Data Privacy Policy
Website www.volum3.com and Web platform Location app.volum3.com
Agreement on order processing pursuant to Art. 28 GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
1. General
Among other things, VOLUM3 processes personal data (such as name, e-mail address, etc.) that are collected from the client, processed on VOLUM3 systems and stored for the purpose and duration required. In particular, the following activities are included:
2. Data types
The following types of data are regularly the subject of processing:
VOLUM3 processes the data of the client and its users for the stated purposes and the client expressly agrees to this processing. The client may revoke his consent at any time.
Personal data: When registering, VOLUM3 saves the e-mail address and personal password for log-in to the secure area of VOLUM3. VOLUM3 also uses users’ email address to provide users with system notifications when using the services (such as notification of new task in a project) and information about VOLUM3’s system and products. VOLUM3 also stores Name, Surname, Profession and Company data - VAT number, Number of employees, address (street, house number, zip code, city, state, e-mail address), telephone number, and company name of the client for the provision of services and their billing.
Files: In the context of the use of the services of VOLUM3, the client can save plans, photos, pictures, texts, audio information, etc. on a specific project on the web servers of VOLUM3. The stored files are made accessible to every user whom the customer has activated for this project.
Login data: If the user logs in to VOLUM3 with his e-mail address and personal password, VOLUM3 stores the login time and date. VOLUM3 uses this data to detect and correct errors, improve the service, and handle customer queries or complaints.
Google Analytics: The VOLUM3 website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on the user’s computer and that allow an analysis of the use of the website by the user. The information generated by the cookie about the use of the website (including the IP address) is transmitted to a Google server and stored there. Google will use this information for the purpose of evaluating the use of the website, compiling reports on website activity for website operators and providing other services related to website activity and internet usage. Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. Google will never associate the IP address with other data. The user can prevent the installation of cookies by setting the browser software accordingly; VOLUM3 points out, however, that in this case, the user may not be able to fully use all functions of the website. By using the website, the user agrees to the processing of the data collected about him by Google in the manner described above and for the aforementioned purpose.
Mailgun
VOLUM3 uses Mailgun Technologies, an email service provider for email notifications. For information on MailGun data privacy visit https://www.mailgun.com/privacy-policy/
Cloudflare One
VOLUM3 uses Cloudflare One for secure, fast and reliable network services. For information on Cloudflare One data privacy visit https://www.cloudflare.com/privacypolicy/?utm_referrer=https://www.google.com/
3. Categories
The following categories of affected persons are subject to processing:
4. Duration of the agreement
The agreement ends with the completion of the data processing and the obligatory data deletion by VOLUM3.
5. Duties of VOLUM3
VOLUM3 undertakes to process data only in the context of the client’s written orders. If VOLUM3 receives an official order to publish data of the client, it must – insofar as legally permissible – inform the client immediately and refer it to the authority.
VOLUM3 declares legally binding that all persons commissioned with data processing are obligated to confidentiality prior to commencement of the activity or that they are subject to an appropriate statutory confidentiality obligation.
VOLUM3 declares legally binding that all necessary measures have been taken to ensure the security of processing under Art. 32 GDPR https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679
VOLUM3 takes the technical and organizational measures so that the client can fulfil the rights of the data subject under Chapter III of the GDPR at any time (information, disclosure, correction and deletion, data portability, opposition, as well as automated decision-making in individual cases) within the statutory periods and leaves the customer all necessary information. If such a request is made to VOLUM3 and it indicates that the applicant mistakenly considers it the principal of the data application operated by it, VOLUM3 must immediately forward the request to the principal and notify the applicant.
With regard to the processing of the data provided by the customer, the client is granted the right to inspect and check at any time, even if it is also commissioned by third parties. VOLUM3 undertakes to provide the client with the information necessary to control compliance with the obligations set out in this agreement.
VOLUM3 is required after the termination of this agreement to destroy all processing results and records that contain data on behalf of the principal.
