First Name

Last Name

Nickname

By creating an account you are agreeing to the Terms of Service and Privacy Policy.

Privacy Policy

BIM Learning Privacy Policy
Last updated: October 2025

1. INTRODUCTION

BIM Learning (“we”, “us”, “our”, “Company”) is committed to protecting your privacy and respecting your data protection rights when you use our website, download or use our software and services, or otherwise interact with us. This Privacy Policy explains:

What personal data we collect
Why we collect it
How we use it
With whom we share it
How long we keep it
Your rights in relation to your data
How to contact us

By accessing or using our Website, Software, Services, or by providing personal data to us in any other way, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and use of your information in accordance with its terms.

2. SCOPE AND APPLICATION

This Privacy Policy applies to all personal data we process in connection with:

Website: https://www.bimlearning.co.uk and associated subdomains (the “Website”)
Software: Revit add-ins, plugins, scripts, desktop applications, custom software, and related products (the “Software”)
Services: Subscriptions, trials, training, support, consulting, and other services provided by BIM Learning (the “Services”)
Distribution Channels: Products distributed via the Autodesk App Store or other official channels
Interactions: Support queries, event participation, surveys, feedback, and any other communication with us

Who this applies to:

Individual end users
Enterprise customers
Resellers and partners (unless supplementary terms apply)
Business contacts and prospects

If you are an enterprise customer, reseller, or business contact, this policy applies to you unless we have provided you with supplementary policy terms specific to your jurisdiction or agreement.

3. DATA CONTROLLER AND CONTACT INFORMATION

For the purposes of the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws, the data controller is:

BIM Learning
A sole trader operating in the United Kingdom
Email: info@bimlearning.co.uk
Website: https://www.bimlearning.co.uk

If you have questions about this Privacy Policy, wish to exercise your data protection rights, or have concerns about our data practices, please contact us using the details above. We aim to respond to all data requests within 30 days.

4. WHAT PERSONAL DATA DO WE COLLECT?

We may collect the following categories of personal data in connection with your use of the Website, Software, Services, or your interaction with us:

4.1 Identity and Contact Data

Full name
Email address
Company/organization name
Job title or role
Telephone number
Billing address and shipping address
Account usernames or identifiers

4.2 Payment and Transaction Data

Payment information (processed through third-party payment processors; we do not directly store full credit card details)
Purchase history and transaction records
Licence subscription details and renewal dates
Invoice and receipt information
Refund and dispute records

4.3 Device and Software Data

Hardware model and specifications
Operating system and version
Autodesk Revit version and build number
Other installed software and plugins
Licence activation identifier and key
Machine fingerprint or unique device identifier
IP address and geolocation data (country/region level)
Browser type and version
Device name and unique identifiers

4.4 Usage and Telemetry Data

Feature usage and interaction patterns (e.g., which tools are used most)
Performance metrics and command frequency
Processing times and performance statistics
Error logs and crash reports
Software version and update history
Session duration and frequency of use
Workflow patterns and automation trigger events
Model complexity metrics (anonymized)

4.5 Cookies and Tracking Data

Cookie identifiers and analytics identifiers
Browsing behavior (pages visited, time on page, referral source)
Click tracking and interaction data
Advertising/marketing campaign attribution
Device fingerprints for analytics purposes

4.6 Support and Communications Data

Email communications and support tickets
Chat or messaging records
Customer feedback, surveys, and testimonials (unless you provide sensitive data)
Bug reports and feature requests
Training records and webinar attendance (if applicable)
Event registration and attendance information

4.7 Data We Do NOT Collect

We explicitly do not knowingly collect:

Special categories of personal data (racial or ethnic origin, political opinions, religious beliefs, sexual orientation, biometric data, health data, or genetic data)
Personal data of children under 16 years of age (or under 18 if applicable in your jurisdiction)
Design data, BIM models, or model content you create (see Section 4.8)
Proprietary business information or confidential project details
Passwords or authentication credentials (beyond what is necessary for account access)
Credit card numbers or sensitive payment details (these are processed directly by our payment processors)

If you inadvertently provide such data, we will delete it as soon as we become aware, or notify you that we cannot process it.

