Privacy Policy

Compliance notice. This Policy complies with the EU General Data Protection Regulation (GDPR – EU 2016/679) and, where applicable, the Brazilian General Data Protection Law (Lei nº 13.709/2018 – LGPD).

If you have any questions about this Policy or how we handle your data, contact us at info@bimworkplace.com.

Data Controller

BIMWorkplace Lda., headquartered at Rua Luís Barroso, Nº 590, 4ºA, 4760-153 Vila Nova de Famalicão, Portugal, is the data controller of your personal data for the purposes described in this Privacy Policy. When our Services are provided to organizations, the organization acts as the data controller and BIMWorkplace acts as the data processor, in accordance with the relevant contract and applicable data protection laws.

What Personal Data We Collect

• Account information: name, email address, phone number, company name, payment information, billing address, and details of users you invite to your BIMWorkplace account.
• Services data: information you upload, submit, or process in our Services (including BIM models, documents, metadata).
• Usage data: technical information such as browser type, device, operating system, add-ons, IP address, log data, and interactions with our Services.
• Cookies and similar technologies: used for authentication, session management, and to remember your preferences. Analytics or marketing cookies are used only with your consent.

We do not intentionally collect sensitive personal data (e.g., data relating to health, religion, political beliefs, or biometric identifiers).

Why We Collect and How We Use Data

• Contractual necessity: create and manage your account, provide and maintain the Services, process payments, and deliver customer support.
• Legitimate interests: improve the Services and user experience; ensure security and integrity; prevent fraud and misuse; generate anonymized or aggregated statistics.
• Consent: send marketing communications and use non-essential cookies. You can withdraw consent at any time without affecting prior lawful processing.
• Legal obligation: comply with accounting, tax, or regulatory requirements and respond to lawful requests from authorities.
• Other lawful bases under GDPR/LGPD, where applicable.

Cookies

We use cookies and similar technologies to operate the Services (e.g., authentication, session management, preferences). Analytics and marketing cookies are used only if you consent through our cookie banner or settings. You can change your preferences at any time.

Data Sharing

We do not sell your personal data. We may share data as follows:

• Trusted service providers (processors): hosting, payment processing, email/SMS services, analytics — only as necessary and under contracts requiring confidentiality, security, and compliance with applicable law.
• Your organization: if you access the Services via a company account, your administrator may control and access certain account information.
• Authorities and legal requests: where required by law, court order, or to protect rights, safety, property, and to prevent fraud or abuse.

International Data Transfers

Your personal data may be stored or processed in the European Union. Where transfers outside the EEA (including to the United States) occur, we implement appropriate safeguards such as the European Commission's Standard Contractual Clauses (SCCs) and equivalent protection mechanisms under the GDPR and the LGPD.

Data Retention

• Account and usage data: retained while your account is active and for a short period thereafter for deactivation and audit purposes.
• Billing and payment records: retained for 10 years to meet tax and accounting obligations.
• Backups: may persist for a limited, defined period and are securely deleted thereafter.

Security Measures

We implement technical and organizational measures to protect your data, including encryption in transit and at rest, secure authentication, role-based access controls, event logging and monitoring, and hosting in certified data centers (e.g., ISO/IEC 27001 or equivalent).

Your Rights

Under the GDPR and, where applicable, the LGPD, you have the following rights:

• Access — obtain a copy of your personal data.
• Rectification — correct inaccurate or incomplete data.
• Erasure (“right to be forgotten”) / Deletion.
• Restriction — limit processing in certain circumstances.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests and to direct marketing.
• Withdraw consent — when processing relies on consent.
• Lodge a complaint with the CNPD (Portugal) or the ANPD (Brazil), as applicable.

To exercise your rights, contact info@bimworkplace.com. For users in Brazil, the same contact serves as the Data Protection Officer (“DPO”) and “Encarregado” under the LGPD.

Children's Privacy

Our Services are not directed to individuals under 16. We do not knowingly collect personal data from children. If we become aware of such collection, we will delete the data promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email and/or by posting a notice on our website before the changes take effect.

Contact

BIMWorkplace Lda. — Rua Luís Barroso, Nº 590, 4ºA, 4760-153 Vila Nova de Famalicão, Portugal · info@bimworkplace.com