Published May 24, 2018

In compliance with the obligations deriving from national legislation (Legislative Decree 30 June 2003 No. 196, Code for the protection of personal data) and Community, (European Regulation for the protection of personal data No. 679/2016, GDPR) and subsequent modifications, the buildingincloud.net site respects and protects the privacy of visitors and users, providing  procedures and mechanisms that allow interested parties to exercise their rights and implementing every possible and proportionate effort not to harm the rights of those concerned.

This privacy policy applies only to the online activities of this site and is valid for visitors / users of the site. It does not apply to any information collected through channels other than this website.

The purpose of the privacy statement is to provide maximum transparency and clarity about the information that the site collects and how they are used, thus providing the interested parties with greater control and visibility.

This privacy policy is subject to updates that will be published promptly on this website.

Data collected and purposes

1) AUTOMATICALLY COLLECTED INFORMATION: NAVIGATION AND HOSTING DATA 

 Like all websites, buildingincloud.net site also uses log files (in computer science, a log file is a file that records events occurring on a web server), where automatically gathered information is archived during user visits. This data can be the following:

– Internet protocol address (IP);

– type of browser and device parameters used to connect to the site.

Purpose of the collection of automatically collected information:

a) They are used to verify the correct functioning of the site and are collected in an exclusively aggregated and anonymous form. None of this information is related to the physical person-user of the site, and do not in any way allow identification (from 25 May 2018 such information will be treated according to the legitimate rights of the owner);

b) Are used for security purposes (spam filters, firewalls, virus detection), the data automatically recorded may also include personal data such as IP address, which could be used, in accordance with applicable laws, in order to block attempts to damage the site itself or to damage other users, or in any case of harmful activities or constituting a crime. Such data are never used for the identification or profiling of the user, neither crossed with other data nor supplied to third parties, but used only for the protection of the site and its users (from 25 May 2018 this information will be processed based on the legitimate interests of the owner).

However, these data are not held by the Data Controller who does not even have access to it for consultation.

Instead they are kept on the servers of the Aruba web space provider, in accordance with the terms indicated in the art. 132 of the Privacy Code.

Place of treatment: Italy

Privacy Policy: https://www.aruba.it/domini/contratti/arubapolicyprivacy.aspx

2) VOLUNTARILY PROVIDED INFORMATION: DATA TO CONTACT USER

Within the buildingincloud.net website, some information is provided voluntarily by the user, and is therefore processed according to consent.

Here are the forms of the site where this information is collected:

CONTACTS

Do you have any comments or questions? Send us a message.

This form contains the fields: “Name and Surname”, “Email Address”, “Function (designer, constructor, owner)” and an empty space for any comments. By entering the requested information and, after reading the privacy policy, the user clicks on the “Send” button to forward his request to be contacted, expressly accepting the privacy policy.

To use the CLOUD platform it is required to fill in the fields: “Company alias”, “Type of activity”, “Email address” and “Password”. By entering the requested information and, after reading the privacy policy, the user clicks on the “Start now” button, expressly accepting the privacy policy.

The Service Subscriber, invites other Users to collaborate, using the email Service. By accepting the invitation, the User is prompted to enter some required data: password, email, necessary to use the Service.

For the specific subscription to the NEWSLETTER, it is required to fill in the fields: “Email address”, “Function (designer, builder, owner)”. By entering the requested information and, after reading the privacy policy, the user clicks on the “Subscribe” button to forward his registration, expressly accepting the privacy policy.

Additional FORMS of Building in Cloud 

In addition to the voluntary information previously listed, the User enters his telephone number, to be contacted by phone and, after reading the privacy policy, click on the “Send” button to receive more information on the Building BiC-6D module. Cloud, or on the BiC-CDE module of Building in Cloud.

The platform used to send emails is “Mail up”, which allows you to detect the opening of a message and the clicks made inside the email itself. The collection of this data is an integral part of the operation of the sending platform.

Place of processing: Italy

Privacy Policy: https://www.mailup.it/informativa-privacy/

More information about the use of the Building in Cloud service and privacy protection

Building in Cloud is a SaaS (Software as a Service) service that allows data sharing and collaboration between users connected to the service to improve the quality of activities carried out during the life cycle of a building or an infrastructure.

The cloud provider chosen by buildingincloud.net is Aruba, which operates in Europe and has chosen to adopt the Code of Conduct on Data Protection (CISPE). The CISPE Code of Conduct (Cloud Infrastructure Services Provider in Europe), a coalition that brings together cloud computing providers with millions of customers across Europe, provides a compliance framework that allows customers to clearly identify if their infrastructure provider is adopting adequate data protection standards, in accordance with current European directives and the GDPR.

