SDS2 Privacy Page
This is the global Privacy Notice for SDS/2, a Nemetschek Company.
We respect your privacy and are committed to protecting your personal data. This Privacy Notice explains how we collect, use, disclose, retain and protect your Personal Data when you visit or use our Website (https://sds2.com/), and provides you with information concerning your privacy rights.
This Privacy Notice applies to all information we collect on our website and through emails or other electronic communications between you and SDS/2.
2. Who We Are
SDS/2, a Nebraska Corporation, (collectively referred to as “SDS/2”, “we”, “us”, or “our” within this Privacy Notice) is the controller for your Personal Data collected through this Website. SDS/2 is responsible for the processing of your Personal Data at a group level for specific purposes, as defined in this Privacy Notice, and as permitted by applicable privacy laws.
Design Data Corporation dba SDS/2 is headquartered at: 1501 Old Cheney Road, Lincoln, Nebraska 68512, United States of America. Telephone Number: +1 (800) 443-0782.
We have appointed a Data Privacy Manager who is responsible for overseeing this Privacy Notice. If you have any questions about this Privacy Notice, including any requests to exercise your legal rights, please contact the Data Privacy Manager.
3. Applicabiliy and Other Important Information
It is important that you read this Privacy Notice together with any other privacy notices we may provide on specific occasions when we are collecting or processing Personal Data about you so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and privacy policies and is not intended to override them.
We may update our Privacy Notice to account for changes in privacy laws or our operations. Your continued use of our Website or your acknowledgment that you have received a notification will be deemed as your acknowledgment and acceptance of any changes.
4. Children’s Privacy
Our website is not intended for persons under sixteen (16) years of age. No one under age sixteen (16) may provide any Personal Data to or on our Website. We do not knowingly collect Personal Data from persons under sixteen (16). If you are under sixteen (16), do not use or provide any information on this Website or on or through any of its features or provide any information about yourself to us. California residents under sixteen (16) years of age may have additional rights regarding the collection and disclosure of their Personal Information. Please see the California and Nevada Privacy Rights section, as included within this Privacy Notice, for more information.
5. The Personal Data We Collect
Personal Data or Personal Information, collectively, means any information that we process in a way which could reasonably identify an individual or household.
SDS/2 may collect, use, store, transfer the following categories of Personal Data about you:
- Identity Data which includes name, username or other identifying identifier, date of birth, gender, country of residence, language of use
- Contact Data which includes residential or postal address, email address, telephone numbers
- Financial Data which includes bank account and payment card information
- Transaction Data which includes information relating to transactions involving SDS/2
- License Data which includes information related to the account and licenses granted to each data subject by SDS/2, software license information, access rights information
- Technical Data which includes Internet Protocol (“IP”) address, your login data, browser type and version, time zone setting and geolocation, browser plug-in types and versions, operating system and platform, other technology on the devices you use to access the Website, if you access the Website through different devices (for example, through your mobile phone or personal computer), Media Access Control (“MAC”) address, Service Set Identifier (“SSID”), and other network identifying information. Technical Data collected through SDS/2’s anti-piracy mechanisms may include, without limitation, information on time of use and number of uses of software and computer and network identification information such as, but not limited to hostnames, IP address, SSID, and organization domain information.
- Usage Data which includes information about how you use our Website.
- Marketing and Communications Data which includes your preferences in receiving marketing from us and our third parties, your other communication preferences, and our own records of marketing or other communications of which you are the subject, and any other information you provide to us through your submission of a form within the Website
We may collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your Personal Data but is not considered personal data according to applicable privacy laws as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Privacy Notice.
We do not collect any special categories of Personal Data which includes information concerning your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, or your health. SDS/2 does not collect genetic or biometric data, not information relating to any criminal convictions or offenses.
6. How We Collect Personal Data
SDS/2 uses different methods to collect Personal Data from and about you including though:
- Direct interactions. You may provide us with your Identify, Contact, Financial, Transaction, and License Data by using our Website, completing forms or by corresponding by mail, phone, email, or otherwise. Direct interactions include the personal data you provide us when you use our services, provide us with feedback, or contact us, whether in person, by telephone, by email, or through any other medium
- Automated technologies or interactions. As you interact with our Website, we will automatically collect Transaction, Technical, and Usage Data. We collect these categories of personal data by using cookies, server logs, web beacons, and other commonly used technologies. SDS/2 may receive and process Technical and Usage Data about you if you visit other websites which employ our cookies. Software distributed by SDS/2, its affiliates, and their resellers may contain security mechanisms intended to detect the installation or use of unauthorized copies of the software, and may collect and transmit Technical Data and other forms of Personal Data relating to such copies (including data relating to use of such copies, the machines on which such copies are accessed or used, and network and user configuration data), to SDS/2 and its affiliates, and their agents, contractors, suppliers, successors and assigns.