4.8 User-Generated Content

If you upload, create, or store content using the Software or Services (such as BIM models, annotations, scripts, configurations, or documents), we have a strict policy:

You retain ownership of your content
We do not access your models, designs, or proprietary data for any purpose other than to:
- Provide the requested service or support
- Troubleshoot technical issues (only with your explicit consent or when necessary for security)
- Generate anonymized performance or usage statistics (not identifiable to your specific projects)
We do not use your content for marketing, demonstration, or commercial purposes without your explicit written consent

5. HOW AND WHY WE USE YOUR PERSONAL DATA (LEGAL BASIS)

We process your personal data on one or more of the following lawful bases under the UK GDPR and applicable data protection law:

5.1 Contractual Necessity

We process your personal data because it is necessary to perform our contract with you or to take steps at your request prior to entering into a contract. This includes:

Providing and delivering the Software and Services
Managing and processing subscriptions and licences
Licence activation and validation
Processing orders and payments
Providing customer support and technical assistance
Fulfilling warranty or support obligations

5.2 Consent

We process personal data where you have given us your explicit, informed consent. This includes:

Signing up for trials or evaluation versions
Opting in to marketing communications or newsletters
Accepting non-essential cookies
Allowing telemetry data collection
Participating in surveys or feedback initiatives

You may withdraw consent at any time by contacting us or using the unsubscribe option in communications. Withdrawal of consent does not affect the lawfulness of processing before withdrawal.

5.3 Legitimate Interests

We process personal data to pursue legitimate business interests that are not overridden by your rights and freedoms. These legitimate interests include:

Product improvement and development: Analyzing usage data to identify features, bugs, and performance issues; improving user experience and software stability
Security and fraud prevention: Detecting, preventing, and responding to fraud, piracy, unauthorized use, security threats, or breaches; validating licences and preventing unauthorized distribution
Analytics and business intelligence: Understanding product usage trends, user demographics, and market demands to inform strategic decisions
Legal compliance and enforcement: Defending our legal rights, enforcing agreements, preventing misuse, and complying with legal obligations
Business efficiency: Administering our business, managing IT systems, conducting audits, and optimizing operations
Direct marketing and communications (where permitted): Sending information about new features, updates, or products that may be of interest (subject to your preferences)

Before processing on the basis of legitimate interest, we conduct a balancing test to ensure our interests do not override your data protection rights.

5.4 Legal Obligation

We process personal data where required by law, regulation, or court order, including:

Tax and accounting requirements (retention of invoice and subscription records)
Regulatory reporting obligations
Compliance with data protection law itself
Law enforcement requests or judicial proceedings
Protection of public safety or rights

6. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data through the following methods:

6.1 Direct Collection

When you register on our Website or create an account
When you request a trial or evaluation licence
When you purchase or subscribe to a licence
When you download, install, or activate the Software
When you contact us via email, support forms, or chat
When you participate in events, webinars, surveys, or feedback initiatives
When you provide feedback or testimonials

6.2 Automatic Collection

When you use our Website (via cookies, analytics, log files)
When you use the Software (via licence validation, telemetry collection, error reporting)
Through your device and browser (IP address, device type, operating system, browser type)
Through analytics services and tracking technologies

6.3 Third-Party Collection

From the Autodesk App Store or other distribution channels
From resellers, partners, or distributors who distribute our Software
From marketing platforms or lead generation services (with proper consent)
From publicly available sources (in limited circumstances)
From our service providers (see Section 8 below)

7. USE OF COOKIES AND TRACKING TECHNOLOGIES

7.1 What Are Cookies?

Cookies are small text files placed on your device when you visit our Website. They allow us to recognize your device and remember information about your visit.

7.2 Types of Cookies We Use

Essential Cookies (Always Used)

Purpose: Ensure the proper functioning of the Website, such as maintaining your login session, processing your requests, securing your transactions
Legal Basis: Contractual Necessity / Legitimate Interest
Opt-out: Cannot be disabled without affecting Website functionality

Functionality Cookies (Optional)

Purpose: Remember your preferences, settings, and choices on the Website (language, layout, saved searches)
Legal Basis: Consent / Legitimate Interest
Opt-out: Can be managed via your browser or our cookie preferences tool

Analytics Cookies (Optional)

Purpose: Collect aggregated data about Website usage, user demographics, traffic patterns, and performance to improve the Website and understand user behavior
Third-Party Providers: Google Analytics, Hotjar (optional)
Legal Basis: Consent / Legitimate Interest
Opt-out: Use the opt-out link provided on our Website or adjust your browser settings

Marketing/Advertising Cookies (Optional)

Purpose: Track your browsing patterns and interests across websites, enable targeted advertising, and measure campaign effectiveness
Third-Party Providers: Facebook, Google Ads, LinkedIn, other advertising networks
Legal Basis: Consent
Opt-out: Opt out through the cookie preferences tool or advertising preference centers

7.3 Cookie Management

When you first visit our Website, you will see a cookie consent banner. You can:

Accept all cookies (including optional cookies)
Accept essential cookies only (recommended if you prefer privacy)
Customize your preferences to select specific cookie types
Manage preferences later by visiting our cookie preferences page or contacting us

You can also disable cookies through your browser settings, though this may affect your ability to use certain Website features.