It is possible to view this Aruba Code of Conduct by clicking on the following link:

https://www.aruba.it/getdoc/fb1990a1-ce58-438b-8152-72cbe128881b/cispe%20-%20aruba%20tra%20i%20provider % 20of% 20infrastrutture% 20clo.aspx

PURPOSE AND LEGAL BASIS

Lemsys will use its data for the following purposes:

Marketing. In each of the previously listed forms, the User, entering their data and sending them via the appropriate button, and after having read this Privacy and Cookies Policy, agrees to the provision of the Building in Cloud service. Lemsys may process the user’s data for sending advertising material or commercial communications, relating to any promotions or to process market research.

These communications are sent by using automated systems (maximum five monthly items).

Registration for different forms is not mandatory and can be refused simply by failing to tick the appropriate box.

The refusal to give consent to the processing will result in the impossibility of being updated about commercial initiatives and / or promotional campaigns, events, to receive offers or other promotional material.

Implemention of the contract. The data provided for the use of the Building in Cloud service will be processed by Lemsys to allow the User to register with the Building in Cloud service and use the services specifically linked to it. By way of example, the data provided will be processed for the provision of the activity and / or support services, exclusively upon request by the Customer.

The data will therefore be processed for the execution of the contract in place with the Owner.

The provision of data is necessary to allow the establishment and management of the contractual relationship; in default it will not be possible for Lemsys to execute the contract and provide the requested service.

Lemsys does not provide any third party information to users without their consent, unless required by law.

It is in any case excluded the dissemination and transfer of this data outside the EU area.

STORAGE PERIOD FOR PERSONA DATA AND TERM

The Data will be stored for the duration of the contractual relationship with Lemsys.

After this period or in the event of opposition, if necessary the data will be stored to pursue other purposes or will be permanently deleted.

Regarding to the treatments for marketing purpose, the storage period for personal data is established for a period of 10 years from the date of the individual consent dates, except a possible revoke of consent. At the end, the data will be physically deleted from all our systems or further consents will be required.

REVOKE OF CONSENT

The interested party may revoke his / her consent to receive promotional and commercial communications immediately, sending a request to the email address info@buildingincloud.net or by clicking on the unsubscribe link which can be found in the footer of each promotional and commercial email received.

METHOD OF TREATMENT

Personal data are processed with automated tools for the time strictly necessary to achieve the purposes for which they were collected, providing in any case the annual verification of the data stored in order to delete those deemed obsolete, unless the law provides for storage obligations .

Registration and related treatment are considered valid until unsubscribed by the user, present in each email.

Place of processing: the data collected by the site are processed at the headquarters of the Data Controller and take place within the European Union.

COOKIES POLICY

Like all websites, the buildingincloud.net site also uses cookies, small text files that allow you to store information on visitors’ preferences, to improve the functionality of the site, to simplify navigation by automating the procedures (eg Login, language site) and for the analysis of site use.

Session cookies are essential in order to distinguish between connected users, and are useful to avoid that a required feature can be provided to the wrong user, as well as for security purposes to prevent cyber attacks on the site. Session cookies do not contain personal data and last only for the current session, ie until the browser is closed. No consent is required for them.

The functionality cookies used by the site are strictly necessary for the use of the site, in particular they are linked to an express request for functionality by the user (such as Login), for which no consent is required.

By using the Building in Cloud site, continuing to browse the site, or clicking OK on the banner present at the first access to the site, the visitor expressly consents to the use of cookies and similar technologies, and in particular to the registration of these cookies on his terminal for the purposes above, or access to cookies via information on your terminal.

COOKIE DISABLING

Cookies are connected to the browser used and CAN BE DISABLED DIRECTLY FROM THE BROWSER, thus refusing / withdrawing consent to the use of cookies. It should be noted that disabling cookies may prevent the correct use of some features of the site itself.

