# Privacy Policy
Please read this Privacy Policy carefully before accessing or using the Digital Design Brief service.
# Last updated: July 31, 2023
Digital Design Brief collects, stores, and uses some personal information to enable the record keeping of project history and decision tracking, to enable user-specific permissions, and to monitor product usage to evaluate its performance. We take your privacy very seriously, and encourage you to review this Privacy Policy in detail.
- This Privacy Policy outlines the terms that govern the use of information for the Digital Design Brief software ("the Service," "we," "us," or "our"), which is exclusive intellectual property of Arup IP Limited ("Arup"). The Service includes:
- any site associated with the https://ddb.arup.com (opens new window) subdomain
- any affiliated Digital Design Brief website (used for documentation, support, or additional information).
- any software developed by Arup for use in conjunction with Digital Design Brief (plugins, connectors, dashboards, etc).
- any other media form, website, or application related, linked, or otherwise connected to Digital Design Brief that is controlled by Arup.
# Information We Collect
- Personal Information: We collect some personal information that you provide to us when you interact with the Service. This may include your name, email address, contact information, company name, location, and any other information you choose to provide.
- Usage Information: We collect information about your interactions with the Service. This may include your email address, IP address, browser type, device information, pages visited, and referring website.
- Cookies and Similar Technologies: We use cookies and similar tracking technologies to enhance your browsing experience, analyse the Service usage, and deliver personalized content. Please refer to our Cookie Policy for more information.
# How We Use Your Information
- To Provide and Improve the Service: We use the information we collect to provide and maintain the Service, communicate with you, and personalize your experience. We also use this information to improve the functionality and performance of the Service. An important use of this personal data is to identify the user who performed each action on the Service to retain a log of decisions, actions, and changes on each project.
- To Send Communications: We may send you emails or other communications about our products, services, or promotions, if you have chosen to receive them. You have the option to unsubscribe from these communications at any time, by sending an email request to [email protected].
- To Enhance Security: We may use your information to monitor and prevent unauthorized access, detect and prevent fraud, and protect the security of the Service and our users.
# Information Sharing and Disclosure
- Third-Party Service Providers: We may share your information with trusted third-party service providers who assist us in operating and delivering the Service. These providers are obligated to keep your information confidential and are only permitted to use it for the purposes specified by us. Examples of these services include PostHog (opens new window), Azure App Insights (opens new window), and SquaredUp (opens new window). Users are recommended to review the privacy policies of each, linked in the previous sentence.
- Legal Compliance: We may disclose your information if required to do so by law or in response to valid legal requests or orders. We may also disclose your information to enforce our rights, protect our property or safety, or the rights, property, or safety of others.
# Duration of Information Storage
- If your subscription term comes to an end or you choose to cancel your subscription, we will set your account to inactive and delete or anonymise your Non-Essential Personal Data (information used to improve the user experience, such as usage analytics and personal settings) within 30 days. You will not be able to log into Digital Design Brief at this time. The Essential Personal Data (information that is critical to the function of Digital Design Brief, such as login functions and data for project history), will be retained for as long as necessary for auditing purposes and platform function.
# Security of Information Storage
- We implement reasonable security measures to protect the confidentiality and integrity of your personal information. However, please note that no method of transmission over the internet or electronic storage is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from the Service is at your own risk. You should only access the Service within a secure environment. All data is held within an isolated network (VPC) and only exposed internally within this network through private subnets. Access to the public APIs is managed through authentication via Arup's Active Directory tenant, with access managed through Azure DevOps user groups. Authorisation through the User Service manages who has access to data within the Service once they are authenticated. All data is secured at rest using AEC-256 encryption, with AWS managed KMS keys rotated annually. All data in transit is encrypted using SSL/TLS. Refer to the Data Security section in the DDB Documentation for additional information.
# Transfer of Data
- Unless specifically arranged otherwise, all data will be transferred to our central server from its origin location. Refer to the DDB Documentation for a current list of storage locations.
# Information from Minors
- The Services are not intended for individuals under the age of 16. We do not knowingly collect or solicit personal information from children. If you believe that we may have inadvertently collected personal information from a child, please contact us immediately via email at [email protected].
# Privacy Rights
- You have the right to access, update, or delete certain non-essential personal information held by us that doesn't impact the core functions of the Service. You may also have the right to restrict or object to certain non-essential processing activities. To exercise your rights or make any requests, please email us at [email protected].
# Supporting Documents
- Refer to the Digital Design Brief Acceptable Use Policy (AUP) for additional information related to the use of the Service. In this document, links are provided to other relevant information.
# Amendments
- Arup may revise this Privacy Policy at any time. Users will be notified of any changes to the Privacy Policy.
# Contact Us
- If you have any questions related to this Policy, please contact us at [email protected].
# Additional Information [Arup Staff Only]
Name, office location, team, usage metrics, and other personal information of Arup staff are required for justifying the continuity of internal funding for the Service, and to improve the service for all users. Refer to the Arup Staff Privacy Notices (opens new window) for more information.
Refer to the following linked site for additional information related to Arup's general privacy guidelines.
SharePoint - Global Legal - Data Protection & Data Privacy (opens new window)