Privacy Policy


Objective

We at Clearbox Limited (“Company”) respect your concerns about privacy.  This Privacy Notice (“Notice”) applies to Personal Data obtained by the Company, including through the website, mobile app, products and services, tools, competitions, promotions, newsletters, events and from our partners. (collectively, the “Services”).  “Personal Data” means any information relating to you in identified or identifiable form.

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.


Scope

The Notice describes the types of Personal Data we obtain about our customers, how we use the Personal Data and with whom we share it.  We also describe the measures we take to protect the security of Personal Data and how you can contact us about our privacy practices.  Our Service is for business use, however our website is for a general audience, and we do not knowingly collect Personal Data from children under 13 years of age.  Clearbox is compliant with the General Data Protection Regulation (GDPR) of 2018.

 


Interpretations and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

Account means a unique account created for You to access our Service or parts of our Service.

Affiliate means an entity that controls, is controlled by or is under common control with a party, where "control" means ownership of 50% or more of the shares, equity interest or other securities entitled to vote for election of directors or other managing authority.

Application means the software program provided by the Company downloaded by You on any electronic device.

Company (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Clearbox Ltd, Registered Office, 2nd Floor, Optimum House, Clippers Quay, Salford. M50 3XP.

Country refers to: United Kingdom

Device means any device that can access the Service such as a computer, a mobile phone, or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual.

Service refers to the Application.

Service Provider means any natural or legal person who processes the data on behalf of the Company.  It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service or to assist the Company in analysing how the Service is used.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

You means the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

 

 


 


Data Collection and Use 

1. Information we obtain


We obtain Personal Data about our customers through the use of our Applications in order to better understand our customers and to provide better Services to you.

We collect Personal Data (i) to offer Services that you have requested; (ii) that we have a legitimate interest to believe that they are of interest to our customers; (iii) to manage the relationship we have with our customers and (iv) to perform activities based on your consent.

The types of Personal Data we may obtain include: 

Contact information (such as name, postal address, email address and telephone and/or mobile numbers);
Username and password when you register through our Services;
Geolocation data that the Services obtain with your consent;
Other information you may provide to us, such as through our “Submit a Request” or “Contact Us” feature;

 

2. Information obtained by automated means through our services


Our Services use cookies to function effectively.  A “cookie” is a file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser.

We may obtain certain information through our Services by automated means, such as cookies (including HTTP, HTML5), web beacons, web server logs, JavaScript and similar technologies, including technologies designed to obtain information regarding your use of our Services (collectively “cookies”).  Some cookies are essential to offer our Services, such as authentication services when you sign up or log in to use our Services.

The information we obtain through cookies may include IP address, mobile device advertising ID, browser characteristics, device characteristics, operating system, language preferences, referring URLs, logs on actions taken on our Services such as content on which you may click while using the Services, and dates and times you access or use the Services.  In connection with our mobile apps, we may use similar automated means and also may obtain your phone number and details about your mobile carrier. 

The information we obtain through cookies will tell us, for example, if you have used our Services before, from what country and what contents you have visited.  It will also tell us whether you have opened an email we sent to you, what search queries you may have run.

Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies.  Please note, however, that without cookies you may not be able to use all of the features of our Services.  Your device settings also may allow you to prohibit mobile app platforms (such as Apple and Google) from sharing certain information obtained by automated means with us through our apps or other app developers.

We and our third-party service providers may use information collected through automated means including cookies, web beacons, web server logs, JavaScript and similar technologies for purposes such as (1) customising our users’ visits to and use of our Services, (2) delivering content (including advertising) tailored to our users’ interests and the manner in which our users use our Services, and (3) managing our Services and other aspects of our business. 

 

3. How we use the information we obtain


We may use the information collected from and about you to:

Provide our products and services;
Create and manage online accounts;
If you have bought or enquired about our products and services, entered any competitions run by us, or specifically consented to receiving such material, we will send you promotional materials, alerts regarding available offers and other communications, including communications through the Services and outside of the Services, such as via email and through third-party websites and apps;  
Communicate about, and administer participation in, special events, promotions, programs, offers, surveys, contests and market research;
Respond to enquiries from you and other third parties, including enquiries from law enforcement agencies in compliance with applicable law;
Anonymise Personal Data to provide third parties with aggregated data reports showing anonymous information;
Supplement your Personal Data collected from you with additional information from publicly and commercially available sources in order to better understand our customers and to provide our Services to you in a better way;
Associate your browser and/or device with other browsers or devices you use for the purpose of providing relevant and easier access to content, advertising across browsers and devices, and other operational/business purposes.  
Operate, evaluate and improve our business (including developing, enhancing, analysing and improving our Services; managing our communications; performing data analytics; and performing accounting, auditing and other internal functions);
Protect against, identify and prevent fraud and other unlawful activity, claims and other liabilities; and
Comply with and enforce applicable legal requirements, relevant industry standards, contractual obligations and our policies.
We also may use your Personal Data in other ways for which we provide specific notice at the time of collection and obtain your consent if required by applicable law.