- Third parties or publicly available sources. SDS/2 may receive personal data about you from various third parties described below:
- Technical, Usage, and Marketing and Communications Data from analytics providers, advertising networks, and search information providers
- Identify, Contact, and Financial Data from technical, payment, and delivery service providers
- A web beacon (commonly referred to as a clear gif, pixel tag, or single-pixel gif) is a small electronic file that permits us, for example, to count users who have visited our website or opened an email and for other related website statistics (such as recording the popularity of certain website content or verifying data integrity).
- A cookie is a small text file of letters and numbers that we store in your browser or on the hard drive of your computer or mobile device. Cookies contain information that is transferred to your computer’s or mobile device’s hard drive. We use the following types of cookies:
- Strictly necessary cookies. These cookies are required for the operation of our Website. These cookies must be placed in order for the website to function properly and users cannot opt out of receiving them.
- Analytical and performance cookies. These cookies allow us to recognize and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works. We will place these cookies unless our users have opted out.
- Functionality cookies. These cookies are used to recognize you when you return to our Website. This enables us to personalize our content for you and to remember your preferences. We will place these cookies unless our users have opted out.
- Targeting cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed. We will use this information to make our Website, and the material displayed on it, more relevant to your interests. We may also share this information with third parties for this purpose. We will only place these cookies with your consent.
Because there is no industry or legal standard for recognizing or honoring do-not-track (“DNT”) signals, the Website does not treat users that transmit a DNT signal differently than those users that do not.
7. Purposes For Which We Use Your Personal Data
SDS/2 collects, processes, discloses, and stores your Personal Data for the following purposes:
- Fulfillment of Contract. We use your Personal Data to fulfill the services that you use through our Website, which is our performance of a contract with you.
- Legitimate Interests. We may use your Personal Data for any reason that is necessary for our pursuit of our own legitimate interests (or those of a third party) so long as any prospective harms to your rights and freedoms under applicable law do not override those interests. This includes monitoring and preventing software piracy.
- Compliance with Legal Obligations. We may use your Personal Data to comply with a legal obligation or court order.
- Consent. Where we collect your consent, we may use your Personal Data in any manner consistent with that consent.
- Marketing. We may use your Personal Data for marketing and promotional purposes.
- Promotional Marketing. We may use Personal Data to form a view on what we think our users may want or need, or what may be of interest to them. Where this information is collected pseudonymously, we may use pseudonymous information to advertise or share with others so they may advertise tailored products and services to a user. If we collect your consent for this purpose, we may use and share your Personal Data to advertise or enable others to advertise tailored goods or services to you. We will never share Financial Data for promotional purposes. You may opt out of tailored advertising (or withdraw your consent, where applicable) as described in this Privacy Notice.
- Third-party marketing. We will collect your express opt-in consent before we share your Personal Data with any third party for marketing purposes where such consent is required under applicable law.
- Opting out. You can opt out of (i) our disclosure of your Personal Data to third parties that are not our agents or service providers and (ii) our use of your Personal Data for direct marketing purposes by contactin our Data Privacy Manager, or by using any opt-out mechanism we make available within the Website. Please note that, even if you have opted out of sharing with third parties, your Personal Data may still be disclosed to third parties to the extent that you provide it to the general public.
- Change of purpose. We will use your personal data only for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the information provided within this Privacy Notice. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. Please note that we may process your Personal Data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
8. Disclosures of Your Personal Data
SDS/2 may share your Personal Data with the following entities:
- Service providers who provide processing, payment processing, IT and system administration services, professional advice (including lawyers, bankers, auditors and insurers, who provide consultancy, banking, legal, insurance and accounting services), and other related services.
- Our parent company and any affiliates.
- Marketing and promotional service providers.
- Third parties to whom we may choose to sell, transfer or merge parts of our business or our assets.
- Law enforcement, judicial or similar officers, or other governmental entities where required or permitted by applicable law.
9. Software Piracy Monitoring
Software piracy is illegal. SDS/2 and its affiliates reserve the right to take any action permissible under applicable law to stop piracy of their products and hold responsible those who engage in the piracy or misuse of those products. By installing or using SDS/2 software, you should be aware that SDS/2 and its affiliates, and their agents, contractors, suppliers, successors and assigns, will collect, store, use and transfer this Technical Data said data for the purposes of identifying users of unauthorized copies of the software and protecting and enforcing intellectual property rights. If you are using an unauthorized copy of SDS/2 software, cease using the unauthorized copy immediately and contact SDS/2 to acquire legally licensed software.
10. Data Security
SDS/2 has implemented appropriate technical, physical, and administrative measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. Data Retention
We will retain your Personal Data only for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation with respect to our relationship with you.
To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
In some circumstances, we will anonymize your Personal Data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use or share this information without further notice.
