoft shall provide you with a copy of your personal data if

1. you submit the DAR Form to Graphisoft;
2. Graphisoft confirms that it processes your personal data;
3. there is no contrary evidence that you do not wish to obtain a copy; and
4. you agree to and pay the fee imposed by Graphisoft which is directly related to and necessary without being excessive to comply with the data access request.

Please also note that many of Graphisoft Websites and applications allow you to access or edit your personal information by accessing the “my profile,” or a similar feature of the website or application you are using. Likewise, you can access files or photos you have stored in Graphisoft’s online services by logging in and using the functions they make available.

7. YOUR RIGHT TO RECTIFICATION

You have the right to the correction of your personal data. This enables you to ask that any inaccurate data Graphisoft holds about you be corrected.

Your right to obtain rectification of your data that are inaccurate

1. does not include data that is anonymous;
2. includes the personal data that concern you;
3. does not include personal data that does not concern you; and
4. includes pseudonymous data that can be clearly linked to you.

Graphisoft shall rectify your personal data if

1. Graphisoft processes your personal data;
2. Graphisoft is satisfied that the personal data in question are inaccurate;
3. you submit a data correction request (“DCR”) to Graphisoft; and
4. Graphisoft is satisfied that the correction in the DCR is accurate;

Graphisoft may verify any and all data provided to it. Graphisoft shall taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to communicate the rectification of your personal data to recipients of such personal data (if any). However, Graphisoft shall not communicate the rectification of personal data to recipients if the communication to such recipients is either impossible or involves a disproportionate effort.

Please also note that many of Graphisoft Websites and applications allow you to edit your personal information by accessing the “my profile”, or a similar feature of the website or application you are using. Likewise, you can edit files or delete photos you have stored in Graphisoft’s online services by logging in and using the functions they make available.

8. DATA PROTECTION OFFICER CONTACT DETAILS

Graphisoft’s contact details for data protection and privacy related matters are as follows:

Name: Graphisoft Asia Limited
Position: Data Protection Officer
Email address: privacy@graphisoft.com
Postal address: Admiralty Centre, Tower 2/ Level 11, 18 Harcourt Road, Admiralty, Hong Kong
Phone number: +852 3975 3260

9. PRIVACY POLICY STATEMENT

You can find out more about Graphisoft’s policies on privacy and personal data protection by accessing Graphisoft’s PPS available on Graphisoft’s Website at https://graphisoft.com/legal/graphisoft-asia-privacy-policy-statement