VECTORWORKS PRIVACY STATEMENT
Vectorworks is committed to protecting your privacy. This Privacy Statement applies to Vectorworks, Inc., owner of Vectorworks, which includes Vectorworks webpages hosted at the vectorworks.net domain (the "Site"), our desktop software (the "Software"), Vectorworks Mobile Applications such as Vectorworks Remote, Vectorworks Nomad, Vectorworks Odyssey (the "Applications"), and Vectorworks Cloud Services ("Cloud Services") (collectively, the "Platform"), and Vectorworks Service Select (“Service Select”).
If you have any questions or concerns about our use of your personal information, then please contact us using the contact details provided at the bottom of this Privacy Statement.
Information Collection
The personal information we collect from you, either directly or indirectly, will depend on how you interact with us and with the Platform and/or Service Select. We collect personal information about you from the following different sources:
Information that you provide directly
We will collect personal information directly from you, such as when you register an account with us, order a contract from Vectorworks, subscribe to marketing communications from us, interact with us at events or on social media, complete our surveys, visit us and/or contact us.
Information that we collect automatically (including via Cookies) or generate
When you use the Platform or Service Select we may collect certain information automatically from your device, including your computer's IP address or MAC ID, your user name, device type, software license ID, serial number, contract ID, browser-type, broad geographic location(e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with the Platform or Service Select, including the pages accessed, links clicked and frequency of use. In some countries, including the UK and countries in the European Economic Area ("EEA"), this information may be considered personal information under applicable data protection laws. We may also generate personal information such as analysis of your use of the Platform/Service Select.
Collecting and generating this information enables us to better understand the users of the Platform or Service Select, where they come from, and what content of the Platform or Service Select is of interest to them and provide customised content to them. We use this information for our internal analytics purposes, to improve the quality and relevance of the Platform or Service Select to its users and identify or remedy potential threats to the security of the Platform or Service Select.
Some of this information may be collected using cookies and similar tracking technology. (collectively, “Cookies”). Cookies are also used on the Platform or Service Select for strictly necessary purposes; and subject to your preferences, for targeting, functional purposes and performance purposes. For further information about the types of Cookies we use on the Site, why, and how you can control Cookies, please see our Cookie Statement.
If you use Dropbox, Google Drive, or OneDrive integration, we may temporarily store a copy of your file by transferring it to servers associated with the Vectorworks Cloud Services for processing. This temporary file is then deleted.
Information that we obtain from third party sources
We may collect personal information from third parties when you choose to login to the Platform with your Google, Apple or Facebook account. Please review the relevant Facebook, Apple and/or Google privacy notice for more information on their information and data protection practices.
We may also collect personal information from our group companies, in particular Bluebeam, when we integrate with their services. Bluebeam's privacy policy is available here.
We will receive personal information from Vectorworks Distribution and Resale Partners if you contracted for our services through them. We may also receive personal information from them where you have been in discussion with them about the Vectorworks' Platform and/or Service Select where they have your consent to do so or are otherwise legally permitted.
From time to time, we may receive personal information about you from third party sources (including marketing agencies), but only where we have checked that these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us. The types of information we collect from such third parties include analytics reports and market research surveys and we use the information we receive from these third parties to conduct internal research about your use of the Platform or Service Select, measure the performance of marketing campaigns for the Platform or Service Select and better understand your preferences in order to and customise our marketing campaigns and services accordingly.
Table of Personal Information Categories and Sources
The table below describes the categories of personal information that we process about you and the relevant sources for each category.
|
Personal Information Categories |
Source |
|
Identity and Contact Data such as your name, email address, telephone number and billing and delivery address. |
|
|
Account Data such as your login information (email and password) and account preferences. |
|
|
Third-Party Login Data such as a third-party account ID/name/social media handle and log in details when you choose to login to the Platform via third parties such as with your Google, Apple or Facebook account. |
|
|
Commercial Data such as information regarding your orders and use of our products and services, your subscription plans, your product/service preferences, the products and services you have expressed interest in and your event participation. |
|
|
Financial Data such as your payment details relating to your orders and purchases of our products and services, including payment method, payment amount and truncated credit or debit card details. We have limited access to and do not store your credit or debit card details (which are processed by payment service providers, such as Stripe). |
|
|
Communication Data such as your feedback and other communications with us. |
|
|
Advertising and Marketing Data such as third party analytics reports, your interests based on your use of our Platform and/ Service Select, other websites and online services, your purchases, survey responses (including third party market research surveys), competitions/promotions you enter, and marketing preferences. |
|
|
Device Data collected from and/or stored on your device (including by means of Cookies), including computer's IP address or MAC ID, your username, device type, software licence ID, serial number, contract ID, browser-type, broad geographic location(e.g. country or city-level location) and other technical information. See our Cookie Statement for further details and how to control Cookies. |
|
|