VOLUM3 must immediately notify the client if VOLUM3 believes that the client’s instructions violate the data protection provisions of the European Union or the member states.
6. Place of execution
All data processing activities are carried out exclusively within the EU or the EEA.
7. Sub-processors
VOLUM3 is adding the following subcontractors for hosting: DigitalOcean https://www.digitalocean.com/
8. Obligations of the client
When handling personal data, the client will observe the provisions of the Data Protection Act and the Telecommunications Act and will take the technical and organizational measures required by the client for data protection in the area of responsibility.
The client undertakes, and in particular his employees, to comply with the provisions of the Data Protection Act.
The client takes all reasonable measures in his area of responsibility to protect the stored data and information against unauthorized access by third parties. VOLUM3 is not responsible if third parties succeed in illegally gaining access to the data and information.
The client may invite other users (e.g., their subcontractors) to use the software for a specific project by entering their e-mail address (es). In this case, the client will obtain in advance the verifiable consent of the respective user for the use of his personal data.
9. Security Concept
See Document VOLUM3 Security / Privacy Standards (Addition 1. VOLUM3 Security / Privacy Standards)
10. Your rights/contact
You are basically entitled to the rights of information, correction, deletion, restriction, data transferability, revocation and opposition.
You can reach us at the following contact details:
VOLUM3 d.o.o.
Trg Eugena Kvaternika 3/3
10000 Zagreb
You can contact our data protection officer at dpo@volum3.com
Addition 1. VOLUM3 Security / Privacy Standards
SECURITY / PRIVACY STANDARDS
INTRODUCTION
This document should briefly outline the measures and efforts of VOLUM3 to provide modern and high standards for data security, privacy and service availability for our SaaS.
INFRASTRUCTURE/HOSTING
Digitalocean legal documents
https://www.digitalocean.com/legal/
Digitalocean security
https://www.digitalocean.com/trust/
Digitalocean privacy
https://www.digitalocean.com/legal/privacy-policy/
https://www.digitalocean.com/legal/privacy-shield/
Information on Digitalocean compliance and certifications
https://www.digitalocean.com/legal/certifications/
Configuration management
We follow the principles of immutable infrastructure and infrastructure as code.
In case of error/failure, the system can be regenerated based on its templates and source code.
We use chef and docker for our infrastructure.
High availability / Scalability
Digitalocean makes our system responsive to high load spikes and it will automatically provision more resources if that is necessary. Our customers will not experience performance impacts.
DDOS / Web vulnerability Protection
Our web application is shielded and protected with the Cloudflare (www.cloudflare.com) web proxy system.
Cloudflare DDoS protection secures websites, applications, and entire networks while ensuring the performance of legitimate traffic is not compromised.
Cloudflare has been ISO 27001 certified since 2019 and the certificate is available upon request.
ISO/IEC 27001:2013 is an industry-wide accepted information security certification that focuses on the implementation of an Information Security Management System (ISMS) and security risk management processes.
SOFTWARE DEVELOPMENT
Implementation
Our system is based on modern, robust and battle-proven open source technology.
Our web application is developed with PHP programming language in its latest stable version (8.2.8), including Laravel framework (9) on the backend, and React framework (16.13) on the frontend side.
All data transfer is done via HTTPS/TLS and the data is encrypted at rest. (In our relational database and in our object storage).
All images, plans and document assets are stored in the highly durable Digitalocean storage system https://www.digitalocean.com/products/block-storage/
OWASP
In our implementation, we follow the security by design principle.
https://www.owasp.org/index.ph...
PROCESSES
Employees
All our employees but especially in support and engineering are aware of data privacy/security and get training and SOPs for a responsible treatment of our customers’ data.
All employees only get the minimum necessary access to our IT systems.
Customer data is only accessible by a small selected group of support and operation engineers.
Incident management
Security and privacy incidents are collected on every point of contact and then routed to the responsible organizational unit. Our logging systems detect anomalies in system usage and sends automated alarms if necessary.
We have written procedures for disaster recovery and backup restores.