 

4. Online Communities


If you are a member of one of our online communities some of your information, such as your user name, may be visible to other people, as will any postings you make on the sites.  As such you should always exercise care not to disclose private information when posting information on our websites, in your profile or in communications with other users of our websites.  We also do not tolerate spam, unrequested, commercial or harassing correspondence sent to other users of the sites via our website forums or other message boards, and we reserve the right to suspend the membership of any user who sends messages of this kind.  You should always keep any password used to access your account or profile secret, and should not share it with anyone else.  It is your responsibility to keep your password secure and you should contact us immediately if you think someone else has access to your account.

 

5. Information we share


We do not share any personal information that may be collected when using our Service.

Our Service is hosted with AWS, however they do not have access to any personal information contained within our Service and comply with management standards such as ISO.

 

6. Your rights your choices


We offer you certain choices in connection with the Personal Data we obtain about you, such as how wecommunicate with you. 

To update your preferences, ask us to remove your information from our marketing mailing lists or submit a request, please contact us as outlined in the How To Contact Us Section below. 

You also can unsubscribe from our marketing mailing lists by following the “Unsubscribe” link in our emails.

 

7. Accessing, reviewing, updating, and modifying personal data


You may request to access, rectify, or erase your Personal Data.  You have the right to object to the processing of your Personal Data, restrict the processing of your Personal Data and exercise your right to data portability.  Where you have given us your consent for our use of your Personal Data, you have the right to withdraw your consent at any time and we will apply your preferences for the future.  We will respond to your questions or complaints relating to the processing of your Personal Data.  If you are not satisfied with our responses, you have the right to lodge a complaint with the Information Commissioners Office (ICO)

You can lodge a complaint with the ICO by calling their helpline on 0303 123 1113 or by post to Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

 

8. Clearbox and GDPR


GDPR and Clearbox

The GDPR (General Data Protection Regulation) will replace the current DPA (Data Protection Act) from 25th May 2018. The main aim of the regulation is to give people greater control over what can be done with their personal data by businesses, and Clearbox is committed to the protection of the data of our authors, vendors and consumers.

Clearbox Ltd is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all of our legal obligations.  We hold personal data about our employees, clients, suppliers and other individuals for a variety of business purposes.

Our GDPR process

Clearbox Ltd shall comply with the principles of data protection (the Principles) enumerated in the EU General Data Protection Regulation. We will make every effort possible in everything we do to comply with these principles. The Principles are:

Lawful, fair and transparent - Data collection must be fair, for a legal purpose and we must be open and transparent as to how the data will be used.

Limited for its purpose - Data can only be collected for a specific purpose.

Data minimisation - Any data collected must be necessary and not excessive for its purpose.

Accurate - The data we hold must be accurate and kept up to date.

Retention - We cannot store data longer than necessary.

Integrity and confidentiality - The data we hold must be kept safe and secure

Data Subject Access Requests: We determined and implemented processes and documentation for

Access, Restrict Processing

Rectification, Data Portability

Erasure, Objections and Breach Escalation Process

Communications and Training: We worked with all Clearbox employees to establish a general business awareness of GDPR and detailed expectations of the staff.  We have regular meetings and communications pieces and will continue engagement up to, and beyond, May 2018.

Additional technical and organisational security measures we have in place to protect personal data

Access to our systems is granted on a need to basis; regular backups are taken and data is transmitted securely using HTTPS protocol.  Systems are protected with anti-malware and patched regularly.  Firewall and Security Information and Event Management (SIEM) tools are in place to detect and prevent intrusion.  Staff are also provided with regular cyber security and awareness training. 

 

9. How we protect and retain personal data


We maintain administrative, technical and physical safeguards designed to protect the Personal Data we have about you against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.  We make reasonable efforts to ensure a level of security appropriate to the risk of the processing, taking into account the costs of implementation and nature of the processing of Personal Data.

We retain Personal Data for the period needed to fulfill the purposes for which Personal Data was collected and as otherwise required or permitted by applicable law, such as in relation to our record retention obligations.

 

10. Data transfers


The Services may be hosted in and managed from a country outside the country in which you initially provided the information, including the United Kingdom.  When your Personal Data is transferred to (or accessed from) a country outside the European Economic Area (“EEA”) for which the European Commission has not issued an adequacy decision, we will implement appropriate safeguards to ensure that your Personal Data remains protected.  This may include data transfer agreements, a copy of which you can obtain by contacting us as outlined in the How To Contact Us Section below.