7.4 Other Tracking Technologies

We may also use:

Pixel tags and web beacons: Small images used to track email opens and link clicks
Analytics scripts: Code that tracks user interaction and performance
Local storage: Browser storage used for certain preferences and data

8. SHARING AND DISCLOSURE OF YOUR PERSONAL DATA

8.1 General Policy

We do not sell, trade, or rent your personal data to third parties for marketing purposes. We share personal data only in limited circumstances described below, and only where necessary and lawful.

8.2 Service Providers and Processors

We may share personal data with third-party service providers who perform services on our behalf. These include:

Hosting and Infrastructure Providers

Microsoft Azure: Hosting and cloud infrastructure
Amazon Web Services (AWS): Backup and disaster recovery
Cloudflare: DDoS protection and content delivery
Purpose: Ensuring Website and Software availability, security, and performance
Data: Device, Usage, IP Address, Analytics data
Contract: Data Processing Agreements in place

Payment Processors

Stripe: Payment processing and invoicing
PayPal: Payment processing (if applicable)
Purpose: Processing subscriptions, renewals, and one-time payments
Data: Payment information, Identity, Transaction data
Contract: Data Processing Agreements and PCI DSS compliance in place

Analytics and Monitoring Services

Google Analytics: Website traffic analysis and user behavior analytics
Hotjar: Session recording and heatmapping (optional)
Sentry: Error tracking and performance monitoring
Purpose: Understanding Website usage, identifying issues, improving performance
Data: Cookies, Tracking data, Device, Usage, IP Address
Contract: Standard Data Processing Agreements in place

Email and Communication Services

Mailgun or SendGrid: Email delivery and transactional emails
Intercom or Zendesk: Customer support and ticketing
Purpose: Sending transactional emails, support communications, marketing emails
Data: Identity, Contact, Communication data
Contract: Data Processing Agreements in place

Customer Relationship Management (CRM)

HubSpot or Salesforce: Customer data, interactions, and sales pipeline
Purpose: Managing customer relationships, sales processes, and marketing campaigns
Data: Identity, Contact, Usage, Communication, Marketing preferences
Contract: Data Processing Agreements in place

Software and Tools

Autodesk API and services: For licence validation and integration with Autodesk ecosystem
GitHub or GitLab: Version control and code repositories (does not contain user personal data)
Slack or other team communication tools: Internal team communication only
Purpose: Providing integrated services, internal operations
Data: Limited to what is necessary for the specific purpose
Contract: Data Processing Agreements where applicable

8.3 Resellers, Partners, and Distributors

If you have subscribed to or received the Software through a reseller, partner, or distributor (including via the Autodesk App Store), we may share necessary information with them to:

Provide support and service
Process renewals and manage subscriptions
Deliver licences and updates
Provide account management

8.4 Legal Requirements and Enforcement

We may disclose personal data if required by law, regulation, court order, or governmental authority, including:

Law enforcement or regulatory requests
Subpoenas or legal proceedings
Protection of legal rights or property
Prevention of fraud, security threats, or harm
Enforcement of our agreements and terms

In such cases, we will provide notice to the affected individual unless we are prohibited by law from doing so.

8.5 Business Transfers

If we undergo a merger, acquisition, asset sale, bankruptcy, or other business restructuring, personal data may be transferred as part of the business assets. We will provide notice and offer choices regarding your personal data where required by applicable law.

8.6 Aggregated and Anonymized Data

We may collect, use, and share aggregated or anonymized data (data that cannot identify you) for any purpose, including marketing, analytics, and product development. Aggregated data is not subject to this Privacy Policy.

9. RETENTION OF PERSONAL DATA

We retain your personal data only for as long as necessary for the purposes for which it was collected, or to comply with legal obligations, resolve disputes, enforce our agreements, or protect our rights. Retention periods vary by data category:

9.1 Retention Schedule

Data Category	Retention Period	Reason
Identity & Contact Data	Duration of subscription + 3 years	Legal obligation (tax/accounting), support, communication
Payment & Transaction Data	7 years after transaction	UK tax law requirement (HMRC), accounting records
Device & Activation Data	2 years after licence termination	Anti-piracy, security, support purposes
Usage & Telemetry Data	2 years (or until anonymized)	Product analytics, improvement, security
Cookies & Analytics Data	As per cookie type / analytics provider policy	Website improvement, user experience; typically 12-24 months
Support & Communications	2 years after final communication	Dispute resolution, support history, compliance
Marketing Preferences & Consent Records	Until opt-out or withdrawal	Legal requirement to document consent
Error Logs & Performance Data	1 year	Troubleshooting, system optimization
Aggregated/Anonymized Data	Indefinitely	No personal data; can be retained forever

