Effective Date: November 7, 2019
This Policy does not cover any information or data collected by Archibus for other purposes, such as information collected for marketing purposes. Please see our Website Privacy Statement.
2. About Archibus and the Personal Information We Collect
Archibus is a leading provider of workplace management and optimization software services. We assist companies to run more effectively and efficiently by using our software solutions to improve workflows and workplace management.
In the normal course of using the Services, our Clients will input electronic data into the Archibus systems (“Client Data”). This data may include personal information about an individual (including yourself or others), including (but not limited to) an individual’s name, email address, unique identifier(s), phone number(s), company position, business unit, cost center and location within Client’s workplace (“Personal Information”).
3. Retention of Personal Information
Archibus will retain Personal Information we process on behalf of our Clients for as long as needed to provide Services to our Client. Archibus will retain this Personal Information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
4. Archibus Aligns with International Privacy Standards
4.1 EU-US Privacy Shield and Swiss-U.S. Privacy Shield
Archibus participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Archibus is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List.
Archibus is responsible for the processing of personal data it receives from our Client (under each Privacy Shield Framework) and subsequently transfers to a third party acting as an agent on its behalf. Archibus complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Archibus is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Archibus may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Archibus has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.
4.2 General Data Protection Regulation (GDPR)
Archibus complies to the General Data Protection Regulation (GDPR) data protection principles.
Under the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles contained within Schedule 1 of the Privacy Act (“Australian Privacy Principles”) we are defined as an APP entity This means that we are obligated to manage Personal Information in an open and transparent way.
5. How We Collect Personal Information
5.1 From Clients
Archibus processes Client Data under the direction of Clients and has no direct control or ownership of the Personal Information it receives or processes. If you are a customer of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. Clients are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Archibus for processing purposes.
5.2 From You
Archibus may collect Personal Information from You. This information may be collected when:
- You register to use the Services
- You use the Services, or another application that the Services are embedded in (e.g. as a mobile application provided by Archibus’ Client)
- You contact the Archibus Support team
- You use Your work PC
- You pass through a security check point at one of Our Client’s premises.
- You access our website
5.3 Passive Collection
As is true of most websites and web-applications, we gather certain information automatically. This information may include Internet Protocol (IP) addresses, browser type, Internet service provider (ISP), referring/exit pages, the features viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, usage, change history, and/or clickstream data to analyze trends in the aggregate and administer the site.
6. You May Request Access, Changes and/or Removal to/of Your Personal Information
Archibus acknowledges that you have the right to access your personal information. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate Personal Information should direct his/her query to Archibus’ Client (the data controller) in the first instance, or by setting out Your request in writing and sending it to us at email@example.com.
Archibus will process Your request as soon as reasonably practicable, or within a reasonable timeframe, provided we are not otherwise prevented from doing so on legal grounds. If we are unable to meet Your request, we will let you know why. For example, it may be necessary for us to deny Your request if it would have an unreasonable impact on the privacy or affairs of other individuals, or if it is not reasonable and practicable for us to process Your request in the manner You have requested. In some circumstances, it may be necessary for us to seek to arrange access to Your Personal Information through a mutually agreed intermediary (for example, Our Client).
7. Client Obligations Around Personal Information
Through Our Client’s use of the Services, Archibus may collect information about Our Client’s Personnel from Our Client. Similarly, through Your use of the Services, Archibus may also collect information from You about someone else.
In either case, if You or Our Client (each an “Information Provider”) provide Archibus with Personal Information about someone else, the Information Provider must ensure that they are authorized to disclose that information to Archibus and that, without Archibus taking any further steps required by applicable data protection or privacy laws, Archibus may collect, use and disclose such information for the purposes described in this Policy.
This means that if required by Law, the Information Provider must take reasonable steps to ensure the individual concerned is aware of and/or consents to the various matters detailed in this Policy, including the fact that their Personal Information is being collected, the purposes for which that information is being collected, the intended recipients of that information, the individual’s right to obtain access to that information, Archibus’ identity, and how to contact Archibus.
Where requested to do so by Archibus, the Information Provider must also assist Archibus with any requests by the individual to access or update the Personal Information it has collected from them and entered into the Service.
It is Your responsibility to ensure that the Personal Information provided to us is accurate, complete and up-to-date
8. Archibus Collects, Holds and Uses Your Personal Information for Limited Purposes
The use of information collected through the Services shall be limited to the purpose of providing the Service for which the Client has engaged Archibus. Archibus may access Client Data for the purposes of providing the Services, verifying your identity, communicating with you about the Service, preventing or addressing service or technical problems, responding to support issues, providing transaction histories, producing de-identified industry trends/benchmarks, responding to Client’s instructions or as may be required by law, in accordance with the Services Agreement.
9. What does Archibus’ Client do with the Information?
How Archibus’ Client uses Your Personal Information will be subject to their internal policies, which will indicate how Archibus’ Client uses the information including any disclosure to third parties.
10. Can I Withhold My Personal Details?
If You do not consent to us collecting, using and storing Your Personal Information we may be unable to provide the Services to Our Client.