How to disable / delete cookies by configuring the browser:

Chrome

  1. Run the Chrome Browser
  2. Click on the menu in the browser toolbar next to the url input window for navigation
  3. Select Settings
  4. Click on Show Advanced Settings
  5. In the “Privacy” section click on the “Content settings” button
  6. In the “Cookies” section you can change the following cookie settings:
  • Allow data to be saved locally
  • Change local data only until the browser is closed
  • Prevent sites from setting cookies
  • Block third-party cookies and site data
  • Manage exceptions for some websites
  • Delete one or all cookies

For more information: https://support.google.com/accounts/answer/61416?hl=en

Mozilla Firefox

  1. Run the Mozilla Firefox Browser
  2. Click on the menu in the browser toolbar next to the url input window for navigation
  3. Select Options
  4. Select the Privacy panel
  5. Click on Show Advanced Settings
  6. In the “Privacy” section click on the “Content settings” button
  7. In the “Tracking” section you can change the following cookie settings: Ask the sites not to make any tracking
  • Tell the sites the availability to be tracked
  • Do not communicate any preference regarding the tracking of personal data
  • From the “History” section you can:
  • Enabling “Use custom settings” select to accept third-party cookies (always, from most visited sites or never) and to store them for a specified period (until they expire, when Firefox closes or ask every time)
  • Remove individual cookies stored.For more information: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

Internet Explorer

  1. Run the Internet Explorer Browser
  2. Click the Tools button and choose Internet Options
  3. Click on the Privacy tab and, in the Settings section, change the slider according to the desired action for cookies:
  • Block all cookies
  • Allow all cookies
  • Select the sites from which to get cookies: move the cursor to an intermediate position so as not to block or allow all cookies, then click on Sites, in the Web Site Address box enter a website and then press on Block or Allow.

For more information: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies

Safari 6

  1. Run the Safari Browser
  2. Click on Safari, select Preferences and press Privacy
  3. In the Block Cookie section, specify how Safari must accept cookies from websites.
  4. To see which sites have stored cookies click on Details

For more information: https://support.apple.com/en-us/HT201265

IOS Safari (mobile devices)

  1. Run the iOS Safari Browser
  2. Tap on Settings and then Safari 3. Tap on Block Cookies and choose from the various options: “Never”, “Third party and advertisers” or “Always”
  3. To delete all cookies stored by Safari, tap Settings, then Safari and then Delete Cookies and data

For more information: https://support.apple.com/en-us/HT201265

Opera

  1. Run the Opera Browser
  2. Click on the Preferences then on Advanced and finally on Cookies
  3. Select one of the following options:
  • Accept all cookies
  • Accept cookies only from the site you visit: third-party cookies and those that are sent from a domain other than the one you are visiting will be rejected
  • Never accept cookies: all cookies will never be saved. For more information: https://www.opera.com/help/tutorials/security/privacy/

THIRD PARTY COOKIES

This site also acts as an intermediary for third-party cookies, used to provide additional services and features to visitors and to improve the use of the site, such as buttons for social media. This privacy policy does not apply to services provided by third parties, and the site buildingincloud.net has no control over their cookies, entirely managed by third parties and has no access to the information collected through these cookies. The data transfer agreement takes place directly between the user / visitor and the third parties, while this site does not participate in any way in this assignment. As a consequence, the information on the use of these cookies and their purposes, as well as on how to disable them, are provided directly by the third parties on the pages indicated below.

In particular, this site uses cookies of the following third parties:

– Google (Google Analytics cookie): Google Analytics is a Google analysis tool that, through the use of cookies (performance cookies), collects anonymous browsing data (truncated to the last octet) in order to examine the use of the site by users, compiling reports on activities on the site and providing other information, including the number of visitors and pages visited. Google may also transfer this information to third parties where required to do so by law or where such third parties process the information on Google’s behalf. Google will not associate the IP address with any other data held by Google. Data transmitted to Google are stored on Google’s servers in the United States.

Further information on Google Analytics cookies can be found at https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-

The user can selectively opt-out the collection of data by Google Analytics by installing the appropriate component provided by Google on his browser (opt out).

PLUGIN SOCIAL NETWORK

This site also incorporates plugins and / or buttons for social networks, in order to allow easy sharing of content on your favorite social networks. These plug-ins are programmed so as not to set any cookies when accessing the page, to safeguard the privacy of users. Possibly cookies are set, if so provided by social networks, only when the user makes effective and voluntary use of the plug-in. Please note that if the user browses being logged into the social network then he has already consented to the use of cookies conveyed through this site at the time of registration to the social network.

The collection and use of the information obtained through the plug-in are governed by the respective privacy policies of the social networks, to which reference is made.

– Facebook (https://www.facebook.com/policies/cookies/)

– Twitter (https://help.twitter.com/it/rules-and-policies/twitter-cookies)

– LinkedIn (https://www.linkedin.com/legal/cookie-policy)

– Google+ (https://policies.google.com/technologies/cookies?hl=it)

DATA TRANSFER IN EXTRA EU COUNTRIES

This site may share some of the data collected with services located outside the European Union area. In particular with Google, Facebook and Microsoft (LinkedIn) through the social plug-ins and the Google Analytics service. The transfer is authorized on the basis of specific decisions of the European Union and the Guarantor for the protection of personal data, in particular Decision 1250/2016 (Privacy Shield – here the information page of the Italian Data Protection Authority), for which no further consent is required. The companies mentioned above guarantee their adherence to the Privacy Shield.

