Data Sharing Agreement

This Data Sharing Agreement (the "Agreement") is agreed to by:

  1. The BIMobject customer identified on the applicable Customer Contract (defined below) for BIMobject services ("Customer"); and

  2. BIMobject AB (556856-7696), a Swedish company having its principal place of business at Nordenskiöldsgatan 24, 211 19 Malmö, Sweden ("BIMobject AB")

Individually a "Party" and collectively the "Parties".

Whereas:

  1. Customer and BIMobject or, BIMobject’s subsidiary company, as the case may be, ("BIMobject Entity"), have entered into a contract and/or any other ordering document previously executed by Customer ("Customer Contract") for the provision of certain Services (defined below) by BIMobject, including access to certain features on the BIMobject Cloud Platform.

  2. BIMobject AB (together with its affiliates) operates the BIMobject Cloud Platform.

  3. Customer’s access and use of the Services and BIMobject’s provision of the Services result in the sharing and processing of certain personal data by the Parties.

  4. This Agreement governs the rights and responsibilities of the Parties in relation to their respective data processing activities pursuant to the Customer Contract.

  5. This Agreement is incorporated into the Customer Contract by reference.

Definitions

In this Agreement except to the extent expressly provided otherwise:

"Applicable Data Protection Law" means all worldwide data protection and privacy laws and regulations applicable to the personal data in question, including, where applicable, EU Data Protection Law.

"BIMobject" means BIMobject AB and its affiliate/subsidiary as the case may be;

"BIMobject Cloud Platform" means the BIMobject cloud platform owned and operated by BIMobject and available at www.bimobject.com;

"Effective Date" means the date of execution of the Customer Contract;

"EU Data Protection Law" means (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation); (ii) the EU e-Privacy Directive (Directive 2002/58/EC); and (iii) any and all applicable national data protection laws made under or pursuant to (i) or (ii); in each case as may be amended or superseded from time to time;

"Model Clauses" means the Standard Contractual Clauses (Controller to Controller Transfers - Set II) in the Annex to the European Commission Decision of December 27, 2004, as may be amended or replaced from time to time by the European Commission;

"Permitted Purposes" has the meaning given in Clause 3.1;

"Schedule" means any schedule attached to this Agreement;

"Security Incident" means the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

"Services" means the services provided to Customer under the Customer Contract, which may include the Customer’s use of the BIMobject Cloud Platform and any content development, creation, modelling and/or hosting services provided by BIMobject to Customer through the BIMobject Cloud Platform;

"User" means any individual(s) who has/have registered an account on the BIMobject Cloud Platform; and

"User Personal Data" means personal data of Users and is more particularly described in Schedule 1 to this Agreement. User Personal Data is included in the general term "personal data".

In this Agreement:

  1. the expressions "controller", "processor", "data subject", "personal data", "processing" (and "process""personal data breach", "special categories of personal data" and "supervisory authority" shall have the meanings given in EU Data Protection Law; and

  2. any other terms used but not defined in this Agreement shall have the meaning given to them in the Customer Contract.

Term and Termination

This Agreement shall commence on the Effective Date and shall terminate automatically upon expiry or termination of the Customer Contract.

Termination of this Agreement shall not affect each Party’s responsibility to process personal data it has already accessed or in accordance with Applicable Data Protection Law.

Parties roles and compliance with data protection law

In the course of providing or receiving the Services, each Party may process User Personal Data for the purposes that are described in Schedule 1 ("Permitted Purposes").

The Parties acknowledge that they shall be independent controllers of the User Personal Data that they each process. In no event shall the Parties process the User Personal Data as joint controllers.

Each Party shall be individually and separately responsible for complying with the obligations that apply to it as a controller under Applicable Data Protection Law when processing User Personal Data. In particular (and without limitation):

  1. BIMobject (and where applicable its subsidiary or affiliate) shall be responsible for complying with Applicable Data Protection Law requirements (including transparency and lawfulness requirements) in respect of individual data subjects who register with, and use, the "BIMobject Cloud Platform including by displaying a publicly-accessible privacy notice on www.bimobject.com or through the Services (and such privacy notice shall notify data subjects that their User Personal Data may be disclosed to BIMobject customers whose "BIM Objects" they access or download);

  2. Customer shall be separately and independently responsible for complying with Applicable Data Protection Law in respect of any processing of User Personal Data it obtains through the BIMobject Cloud Platform in particular (and without limitation) if and when processing User Personal Data to contact data subjects for direct marketing purposes;

  3. Data subjects may exercise their data protection rights under Applicable Data Protection Law against the Customer in respect of Customer’s processing of the User Personal Data, and against BIMobject in respect of BIMobject’s processing of the User Personal Data.

No Party shall process User Personal Data for any purpose other than the Permitted Purposes except where and to the extent permitted to do so by Applicable Data Protection Law.

International transfers

None of the Parties shall process any User Personal Data originating in the EEA (nor permit same to be processed) in a territory outside of the European Economic Area ("EEA") unless such Party has taken such measures as are necessary to ensure the transfer is in compliance with Applicable Data Protection Law.

