Toggle Side Panel

Shopping Cart

No products in the basket.

Shopping Cart

No products in the basket.

Close search

Privacy Policy

BIM Learning Privacy Policy
Last updated: October 2025

1. INTRODUCTION

BIM Learning (“we”, “us”, “our”, “Company”) is committed to protecting your privacy and respecting your data protection rights when you use our website, download or use our software and services, or otherwise interact with us. This Privacy Policy explains:

  • What personal data we collect
  • Why we collect it
  • How we use it
  • With whom we share it
  • How long we keep it
  • Your rights in relation to your data
  • How to contact us

By accessing or using our Website, Software, Services, or by providing personal data to us in any other way, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information in accordance with its terms.

2. SCOPE AND APPLICATION

This Privacy Policy applies to all personal data we process in connection with:

  • Website: https://www.bimlearning.co.uk and associated subdomains (the “Website”)
  • Software: Revit add-ins, plugins, scripts, desktop applications, custom software, and related products (the “Software”)
  • Services: Subscriptions, trials, training, support, consulting, and other services provided by BIM Learning (the “Services”)
  • Distribution Channels: Products distributed via the Autodesk App Store or other official channels
  • Interactions: Support queries, event participation, surveys, feedback, and any other communication with us

Who this applies to:

  • Individual end users
  • Enterprise customers
  • Resellers and partners (unless supplementary terms apply)
  • Business contacts and prospects

If you are an enterprise customer, reseller, or business contact, this policy applies to you unless we have provided you with supplementary policy terms specific to your jurisdiction or agreement.

3. DATA CONTROLLER AND CONTACT INFORMATION

For the purposes of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws, the data controller is:

BIM Learning
A sole trader operating in the United Kingdom
Email: info@bimlearning.co.uk
Website: https://www.bimlearning.co.uk

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us using the details above. We aim to respond to all data requests within 30 days.

4. WHAT PERSONAL DATA DO WE COLLECT?

We may collect the following categories of personal data in connection with your use of the Website, Software, Services, or your interaction with us:

4.1 Identity and Contact Data

  • Full name
  • Email address
  • Company/organization name
  • Job title or role
  • Telephone number
  • Billing address and shipping address
  • Account usernames or identifiers

4.2 Payment and Transaction Data

  • Payment information (processed through third-party payment processors; we do not directly store full credit card details)
  • Purchase history and transaction records
  • Licence subscription details and renewal dates
  • Invoice and receipt information
  • Refund and dispute records

4.3 Device and Software Data

  • Hardware model and specifications
  • Operating system and version
  • Autodesk Revit version and build number
  • Other installed software and plugins
  • Licence activation identifier and key
  • Machine fingerprint or unique device identifier
  • IP address and geolocation data (country/region level)
  • Browser type and version
  • Device name and unique identifiers

4.4 Usage and Telemetry Data

  • Feature usage and interaction patterns (e.g., which tools are used most)
  • Performance metrics and command frequency
  • Processing times and performance statistics
  • Error logs and crash reports
  • Software version and update history
  • Session duration and frequency of use
  • Workflow patterns and automation trigger events
  • Model complexity metrics (anonymized)

4.5 Cookies and Tracking Data

  • Cookie identifiers and analytics identifiers
  • Browsing behavior (pages visited, time on page, referral source)
  • Click tracking and interaction data
  • Advertising/marketing campaign attribution
  • Device fingerprints for analytics purposes

4.6 Support and Communications Data

  • Email communications and support tickets
  • Chat or messaging records
  • Customer feedback, surveys, and testimonials (unless you provide sensitive data)
  • Bug reports and feature requests
  • Training records and webinar attendance (if applicable)
  • Event registration and attendance information

4.7 Data We Do NOT Collect

We explicitly do not knowingly collect:

  • Special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, sexual orientation, biometric data, health data, or genetic data)
  • Personal data of children under 16 years of age (or under 18 if applicable in your jurisdiction)
  • Design data, BIM models, or model content you create (see Section 4.8)
  • Proprietary business information or confidential project details
  • Passwords or authentication credentials (beyond what is necessary for account access)
  • Credit card numbers or sensitive payment details (these are processed directly by our payment processors)

If you inadvertently provide such data, we will delete it as soon as we become aware, or notify you that we cannot process it.