In limited circumstances, You may be able to use a pseudonym. Please direct any such requests to the Archibus Client.
11. Archibus Can Aggregate Your Data
By using the Services, You agree that Archibus can access, aggregate and use data Archibus has collected from You. This data will in no way identify You or any other individual.
Archibus may use this aggregated data to:
- assist us to better understand how Our Clients are using the Services
- provide us with further information regarding the uses and benefits of the Services
- Create useful business insights from that aggregated data and allowing Our Client’s to benchmark their business’ performance against that aggregated data, and
- otherwise to improve the Services
12. Archibus Holds Your Personal Information on Servers in the Following Locations
All Personal Information that is entered into the Service by You, or automatically imported on Your instruction, is transferred to Archibus’ servers as a function of transmission across the Internet. By using the Service, You consent to Your personal information being transferred to Our servers as set out in this Policy.
12.1 APAC Customers
Our servers are located in Australia. By providing Your Personal Information to Archibus, You consent to Archibus storing Your Personal Information on servers hosted in Australia. While Your Personal Information will be stored on servers located in Australia, it will remain within Archibus’ effective control at all times. The server host’s role is limited to providing a hosting and storage service to Archibus, and we’ve taken steps to ensure that Our server hosts do not have access to, and use the necessary level of protection for, Your Personal Information.
If You do not want Your Personal Information to be transferred to a server located in Australia, You should contact our Client and not provide Archibus with Your Personal Information or use the Service.
12.2 Americas Customers
Servers hosting Your Information are located in the United States of America (U.S.) and Your Personal Information will be routed through, and stored on, those servers as part of the Service. By providing Your Personal Information to Archibus, You consent to Archibus storing Your personal information on servers hosted in the U.S. While Your Personal Information will be stored on servers located in the U.S., it will remain within Archibus’ effective control at all times The server host’s role is limited to providing a hosting and storage service to Archibus, and we’ve taken steps to ensure that Our server hosts do not have access to, and use the necessary level of protection for, Your Personal Information.
If You do not want Your Personal Information to be transferred to a server located in the U.S., You should contact our Client and not provide Archibus with Your Personal Information or use the Service.
12.3 EMEA Customers
Our servers are located in the EEA. By providing Your Personal Information to Archibus, You consent to Archibus storing Your Personal Information on servers hosted in the EEA. While Your Personal Information will be stored on servers located in the EEA, it will remain within Archibus’ effective control at all times. The server host’s role is limited to providing a hosting and storage service to Archibus, and we’ve taken steps to ensure that Our server hosts do not have access to, and use the necessary level of protection for, Your Personal Information.
If You do not want Your Personal Information to be transferred to a server located in Europe, You should contact our Client and not provide Archibus with Your Personal Information or use the Service.
13. Archibus Takes Steps to Protect Your Personal Information
Archibus is committed to protecting the security of Your Personal Information and we take all reasonable precautions to protect it from unauthorized access, modification or disclosure. We maintain a comprehensive, written information security program that contains industry standard, administrative, technical, and physical safeguards designed to prevent unauthorized access to our Client’s Data. We also use appropriate industry standard security technology as agreed with Our Client to ensure that Your information is protected. When we no longer need your Personal Information, we will take all reasonable steps required to de-identify or destroy it.
14. Archibus only Discloses Personal Information in Limited Circumstances
Your Personal Information may be shared with Our Client as a licensee of the System, and Our authorized Affiliates and sub-contractors as is necessary and appropriate to facilitate the purpose for which Your Personal Information was collected pursuant to this Policy, including the provision of the Services. They are only authorized to use your personal information only as necessary to provide services to us. These services include cloud computing infrastructure.
All Archibus Personnel who have access to Personal Information are legally bound not to disclose it and may only use it for the purposes incidental to undertaking their duties as an employee of Archibus.
Archibus will not otherwise disclose Your Personal Information to a third party outside of Our Affiliates without your express consent. However, You should be aware that Archibus may be required to disclose Your Personal Information without Your consent in order to comply with any court orders, subpoenas, or other legal process or investigation including by tax authorities, if such disclosure is required by law Where possible and appropriate, to protect your rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. we will notify You if we are required by law to disclose Your Personal Information.
If Archibus is involved in a merger, acquisition, or sale of all or a portion of its assets, our Client will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with our Client’s prior consent.
The third parties who host Our servers do not control and are not permitted to access or use Your Personal Information except for the limited purpose of storing the information.
To manage Flash cookies, please click here.
We do not respond to or honor “Do Not Track” requests at this time.
16. Archibus has a Privacy Complaints Process
In compliance with the Privacy Shield Principles, Archibus commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy you should first contact Archibus at: firstname.lastname@example.org or by regular mail addressed to: Data Privacy Officer, Archibus, 2 Wall Street, New York, NY 10005.
Archibus has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning human resources data transferred from the EU and Switzerland in the context of the employment relationship.
Our Privacy Officer will endeavor to:
provide an initial response to Your query or complaint within 10 Business Days, and
investigate and attempt to resolve Your query or complaint within 30 Business Days or such longer period as is necessary and notified to You by Our Privacy Officer.
17. Changes to This Policy