Where applicable, if User Personal Data originating in the EEA is processed by Customer who is outside the EEA in a territory that has not been designated by the European Commission as ensuring an adequate level of protection pursuant to EU Privacy Law the Model Clauses will be incorporated into this Agreement by this reference and will apply to the Processing as follows:

  1. BIMobject (as data exporter) will be deemed to have entered into the Model Clauses in its own name and on its own behalf in relation to such User Personal Data that it discloses to Customer; and

  2. Customer (as data importer) will be deemed to have entered into the Model Clauses in its own name and behalf in relation to the User Personal Data that is disclosed to it; and

  3. where and to the extent that the Model Clauses apply pursuant to this Clause 4, if there is any conflict between this Agreement and the Model Clauses, the Model Clauses will prevail.

Cooperation

If Customer receives a communication from a User, supervisory authority or other third party relating to its processing of User Personal Data pursuant to this Agreement it shall promptly, to the extent permitted by applicable law, send a copy of the communication to BIMobject.

Each Party shall provide reasonable cooperation and assistance in good faith in relation to such a communication in accordance with Applicable Data Protection Law where requested by the other Party.

Security

Each Party shall implement and maintain appropriate technical and organisational security measures to protect the User Personal Data it processes against a Security Incident.

Sub-processing

If any Party appoints third party processors to process User Personal Data for their Permitted Purpose, they shall ensure that such processors:

  1. agree in writing to process User Personal Data in accordance with that Party’s documented instructions;

  2. implement appropriate technical and organisational security measures to protect the User Personal Data against a Security Incident; and

  3. otherwise provide sufficient guarantees that they will process the User Personal Data in a manner that will meet the requirements of Applicable Data Protection Law.

Changes to Applicable Data Protection Law

The Parties shall use their best endeavors to agree variations to this Agreement as may be necessary to reflect changes in Applicable Data Protection Laws.

General

No breach of any provision of this Agreement shall be waived except with the express written consent of the Party not in breach.

If any provision of this Agreement is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of this Agreement will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the Parties, in which case the entirety of the relevant provision will be deemed to be deleted).

This Agreement may not be varied except by a written document signed by or on behalf of each of the Parties.

No Party may without the prior written consent of the other Parties assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under this Agreement save that such consent shall not be required by BIMobject as a result of corporate restructuring in the BIMobject corporate group or assignment to a BIMobject affiliate

This Agreement is made for the benefit of the Parties and is not intended to benefit any third party or be enforceable by any third party. The rights of the Parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to this Agreement are not subject to the consent of any third party.

This Agreement and the Customer Contract shall constitute the entire agreement between the Parties in relation to the subject matter herein, and shall supersede and replace all previous agreements, arrangements and understandings between the Parties in respect of that subject matter (but not for the avoidance of any doubt any agreements regarding the processing of personal information as set out in the BIMobject Terms of Service).

Nothing in this Agreement shall invalidate the terms of the Customer Contract which shall have full force and effect however in terms of the specific subject matter of this Agreement (data protection considerations regarding User Personal Data) this Agreement shall prevail in the event of a conflict with the Customer Contract.

BIMobject AB reserves the right to delegate to or to appoint any of its subsidiary corporate entities, group companies or affiliates to engage in the processing of User personal Data on the BIMobject Cloud by amendment to the BIMobject User Terms of Service or otherwise. In the event that any such other BIMobject entity should additionally or otherwise act as controller of, or engage in the processing of any User Personal Data on the BIMobject Cloud, either alone or together with BIMobject, then references to BIMobject in this Agreement shall include references to such other BIMobject entity and the representations as set out in this Agreement in respect of the processing of User Personal Data shall as appropriate, equally or alternatively apply to such BIMobject subsidiary entity without requirement for express amendment of this contract and the execution of this Agreement by BIMobject shall be sufficient to bind such other corporate entity. Such corporate entity authorizes and appoints BIMobject as its agent to bind it to the terms of this agreement as necessary.

This Agreement shall be governed by and construed in accordance with Swedish Law. The courts of Sweden shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with this Agreement.

SCHEDULE 1

DATA PROCESSING ACTIVITIES

Categories of personal data

User Personal Data including:

  • Name
  • Email address
  • Postal code and city
  • Country name
  • Occupation
  • Company name
  • Employer’s details
  • Phone number (if provided)
  • Picture (if provided)
  • Usage and downloads history

Special categories of personal data

  • None

Categories of data subjects

  • Individual data subjects (Users) who register an account with, and use, the BIMobject Cloud Platform

Purposes of processing ("Permitted purpose")

Processing by Customer: Customer shall process certain User Personal Data for the purposes of:

  1. receiving the Services in accordance with the Customer Contract (as amended from time to time in accordance with its terms); and

  2. to connect and communicate with Users on the BIMobject Cloud ;

  3. to market and promote its products to Users;

  4. as otherwise as set out in this Agreement.

Customer shall process the User Personal Data only for as long as is necessary for these purposes.

Processing by BIMobject: BIMobject shall process User Personal Data for the purposes of:

  1. operating the "BIMobject Cloud" platform and carrying out processing activities in respect of User Personal Data which are set out in detail in the BIMobject privacy policy available at www.bimobject.com (as amended from time to time);

  2. sharing User data with Customers as set out in the BIMobject Privacy Policy;

  3. providing the Services in accordance with the Customer Contract; and

  4. as otherwise as set out in this Agreement or as per the BIMobject User Terms of Service

BIMobject shall process the User Personal Data only for as long as is necessary for these purposes.