Privacy Policy

CAD Rooms ApS, CVR-no. 45499499, Sandbjergvej 49, DK-2950 Vedbæk, Denmark, (“CAD ApS” or “we” or “us”), acts as Data Controller (the ‘Controller’) under the General Data Protection Regulation (EU) N. 2016/679, (‘GDPR’) and Danish Data Protection Act (Databeskyttelsesloven) (together “Privacy Law”). This Privacy Policy applies to the collection, use, and processing of any of our users (“Users”)’ Personal Data (“Personal Data”) in connection with our CAD Rooms Platform (the “Platform”), a collaborative environment for product data management and innovation.

In accordance with Articles 13-14 of GDPR, the purpose of this Privacy Policy is to inform you of how we collect, process, use, and share your Personal Data that you provide us when using the CAD Rooms Platform.

Please read this Privacy Policy carefully before using the Platform.

1. What Personal Data CAD ApS Obtains from You as a Result of Your Use of the Platform

CAD ApS collects various types of Personal Data during your interactions with the CAD ApS and the website etc., which includes:

1.1 Browsing Data:
When you use the Platform but are not registered, CAD ApS collects browsing data, including browser type, IP address, screen size, date and time for the visit, and referral sites. Once registered, cf. clause 1.2, we also collect data related to the User’s actions, such as session duration, returning visits, page visits, and more. This data is anonymized where possible and used to provide services, improve functionality, and protect the Platform against security threats. 

Furthermore, we collect Personal Data about you, which is collected through cookies. To read more please see our Cookies Policy.

1.2 Personal Data Provided During Registration:
To create an account, Users may need to provide:

  • Name and surname

  • Email address

  • Username and password

  • Company Name and Job Title

Additional optional data may be provided, such as links to social media or personal websites.

When we process your personal data via social media, we have a so-called joint data response with the social media that we use, as both CAD ApS and the social media in question process your personal data for their own purposes. You can read more about their processing of your personal data and the joint data responsibility below:

Facebook's processing of your Personal Data and about the joint data responsibility here

LinkedIn's processing of your Personal Data here and about the joint data controller here.

The purpose of processing your Personal Data is therefore to be able to deliver the necessary services to the Platform, as well as to provide customer service and to contact you, if you contact us through our contact forms. Our legal basis for this is the GDPR art. 6(1) no. 7. 

In certain cases, we may process Personal Data about you if you are a potential customer or are a contact person for a potential customer. In these cases, we will process your Personal Data in order to explore the possibility of entering into a customer relationship. Our legal basis for this is the Danish Act on Processing of GDPR art. 6(1) no. 7. We have here assessed a balance of our interest in exploring the possibility of a potential customer relationship against consideration for you and your interest in not having your Personal Data processed.

1.3 User-Generated Content and Actions:
Depending on how you use the Platform, CAD ApS may collect content you upload (e.g., CAD files, comments, posts), data regarding your interactions (e.g., invite or uploading items), and other metadata associated with your activities.

2. How CAD ApS Uses Your Personal Data and For What Purposes

In accordance with Article 13(1)(c) of the GDPR, we inform you of the purposes for which we process your Personal Data, the purpose and the legal bases on which we rely:

Processing Activity

Purpose

Legal Basis (GDPR Article 6)

User registration and account creation

To allow you to create an account and access the Platform

Art. 6(1)(b) – Performance of a contract

Platform usage (file uploads, comments, interactions)

To provide you with the core services of the Platform

Art. 6(1)(b) – Performance of a contract

Security monitoring and fraud prevention

To ensure Platform integrity and protect against abuse

Art. 6(1)(f) – Legitimate interest (platform security)

Analytics and platform improvement

To assess Platform usage and enhance user experience

Art. 6(1)(f) – Legitimate interest (service improvement)

Marketing communications (email/newsletters, where consented)

Consent is revocable at any given time

To send you promotional material about our services

Art. 6(1)(a) – Consent

Responding to user support requests

To resolve questions or issues you raise through support channels

Art. 6(1)(b) – Performance of a contract

Retaining metadata in anonymized form

For internal reporting and statistical analysis

Art. 6(1)(f) – Legitimate interest (business analytics)

Legal compliance (e.g., responding to lawful requests)

To comply with obligations under Danish or EU law

Art. 6(1)(c) – Legal obligation

3. Data Retention and Deletion Protocols

3.1 Data Retention Period:
CAD ApS retains User Personal Data only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal obligations. Personal Data associated with an inactive User account will be retained until the account is deleted by the User or upon request. 