Access
Access to administrative systems is limited to certain ips and vpns and protected by 2 factor authentication.
General terms and conditions for VOLUM3 Ltd.
1. Introduction
VOLUM3 Ltd., VAT ID: HR30011637576, Trg Eugena Kvaternika 3/3, 10000 Zagreb, (hereinafter referred to as “VOLUM3 Ltd.”) develops, sells and manages the software named VOLUM3 (hereinafter: “VOLUM3” or “software”) available at the internet location: app.volum3.com
These General Terms and Conditions govern the rights and obligations between VOLUM3 Ltd. and VOLUM3 Ltd.’s Customers.
2. Scope of application
2.1 These General Terms and Conditions govern the business relationship between VOLUM3 Ltd. and VOLUM3 Ltd.’s Customers, whether for payment or not (e.g. during trial phases). VOLUM3 Ltd. provides services exclusively based on these General Terms and Conditions. Any use of VOLUM3 Ltd. services by the Customer shall have the effect that these General Terms and Conditions will form the basis of such business relationship.
2.2 In addition to these General Terms and Conditions, the current VOLUM3 Ltd. price lists (see www.volum3.com), as well as any other contract terms to the extent that these have been individually agreed in writing, shall apply.
2.3 If the Customer has its terms and conditions, by using any services of VOLUM3 Ltd., the Customer agrees and confirms that only VOLUM3 Ltd.’s General Terms and Conditions shall apply to the contractual relationship between VOLUM3 Ltd. and the Customer to the exclusion of any terms and conditions of the Customer. Any terms and conditions of the Customer will only apply if VOLUM3 Ltd. expressly confirms this in writing.
2.4 Individual agreements must be made in writing (and must be signed by the parties). Any informal statements and declarations made by VOLUM3 Ltd. (including those made by email) are not binding.
2.5 VOLUM3 Ltd. is entitled to unilaterally change these General Terms and Conditions at any time. The Customer will be notified of such changes via email at least two months before they will take effect. The Customer will be entitled to object to such change in writing within four weeks from the receipt of the email. The change will be deemed accepted and binding, if either the Customer has consented to the change or if the user has not objected to this change within a four-week period. VOLUM3 Ltd. will separately point out these legal consequences and the option to object in the notification email. In the event of an objection, VOLUM3 Ltd. is entitled to terminate the contracts concluded with the Customer under the old General Terms and Conditions for good cause, subject to a one-month notice period. If VOLUM3 Ltd. does not terminate one or more such contracts in the event of an objection, the old General Terms and Conditions shall continue to apply to such contract or contracts.
3. VOLUM3 Ltd.’s Services
3.1 VOLUM3 Ltd. provides the Customer with a system (potentially) consisting of several modules for construction documentation and defect management as software-as-a-service (“SaaS”) in the respective current version for use via the Internet, an app as client software as well as the possibility to store data (hereinafter referred to as “Software”).
3.2 Additional services, such as adapting the Software to individual requirements of a Customer, require a separate agreement.
3.3 VOLUM3 Ltd. reserves the right to further develop and change the Software and all specifications of the Software at any time (e.g. by using newer or different technologies, systems, processes or standards). The Customer benefits from such ongoing Software development and accordingly acknowledges in return, that there may be times when temporary maintenance takes place in connection with any updates and upgrades. VOLUM3 Ltd. will notify the Customer in good time if there will be any significant changes in service performance. If the Customer experiences unacceptable disadvantages as a result of the service changes, the Customer will be entitled to terminate the contract extraordinarily within 14 days of receipt of the notification of the service changes with such termination taking effect on the date on which the changes will become effective.
3.4 After registering, the Customer can use the Software in full functionality (all available modules and all available functionalities) for 30 days free of charge (trial phase). Before the end of this free trial phase VOLUM3 Ltd. will contact the Customer and inform him that for further use of the software he may enter into a contract for the use of services for a fee. If the user does not sign a contract, his account will be transferred to the so-called. Start package with a limited range of services defined on the website www.volum3.com
3.5 VOLUM3 Ltd. is only responsible for the services it provides. The Customer may not raise any claims against VOLUM3 Ltd. for any Software malfunctions caused by the Customer or a third-party intervention.