4.8 User-Generated Content

If you upload, create, or store content using the Software or Services (such as BIM models, annotations, scripts, configurations, or documents), we have a strict policy:

  • You retain ownership of your content
  • We do not access your models, designs, or proprietary data for any purpose other than to:
    • Provide the requested service or support
    • Troubleshoot technical issues (only with your explicit consent or when necessary for security)
    • Generate anonymized performance or usage statistics (not identifiable to your specific projects)
  • We do not use your content for marketing, demonstration, or commercial purposes without your explicit written consent

5. HOW AND WHY WE USE YOUR PERSONAL DATA (LEGAL BASIS)

We process your personal data on one or more of the following lawful bases under the UK GDPR and applicable data protection law:

5.1 Contractual Necessity

We process your personal data because it is necessary to perform our contract with you or to take steps at your request prior to entering into a contract. This includes:

  • Providing and delivering the Software and Services
  • Managing and processing subscriptions and licences
  • Licence activation and validation
  • Processing orders and payments
  • Providing customer support and technical assistance
  • Fulfilling warranty or support obligations

5.2 Consent

We process personal data where you have given us your explicit, informed consent. This includes:

  • Signing up for trials or evaluation versions
  • Opting in to marketing communications or newsletters
  • Accepting non-essential cookies
  • Allowing telemetry data collection
  • Participating in surveys or feedback initiatives

You may withdraw consent at any time by contacting us or using the unsubscribe option in communications. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

5.3 Legitimate Interests

We process personal data to pursue legitimate business interests that are not overridden by your rights and freedoms. These legitimate interests include:

  • Product improvement and development: Analyzing usage data to identify features, bugs, and performance issues; improving user experience and software stability
  • Security and fraud prevention: Detecting, preventing, and responding to fraud, piracy, unauthorized use, security threats, or breaches; validating licences and preventing unauthorized distribution
  • Analytics and business intelligence: Understanding product usage trends, user demographics, and market demands to inform strategic decisions
  • Legal compliance and enforcement: Defending our legal rights, enforcing agreements, preventing misuse, and complying with legal obligations
  • Business efficiency: Administering our business, managing IT systems, conducting audits, and optimizing operations
  • Direct marketing and communications (where permitted): Sending information about new features, updates, or products that may be of interest (subject to your preferences)

Before processing on the basis of legitimate interest, we conduct a balancing test to ensure our interests do not override your data protection rights.

5.4 Legal Obligation

We process personal data where required by law, regulation, or court order, including:

  • Tax and accounting requirements (retention of invoice and subscription records)
  • Regulatory reporting obligations
  • Compliance with data protection law itself
  • Law enforcement requests or judicial proceedings
  • Protection of public safety or rights

6. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through the following methods:

6.1 Direct Collection

  • When you register on our Website or create an account
  • When you request a trial or evaluation licence
  • When you purchase or subscribe to a licence
  • When you download, install, or activate the Software
  • When you contact us via email, support forms, or chat
  • When you participate in events, webinars, surveys, or feedback initiatives
  • When you provide feedback or testimonials

6.2 Automatic Collection

  • When you use our Website (via cookies, analytics, log files)
  • When you use the Software (via licence validation, telemetry collection, error reporting)
  • Through your device and browser (IP address, device type, operating system, browser type)
  • Through analytics services and tracking technologies

6.3 Third-Party Collection

  • From the Autodesk App Store or other distribution channels
  • From resellers, partners, or distributors who distribute our Software
  • From marketing platforms or lead generation services (with proper consent)
  • From publicly available sources (in limited circumstances)
  • From our service providers (see Section 8 below)

7. USE OF COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Website. They allow us to recognize your device and remember information about your visit.

7.2 Types of Cookies We Use

Essential Cookies (Always Used)

  • Purpose: Ensure the proper functioning of the Website, such as maintaining your login session, processing your requests, securing your transactions
  • Legal Basis: Contractual Necessity / Legitimate Interest
  • Opt-out: Cannot be disabled without affecting Website functionality

Functionality Cookies (Optional)

  • Purpose: Remember your preferences, settings, and choices on the Website (language, layout, saved searches)
  • Legal Basis: Consent / Legitimate Interest
  • Opt-out: Can be managed via your browser or our cookie preferences tool

Analytics Cookies (Optional)

  • Purpose: Collect aggregated data about Website usage, user demographics, traffic patterns, and performance to improve the Website and understand user behavior
  • Third-Party Providers: Google Analytics, Hotjar (optional)
  • Legal Basis: Consent / Legitimate Interest
  • Opt-out: Use the opt-out link provided on our Website or adjust your browser settings

Marketing/Advertising Cookies (Optional)

  • Purpose: Track your browsing patterns and interests across websites, enable targeted advertising, and measure campaign effectiveness
  • Third-Party Providers: Facebook, Google Ads, LinkedIn, other advertising networks
  • Legal Basis: Consent
  • Opt-out: Opt out through the cookie preferences tool or advertising preference centers

7.3 Cookie Management

When you first visit our Website, you will see a cookie consent banner. You can:

  • Accept all cookies (including optional cookies)
  • Accept essential cookies only (recommended if you prefer privacy)
  • Customize your preferences to select specific cookie types
  • Manage preferences later by visiting our cookie preferences page or contacting us

You can also disable cookies through your browser settings, though this may affect your ability to use certain Website features.

