Logo
Logo
FAQs for Users
    Ask for info     Reserved Area     IT | EN | FR | ES | BR
Logo

Privacy policy

Privacy Notice to Users

This privacy policy describes how we, Emmeti S.p.A., as the legally responsible data controller, collect and process personal data about our customers, for our marketing, and on our website.
In case you have any questions or wish to exercise your rights in respect of your personal data, you may contact us at: [email protected]

The personal data we collect and process

Customer information
If you are our customer or the representative of one of our customers, we may collect the following data about you: your name, title, position, contact details, customer type, geographic locale, preferred language, and, if you represent an organisational customer, the organisation you represent. Additionally, we will keep records of your contacts and correspondence with us (e.g., email correspondence and feedback you give us, notes of your meetings with us, etc.).
We may also collect information about whether you have consented to us publishing information about you on our website and the relevant description.

We generally receive this customer information directly from you. Still, we may also receive some information from the organisation you represent (e.g., your employer may have provided us with your name and contact details as the contact person for orders your employer has made). In some cases, we may also receive information from publicly available sources (e.g., we may check your phone number from your company’s website or a directory service).
Finally, we may receive information about you from other members of our companies (if you, e.g., first contacted another entity in our group).
If you do not provide us with the required customer information, we may not be able to enter into an agreement with you or the organisation you represent.

Other marketing information
We may also collect other marketing-rated information about you, irrespective of whether you are our customer or not.
This may include your name, contact details, organisational affiliation, information about whether you subscribe to any of our newsletters or have asked us to send you content (e.g., whitepapers or the like), or have consented or objected to direct electronic marketing or another specific interest, information about whether you have opened our electronic mailings, pages on our website you have visited, geographic locale, preferred language, as well as records of your contacts and correspondence with us (e.g., email correspondence and feedback you give us). We generally receive much of this other marketing information directly from you, e.g., when you contact us to ask for information about our products or when you subscribe to our newsletters. We may also receive information from social media platforms when you engage with our content or accounts on those platforms (e.g., like a post by us or post a public or private message to us). We may also receive information about you from other members of our group of companies (if you, e.g., first contacted another entity in our group).

Website usage data
We also collect certain website analytics information about how our website is used, which pages are popular, how visitors arrive at our website, how much time they spend on the page, their geographic locale, browser settings, and similar data. This website usage data is generally anonymous, and we do not seek to identify specific visitors (except when they, e.g., sign up for a newsletter or contact us; see other marketing data above), but the data may, in principle may be identifiable at the time of collection using, e.g., your IP address. Please see below for more information on how we use website analytics.

Purpose and lawful basis for collecting and processing your personal data

We collect and process your customer information primarily to perform our obligations under the relevant agreement between you and us and/or to, at your request, take preparatory steps for entering into the agreement. For example, suppose you are not our direct customer but instead a representative of our customer. In that case, we process your customer data for our legitimate interest to perform our obligations under our agreement with the customer you represent and to take preparatory steps for entering into the agreement. We may also, in some cases, collect and process your customer information to comply with legal obligations applicable to us. This is the case for, e.g., such accounting materials and receipts that we, by law, are required to retain. This might also be the case for customer feedback concerning potential safety issues that we might also, in some cases, need to retain by law.

We also collect and process your customer information and other marketing information following your free and specific consent. This might mean sending you electronic communications about our products or services or inviting you to relevant events . In addition, we collect and process the website usage data following your free and specific consent on the cookies banner. We use such data to track how our website is used, what content is popular, and to identify popular products or product trends.
We also use such website usage data to ensure the safe, secure, and fast operation of our websites and to show you content relevant to other pages or content you have viewed. We do not use your personal data for automated decision-making.

Disclosures and transfers of your personal data; international transfers of data

In general, we do not give your above information to third parties.
There are, however, a few exceptions to this.
- Organisational customers. If you represent an organisational customer, we may provide that organisational customer with your customer information.
This can include informing the corporate customer who made a particular purchase or order, asked for a change, or made other arrangements in connection to the order.
This may be necessary, e.g., for billing-related purposes or other administrative purposes.
- Our group companies. We may also disclose your personal data to other companies in the same corporate group as we do. These group companies will process the data for the same terms and purposes as set out in this policy.
- Public disclosures. If you have consented to us mentioning you are our reseller, e.g., on our website, we may also publicly disclose the relevant information about you in that context.

Finally, we may also provide your data to service providers acting on our behalf (as so-called data processors). Such service providers include customary IT services providers and companies who provide us with, e.g., marketing-related services. We may also use, e.g., survey companies to collect feedback about our products or services. We may also use providers that may assist us in collecting results from paid marketing campaigns on, e.g., social media platforms.

As of the current date, we use at least the following service providers:
- Profacts. We occasionally use a company called Profacts BV to conduct customer surveys.
For more information about how Profacts collects personal data, please visit profacts.be/privacy
- Google Analytics 4. We also use Google Analytics 4, provided by Google LLC, to collect some of the website usage data. We have enabled the service’s anonymization function. Please see below for more information about how we use cookies on our website. For more information about Google Analytics 4 and how the service uses information that potentially could be connected to you, please also visit policies.google.com/technologies.
- CloudFlare. We use the service Cloudflare CDN (Content Distribution Network) of Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA, to provide website content distribution services. Cloudflare offers worldwide performance for our website through its content distribution network (CDN) and additional security against DDoS attacks. All data passed to or from our website passes through Cloudflare’s CDN. Normally, CloudFlare’s data centre closest to the user is used for this.
While CloudFlare also operates data centres outside the EU/EEA, according to CloudFlare, the cached data is usually deleted within 4 hours, but at the latest, within three days. For more information about Cloudflare CDN and Cloudflare’s privacy policy, please visit https://www.cloudflare.com/privacypolicy/.