3.2 Right to Erasure During Active Subscriptions

Users may request the deletion of their Personal Data at any time by contacting us at support@cadrooms.com. If you request deletion of Personal Data while your account is still active, we will assess whether:

  • The data is still required to provide the service you subscribed to (e.g., login credentials, stored files),

  • We are legally required to retain the data (e.g., for financial, tax, or contractual compliance).

If we determine that we cannot fully delete your data while your subscription remains active, we will inform you of the reason and offer the option to:

  • Deactivate your account.

  • Fully close your account and trigger the standard deletion process (described in this clause 3).

All deletion requests are handled in accordance with Article 17 of the GDPR and Danish data protection law.

3.3 Data Deletion After Service Cancellation:
Upon User cancellation of their CAD Rooms subscription, Personal Data will be handled as follows:

  • Access Period: Users will have seventy-two (72) hours from the effective date of cancellation to access and download their data. After this period, all files and data uploaded to CAD Rooms will be permanently deleted from active servers.

  • Backup and Retention: CAD ApS maintains encrypted backups of all data hosted on CAD Rooms for a maximum of 90 days post-termination for compliance and recovery purposes. Backup data is not accessible to Users after service cancellation and will be automatically deleted at the end of the retention period.

  • Irreversible Anonymized Metadata: Irreversible Anonymized Metadata may be retained for statistical purposes or to comply with applicable legal obligations. This data will not be used to identify any individual User.

3.4 Extended Retention Requests:
Enterprise Users may request an extension for data retention, subject to approval. Requests must be submitted in writing before service termination. Extensions are granted solely at CAD ApS’ discretion, ensuring data security compliance.

4. Sharing Your Personal Data

CAD ApS may share Personal Data with:

  • Affiliates and Controlled Entities: To fulfill contractual obligations or improve services.

  • Third-Party Service Providers: Only those acting on behalf of CAD ApS, such as IT service providers or marketing advisors.

    All third-party service providers who process personal data on our behalf (our ‘Processors’) are bound by written Data Processing Agreements that ensure compliance with Article 28 of the GDPR. These agreements require the processor to act only on our instructions, implement appropriate security measures, and assist us in fulfilling our data protection obligations.

  • Legal Authorities: When required to comply with laws or defend against legal claims.

5. Security of Personal Data

CAD ApS implements technical and organizational security measures to protect Personal Data from unauthorized access. Measures include SSL encryption, employee confidentiality agreements, and regular security audits. Despite these efforts, no system is entirely secure, and CAD ApS cannot guarantee absolute protection against all security breaches.

We take all reasonable technical and organizational measures to protect your Personal Data. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  1. Notify the Danish Data Protection Authority (Datatilsynet) without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR.

  2. Notify affected users directly when the breach is likely to result in a high risk to their rights and freedoms, as required under Article 34 of the GDPR. This notification will include:

    • A description of the nature of the breach

    • The likely consequences of the breach

    • The measures we have taken (or plan to take) to address the breach

    • Contact details for further information or assistance

  3. Document all breaches, whether or not notification is required, in our internal breach register as part of our accountability obligations.

If you suspect that your Personal Data has been compromised while using our services, please contact us immediately at [insert email].

6. Users’ Rights Under GDPR

Users have the right to access, correct, delete, or restrict the processing of their Personal Data. Users may also withdraw consent for data processing at any time without affecting the lawfulness of processing prior to withdrawal. Any request regarding Personal Data can be made to [insert email].

You have the right to lodge a complaint with the Danish Data Protection Agency (www.datatilsynet.dk) if you believe your data has been mishandled.

7. International Data Transfers

Where international transfers of User data occur, CAD ApS will implement GDPR-approved mechanisms (e.g., Standard Contractual Clauses or Binding Corporate Rules) to ensure compliance. For U.S. transfers, CAD ApS adheres to the EU-U.S. Data Privacy Framework or equivalent mechanisms, ensuring data protection standards are met across jurisdictions.

8. Accountability and Audits

CAD ApS will conduct regular compliance audits to ensure that all data handling practices meet this Privacy Policy and applicable data protection laws. Users may request copies of these compliance reports where applicable to verify that their data is being handled in compliance with privacy regulations.

9. Changes to the Privacy Policy

CAD ApS may update this Privacy Policy from time to time. Any significant changes will be communicated to Users through Platform notifications or email.

Contact Us
For questions about this Privacy Policy or to exercise your rights, please contact us at support@cadrooms.com.