Privacy Policy

ENGINYRING Europe SRL | rev. 2.0
Updated 04.02.2026

Data protection is a high priority for ENGINYRING. This Privacy Policy informs you of the nature, scope, and purpose of the personal data we collect, use, and process in connection with our CAD/BIM conversion services, in line with the General Data Protection Regulation (GDPR). By using our services or uploading project data, you acknowledge that you have read and understood this policy.

1. Data Controller

The controller for the purposes of the GDPR is:

ENGINYRING Europe SRL
VAT ID: RO47589108 | ONRC ID: J16/306/2023
Romania
Email: contact [at] enginyring [dot] com
Website: www.enginyring.com

2. Definitions

Our data protection declaration is based on the terms used in the GDPR. Key terms include "personal data," "data subject," "processing," "controller," and "processor."

3. Collection of General Data and Information (Log Files)

Our website collects general data and information when you access it (e.g., browser type, operating system, IP address, date, and time). This information is stored in server log files. This data is processed based on our legitimate interest to deliver the content of our website correctly, ensure the long-term viability and security of our systems, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

4. Cookies

Our website uses cookies to provide users with more user-friendly services and to optimize the information and offers on our website. You may, at any time, prevent the setting of cookies through our website by means of a corresponding setting of the Internet browser used and may thus permanently deny the setting of cookies. Further information is available in our Cookie Policy.

5. Client Registration and Project Data

5.1 When you engage our CAD/BIM conversion services, we collect the personal data you provide (e.g., name, company name, address, email, phone number). You are responsible for providing accurate and up-to-date information. This data is used exclusively for the purpose of providing the services you have requested, for project management, invoicing, and to fulfill our contractual and legal obligations.

5.2 By registering, you consent to the storage of your IP address, and the date and time of registration, which serves our legitimate interest in preventing misuse and ensuring service security.

5.3 For certain accounts, where we have any suspicion of fake or fraudulent data being submitted, we reserve the right to request a full Know Your Customer (KYC) validation. This process may require you to provide a selfie and a copy of your government-issued ID, which will be processed through Stripe's Identity platform for verification purposes. This processing is necessary for fraud prevention and to ensure the security of our services, which constitutes a legitimate interest.

6. Point Cloud and Project File Uploads

6.1 File Collection: When you upload point cloud data, CAD files, photographs, or other project materials to our services, these files are stored on our secure servers for the purpose of providing CAD/BIM conversion services.

6.2 File Security: All file uploads are transmitted via encrypted connection (TLS 1.3). Files are stored on secure servers with access restricted to authorized project team members only.

6.3 File Contents: Project files may contain personal data relating to building occupants, property owners, or other third parties. As the data controller for such data, you warrant that you have obtained all necessary permissions and legal basis to upload such data and for us to process it for the purpose of providing CAD/BIM conversion services.

6.4 Data Minimization: We process only the data necessary to complete your project. We do not extract or use personal data contained in point cloud scans or building documentation beyond what is required for service delivery.

6.5 File Retention: Project files are retained as specified in Section 10 (Data Retention Period). You may request earlier deletion at any time, subject to our contractual and legal obligations.

7. Contact via Website/Email

If you contact us via email or a contact form, the personal data you transmit is automatically stored for the purpose of processing your request or contacting you. This data is not transferred to third parties without your consent, unless required for the resolution of your request or as specified in Section 8.

8. Data Disclosure to Third Parties

To deliver our CAD/BIM conversion services, we must share certain personal data with third-party service providers (processors). We only work with third parties that provide sufficient guarantees to implement appropriate technical and organizational measures in a manner that meets the requirements of the GDPR.

Categories of data shared include:

  • Payment Processors (Stripe, PayPal, Banca Transilvania): To process transactions, we share your contact and billing information, including name, address, email, and payment details.
  • Identity Verification (Stripe Identity): For KYC validation when required, we share the necessary identification documents and images you provide.
  • Cloud Storage Providers: Project files, including point cloud data, are stored on secure cloud infrastructure providers. These providers have access to encrypted file data but do not access file contents.
  • Infrastructure & Content Delivery (Google, Fastly, Cloudflare): To deliver website content efficiently and securely, your IP address and cookie data may be shared with our CDN and analytics partners.
  • Communication Services: Email communications may be processed through third-party email service providers.

Your data may be transferred to and stored at a destination outside the European Economic Area ("EEA"). We ensure appropriate safeguards are in place for such transfers, including Standard Contractual Clauses where applicable. By submitting your personal data, you acknowledge this transfer, storing, or processing.

9. Marketing Use of Project Materials

9.1 Marketing Rights: Unless you have executed a separate Non-Disclosure Agreement (NDA) with ENGINYRING that specifically restricts marketing use, Section 7.3 of our CAD/BIM Services Agreement grants us the right to use project materials for marketing purposes.