9.2 Deletion and Deactivation

Upon termination of your subscription or account:

Account data is retained as described above
You may request deletion of your data subject to legal retention obligations
Some data may be retained in anonymized or aggregated form
We will securely delete or anonymize data when it is no longer necessary

9.3 Right to Request Deletion

You may request deletion of your data at any time (see Section 10 below). However, we may retain certain data if required by law, to complete pending transactions, or to protect our legitimate interests.

10. YOUR DATA PROTECTION RIGHTS

Under the UK GDPR and applicable data protection law, you have the following rights:

10.1 Right of Access

You have the right to request a copy of the personal data we hold about you. We will provide this information in a structured, commonly used, electronic format (portable format) within 30 days of your request.

10.2 Right to Rectification

You have the right to request correction of inaccurate or incomplete personal data. You can update some information directly in your account; for other data, contact us and we will make corrections promptly.

10.3 Right to Erasure (“Right to Be Forgotten”)

You have the right to request deletion of your personal data in certain circumstances, such as:

The data is no longer necessary for the purposes for which it was collected
You withdraw your consent and there is no other legal basis for processing
You object to processing and we have no overriding justification

However, we may retain data if required by law, to complete transactions, or to protect our legitimate interests.

10.4 Right to Restrict Processing

You have the right to request that we restrict processing of your data while we verify accuracy or while a dispute is being resolved. During restriction, we will only store the data and may not actively process it (except with your consent or for legal reasons).

10.5 Right to Object

You have the right to object to processing of your personal data on grounds of legitimate interest or for direct marketing. In such cases, we will cease processing unless we can demonstrate compelling legitimate reasons for continued processing.

To object to marketing communications: Click the “unsubscribe” link in any email, or contact us directly.

10.6 Right to Data Portability

You have the right to request that we provide your personal data in a structured, commonly used, machine-readable format (such as CSV), and to transmit that data to another organization if technically feasible. This applies where processing is based on consent or contract and is carried out by automated means.

10.7 Right to Withdraw Consent

If processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that occurred before withdrawal. To withdraw consent for marketing, telemetry, or cookies, contact us or use the unsubscribe/preference options provided.

10.8 Right to Lodge a Complaint

You have the right to lodge a complaint with the supervisory authority (in the UK, the Information Commissioner’s Office – ICO) if you believe we have violated data protection law. You can contact the ICO at:

Information Commissioner’s Office (ICO)
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Phone: 0303 123 1113
Website: https://www.ico.org.uk/

10.9 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

Email: info@bimlearning.co.uk
Mail: BIM Learning, United Kingdom

We will respond to your request within 30 days (or 60 days in complex cases). We may ask for proof of identity to verify your request.

11. SECURITY AND PROTECTION OF PERSONAL DATA

11.1 Security Measures

We implement appropriate technical and organizational measures designed to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

Encryption: Data in transit is encrypted using TLS/SSL protocols; sensitive data at rest is encrypted using industry-standard encryption
Secure servers: Data is stored on secure, access-controlled servers with firewalls and intrusion detection systems
Access controls: Personal data access is restricted to authorized personnel who have been trained on data protection obligations and are subject to confidentiality agreements
Regular security reviews: We conduct regular security assessments, penetration testing, and vulnerability scanning
Incident response: We maintain an incident response plan and will notify affected individuals of any data breaches as required by law
Staff training: Employees receive regular data protection and security training
Third-party audits: Our service providers undergo regular security audits and maintain appropriate certifications (e.g., ISO 27001, SOC 2)

11.2 Limitations of Security

While we implement reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials and notifying us immediately of any unauthorized use of your account.

11.3 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

Notify affected individuals without undue delay (within 72 hours where required by law)
Provide information about the nature of the breach, what data was affected, and steps you should take
Notify the ICO where required by law
Take measures to mitigate the impact

12. CHILDREN AND MINORS

Our Website, Software, and Services are intended for professional or business users and are not directed at children under 16 years of age (or under 18 if applicable in your jurisdiction). We do not knowingly collect personal data from children under these ages.

If we discover that we have inadvertently collected personal data from a child under 16, we will:

Delete that data promptly
Take steps to ensure no further data is collected from that individual
Notify the child’s parent or guardian if possible

If you believe we have collected data from a child under the applicable age, please contact us immediately.