SECURITY MEASURES

Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access. In particular, the site management software is constantly updated, and regularly scanned in order to check for viruses and dangerous codes.

In addition Lemsys is committed to employing the best technology and the best available resources to ensure the functionality and security of the Building in Cloud Service.

For this purpose, a series of functions and procedures have been put in place in order to guarantee the maximum safety and efficiency of the service. Read the following descriptions.

Logon retry Log: The service is designed to know IP, date and time, browser, operating system, and location of each logon attempt.

Active sessions list: The service provides that you can control in real time the list of active sessions.

Inhibition of rapid consecutive logon attempts: The service has automatic security mechanisms designed to inhibit consecutive logon attempts to a single account.

Password Expiration: The service provides that you can customize password expiration rules depending on your needs.

Password Change Log: You can get the list of password changes made over time.

Password encryption: The service provides encryption of used passwords to access the Building service in the Cloud.

Export of your data: The service allows the possibility to export data even if the account had expired, within the limits described in the terms of service.

Control procedure: The service has a procedure for periodically testing and evaluating the effectiveness of the technical and organizational measures in order to guarantee the safety of the treatment.

However, such measures cannot ensure that the service is deemed to be free from malfunctions resulting from events of force majeure or from events beyond reasonable control of Lemsys such as, but not limited to: (i) force majeure events; (ii) Events dependent on the fact of third parties such as, but not limited to, the interruption or malfunction of the services of telecommunications operators and/or power lines; (iii) malfunctioning of terminals or other communication systems used by users.

In addition to the Data Controller, in some cases, the Data may be accessed by other persons involved in the organization of the site (administrative, commercial, marketing, legal, system administrators) or external persons (as suppliers of third party technical Services, postal couriers, hosting providers, IT companies, communication agencies) also appointed, if necessary, Data Processors by the Data Controller. The updated list of Managers can always be requested by the Data Controller.

USER RIGHT

 According to art. 7 of the Privacy Code and art. 13 GDPR, each user has the right to obtain confirmation of the existence or not of his personal data, even if not yet registered, and their communication in intelligible form.

In particular, the interested party has the right to obtain from the Data Controller the indication of:

  1. the origin of personal data;
  2. the purpose and methods of treatment;
  3. of the logic applied in case of treatment carried out with the aid of electronic / IT tools;
  4. the subjects and the categories of subjects to whom the data may be communicated or who can learn about them as appointed representative in the territory of the State, managers or agents.

Furthermore, the interested party has the right to obtain from Lemsys:

  1. updating, rectification or integration of their data;
  2. cancellation, transformation into anonymous form or blocking of data processed in violation of the law;
  3. access to personal data, ie confirmation that personal data processing is being processed or not;
  4. the limitation of treatment;
  5. the portability of the data, that is the right to receive in a structured format the personal data concerning him;
  6. right of complaint to the Supervisory Authority.

Finally, the data subject has the right to object, in whole or in part, for legitimate reasons to the processing of personal data concerning him / her, even though they are relevant to the purpose of the collection. In particular, the interested party has the right to object to the processing of personal data concerning him for the purpose of sending commercial advertising or direct sales material or for carrying out market research or commercial communication.

The requests referred to in the previous points must be sent by e-mail to info@buildingincloud.net

Lemsys reserves the right to modify, supplement or periodically update this Privacy and Cookies Policy in accordance with the applicable legislation or the measures adopted by the Guarantor for the Protection of Personal Data.

The aforementioned changes or additions will be brought to the attention of the interested parties by means of a link to the Privacy and Cookies Policy page on the website and will be communicated directly to the interested parties by e-mail.

We invite users to view the Privacy and Cookies Policy regularly, to check the updated information and decide whether or not to continue to use the services offered.

RESPONSABILITY

Data Controller: Lemsys Srl, Via Domenico Scarlatti, 26 20124 Milan Italy P.I./C.F. 08613610966 Reg. Imp. Di Milano REA 2037581 – Share Capital € 10,000.00

The list of Data Processors who process the data on behalf of the Data Controller may be requested by sending an email to info@buildingincloud.net

UPDATES
This Privacy and Cookie Policy is updated on June 28, 2018.