9.2 What We May Use: This includes the right to use point cloud data, BIM models, CAD drawings, project photographs, building images, and case study content in:

  • Portfolio presentations on our website
  • Social media posts and promotional materials
  • Case studies and white papers
  • Press releases and marketing publications
  • Conference presentations and professional publications
  • Sales and marketing materials

9.3 Data Protection in Marketing: When using project materials for marketing purposes, we:

  • Remove or anonymize any personal data visible in point clouds or building documentation (e.g., faces, license plates, personal documents)
  • Do not disclose confidential technical specifications unless you have provided explicit consent
  • May attribute the project to your company if you consent, otherwise present it anonymously

9.4 Opting Out: You may opt out of marketing use by executing an NDA with us, which may be subject to additional fees as specified in our Services Agreement. If you wish to restrict marketing use of a completed project, please contact us to discuss NDA terms.

9.5 Building Ownership: We acknowledge that building ownership and property rights remain with the respective property owners. Our marketing use is limited to showcasing our technical services and does not imply any property rights or endorsement by property owners.

10. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access: The right to obtain information about your personal data we process, including copies of project files you have uploaded.
  • Right to rectification: The right to obtain the correction of inaccurate personal data.
  • Right to erasure ('right to be forgotten'): The right to have your personal data erased, subject to legal retention obligations and contractual requirements. For project files, this right applies after completion of contractual retention periods.
  • Right to restriction of processing: The right to restrict the processing of your data under certain conditions.
  • Right to data portability: The right to receive your personal data and project files in a structured, commonly used, and machine-readable format.
  • Right to object: The right to object to the processing of your personal data on grounds relating to your particular situation, including objection to marketing use of project materials (see Section 9.4).
  • Right to withdraw consent: The right to withdraw your consent to processing at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Right to lodge a complaint: The right to lodge a complaint with the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP) at www.dataprotection.ro.

To exercise these rights, you may contact us at any time at the address provided in Section 1. We will respond within 30 days of receiving your request.

11. Legal Basis for Processing

We process personal data based on the following legal grounds:

  • Art. 6(1)(a) GDPR: Consent, for specific purposes such as marketing communications or optional services.
  • Art. 6(1)(b) GDPR: Necessity for the performance of a contract to which you are a party, including processing point cloud data and project files to deliver CAD/BIM conversion services.
  • Art. 6(1)(c) GDPR: Necessity for compliance with a legal obligation (e.g., tax laws, accounting requirements).
  • Art. 6(1)(f) GDPR: Necessity for the purposes of our legitimate interests, such as:
    • Ensuring network and data security
    • Preventing fraud and misuse of services
    • Administrative and operational purposes
    • Improving our services and technical capabilities
    • Marketing our services using completed project examples (as specified in Section 9), except where such interests are overridden by your fundamental rights and freedoms

12. Data Retention Period

12.1 General Principle: We store personal data only for the period necessary to achieve the purpose of storage or as required by law (e.g., statutory retention periods for commercial or tax purposes in Romania, typically 10 years for accounting documents).

12.2 Project Files Retention:

  • During Active Project: Files are retained for the duration of the project and through the warranty period (30 days from acceptance per our Services Agreement).
  • Post-Project Retention: After warranty period expiration, project files are retained for 90 days to allow clients to request copies or address any outstanding matters.
  • Archival Period: After 90 days, source files (point clouds, CAD files) are moved to archive storage for an additional 6 months, during which retrieval may incur additional fees.
  • Final Deletion: After the archival period (total of 9 months post-warranty), all source files are securely deleted unless:
    • You have requested extended retention (which may incur storage fees)
    • Legal retention requirements apply
    • The data is necessary for establishment, exercise, or defense of legal claims

12.3 Marketing Materials: Anonymized project materials used for marketing purposes (per Section 9) may be retained indefinitely as they no longer constitute personal data after anonymization.

12.4 Early Deletion: You may request deletion of your project files at any time after project completion and warranty period expiration. We will honor such requests within 30 days unless legal retention obligations apply.

12.5 Account Data: If you close your account, personal data is deleted within 90 days unless retention is required for legal or contractual purposes.

13. Data Security Measures

13.1 We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of data in transit (TLS 1.3) and at rest
  • Access controls limiting file access to authorized project team members
  • Regular security audits and vulnerability assessments
  • Secure backup procedures
  • Employee confidentiality obligations and training
  • Incident response procedures

13.2 In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay and within 72 hours of becoming aware of the breach.

14. Provision of Personal Data

14.1 The provision of personal data is necessary to enter into a contract with us for CAD/BIM conversion services. Failure to provide the necessary contact and billing data would result in the contract not being concluded.

14.2 The provision of point cloud data and project materials is necessary for us to perform the contracted services. Without such data, we cannot deliver the CAD/BIM models as specified.

15. Automated Decision-Making

As a responsible company, we do not use automated decision-making or profiling that produces legal effects or similarly significantly affects you.

16. International Data Transfers

16.1 Some of our service providers and cloud infrastructure are located outside the European Economic Area. When we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by the European Commission for certain countries
  • Other legally recognized transfer mechanisms under GDPR

16.2 You may request information about specific safeguards implemented for international transfers relating to your data.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of material changes by posting the updated policy on our website with a new "Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.

18. Contact and Questions

If you have any questions about this Privacy Policy, wish to exercise your rights, or have concerns about how we process your personal data, please contact us at:

ENGINYRING Europe SRL
Email: contact [at] enginyring [dot] com
Subject line: "Privacy Policy Inquiry"

We aim to respond to all inquiries within 30 days.