We use GoCardless to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at https://gocardless.com/legal/privacy/
Privacy Notice on personal data processing relating to the use of Direct Debit payment method
A. Contact details of the controller:
- Name:
- Graphisoft UK Limited (hereinafter: Graphisoft)
- Registered office:
- Harman House, 1 George Street, Uxbridge, UB8 1QQ, United Kingdom
- E-mail address:
- agirling@graphisoft.co.uk
- Telephone number:
- +44 (0) 01895 527590
B. Other data controller:
- Name:
- GoCardless Ltd (hereinafter: GoCardless)
- Registered office:
- Sutton Yard, 65 Goswell Road, London, EC1V 7EN, United Kingdom
- E-mail address:
- help@gocardless.com
- Telephone number:
- +44 20 8338 9540
- Processing activity:
- providing the Direct Debit service
For further information about the activity of GoCardless visit: https://gocardless.com/legal/privacy/
C. Data processor:
When receiving notifications and sending e-mails to the customers, Graphisoft uses Microsoft’s mail system.
For further information visit: https://privacy.microsoft.com/hu-hu/privacystatement
Other than the above, Graphisoft does not transfer personal data to any other recipient.
D. Description of the data processing:
To give you the opportunity to pay easily, Graphisoft uses the services of GoCardless, which provides the platform and the technical availability of the Direct Debit payment method. When providing its services, GoCardless acts as data controller.
To use the Direct Debit payment method, you need to register with GoCardless. To ensure the registration of the customer and the respective technical setups, Graphisoft sends you a link to the registration form, receives a notification about the sign up and access your contact details in GoCardless system. Registration data are processed by GoCardless in its own system, as data controller.
To give you the opportunity to report errors before the payment, Graphisoft sends you a notification e-mail containing your payment information.
As notification of payment completion, Graphisoft receives information of the successful payments.
If you have requested, Graphisoft will e-mail you a copy of your VAT invoice after the successful payment.
E. Purpose, legal basis and duration of the data processing
Purpose of data processing | Legal basis of data processing | Scope of the processed personal data | Duration of data processing |
---|---|---|---|
To ensure the registration of the customer and the respective technical setups. | Consent of the data subject according to point a) of Article 6(1) of GDPR |
GoCardless registration data:
Data in the sign-up notification letter:
|
5 years after the termination of the contract |
Sending advance notification of the payment to give the customer the opportunity to report errors before the payment | Legitimate interest of Graphisoft according to point f) of Article 6(1) of GDPR: Making sure that the payment details are correct |
|
12 months after the termination of the contract |
Notification of payment completion | Legitimate interest of Graphisoft according to point f) of Article 6(1) of GDPR: To ensure the proper operation of the Direct Debit payment method |
|
12 months after the termination of the contract |
Sending the customers a copy of their VAT invoice to confirm receipt of payment. | Legal obligation of Graphisoft according to point c) of Article 6(1) of GDPR |
|
6 years after the invoice is issued |
Creating and retaning financial records in accordance with the law | Legal obligation of Graphisoft according to point c) of Article 6(1) of GDPR |
|
6 years after preparing the documents of the financial accounting |
The data processed do not contain any special categories of personal data.
F. Data transfer outside the EEA, EU:
During Microsoft’s activities your personal data may be processed outside the EU, EEA countries. You can find more information about Microsoft's activities, and adequate guarantees for the protection of your personal data here: https://privacy.microsoft.com/hu-hu/privacystatement
During GoCardless activities your personal data may be processed outside the EU, EEA countries. You can find more information about GoCardless activities, and adequate guarantees for the protection of your personal data here: https://gocardless.com/legal/privacy/
Except for the above, Graphisoft does not transfer personal data outside the EU.