7.4 Other Tracking Technologies

We may also use:

  • Pixel tags and web beacons: Small images used to track email opens and link clicks
  • Analytics scripts: Code that tracks user interaction and performance
  • Local storage: Browser storage used for certain preferences and data

8. SHARING AND DISCLOSURE OF YOUR PERSONAL DATA

8.1 General Policy

We do not sell, trade, or rent your personal data to third parties for marketing purposes. We share personal data only in limited circumstances described below, and only where necessary and lawful.

8.2 Service Providers and Processors

We may share personal data with third-party service providers who perform services on our behalf. These include:

Hosting and Infrastructure Providers

  • Microsoft Azure: Hosting and cloud infrastructure
  • Amazon Web Services (AWS): Backup and disaster recovery
  • Cloudflare: DDoS protection and content delivery
  • Purpose: Ensuring Website and Software availability, security, and performance
  • Data: Device, Usage, IP Address, Analytics data
  • Contract: Data Processing Agreements in place

Payment Processors

  • Stripe: Payment processing and invoicing
  • PayPal: Payment processing (if applicable)
  • Purpose: Processing subscriptions, renewals, and one-time payments
  • Data: Payment information, Identity, Transaction data
  • Contract: Data Processing Agreements and PCI DSS compliance in place

Analytics and Monitoring Services

  • Google Analytics: Website traffic analysis and user behavior analytics
  • Hotjar: Session recording and heatmapping (optional)
  • Sentry: Error tracking and performance monitoring
  • Purpose: Understanding Website usage, identifying issues, improving performance
  • Data: Cookies, Tracking data, Device, Usage, IP Address
  • Contract: Standard Data Processing Agreements in place

Email and Communication Services

  • Mailgun or SendGrid: Email delivery and transactional emails
  • Intercom or Zendesk: Customer support and ticketing
  • Purpose: Sending transactional emails, support communications, marketing emails
  • Data: Identity, Contact, Communication data
  • Contract: Data Processing Agreements in place

Customer Relationship Management (CRM)

  • HubSpot or Salesforce: Customer data, interactions, and sales pipeline
  • Purpose: Managing customer relationships, sales processes, and marketing campaigns
  • Data: Identity, Contact, Usage, Communication, Marketing preferences
  • Contract: Data Processing Agreements in place

Software and Tools

  • Autodesk API and services: For licence validation and integration with Autodesk ecosystem
  • GitHub or GitLab: Version control and code repositories (does not contain user personal data)
  • Slack or other team communication tools: Internal team communication only
  • Purpose: Providing integrated services, internal operations
  • Data: Limited to what is necessary for the specific purpose
  • Contract: Data Processing Agreements where applicable

8.3 Resellers, Partners, and Distributors

If you have subscribed to or received the Software through a reseller, partner, or distributor (including via the Autodesk App Store), we may share necessary information with them to:

  • Provide support and service
  • Process renewals and manage subscriptions
  • Deliver licences and updates
  • Provide account management

8.4 Legal Requirements and Enforcement

We may disclose personal data if required by law, regulation, court order, or governmental authority, including:

  • Law enforcement or regulatory requests
  • Subpoenas or legal proceedings
  • Protection of legal rights or property
  • Prevention of fraud, security threats, or harm
  • Enforcement of our agreements and terms

In such cases, we will provide notice to the affected individual unless we are prohibited by law from doing so.

8.5 Business Transfers

If we undergo a merger, acquisition, asset sale, bankruptcy, or other business restructuring, personal data may be transferred as part of the business assets. We will provide notice and offer choices regarding your personal data where required by applicable law.

8.6 Aggregated and Anonymized Data

We may collect, use, and share aggregated or anonymized data (data that cannot identify you) for any purpose, including marketing, analytics, and product development. Aggregated data is not subject to this Privacy Policy.