12. Data Rights
In certain circumstances, you have rights under data protection laws in relation to your Personal Data. Such rights may include the right to:
- Request access to your Personal Data
- Request deletion of your Personal Data
- Correct your Personal Data
- Object to the processing of your Personal Data
- Request that your Personal Data be transferred to another person
- Request restriction of processing your Personal Data
- Withdraw your consent to the processing of your Personal Data
If you wish to exercise any of those rights, please contact us as using the information provided within this Privacy Notice. You may have the right to lodge a complaint with your applicable supervisory authority in the event we violate applicable data privacy laws. Where allowed by applicable law, we may: (a) charge a reasonable fee; or (b) refuse to comply with your request, if your request is clearly unfounded, repetitive or excessive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data, or to exercise any of your other rights. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
13. International Transfers
If you are located in the European Union (“EU”) or the European Economic Area (“EEA”), your Personal Data may be stored in or transferred to states outside the EU or the EEA for the purposes described in this Privacy Notice when you use our Website. Whenever transfer your Personal Data from the EEA to a jurisdiction outside the EEA, we do so in accordance with applicable law and pursuant to one or more appropriate safeguards, such as:
- An adequacy determination by the European Commission.
- The standard contractual clauses promulgated by the European Commission
14. California and Nevada Privacy Rights
This Section applies solely to users of the Website who reside in the States of California or Nevada (“Californians and Nevadans”), and is adopted pursuant to California Consumer Privacy Act (“CCPA”), any implementing regulations, and NRS § 603A. In this Section 12. California and Nevada Privacy Rights, the term Personal Information has the same meaning as Personal Data.
Californians’ and Nevadans’ Rights and Choices
You have the right to request that SDS/2 disclose certain information to you about our collection and use of your information over the past 12 months. Once we receive and confirm your verifiable request (see Exercising Californian or Nevadan Access, Data Portability, and Deletion Rights), we will disclose to you any of the following data that were designated in the verifiable request:
- The categories of Personal Information we collected about you
- The categories of sources for the Personal Information we collected about you
- Our business or commercial purpose for collecting or selling any Personal Information
- The categories of third parties with whom we share Personal Information
- The specific pieces of Personal Information we collected about you
- If we sold or disclosed your Personal Information for a business purpose, two separate lists disclosing:
- Sales, identifying the Personal Information categories that each category of recipient purchased; and
- Disclosures for a business purpose, identifying the Personal Information categories that each category of recipient obtained
Californians and Nevadans’ Deletion Request Rights
You have the right to request that SDS/2 delete any of your Personal Information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable request, we will delete (and direct our Service Providers to delete) your Personal Information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our Service Provider(s) to:
- Complete the transaction for which we collected the Personal Information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities
- Debug products to identify and repair errors that impair existing intended functionality
- Exercise free speech, ensure the right of another Californian or Nevadan to exercise their free speech rights, or exercise another right provided for by applicable law
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.)
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent
- Enable solely internal uses that we reasonably believe would be aligned with your expectations based on your relationship with us
- Comply with a legal obligation or court order
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Californian or Nevadan Access, Data Portability, and Deletion Rights
To exercise the Californian or Nevadan access, data portability, and deletion rights described above, please submit a verifiable request to us as described under Contact Us below. Only a Californian or Nevadan, or a person registered with the California or Nevada Secretary of State that a Californian or Nevadan has authorized to act on his or her behalf, may make a verifiable request related to his or her Personal Information. Parents of Californians or Nevadans may also make a verifiable request on behalf of their minor child.
You may only make a verifiable request for access or data portability twice within a twelve (12) month period. The verifiable request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it
We cannot respond to your request or provide you with Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. Making a verifiable request does not require you to create an account with us, but we will treat requests made through your password protected account as sufficiently verified when the request relates to Personal Information associated with your specific account. We will only use Personal Information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
Verifiable Request Response Timing and Format
We endeavor to respond to a verifiable request within 45 days of its receipt. If we require more time (up to either 45 or 90 days, depending on complexity), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12) month period preceding the verifiable request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance. We do not charge a fee to process or respond to your verifiable request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain incentives permitted by the CCPA that may result in different prices, rates, or quality levels. Any CCPA-permitted incentive we offer will reasonably relate to your Personal Information’s value and contain written terms that describe the program’s material aspects. Participation in an incentive program requires your prior opt in consent, which you may revoke at any time.
15. “Shine the Light” Requests
California Civil Code Section 1798.83, also known as California’s “Shine the Light” law, also allows California residents to request certain information regarding our disclosures in the prior calendar year, if any, of Personal Information to third parties for their own direct marketing purposes. To make such a request, please contact either the Data Privacy Manager or send mail to: Attention Legal Department, SDS/2, 1501 Old Cheney Road, Lincoln, Nebraska 68512, and include your name and the address to which you would like us to respond. We will attempt to provide you with the requested information within thirty (30) days of receipt.
16. Contact Us
Contacts and requests concerning this Privacy Notice shall be submitted in writing to the Data Privacy Manager or you can contact us at: 1501 Old Cheney Road, Lincoln, Nebraska 68512, United States of America. Telephone Number: +1 (800) 443-0782.