Some of these service providers may, in part, also operate outside the European Union and European Economic Area (the “EU/EEA”) in jurisdictions where local law may not in itself offer a level of data protection that is equivalent to the level provided by law in the EU/EEA. Where we use a service provider that processes personal data outside the EU/EEA, we have generally agreed with the party by EU Commission’s model contract clauses that ensure safe data processing in third countries as well.
In some cases, the international transfer of the data may also be a necessary part of performing our contractual obligations towards the end customer, in which case the use of the model clauses is not required. We also ensure safe and lawful data processing abroad by other means. We can give you more detailed information on international data transfers if necessary.

Cookies

We also use cookies on our websites. Cookies are small text files saved to your device via your web browser. Cookies may be technically essential for the website's functionality and features but can also be used for non-essential analytics purposes.
Technically essential cookies include session cookies and other cookies that enable, for example, logging into our online services, complying with language settings, reviewing the contents of the shopping cart, and other similar technical functionalities (where available).
In addition, we use other cookies relating to web analytics (see above for information on the third-party service providers we use for this) to collect web usage data.
For non-essential cookies, we will ask for your consent to the use of cookies. You may withdraw your consent at any time, but this does not affect the lawfulness of measures already taken. You may also control how cookies are placed on your device using your web browser's settings.

Retention periods

We will process and store your personal data only for the period necessary to achieve the purpose of storage or as required or permitted under applicable laws.
More specifically, we may retain data about you as follows:

- Customer information: suppose no more specific retention period is provided for below. In that case, we generally retain your customer information for at least the duration of the relevant agreement(s) with us and, after that, for two years.
  - Accounting data: we may retain accounting records, invoices, receipts, and the like for the duration required under applicable laws, i.e., for ten years.
- Other marketing data: if no more specific retention period is provided for below, we generally retain other marketing data for two years from your last contact with us.
  - Newsletter subscriptions: information on you being sent a certain newsletter or marketing communications will be stored for as long as your subscription is active. You may opt-out of this kind of direct marketing at any time. If you have opted out of direct marketing, we may store the data relating to your objection or withdrawal to ensure that you do not mistakenly get added back to any marketing lists.
  - Social media data: where you engage with us on a social media platform, the data may be available on the platform as provided for in the relevant platform’s policies (if you, e.g., post a public message to our profile, that message may remain visible to all visitors to our profile for the duration normally applicable in that social media service).
- Website usage data: we generally do not seek to retain website usage data in an identifiable form. However, we retain such analytics data in general for 38 months.
- Materials related to legal claims: should we have reason to suspect that a legal claim may arise in the relation between us and you (or the organisation you represent), we may retain relevant data for a more extended period than mentioned above, as long as it is necessary for the defense, prosecution or evidentiary issues in connection to the legal claim. When the mentioned storage period ends, your personal data will either be deleted or anonymized, so it is no longer possible to identify you as an individual based on the data.

Your rights

Under European Union data protection law, you have at least the following rights in respect of your personal data that we collect or process:
- Right of access. You have the right to review the data we have collected from you. We can deny such requests only on grounds provided for in applicable law. Exercising this right is generally free of charge.
- Right to request rectification, erasure, or restriction of the processing. You have the right to request that we rectify erroneous data about you. In some cases, you also have the right to request that we delete the data about you that we have. In some cases, you may also request that we temporarily cease processing your personal data until other related request by you has been dealt with.
- Right to data portability. Where we process your data based on your consent or for the performance of a contract with you, you also have the right to request that we provide you the data in structured, commonly used, and machine-readable format or, in some cases, to have the data transmitted directly to another controller. However, this right does not apply where we collect or process the data for our legitimate interests (as explained above).
- Right to object. Where we collect and process personal data about you based on our legitimate interests (as explained above), you may also object to such processing based on grounds relating to your particular situation. If you object, we may only continue to process the data if we can demonstrate that there are overriding compelling legitimate grounds for the processing.
- Right to object to direct marketing. Nevertheless, you always have the right to object to direct marketing. If you object, we will no longer send you such marketing. Furthermore, where we send marketing based on your consent, you may withdraw your consent at any time.
- Right to withdraw consent. Where we collect and process personal data about you based on your consent, you may withdraw your consent at any time. Withdrawing your consent does not affect the legality of any data processing measures already undertaken before that time.
- Right to lodge a complaint with a supervisory authority. You are entitled to lodge a complaint with the competent supervisory authority if you think we have not complied with our obligations as a data controller.

Contact of supervisor authority:
Guarantor for the protection of personal data
Piazza Venezia n. 11 - 00187 Roma
www.gpdp.it - www.garanteprivacy.it
Phone: (+39) 06.69677.1


Notice to Clients and Suppliers 
Privacy Notice to BIMObject Contacts