3.6 The place where VOLUM3 Ltd. provides service is considered to be its headquarters. The Customer’s end devices and the Internet connection are not part of VOLUM3 Ltd.’s service.
4. The Customer’s Duties
4.1 The Customer undertakes to only use the Software according to these General Terms and Conditions as well as according to any individual agreements. The Customer must ensure that all of its users (employees or other third parties attributable to the Customer) also comply with the relevant terms. The Customer is liable to VOLUM3 Ltd. for all damages resulting from the violation of the Customer’s or its user’s obligations, in particular in the case of any illegal use of the Software.
4.2 The Customer shall only use the software for its intended purpose and shall not misuse it, in particular not use it to store or distribute unlawful content. The Customer further undertakes not to use any technical equipment, software systems or other data that could impair the Software or systems of VOLUM3 Ltd..
4.3 The Customer is not permitted to make changes to the Software or to have such changes carried out by third parties.
4.4 The Customer must maintain the IT infrastructure that is required to use the Software at its own expense and own risk.
4.5 The Customer must take appropriate technical steps to secure its system and must regularly backup its data.
4.6 The Customer must secure its login details to the Software and not make them accessible to third parties.
4.7 VOLUM3 Ltd. may block the Customer’s access to the Software in the event of a breach of these General Terms and Conditions or of any individual agreements, particularly if the Customer defaults on payment. This does not affect the Customer’s duty to continue paying the contractual fee for use. In addition, the Customer must reimburse VOLUM3 Ltd. for any costs incurred in connection with the blocking of the Customer’s access.
4.8 The Customer agrees that VOLUM3 Ltd. may name it as a reference Customer in its public appearance. VOLUM3 Ltd. will agree with the Customer on the use of Customer logos, project data, etc. before publication.
5. Rights of use
5.1 All rights to the Software belong to VOLUM3 Ltd.. The Customer is only granted the non-exclusive, non-transferable and non-sublicensable right to use the software to the agreed extent during the contract period. In particular, the Customer may only duplicate the Software to the extent necessary for the intended use of the Software (e.g. loading into the main memory of the various terminals). The Customer is not permitted to reproduce, sell, rent or lend the Software or parts of it in any other way, or transfer it to third parties or grant them sublicenses. The Customer is allowed to temporarily assign subcontractor access under the product description of the Software.
5.2 Unless otherwise agreed, no further rights to the Software are granted to the Customer. In particular, the Customer shall not acquire any rights whatsoever in the Software, and in particular no copyright, trademark, patent, or other intellectual property rights.
5.3 The Customer is not entitled to reverse engineer, decompile or disassemble the Software unless (and only to the extent that) applicable law expressly and compulsorily permits it, notwithstanding this limitation.
5.4 Points 5.1 and 5.2 apply mutatis mutandis to all documents provided by VOLUM3 Ltd. to the Customer, and in particular to the Software documentation.
6. Warranty, liability and malfunctions
6.1 VOLUM3 Ltd. provides the Software to the Customer according to the principles of “reasonable best efforts”. VOLUM3 Ltd. will therefore make every economically reasonable effort to ensure that the use of the Software is as uninterrupted as possible and will correct software errors that restrict the use of the software.
6.2 VOLUM3 Ltd. assumes no warranty or liability for the permanent availability of the Software or that the Software will be free from errors. The Customer expressly acknowledges that, according to the current state of technology, it is not possible to completely exclude all errors from the Software. Connection errors or necessary maintenance work by VOLUM3 Ltd. can also result in temporary malfunctions. Insofar as for individual cases, the liability cannot be effectively excluded, improvement shall take priority over a price reduction or cancellation of the contract.
