We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at https://gocardless.com/legal/privacy/

Privacy Notice on personal data processing relating to the use of Direct Debit payment method

A. Contact details of the controller:

Name:
Graphisoft UK Limited (hereinafter: Graphisoft)
Registered office:
Harman House, 1 George Street, Uxbridge, UB8 1QQ, United Kingdom
E-mail address:
agirling@graphisoft.co.uk
Telephone number:
+44 (0) 01895 527590

B. Other data controller:

Name:
GoCardless Ltd (hereinafter: GoCardless)
Registered office:
Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom
E-mail address:
help@gocardless.com
Telephone number:
+44 20 8338 9540
Processing activity:
providing the Direct Debit service

For further information about the activity of GoCardless visit: https://gocardless.com/legal/privacy/

C. Data processor:

When receiving notifications and sending e-mails to the customers, Graphisoft uses Microsoft’s mail system.

For further information visit: https://privacy.microsoft.com/hu-hu/privacystatement

Other than the above, Graphisoft does not transfer personal data to any other recipient.

D. Description of the data processing:

To give you the opportunity to pay easily, Graphisoft uses the services of GoCardless, which provides the platform and the technical availability of the Direct Debit payment method. When providing its services, GoCardless acts as data controller.

To use the Direct Debit payment method, you need to register with GoCardless. To ensure the registration of the customer and the respective technical setups, Graphisoft sends you a link to the registration form, receives a notification about the sign up and access your contact details in GoCardless system. Registration data are processed by GoCardless in its own system, as data controller.

To give you the opportunity to report errors before the payment, Graphisoft sends you a notification e-mail containing your payment information.

As notification of payment completion, Graphisoft receives information of the successful payments.

If you have requested, Graphisoft will e-mail you a copy of your VAT invoice after the successful payment.

E. Purpose, legal basis and duration of the data processing

Purpose of data processing Legal basis of data processing Scope of the processed personal data Duration of data processing
To ensure the registration of the customer and the respective technical setups. Consent of the data subject according to point a) of Article 6(1) of GDPR

GoCardless registration data:

  • Identification data (name)
  • Contact data (e-mail address, address)
  • Registration details (date, status)
  • Payment plan

Data in the sign-up notification letter:

  • Identification data (name/company name)
 5 years after the termination of the contract
Sending advance notification of the payment to give the customer the opportunity to report errors before the payment Legitimate interest of Graphisoft according to point f) of Article 6(1) of GDPR: Making sure that the payment details are correct
  • Identification data (name, company)
  • Contact data (e-mail address, address)
  • Content of the notification letter
 12 months after the termination of the contract
Notification of payment completion Legitimate interest of Graphisoft according to point f) of Article 6(1) of GDPR: To ensure the proper operation of the Direct Debit payment method
  • Identification data (name)
  • Payment information
 12 months after the termination of the contract
Sending the customers a copy of their VAT invoice to confirm receipt of payment. Legal obligation of Graphisoft according to point c) of Article 6(1) of GDPR
  • Identification data (name, company)
  • Contact data (e-mail address)
  • Content of the vat invoice
 6 years after the invoice is issued
Creating and retaning financial records in accordance with the law Legal obligation of Graphisoft according to point c) of Article 6(1) of GDPR
  • Personal data in Graphisoft's financial accounts
 6 years after preparing the documents of the financial accounting

The data processed do not contain any special categories of personal data.

F. Data transfer outside the EEA, EU:

During Microsoft’s activities your personal data may be processed outside the EU, EEA countries. You can find more information about Microsoft's activities, and adequate guarantees for the protection of your personal data here: https://privacy.microsoft.com/hu-hu/privacystatement

During GoCardless activities your personal data may be processed outside the EU, EEA countries. You can find more information about GoCardless activities, and adequate guarantees for the protection of your personal data here: https://gocardless.com/legal/privacy/

Except for the above, Graphisoft does not transfer personal data outside the EU.

G. For Graphisoft’s data security measures and your data protection rights see the link below

Data Security Measures and Protection Rights