13. INTERNATIONAL TRANSFERS OF PERSONAL DATA

13.1 Transfers Outside the UK

Your personal data is primarily processed and stored in the UK. However, data may be transferred to and processed in other countries, including outside the European Economic Area (EEA), by our service providers or in connection with our business operations.

13.2 Safeguards for International Transfers

Where we transfer personal data outside the UK, we ensure that appropriate safeguards are in place to protect your data at a level equivalent to UK GDPR protection, including:

Standard Contractual Clauses (SCCs): Model clauses approved by UK authorities that impose data protection obligations on recipients
Adequacy Decisions: Transfers to countries that have been deemed to provide an adequate level of data protection
Binding Corporate Rules: Where applicable, internal rules governing data transfers within our organization
Explicit Consent: In some cases, your explicit consent to the transfer
Legitimate Interests Assessment: Where appropriate, a documented assessment that the transfer is necessary for legitimate interests and proportionate

13.3 US Data Transfers

If personal data is transferred to the United States, we will ensure transfers are made under:

Standard Contractual Clauses
Valid adequacy mechanisms (if available)
Your explicit consent
Supplementary safeguards

Please note that US data protection laws may differ from UK GDPR protections.

13.4 Data Localization

If you require your data to be retained in a specific location or country, please contact us to discuss your requirements and whether we can accommodate them.

14. UPDATES TO THIS PRIVACY POLICY

We may update or change this Privacy Policy at any time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated policy on our Website
Update the “Last Updated” date at the top of this document
Seek your consent to material changes where required by law
Notify you via email (if we have your email address) or through a prominent notice on our Website

Your continued use of our Website, Software, or Services after any changes constitutes your acknowledgment and acceptance of the updated Privacy Policy. We encourage you to review this policy periodically to stay informed of how we protect your data.

14.1 Minor Changes

We may make minor clarifications or updates to this policy without advance notice. Material changes will always be communicated.

15. CONTACT US

15.1 Data Subject Requests

If you have questions about this Privacy Policy, wish to exercise your data protection rights, have a concern about our data practices, or wish to make a complaint, please contact us:

Email: info@bimlearning.co.uk
Website: https://www.bimlearning.co.uk
Mailing Address: BIM Learning, United Kingdom

We aim to respond to all inquiries within 30 days. For data access requests, we may require proof of identity.

15.2 Data Protection Officer

While we do not have a dedicated Data Protection Officer, our team takes data protection very seriously. For data protection matters, contact info@bimlearning.co.uk and reference “Data Protection Request” in your subject line.

15.3 Supervisory Authority

If you have concerns about our data practices and wish to file a complaint, you may contact the UK Information Commissioner’s Office (ICO) as detailed in Section 10.8 above.

16. SPECIFIC PROVISIONS FOR DIFFERENT DATA SUBJECTS

16.1 Individuals Using Software on Employer’s Devices

If you are using our Software on a device provided or managed by your employer:

Your employer may have visibility into certain usage data and device information
This Privacy Policy still applies to your personal data
Your employer may be a separate data controller for device management data
Contact your IT department regarding their data practices

16.2 Enterprise Customers

If you are an enterprise customer:

We may have a supplementary Data Processing Addendum (DPA) that applies
The DPA governs data processing for your organization
Contact your account manager for a copy of the DPA
This Privacy Policy still applies where not superseded by the DPA

16.3 Resellers and Partners

If you are a reseller, partner, or distributor:

We may process your business contact information for account management, support, and communications
A separate reseller agreement or partnership agreement may apply
Data Processing Addendums are available upon request
Contact us for details specific to your role

17. DEFINITIONS

Personal Data: Any information relating to an identified or identifiable natural person
Processing: Any operation performed on personal data (collection, use, storage, disclosure, deletion, etc.)
Data Controller: The entity that determines the purposes and means of processing (BIM Learning)
Data Processor: An entity that processes data on behalf of the controller (our service providers)
Legitimate Interest: A valid reason for processing that is not overridden by individual rights
Consent: Freely given, specific, informed, and unambiguous expression of will by the individual
Data Subject: The individual to which personal data relates (you)
Anonymized Data: Data that cannot identify an individual (not personal data; not subject to GDPR)
Aggregated Data: Combined data from multiple individuals presented in summary form (not personal data if not linked to individuals)

Effective Date: October 2025
Last Updated: October 2025

This document is the confidential and proprietary work product of BIM Learning.
Unauthorized reproduction or distribution is prohibited.
For the most current version of this Privacy Policy, please visit https://www.bimlearning.co.uk/privacy-policy