However, your Personal Data may be accessed by the courts, law enforcement and national security authorities of the recipient country in accordance with applicable law.  When we transfer your Personal Data, we will protect that information as described in this Privacy Notice.

 

11. Links to third-party sites, apps and services


For your convenience and information, our website may provide links to third-party sites, apps and services, such as our social media handles, which are not operated by companies affiliated with Clearbox Limited.  These companies have their own privacy notices or policies, which we strongly suggest you review.  We are not responsible for the privacy practices of any non-Clearbox sites, apps or services.

 

12. How to contact us


The entity responsible for the collection and processing of Personal Data in connection with the Services is the Company Clearbox Limited registered in England under company number 08658406 and whose registered offices are located at 2nd Floor, Optimum House, Clippers Quay, Salford, M50 3XP.

If you have any questions or comments about this Privacy Notice or the manner in which we or our service providers treat your Personal Data, would like to exercise your rights and choices, or would like us to update information we have about you or your preferences, please contact us as follows:

You may write (enclosing your postal details) to:

Clearbox Limited
Centenary House
10 Winchester Road
Basingstoke
RG21 8UQ

Email: info@clearboxbim.com

 

Data Protection Officer

David Foster
Marriott House
Brindley Close
Rushden
NN10 6EN

Email: compliance@kier.co.uk
 

 

Onsite Permissions

BIMXtra supports users with mobile technology through the Onsite app which can be used on a mobile or tablet device to allow site actions to be managed.  This can be used both on and off-line.

The user identifies an area or component that requires a site action, drops a pin on the specified location (physical or on a drawing), completes a form which gets sent to a recipient ready for review, action and close out.

The BIMXtra system manages the administration behind logging and recording details, so tracking progress and overdue items is easy.

Onsite utilises a configurable workflow which allows project specific forms to be created and inserted into the system with ease from project to project.  This flexibility allows the application to be used across sector and type of project from refurbishment to new building and infrastructure to education, opening up the benefits of BIMXtra to previously non-BIM compatible projects.

PERMISSION DESCRIPTION PURPOSE STATEMENT
Coarse Location Network Providers Location (approximate) Is collected to Locate a pin on a map of where the form is being raised Onsite uses location data to enable form/comm details to be accurately recorded while the app is in use
Fine Location GPS & Network Providers Location (precise) Is collected to Locate a pin on a map of where the form is being raised Onsite uses location data to enable form/comm details to be accurately recorded while the app is in use
Location Extra Commands Is required to use the method LocationManager.sendExtraCommand such as time and date Is collected to record the time and date with the location data Onsite uses location data to enable form/comm details to be accurately recorded while the app is in use
Mock Location Allows location information to manually be changed Is collected to move pins within the application to a more specific location than that identified by the COARSE and/or FINE LOCATION Onsite uses location data to enable form/comm details to be accurately recorded while the app is in use
Network State enables apps to learn about dynamic changes in connectivity Is used to obtain information about connectivity to the BIMXtra database so if it is lost can switch into Onsite offline mode Onsite uses information about connectivity to know when to switch to offline mode
WIFI State obtain dynamic information about the state of the network Is used to obtain dynamic information about the state of the network can be queried to know when connectivity to the database is lost and switch into offline mode Onsite uses information about connectivity to know when to switch to offline mode
Camera Device camera access Is used to Take photographs/movies for uploading to the BIMXtra database in relation to a form being raised on the device Onsite uses the camera and flash to enable photographs to be taken to support forms/comms being created when the app is in use
Flashlight Device flash access is used in conjunction with the camera to take photographs/movies for uploading to the BIMXtra database in relation to a form being raised on the device Onsite uses the camera and flash to enable photographs to be taken to support forms/comms being created when the app is in use
Internet obtain information about internet connectivity Is used to obtain information about the internet connectivity to know when connectivity to the database is lost and switch into offline mode Onsite uses information on the connection state to know if working in an online or offline mode
Read External Storage Allows an application to read from external storage (i.e., media card) Is used to Access photos or PDF files stored on a media card for use in association with a form Onsite accesses device storage to enable image or PDF files to be stored/uploaded/linked to Forms/Comms
Write External Storage Allows an application to write to external storage (i.e., media card) Is used to store a photo which may be taken using the app on a media card for use in association with a form Onsite accesses device storage to enable image or PDF files to be stored/uploaded/linked to Forms/Comms

Review Period

The policy will be reviewed on an annual basis or in the event of a breach in privacy.  This Policy was last amended on 3rd May 2022.

 

Compliance Review Period

The Information Security Forum will review this Security Policy at least annually.