BuildManager Pro ("we," "us," or "our") is committed to protecting the personal data of individuals in the European Economic Area (EEA) and the United Kingdom in accordance with the General Data Protection Regulation (GDPR) and the UK GDPR. This document outlines our compliance measures and your rights under these regulations.
1 Data Controller Information
BuildManager Pro acts as the Data Controller for personal data collected through our construction project management platform. Our contact details are:
BuildManager Pro
Address: 123 Construction Way, Suite 100, Nashville, TN 37203
Email: privacy@buildmanagerpro.com
Data Protection Officer: dpo@buildmanagerpro.com
2 Legal Bases for Processing
We process personal data based on the following legal grounds under Article 6 of the GDPR:
| Legal Basis | Purpose | Examples |
|---|---|---|
| Contract Performance | To provide our Service | Account creation, project management, document storage |
| Legitimate Interests | To improve our Service and security | Analytics, fraud prevention, product development |
| Consent | Marketing and optional features | Email newsletters, marketing cookies, optional analytics |
| Legal Obligation | To comply with laws | Tax records, legal requests, regulatory compliance |
3 Your Rights Under GDPR
As a data subject in the EEA or UK, you have the following rights:
3.1 Right of Access (Article 15)
You have the right to obtain confirmation of whether we process your personal data and to receive a copy of that data. You may request this information by contacting us at the email address provided below.
3.2 Right to Rectification (Article 16)
You have the right to request correction of inaccurate personal data or completion of incomplete data. You can update most information directly through your account settings or by contacting us.
3.3 Right to Erasure (Article 17)
Also known as the "right to be forgotten," you can request deletion of your personal data when:
- The data is no longer necessary for its original purpose
- You withdraw consent (where consent was the legal basis)
- You object to processing and there are no overriding legitimate grounds
- The data was unlawfully processed
- Legal obligation requires erasure
3.4 Right to Restriction of Processing (Article 18)
You can request that we restrict processing of your data in certain circumstances, such as when you contest data accuracy or when processing is unlawful but you prefer restriction over erasure.
3.5 Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, machine-readable format (such as JSON or CSV) and to transmit that data to another controller.
3.6 Right to Object (Article 21)
You have the right to object to processing based on legitimate interests or for direct marketing purposes. We will cease processing unless we can demonstrate compelling legitimate grounds.
3.7 Rights Related to Automated Decision-Making (Article 22)
You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. Our AI-powered insights are provided as recommendations only and do not make binding decisions about you.
4 How to Exercise Your Rights
To exercise any of your rights, please contact us at:
Email: dpo@buildmanagerpro.com
We will respond to your request within one month. In complex cases or when we receive numerous requests, we may extend this period by an additional two months, and we will inform you of any extension.
We may request additional information to verify your identity before processing your request. Requests are free of charge unless manifestly unfounded or excessive.
5 International Data Transfers
When we transfer personal data outside the EEA or UK, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs): We use EU-approved SCCs with our data processors and partners.
- Adequacy Decisions: Where available, we transfer data to countries recognized by the European Commission as providing adequate protection.
- Additional Safeguards: We implement supplementary measures where necessary, including encryption and access controls.
6 Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:
| Data Type | Retention Period |
|---|---|
| Account data | Duration of account + 90 days |
| Project data | Duration of subscription + 30 days export period |
| Payment records | 7 years (legal requirement) |
| Analytics data | 26 months (anonymized thereafter) |
| Support communications | 3 years from last contact |
7 Data Protection Measures
We implement appropriate technical and organizational measures to protect personal data, including:
- Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
- Access Controls: Role-based access, multi-factor authentication, and least privilege principles
- Security Testing: Regular penetration testing and vulnerability assessments
- Employee Training: Mandatory data protection training for all staff
- Incident Response: Documented procedures for detecting and responding to data breaches
- Data Processing Agreements: GDPR-compliant contracts with all sub-processors
8 Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Communicate the breach to affected individuals without undue delay when there is a high risk to their rights
- Document all breaches and remediation actions taken
9 Sub-Processors
We use the following categories of sub-processors to help deliver our Service:
- Cloud Infrastructure: Hosting and storage services (data centers in the US and EU)
- Payment Processing: Secure payment handling (PCI-DSS compliant)
- Analytics: Service usage analytics (with IP anonymization)
- Customer Support: Help desk and ticketing systems
- Email Services: Transactional email delivery
A complete list of sub-processors is available upon request.
10 Right to Lodge a Complaint
If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In the EU, you can contact the supervisory authority in your country of residence. In the UK, you can contact the Information Commissioner's Office (ICO) at ico.org.uk.
We encourage you to contact us first so we can address your concerns directly.
11 Contact Information
For any questions about this GDPR Compliance Statement or to exercise your rights, please contact:
Data Protection Officer
BuildManager Pro
Email: dpo@buildmanagerpro.com
Address: 123 Construction Way, Suite 100, Nashville, TN 37203
12 Updates to This Statement
We may update this GDPR Compliance Statement from time to time. We will notify you of material changes by email or through our Service and update the effective date above.