1. General Provisions
1.2. Before using the Website and/or using the services or products provided by the Controller, you as a visitor of the Website (hereinafter – the Visitor) and/or a user of the services or products provided by the Controller (hereinafter – the User) must thoroughly read and become familiar with the Policy. By using the Website and/or services or products provided by the Controller, you confirm that you agree to adhere to the Policy.
1.3. If you disagree with the Policy or a certain part of it, you must not use the Website and/or services or products provided by the Controller. Otherwise it is presumed that you have become familiar with and unconditionally agreed to adhere to the Policy.
1.4. The Controller does not take any risk or responsibility and is unconditionally exempt from the same if you fail to become fully familiar with the Policy despite having had an opportunity to do so.
1.5. Without prior warning, the Controller has the right to limit the use of the Website services if you use the Website in a way that violates the Policy or tries to compromise the stability and security of the Website.
1.6. The Controller adheres to these principles of data processing:
- Personal data shall be processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
- Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
- Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
- Personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that inaccurate personal data, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
- Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes subject to implementation of the appropriate technical and organisational measures required to safeguard the rights and freedoms of the data subject (‘storage limitation’);
- Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’);
- The Controller shall be responsible for, and be able to demonstrate compliance with, the abovementioned principles (‘accountability’).
- By using third party services such as Facebook and other social network services, third party terms and conditions may apply. For example, Facebook provides a Data Policy to their users and visitors. Thus, by using services provided by such third parties, it is recommended to become familiar with their terms and conditions.
2. Personal data collection, processing and storage
2.1. By providing your personal data, you agree to the Controller’s processing it for purposes and by means and order laid out in the Policy and laws.
2.2. By providing personal data, you give the Controller the right, for the purposes laid out in the Policy, to collect, store, accumulate, classify, use, and process any and all personal data that you directly or indirectly provide by visiting the Website and using its services.
2.3. You are responsible for ensuring that the data you provide is precise, correct, and detailed. Input of incorrect data is considered to be a violation of the Policy. If the data provided changes, you must immediately inform the Controller about it. The Controller shall under no circumstances be responsible for damages that may arise for the User and (or) third parties if the User provided incorrect and (or) insufficient personal data or did not request supplementation and (or) correction of data when it changes.
3. Personal data processing for the purposes of the provision of products and services
3.1. By carrying out its business activities, the Controller provides the User with the services related to the creation and implementation of BIM solutions and software distribution, installation, and maintenance. Therefore, the Controller processes personal data in order to conclude and carry out a contract with the User (including activation of trial versions of the programs).
3.2. For the above mentioned purposes, the Controller processes these categories of personal data:
- Telephone number;
- Company (workplace);
3.3. If the User acquires a license, the Controller processes the full address of the User in addition to the data categories described above.
3.4. The data is collected directly from the User or the entity that purchases licenses for the User.
3.5. The data may be accessed by the IT service and server hosting the Controller acting as the data processors, with whom the Controller has concluded data processing agreements.
4. Personal data processing for the purpose of replying to queries
4.1. If you as a Visitor fill out a form on the Website in order to contact the Controller, then for the purpose of replying to said queries the Controller processes these categories of personal data:
- Telephone number;
- Company (workplace);
4.2. Legal basis for processing personal data for the purpose of replying to queries is a lawful interest of the Controller to provide answers and to contact persons who have taken interest in its products and/or services.
4.3. The abovementioned personal data are collected directly from the Visitor and shall not be provided to third parties.
5. Personal data processing for the purpose of replying to support requests
5.1. If you as a User fill out a form on the Website in order to contact the Controller with a support request, then for the purpose of replying to said requests the Controller processes these categories of personal data:
- Company (workplace);
5.2. Legal basis for processing personal data for the purpose of replying to support requests is a lawful interest of the Controller to provide technical support to the User and to carry out the contract concluded with the User.
5.3. The abovementioned personal data is collected directly from the User and shall not be provided to third parties.
6. Personal data processing for the purpose of registration to webinars
6.1. If you as a Visitor fill out a form on the Website in order to register for a webinar, then for the purpose of registration and carrying out webinars, the Controller processes these categories of personal data:
- Telephone number;
- Company (workplace);
6.2. Legal basis for processing personal data for the purpose of registration to webinars is a lawful interest of the Controller to register persons who have taken interest in its webinars.
6.3. The abovementioned personal data is collected directly from the Visitor and shall not be provided to third parties.
7. Personal data processing for the purpose of direct marketing
7.1. If you are a User of the Controller or you have otherwise expressed your consent, the Controller provides you with something that could be described as “direct marketing” – primarily email newsletters containing information related to ALLTO programs, services, and events. The legal basis for the processing of your personal data would be the consent given by you or the legitimate interest of the Data controller in providing you as a User with information about goods or services similar to the ones you have purchased.