9. RETENTION OF PERSONAL DATA

We retain your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal obligations, resolve disputes, enforce our agreements, or protect our rights. Retention periods vary by data category:

9.1 Retention Schedule

Data CategoryRetention PeriodReason
Identity & Contact DataDuration of subscription + 3 yearsLegal obligation (tax/accounting), support, communication
Payment & Transaction Data7 years after transactionUK tax law requirement (HMRC), accounting records
Device & Activation Data2 years after licence terminationAnti-piracy, security, support purposes
Usage & Telemetry Data2 years (or until anonymized)Product analytics, improvement, security
Cookies & Analytics DataAs per cookie type / analytics provider policyWebsite improvement, user experience; typically 12-24 months
Support & Communications2 years after final communicationDispute resolution, support history, compliance
Marketing Preferences & Consent RecordsUntil opt-out or withdrawalLegal requirement to document consent
Error Logs & Performance Data1 yearTroubleshooting, system optimization
Aggregated/Anonymized DataIndefinitelyNo personal data; can be retained forever

9.2 Deletion and Deactivation

Upon termination of your subscription or account:

  • Account data is retained as described above
  • You may request deletion of your data subject to legal retention obligations
  • Some data may be retained in anonymized or aggregated form
  • We will securely delete or anonymize data when it is no longer necessary

9.3 Right to Request Deletion

You may request deletion of your data at any time (see Section 10 below). However, we may retain certain data if required by law, to complete pending transactions, or to protect our legitimate interests.

10. YOUR DATA PROTECTION RIGHTS

Under the UK GDPR and applicable data protection law, you have the following rights:

10.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, electronic format (portable format) within 30 days of your request.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update some information directly in your account; for other data, contact us and we will make corrections promptly.

10.3 Right to Erasure (“Right to Be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances, such as:

  • The data is no longer necessary for the purposes for which it was collected
  • You withdraw your consent and there is no other legal basis for processing
  • You object to processing and we have no overriding justification

However, we may retain data if required by law, to complete transactions, or to protect our legitimate interests.

10.4 Right to Restrict Processing

You have the right to request that we restrict processing of your data while we verify accuracy or while a dispute is being resolved. During restriction, we will only store the data and may not actively process it (except with your consent or for legal reasons).

10.5 Right to Object

You have the right to object to processing of your personal data on grounds of legitimate interest or for direct marketing. In such cases, we will cease processing unless we can demonstrate compelling legitimate reasons for continued processing.

To object to marketing communications: Click the “unsubscribe” link in any email, or contact us directly.

10.6 Right to Data Portability

You have the right to request that we provide your personal data in a structured, commonly used, machine-readable format (such as CSV), and to transmit that data to another organization if technically feasible. This applies where processing is based on consent or contract and is carried out by automated means.

10.7 Right to Withdraw Consent

If processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. To withdraw consent for marketing, telemetry, or cookies, contact us or use the unsubscribe/preference options provided.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority (in the UK, the Information Commissioner’s Office – ICO) if you believe we have violated data protection law. You can contact the ICO at:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: https://www.ico.org.uk/

10.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: info@bimlearning.co.uk
Mail: BIM Learning, United Kingdom

We will respond to your request within 30 days (or 60 days in complex cases). We may ask for proof of identity to verify your request.

11. SECURITY AND PROTECTION OF PERSONAL DATA

11.1 Security Measures

We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

  • Encryption: Data in transit is encrypted using TLS/SSL protocols; sensitive data at rest is encrypted using industry-standard encryption
  • Secure servers: Data is stored on secure, access-controlled servers with firewalls and intrusion detection systems
  • Access controls: Personal data access is restricted to authorized personnel who have been trained on data protection obligations and are subject to confidentiality agreements
  • Regular security reviews: We conduct regular security assessments, penetration testing, and vulnerability scanning
  • Incident response: We maintain an incident response plan and will notify affected individuals of any data breaches as required by law
  • Staff training: Employees receive regular data protection and security training
  • Third-party audits: Our service providers undergo regular security audits and maintain appropriate certifications (e.g., ISO 27001, SOC 2)

11.2 Limitations of Security

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized use of your account.

11.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected individuals without undue delay (within 72 hours where required by law)
  • Provide information about the nature of the breach, what data was affected, and steps you should take
  • Notify the ICO where required by law
  • Take measures to mitigate the impact

12. CHILDREN AND MINORS

Our Website, Software, and Services are intended for professional or business users and are not directed at children under 16 years of age (or under 18 if applicable in your jurisdiction). We do not knowingly collect personal data from children under these ages.

If we discover that we have inadvertently collected personal data from a child under 16, we will:

  • Delete that data promptly
  • Take steps to ensure no further data is collected from that individual
  • Notify the child’s parent or guardian if possible

If you believe we have collected data from a child under the applicable age, please contact us immediately.