Usage Data that we capture using Cookies such as how your device has interacted with the Platform or Service Select, including the pages accessed, links clicked and frequency of use. See our Cookie Statement for further details about Cookies used on our Site and how to control Cookies. Regarding our Software and Applications, subject to your preferences (which can be changed under the preferences settings) we may collect: Verbose Usage Data includes all menu and tool click behaviors in the application, as well as system information such as operating system, processor, graphics card, and RAM. Light Usage Data includes actions such as opening and closing the application, and some system information such as operating system, processor, graphics card, and RAM. |
|
|
Crash Log Data includes application data, diagnostics, and crash logs. See our Cookie Statement for further details and how to control Cookies used on our Site. You can control Crash Log Data usage on our Software and Applications, via the preferences settings. |
|
How we use your personal information
|
Purpose/Activity |
Type of personal information |
Lawful basis for processing (EEA/UK requirement- see further details below) |
|
Register your account on our Platform/Service Select, to manage and administer your account and to facilitate your purchases and subscriptions. |
Identity and Contact Data Account Data Third-Party Login Data Commercial Data Communication Data Device Data Financial Data |
|
|
Provide and deliver the Platform/Service Select, including delivery of products, electronic receipts and returns information, warranty and repairs. |
Identity and Contact Data Account Data Third-Party Login Data Financial Data Communication Data Commercial Data Device Data Crash Log Data |
|
|
Process transactions (via payment service providers such as Stripe) and transaction fee recovery. |
Identity and Contact Data Account Data Third-Party Login Data Financial Data Communication Data Commercial Data Crash Log Data |
|
|
Respond to your communications, send you service updates, confirmations, invoices, technical notices, updates, security alerts, support and administrator messages. |
Identity and Contact Data Account Data Third-Party Login Data Financial Data Commercial Data Communication Data Device Data Usage Data Crash Log Data |
|
|
Reviewing communications with you for customer support and quality assurance and training purposes, and related record keeping. |
Identity and Contact Data Account Data Third-Party Login Data Commercial Data Communications Data Device Data Usage Data Crash Log Data |
|
|
Keep our business, including our Platform/Service Select, and our employees, customers, vendors, and visitors secure and address threats to their safety or the safety of others; to detect and prevent fraud (online and in store). For example, our service providers such as Amazon Web Services and Stripe carry out certain security monitoring to help keep our platform secure. |
Identity and Contact Data Account Data Financial Data Third-Party Login Data Commercial Data Device Data Usage Data Communications Data Crash Log Data |
|
|
To administer and maintain our Platform/Service Select and our IT systems (including monitoring, troubleshooting, data analysis, testing, system maintenance, repair and support, reporting and hosting of data). |
Identity and Contact Data Account Data Third-Party Login Data Financial Data Device Data Usage Data Crash Log Data |
|
|
Analyse Usage Data, market research and surveys, in order to improve our Platform/Service Select and to develop new products and services. |
Account Data Third-Party Login Data Device Data Usage Data Third-Party Login Data Account Data Advertising and Marketing Data Communication Data |
|
|
Analyse data for advertising and marketing purposes. |
Account Data Third-Party Login Data Commercial Data Device Data Usage Data Third-Party Login Data Communication Data Marketing Data |
|
|
Contact current and prospective customers (including Platform/Service Select visitors) about our products and services, promotions, competitions and events we think may be of interest, including our newsletter and other promotional mailers and electronic communications. |
Account Data Third-Party Login Data Usage Data Marketing Data Communication Data Third-Party Login Data |
|
|
Personalise and customise your experience. |
Account Data Third-Party Login Data Marketing Data Usage Data Device Data Third-Party Login Data |
|
|
Personalise, target, and deliver advertising for our products and services on third party websites, apps, and other online services (including to identify audiences and individuals like you to better tailor our marketing campaigns and communications), and measure the effectiveness of our campaigns and adjust our methods. |
Account Data Third-Party Login Data Marketing Data Usage Data Third-Party Login Data Contact Device Data |
|
|
Administer sweepstakes, competitions or surveys |
Identity and Contact Data Account Data Third-Party Login Data Communication Data Third-Party Login Data |
|
|
Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law. |
Identity and Contact Data Account Data Third-Party Login Data Administer sweepstakes, competitions or surveys Commercial Data Usage Data Communication Data Crash Log Data |
|
|
Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims/actions or prospective claims/actions against us and to conduct litigation to defend our interests. |
All data types |
|
Sharing Information
Vectorworks may disclose your personal information to the following categories of recipients:
- to our group companies (see further details here), who provide data processing services to us (for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website);
- to third party services providers who provide data processing services to us (again for example, to support the delivery of, provide functionality on, or help to enhance the security of our Website). Key service providers include Amazon Web Services (who provide hosting services), Qualtrics (survey tools), Tableau (charts & financial presentations), SheerID (student validation), and NetSuite (financial data for contracts).
- to our partners, such as our carefully selected marketing partners (such as HubSpot and SalesForce) and where relevant to our network of distributors and dealers (listed here), who process personal information for purposes that are described in this Privacy Statement or as otherwise notified to you when we collect your personal information;
- to an actual or potential buyer (and its agents and advisers) in connection with any actual or proposed purchase, merger or acquisition of any part of our business, including through a sale in connection with bankruptcy, provided that we inform the buyer it must use your personal information only for the purposes disclosed in this Privacy Statement;
- to any competent law enforcement body, regulatory, government agency, court or other third party where we believe disclosure is necessary (i) as a matter of applicable law or regulation,(ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person;
- to any other person with your consent to the disclosure.
