SummaryOn May 25, 2018 the European General Data Protection Regulation came into force (GDPR). This European law substitutes the country-specific laws and applies to all companies and organs that process personal data of natural EU residents. The heart of this law is to make it easier for EU residents to know what organisations have which personal data and what they do with it. In short: they get more control over their personal data. Design8 is very much in favor of such transparency and we’ll do whatever we can to operate in a GDPR compliant manner.
Design8 is distributor of 3D software and we deliver training and support to our much valued customers. In essence, we deal with three parties:
- You, being an end user of the software and purchasing software licenses directly with us or with one of our resellers;
- The Reseller of who you purchase the software licenses and to whom Design8 sells the software licenses;
- The Supplier where Design8 purchases the software licenses.
We acknowledge that the GDPR is targeted towards natural persons, not organisations. Design8 operates primarily business to business, so we register mainly company information. Often we deal with natural persons who act on behalf of an organisation. You may well understand that in such cases the registered information can hardly be personal nor privacy sensitive. However, sometimes we register personal email addresses and we deliver software to natural persons, mainly being students and teachers.
Also we acknowledge that we mainly register data of paying customers to whom we deliver services. In those cases the registration of data is part of a business agreement, which makes this registration perfectly legal and necessary to conduct good business practices.
Finally we state that the data registered by us is hardly riskful personal information. We mainly link license data to contact data and technical information (e.g. the type of computer and operating system being used). please read further where we clarify this. We never collect more data than is absolutely necessary and we don’t follow nor profile people.
Who is Design8?Design8 bv is a limited corporation, seated in the Netherlands, according to the Dutch Law having a Chamber of Commerce registration number 11063158. We are a 3D software distributor and have our principal place of business at Edisonstraat 24, 4004 JL in Tiel, the Netherlands. You may call us on our phone number +31344577884 or send an email to firstname.lastname@example.org.
Which personal data does Design8 collect?Design8 processes following personal data:
|Personal Data||More Specific||Reason||We share with|
Street / P.O.
|When we send an invoice, then by law it needs to be absolutely clear to all tax companies involved who the debitor is.||Our Accountant|
|We find it important to know in which regions our software is being used for statistical and support reasons. In case of support we will be able to direct you to the nearest possible reseller. In case of problems like software abuse or unpaid bills we need to be able to locate users.||Our suppliers.|
|Other Contact Details||
|We find it important to know who to address at an organization to speed up important communications about license statuses, options and consequences.||Our suppliers.|
|We find it important to approach our customers in a personal and correct manner, so we record your sexe to adjust our opening words accordingly.||Nobody.|
Next to these data we also log non-personal data, such as computer platform, industry & branch, products purchased and the reseller where these licenses were purchased. We don’t regard these data as being personal yet necessary to conduct proper business and service..
Where do we get your personal data?We process data that we receive from these parties:
Upon ordering a license or training with us directly you provide us your data, of which some may be personal.
In case of you wanting to download and try software, view a webinar or visit us at a trade show, or simply because you want us to keep you informed, you usually fill out a form with your data consenting that we may contact you.
|Reseller||Upon ordering a license or training with one of our resellers they provide your data to us, of which some may be personal.|
|Supplier||You may consent for our suppliers to hand over your data to us to help and inform you in your own language, currency and time zone.|
Why do we process your personal data?We do this to link you to your reseller and software licenses purchased and/or granted. Never to harm your personal interest or to know who you are as a person. It is crucial to keep track of which customers use which products purchased with which reseller to service and support them in our best possible way.
When changes apply to a product which is relevant to you, such as a price increase or the release of a new or additional version of the software you use, then we see it as good and professional business practice, and in your interest, to notify you in a fast and convenient manner.
When you call upon us for technical support, then we need to see exactly which products and versions you use, in which environment you use them and where you purchased these items.
Finally, our relationship is strictly business and based on a paid agreement, and as such we all have our responsibilities. You can read about these in our General Terms and in the License Agreements that you, when you are over 16 years of age, or your parent or guardian consent to before installing / starting the software.
Software not being a physical product makes it hard to compare to anything else you buy like e.g. a car. A car by nature cannot be in two places at the same time and belongs to you. A software license on the other hand is a granted use to a person (stand alone) or organization (network) and is able to be used at several locations at the same time. Also against your will, and that is why it is important to link you to your license and that we are able to identify you. The latter also is important to determine if you are entitled to e.g. a free upgrade or promotion, and student or teacher license.
You may protest the processing of your personal data by us at all times, see below.
Who do we share your personal data with?For reasons mentioned in the previous sections, our suppliers have a legitimate interest to know the contact details of licensed customers. A license by design is a personal right, which is granted to use the software. This makes it necessary to share personal data to link users and licenses. In the table below we have outlined suppliers per product, which makes it clear to you with which organisations your data is being shared after purchase. You will also find a link to their privacy information making it clear where you can turn to should you have any questions or concerns regarding your personal data:
|You buy a license for:||We share your data with:||Link to Privacy Information:|
|Rhinoceros / Flamingo / Penguin / Bongo||Nobody||-|
|SU Podium / ProWalker / SUAnimate||Nobody||-|
|Twinmotion / Artlantis / Render[in]||Nobody||-|
|Modo / Addons||maconcept., Rosbach vor der Höhe, Germany||https://www.maconcept.rocks/datenschutzerkl%C3%A4rung.html|
|Sefaira||Trimble Inc., Sunnyvale, California, USA||https://www.trimble.com/privacy|
|SketchUp Pro||Trimble Inc., Sunnyvale, California, USA||https://www.trimble.com/privacy|
|Altair Inspire / Thea||Altair solidThinking Inc., Troy, USA||https://www.altair.com/popup_privacy.htm|
|V-Ray||Chaos Group, Sofia, Bulgaria||https://www.chaosgroup.com/privacy|
|Dibac||Iscarnet, Iscar, Spain||https://www.iscarnet.com/aviso-legal/|
|PlaceMaker / Profile Builder / Artisan||MindSight Studios In., Hepburn, SK, Canada||https://mindsightstudios.com/privacy-policy/|
|Skalp||Skalp, Antwerpen, Belgium||-|
As long as Design8 executes business according to the GDPR, we are allowed to share data in countries: Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, the Isle of Man, Jersey, New Sealand, Switzerland, Uruguay and the USA.