7.2. You can give your consent by typing your e-mail, name, surname, and company name (workplace) into the corresponding boxes for the newsletter subscription and clicking on the corresponding subscribe button, by registering for events or registering software, and checking the box indicating your consent to receive newsletters.
7.3. Data processed by the Controller for direct marketing purposes shall not be provided to third parties.
7.4. Insofar as data processing is based on consent, you have the right to rescind your consent at any time with no effect on the lawfulness of prior data processing based on consent before its withdrawal.
8.1. When you visit the Website, the Controller desires to provide such content and functionality as would best suit your needs. To this end, cookies are used. Cookies are small-volume text files stored on your browser or device (personal computer, mobile phone, or tablet).
8.2. With cookies the Controller aims to provide a more enjoyable experience for the Visitor browsing the Website and to improve the Website itself.
8.3. The cookies used on the Website can be grouped into these types:
- Cookies that are essential for the Website’s operation are designed to enable the site to perform its core functions. These cookies allow the Visitor to browse the site and use its preferred features; for example, to provide access to secure areas for a particular site;
- Activity (analytical) cookies collect anonymous information about how the Visitor uses the Website. By providing information about areas visited, time spent on specific pages of the Website, and any problems you encounter, such as error messages, these cookies help the Controller understand how visitors behave on the Website. This information helps the Controller improve the Website’s performance.
8.4. You can delete or block cookies by selecting the appropriate settings in your browser that allow you to cancel all or some cookies. It should be noted that by using browser settings that block cookies (including essential cookies), you may experience problems using all or part of the Website’s features.
9. Facebook (pixel tags)
9.2. Visitor action pixels allow the Visitor’s behavior to be tracked after having been redirected to the Website by clicking on a Facebook ad. This enables the Controller to measure the effectiveness of Facebook ads for statistical and market research purposes. Data collected in this way is anonymous to the Controller, i.e. personal data of individual users is not collected by the Controller. However, this data is stored and processed by Facebook; hence, the Controller’s informing you, based on current knowledge of the situation. Facebook may link this information to your Facebook account and also use it for its own promotional purposes, in accordance with Facebook’s Data Usage Policy https://www.facebook.com/about/privacy/. You can allow Facebook and its partners to place ads on and off Facebook. A cookie may also be stored on your computer for these purposes.
9.3. Legal basis for the use of this service is a legitimate interest of the Controller or third parties. You can object to the collection of your data by Facebook pixel or to the use of your data for the purpose of displaying Facebook ads by contacting the following address: https://www.facebook.com/settings?tab=ads.
9.4. Facebook is certified under the Privacy Shield Agreement and thus guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active).
10. Procedures and timeframes of personal data storage
10.1. By processing and storing personal data of the User, the Controller shall implement organizational and technical measures that would ensure protection of personal data from accidental or unlawful destruction, modification, disclosure, and any other means of unlawful processing.
10.2. For the purpose of the provision of products and services, the Controller shall process personal data for 10 years after the end of business relations.
10.3. For the purpose of replying to queries, the Controller shall process personal data for 1 year from the submission of a query.
10.4. For the purpose of direct marketing, the Controller shall process personal data as long as you are its User or 10 years after receiving consent.
10.5. Exceptions to the above retention periods may be determined to the extent that such deviations do not violate the rights of the data subjects and comply with legal requirements.
11. Rights of the data subjects
11.1. You as a data subject shall at any time have the right to access your personal data processed by the Controller after making a request; to receive information on how your personal data is processed; to rectify incorrect, incomplete or inaccurate personal data; and to ask to suspend personal data processing actions when the data processing does not comply with laws and requirements of the Policy.
11.2. You can exercise your rights as a data subject by submitting a written application by e-mail firstname.lastname@example.org or mail to 67/18 Luy Ban Bich Str., Tan Phu Dist., HCMC, Vietnam, or by directly visiting the office of the Controller.
11.3. If you are not satisfied by an answer of the Controller or think that it processed your personal data in a way that does not comply with legal requirements, you can file a complaint with the State Data Protection Inspectorate of the Republic of Vietnam.
12. Final provisions
12.1. The Controller of the Website is not accountable for damages, including damages resulting from interference with usage of the Website, damage or loss of data arising from an act or omission by the User or third parties acting on behalf of the User, including incorrect input of data, other mistakes, conscious malicious behavior and other wrongful use of the Website. The Controller shall also not be held responsible for any interference of the Website log in/usage and (or) resulting damage that arises from acts or omissions of third parties not associated with the User, including issues with electricity, web access, etc.
12.2. The Controller reserves the right to change the Policy in part or in full.
12.3. Changes of or additions to the Policy shall take effect from the date of their publication on the Website.
12.4. If you continue to use the Website and/or products or services of the Controller after the Policy has been updated or changed, it is presumed that you agree to such additions and/or changes.
Updated Nov 12, 2020.