13. INTERNATIONAL TRANSFERS OF PERSONAL DATA

13.1 Transfers Outside the UK

Your personal data is primarily processed and stored in the UK. However, data may be transferred to and processed in other countries, including outside the European Economic Area (EEA), by our service providers or in connection with our business operations.

13.2 Safeguards for International Transfers

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data at a level equivalent to UK GDPR protection, including:

  • Standard Contractual Clauses (SCCs): Model clauses approved by UK authorities that impose data protection obligations on recipients
  • Adequacy Decisions: Transfers to countries that have been deemed to provide an adequate level of data protection
  • Binding Corporate Rules: Where applicable, internal rules governing data transfers within our organization
  • Explicit Consent: In some cases, your explicit consent to the transfer
  • Legitimate Interests Assessment: Where appropriate, a documented assessment that the transfer is necessary for legitimate interests and proportionate

13.3 US Data Transfers

If personal data is transferred to the United States, we will ensure transfers are made under:

  • Standard Contractual Clauses
  • Valid adequacy mechanisms (if available)
  • Your explicit consent
  • Supplementary safeguards

Please note that US data protection laws may differ from UK GDPR protections.

13.4 Data Localization

If you require your data to be retained in a specific location or country, please contact us to discuss your requirements and whether we can accommodate them.

14. UPDATES TO THIS PRIVACY POLICY

We may update or change this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Post the updated policy on our Website
  • Update the “Last Updated” date at the top of this document
  • Seek your consent to material changes where required by law
  • Notify you via email (if we have your email address) or through a prominent notice on our Website

Your continued use of our Website, Software, or Services after any changes constitutes your acknowledgment and acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed of how we protect your data.

14.1 Minor Changes

We may make minor clarifications or updates to this policy without advance notice. Material changes will always be communicated.

15. CONTACT US

15.1 Data Subject Requests

If you have questions about this Privacy Policy, wish to exercise your data protection rights, have a concern about our data practices, or wish to make a complaint, please contact us:

Email: info@bimlearning.co.uk
Website: https://www.bimlearning.co.uk
Mailing Address: BIM Learning, United Kingdom

We aim to respond to all inquiries within 30 days. For data access requests, we may require proof of identity.

15.2 Data Protection Officer

While we do not have a dedicated Data Protection Officer, our team takes data protection very seriously. For data protection matters, contact info@bimlearning.co.uk and reference “Data Protection Request” in your subject line.

15.3 Supervisory Authority

If you have concerns about our data practices and wish to file a complaint, you may contact the UK Information Commissioner’s Office (ICO) as detailed in Section 10.8 above.

16. SPECIFIC PROVISIONS FOR DIFFERENT DATA SUBJECTS

16.1 Individuals Using Software on Employer’s Devices

If you are using our Software on a device provided or managed by your employer:

  • Your employer may have visibility into certain usage data and device information
  • This Privacy Policy still applies to your personal data
  • Your employer may be a separate data controller for device management data
  • Contact your IT department regarding their data practices

16.2 Enterprise Customers

If you are an enterprise customer:

  • We may have a supplementary Data Processing Addendum (DPA) that applies
  • The DPA governs data processing for your organization
  • Contact your account manager for a copy of the DPA
  • This Privacy Policy still applies where not superseded by the DPA

16.3 Resellers and Partners

If you are a reseller, partner, or distributor:

  • We may process your business contact information for account management, support, and communications
  • A separate reseller agreement or partnership agreement may apply
  • Data Processing Addendums are available upon request
  • Contact us for details specific to your role

17. DEFINITIONS

  • Personal Data: Any information relating to an identified or identifiable natural person
  • Processing: Any operation performed on personal data (collection, use, storage, disclosure, deletion, etc.)
  • Data Controller: The entity that determines the purposes and means of processing (BIM Learning)
  • Data Processor: An entity that processes data on behalf of the controller (our service providers)
  • Legitimate Interest: A valid reason for processing that is not overridden by individual rights
  • Consent: Freely given, specific, informed, and unambiguous expression of will by the individual
  • Data Subject: The individual to which personal data relates (you)
  • Anonymized Data: Data that cannot identify an individual (not personal data; not subject to GDPR)
  • Aggregated Data: Combined data from multiple individuals presented in summary form (not personal data if not linked to individuals)

Effective Date: October 2025
Last Updated: October 2025

This document is the confidential and proprietary work product of BIM Learning.
Unauthorized reproduction or distribution is prohibited.
For the most current version of this Privacy Policy, please visit https://www.bimlearning.co.uk/privacy-policy