Who has access to your personal data?Each Design8 employee has access to your personal data to be able to execute his or her function to its best. In our employment contract we have agreed to respect GDPR and they are fully aware of their obligations and your rights under the GDPR.
Suppliers with whom we share your data, listed in the table above, all comply to the GDPR, which we enforce by contract or procedure.
Where do we store your personal data?We are using a standard database system conforming to market standards in which we record, process and store your personal data. Of this data we make both internal as well as external backups for the obvious case in which your data gets lost due to e.g. fire or burglary. These backups may be regarded as being static and are not processed as regulated under the GDPR.
Licenses for some software titles are being purchased directly by you in our webshop. For this webshop we use standard webshop software conforming to market standards in which you yourself create an account, are able to make changes to and remove your own data. Your data is safely stored on our own secured server which is serviced by a Dutch data provider, who respects GDPR and doesn’t touch your personal data. In case you make your payment in our webshop through iDeal, your payment data is processed by a Dutch payment specialist company in an automated manner. This company also respects GDPR and doesn’t touch your data.
How long do we keep your personal data?We keep your personal data as long as there is an active software license registered to your name. After that, we respect the term in which we are legally obliged to keep our administration (in 2018 this was seven years). After that we keep your data anonymized.
What more can you expect from us?We get in touch with you
If your reseller doesn’t notify you that your data is being shared with us, we will send you an automated message stating this fact and from which organization we received your data within 30 days after we have received your personal data from our resellers or suppliers.
We have our own Data Protection Officer
According to GDPR we don’t need a Data Protection Officer, but still we want to make it easy for you to get in touch with us regarding your personal data. So here he is still, our Data Protection Officer:
We value your... Values!
You may request with us
At any time you may request to our Data Protection Officer, in writing:
- To see which personal data we process;
- To check if your personal data we process is correct;
- To change your personal data we process;
- To add to your personal data we process;
- To send your personal data that we process to a third party;
- o remove your personal data we process (see also about the Storage Period).
On your request we will send to you your personal data we process in a standard computer readable and electronic format.
In case you have created an account yourself online in one of our websites then please log in and process your data yourself. In other cases you are invited to make an appointment to visit our office in Tiel, the Netherlands.
We respond within 30 days after having received your request. Attention: our response sent by e-mail can be judged as being SPAM email and may never reach your Inbox. In case you haven’t heard back from us within 30 days, please check your SPAM folder and notify us immediately. You may call +31344577884 to inquire whether your message has been received by us in a good manner.
Any changes or removal requests that reach us, we will set through to our suppliers within 30 days.
We are legally allowed to ask for a small administrational fee to fulfill your request. Please inform about this when you place your request.
You may Object
In case you disagree with us processing your personal data you are legally allowed to make formal objections. Please put your objection in writing to us:
Att. the Data Protection Officer
NL-4004 JL TIEL
We will respond within 30 days after having received your objection. Attention: our response sent by e-mail can be judged as being SPAM email and may never reach your Inbox. In case you haven’t heard back from us within 30 days, please check your SPAM folder and notify us immediately. You may call +31344577884 to inquire whether your message has been received by us in a good manner.
We inform our resellers
We tell our resellers to be transparent about the collection and sharing of your personal data when you order with them that they purchase with us. Furthermore we encourage them to lead you to our privacy-information.
We have secured your data
Local Data is protected and encrypted on our servers and backups so that they cannot be viewed by third parties in case of theft. All of our systems require employees to log in using regularly changing passwords. They are logged out automatically after a period of inactivity.
The external Cloud services that we use for sharing, storing and backing up your personal data are protected according to current laws and market standards, operate with respect for the GDPR and will not touch your personal data.
Also, our external e-marketing systems have GDPR compliant protection and will not touch your personal data.
Data transfer over internet to and from our webshop is secured by SSL encryption
Local computers of Design8, including laptops who are being brought outside of our premacy, are in constant control of a Design8 employee and secured by user accounts that can only be accessed by regularly changing passwords. Data that is stored on hard drives is encrypted.
General passwords are being changed when personnel changes and regularly anyway by design.
What we do in case of a (possible) personal data breach?
Within 72 hours after it has become clear that there has been a (possible) breach of personal data, then Design8 will:
- Report to the Autoriteit Persoonsgegevens;
- Report to the Police;
- Do all that is technically and financially possible to restore the breach;
- Notify all persons of whom personal data has been stolen and the suppliers affected;
- Do all that is technically and financially possible to prevent a future breach.
We have recorded this procedure in a scenario that is accessible to every Design8 employee.
We take our responsibility
You may hold us responsible for any proven damage that you suffered from us processing your personal data in a non GDPR compliant manner.
We will get certified
As soon as it is possible we will have ourselves certified for GDPR to make it absolutely clear that we comply. Unfortunately there is no such possibility yet.
We don’t have Records of Processing Activities
We know, it is a pity. Yet according to GDPR we don’t have to, since we are under 250 employees.