GDPR Compliance

Effective Date: January 1, 2025

Buildwrk, Inc. ("Buildwrk") is committed to protecting the personal data of all users, including those in the European Economic Area (EEA), the United Kingdom, and Switzerland. This page explains how we comply with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and your rights under this regulation.

1. Data Controller

Buildwrk, Inc. acts as the Data Controller for personal data collected through the Service. For data entered by our customers about their employees, subcontractors, and tenants, Buildwrk acts as a Data Processor on behalf of the customer (the Data Controller).

Data Protection Contact: info@donkeyideas.com

2. Lawful Basis for Processing

We process personal data under the following lawful bases as defined in Article 6 of the GDPR:

- Contract Performance (Article 6(1)(b)): Processing necessary to provide the Service under your subscription agreement, including account management, project data processing, and property management functions. - Legitimate Interests (Article 6(1)(f)): Processing for fraud prevention, platform security, service improvement, and analytics, where our interests do not override your fundamental rights. - Consent (Article 6(1)(a)): Processing for marketing communications and non-essential cookies. You may withdraw consent at any time. - Legal Obligation (Article 6(1)(c)): Processing required by law, such as tax reporting and construction industry record-keeping requirements.

3. Your Rights Under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

- Right of Access (Article 15): Request a copy of the personal data we hold about you. - Right to Rectification (Article 16): Request correction of inaccurate or incomplete personal data. - Right to Erasure (Article 17): Request deletion of your personal data, subject to legal retention requirements. - Right to Restriction (Article 18): Request that we limit processing of your personal data in certain circumstances. - Right to Data Portability (Article 20): Receive your personal data in a structured, commonly used, machine-readable format (JSON or CSV). - Right to Object (Article 21): Object to processing based on legitimate interests or for direct marketing purposes. - Right to Withdraw Consent (Article 7(3)): Withdraw consent at any time where processing is based on consent. - Right to Lodge a Complaint: File a complaint with your local supervisory authority.

To exercise any of these rights, email us at info@donkeyideas.com. We will respond within 30 days as required by the GDPR.

4. International Data Transfers

Buildwrk is based in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the US, we rely on:

- Standard Contractual Clauses (SCCs) approved by the European Commission. - Data Processing Agreements (DPAs) with all sub-processors. - Technical and organizational measures including encryption and access controls.

Our primary sub-processors and their locations: - Supabase (Database hosting): United States, AWS us-east-1 - Vercel (Application hosting): Global CDN with primary in United States - Stripe (Payment processing): United States, certified under EU-US Data Privacy Framework

5. Data Processing Agreements

Enterprise customers may request a Data Processing Agreement (DPA) that includes Standard Contractual Clauses. Contact info@donkeyideas.com to request a DPA.

6. Data Protection Measures

We implement appropriate technical and organizational measures including encryption at rest and in transit, row-level security for multi-tenant data isolation, regular penetration testing, access logging and monitoring, and employee data protection training.

7. Data Breach Notification

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours as required by Article 33 of the GDPR. Affected individuals will be notified without undue delay when the breach poses a high risk to their rights and freedoms.

8. Contact

For any GDPR-related inquiries: Email: info@donkeyideas.com