If you use Dropbox integration, your files are stored with Dropbox. Please review the Dropbox privacy policy for more information on its information practices.
If you use Google Drive integration, your files are stored with Google Drive. Please review the Google Drive privacy policy for more information on its information practices.
If you use OneDrive integration, your files are stored with OneDrive. Please review the OneDrive privacy policy for more information on its information practices.
Legal basis for processing personal information (where the law of the UK or a country within the EEA applies)
Our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect personal information from you only (i) where we have your consent to do so, (ii) where we need the personal information to perform a contract with you, or (iii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect and process your personal information (such as your marketing preferences). In very unusual circumstances we may need to process your personal information to protect your vital interests or those of another person for instance if they were relevant to prevent a serious crime/harm to an individual.
If we ask you to provide personal information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information).
Similarly, if we collect and use your personal information in reliance on our legitimate interests (or those of any third party), we will make clear to you at the relevant time what those legitimate interests are.
We provide in the "How we use your personal information" section above more granular information about what legal bases we rely on for certain purposes.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the “Contact us” heading below.
Keeping personal information secure
We use appropriate technical and organisational measures to protect the personal information that we collect and process about you. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal information.
International data transfers
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different to the laws of your country.
Specifically, our Site servers are located in the United States (as well as within the EEA), and our group companies and third-party service providers and partners operate around the world. This means that when we collect your personal information we may process it in any of these countries.
However, we have taken appropriate safeguards to require that your personal information will remain protected in accordance with this Privacy Statement and applicable law, such as the following safeguards for EEA/UK protected personal information:
- Adequacy: Where we transfer your personal information to countries or organisations outside of the EEA and the UK, which have been formally recognised as providing an adequate level of protection for personal information, we rely on the relevant “adequacy decisions” from the European Commission and “adequacy regulations" from the Secretary of State in the UK. In particular, we may disclose personal information to organisations in the US that have adequacy status by virtue of being certified under the EU-US Data Privacy Framework, the UK extension and Swiss-US DPF.
- Standard Contractual Clauses: (i) the European Commission’s Standard Contractual Clauses as issued on 4 June 2021 and (ii) the UK International Data Transfer Addendum using in particular module 1 (for controller to controller transfers) and module 2 (for controller to processor transfers).
Data retention
We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax or accounting requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymous it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
Your data protection rights
You have the following data protection rights:
- If you wish to access, correct, update or request deletion of your personal information, you can do so at any time by contacting ususing the contact details provided under the “Contact us” heading below.
- In addition, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information. Again, you can exercise these rights by contacting ususing the contact details provided under the “Contact us” heading below. Objecting to the processing of your personal information may prevent or otherwise affect the use of the Platform or Service Select.
- You have the right to opt-out of marketing (including marketing communications we send you) at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), then please contact ususing the contact details provided under the “How to contact us” heading below.
- Similarly, if we have collected and process your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
- You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority. (Contact details for data protection authorities in the EEA, Switzerland, UK and certain non-European countries (including the US and Canada) are available here.)
The applicability of some rights depends on the circumstances. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.
Third Party Links
For your convenience, the Platform or Service Select may contain certain hyperlinks to other websites. We make no promises or guarantees regarding data collection on the hyperlinked pages that are not owned by Vectorworks. We recommend that you read the privacy policy/statement for each site you visit.
California Do Not Track
Vectorworks does not track its customers over time or across third party websites to provide targeted advertising and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. IF you are visiting such sites, most browsers allow you to set the DNT signal on your browser so that third parties (particularly advertisers) know you do not want to be tracked.
Your California Privacy Rights
The California Consumer Privacy Act ("CCPA") provides certain rights to California consumers concerning their Personal Information.
For details regarding the Personal Information we have collected, including the categories of sources, and how we use your information, please see the section above titled "Information Collection and Use". We share this information with the categories of third parties described in the section above titled "Sharing Information".
Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of Personal Information we collect (including how we use and disclose this information), to delete their Personal Information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us via email at privacy@vectorworks.net. We will verify your request using the information we have associated with your account, including email address. Government identification may be required.
California consumers may also designate an authorized agent to exercise these rights on their behalf. We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person's behalf. Any personal information we collect from you to verify your identity in connection with you request will be used solely for the purposes of verification.
Updates
From time to time, we may update this Privacy Statement in response to changing legal, technical or business developments. When we update our Privacy Statement, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Statement changes if and where this is required by applicable data protection laws. We encourage you periodically to check this site to learn about the information we collect, use, and share.
Contact Us
For data subjects in the EEA and the UK, Vectorworks, Inc. is the controller of your personal information.
If you have questions or concerns about our use of personal information, you can contact us and our DPO at: privacy@vectorworks.net.