6.3 VOLUM3 Ltd. shall not be liable for any direct or indirect damage to the Customer or third parties caused by malfunctions or for damage to the Customer’s end devices. Compensation for consequential damage such as loss of earnings or lost profits is excluded, as is liability for damages to the Customer due to project delays. Likewise, VOLUM3 Ltd. is not liable for any loss of savings or for damages resulting from third-party claims.
6.4 VOLUM3 Ltd. is only liable in the event of intent and crass gross negligence. In addition, VOLUM3 Ltd.’s liability for each damage-causing event, even if there are multiple injured parties, is limited to a total of 10,000 Euros. If the total damage is higher, claims for damages by the individual harmed parties will be reduced proportionately.
6.5 VOLUM3 Ltd. cannot exclude the possibility of data loss or other impairments, in particular, due to impairments in the Customer’s internet connections in the course of synchronization processes. VOLUM3 Ltd. assumes no liability for this either.
6.6 VOLUM3 Ltd. is not liable for damage and defects that are due to improper operation, changed operating system components, interfaces and parameters, changes to the necessary system settings, use of unsuitable organisational means or simple application errors. Likewise, VOLUM3 Ltd. is not liable for disruptions in the public communication networks or inadequate system requirements for the Customer.
6.7 The Customer will immediately inform VOLUM3 Ltd. of any malfunctions and, if possible, with a comprehensible description of the error so a correction can be made as soon as possible. The Customer will free of charge assist VOLUM3 Ltd. in remedying any malfunctions. Any rectification of malfunctions by VOLUM3 Ltd. requires that the Customer has fully met its payment obligations.
6.8 High-risk environments: The software may contain components that react negatively to errors or in which contained errors are only detected later and corrected in the course of the usual patches. The software is not designed to be used in a hazardous environment that requires fail-safe (fault-tolerant) performance or in any other application where failure of the Software could directly result in death, injury, serious property damage or environmental damage.
6.9 To the extent and as far as obligations relating to the Software are affected due to force majeure, including war, terrorism, natural disasters, fire, strike, lockout, embargo, governmental intervention, epidemic or pandemic, power supply failure, transport failure, telecommunication network or data lines, or legislative changes effected after the conclusion of the contract or other unavailability of the Software cannot be rectified on time or not in a proper manner, this does not constitute a breach of contract and does not entitle the Customer to any claims against VOLUM3 Ltd.
7. Data protection
7.1 As a user of the software, the Customer is the person responsible for data protection, VOLUM3 Ltd. is merely a processor. For this purpose, a separate contract for processing will be concluded; in the absence of an individually agreed contract for processing, the standard contract for processing by VOLUM3 Ltd. will apply. (see VOLUM3 Data Privacy Policy)
7.2 As the person responsible, the Customer is in charge of compliance with the provisions of the General Data Protection Regulation – GDPR and the Austrian Data Protection Act – DSG. Insofar as the Customer processes personal data when using the software (e.g. enters, processes, stores or transmits personal data to VOLUM3 Ltd.), it guarantees that it is entitled to do so under the applicable data protection regulations.
8. Confidentiality
8.1 The Customer and VOLUM3 Ltd. mutually undertake to treat all business and trade secrets of the respective other party obtained in connection with this contract and its execution as such as confidential and not to make them accessible to third parties, unless they are generally known, or were already known to the recipient beforehand without an obligation to secrecy, or are communicated or provided to the recipient by a third party without an obligation to secrecy, or have demonstrably been developed independently by the recipient, or are to be disclosed due to a legally binding official or judicial decision. This obligation shall apply for an unlimited period after the end of the contractual relationship.
8.2 Subcontractors engaged by VOLUM3 Ltd. for the fulfilment of the contract are not considered third parties if they are subject to a confidentiality obligation corresponding to this point.
9. Duration and termination
9.1 The term of the contract is specified in the individual agreement with the Customer; if there is no such stipulation, contracts are concluded for an indefinite period.
9.2 Both VOLUM3 Ltd. and the Customer can terminate unlimited contracts at the end of the respective accounting period (12 months, unless expressly agreed otherwise) by giving one month’s notice. Also, the request for deletion of the account by the Customer shall be considered as termination at the end of the respective accounting period, and the deletion must be made at least one month before the end of the respective accounting period.
9.3 Fixed-term contracts may be terminated by either contracting party by giving one month’s notice before the end of the respective contract period. If they are not terminated, they are automatically extended by a further year in each case. The request for deletion of an account by the Customer shall also be deemed to be a termination of the contract at the end of the respective contract period, and the deletion must take place at the latest one month before the end of the respective contract period.
9.4 Termination must take place in writing or via the VOLUM3 Ltd. platform by an administrator appointed and authorised by the Customer.
9.5 An extraordinary termination by VOLUM3 Ltd. with immediate effect is possible in particular under the following conditions:
9.5.1 If the Customer provides incomplete or incorrect information or fails to provide required proofs.
9.5.2 If the Customer is in default of payment during 30 days; the granting of a grace period is not required.
9.5.3 If there is reasonable suspicion that the Software is being misused.
10. Information requirements
10.1 The Customer must immediately inform VOLUM3 Ltd. of any changes in his address. If the Customer has failed to do so, VOLUM3 Ltd.’s declarations are deemed to have been delivered if delivery was made to the last valid address provided by the Customer for communication.
10.2 The Customer accepts that VOLUM3 Ltd. can also send legally meaningful declarations to the Customer by email or other electronic media (this also applies to invoices, which may be electronically signed to comply with the provisions of the sales tax law (Umsatzsteuergesetz)). Declarations are deemed to have been received as soon as the Customer can access them or take note of them under normal circumstances.
11. Terms of payment and other financial terms
11.1 All amounts (unless otherwise stated) are exclusive of the currently applicable sales tax and other charges. A cash discount is not provided or granted.
11.2 User fees are generally charged in advance for the accounting period in question.
11.3 The Customer shall bear all bank charges and other expenses associated with the transfer.
11.4 In the event of late payments, the Customer will be charged interest on arrears at 10% p/a of the outstanding amount, plus reasonable reminder fees. The Customer must bear all necessary and appropriate costs incurred for the intervention of lawyers and collection agencies.
11.5 Payments by the Customer are initially offset against any costs or interest on arrears. Then, they are offset against the oldest debt.
11.6 VOLUM3 Ltd. is entitled to unilaterally increase the prices of the Software and will notify the Customer in good time, at least 1 month in advance. For an unlimited contract, the price change takes effect at the beginning of the next accounting period, in the case of a fixed-term contract at the beginning of the next contract year.
11.7 Invoices are considered to be accepted if no objection has been raised in writing within 15 days after the invoice has been issued.
11.8 The Customer cannot offset its claims against VOLUM3 Ltd.’s claims. The Customer’s right of retention is also excluded.
12. Other provisions
12.1 Should one or more provisions of these General Terms and Conditions be or become ineffective or unenforceable in full or in part, the validity of the remaining provisions will not be affected. The ineffective or unenforceable provision is to be replaced by a corresponding valid regulation as close as possible to the economic purpose of the ineffective or unenforceable clause.
12.2 The right to claim a reduction by more than half (laesio enormis) is excluded.
12.3 Any transfer by the Customer of the rights or obligations based on the contract requires the prior written consent of VOLUM3 Ltd.. However, VOLUM3 Ltd. is entitled to transfer the contract to a third party in full or in part without the Customer’s consent.
12.4 VOLUM3 Ltd. is entitled to use third parties in full or in part to fulfil its obligations.
12.5 Only Croatian law applies, even if the software is used abroad or if there is any other connection between the software and abroad. The application of the reference norms provided for in Croatian law and the application of the United Nations Convention on Contracts for the International Sale of Goods is excluded.
12.6 All possible disputes arising from this Agreement, the Contracting Parties shall endeavour to resolve amicably, and if they fail to do so, the court with jurisdiction in Zagreb shall have jurisdiction to resolve the dispute.