Privacy Policy

 Oculo Technologies Ltd, hereinafter referred to as Oculo, is an IT company providing services and solutions for the construction industry.

This Data Processing Addendum (“DPA”) forms part of the Terms of Service (available at www.oculo.ai/terms-of-service) or any other location as the Terms of Service may be posted from time to time (the “Agreement”), entered into by and between the customer (“Customer”) and Oculo Technologies Ltd (“Oculo”), pursuant to which Customer has accessed Oculo’s Services as defined in the applicable Terms of Service. The purpose of this DPA is to reflect the parties’ agreement with regard to the processing of personal data in accordance with the requirements of Data Protection Legislation as defined below.

Data Processing Terms

In this DPA, “Data Protection Legislation” means applicable data protection and privacy legislation in force from time to time in the UK including the Data Pprotection Act 2018,  European Directives 95/46/EC and 2002/58/EC (as amended by Directive 2009/136/EC) and any legislation and/or regulation implementing or made pursuant to them, or which amends, replaces, re-enacts or consolidates any of them (including the General Data Protection Regulation (Regulation (EU) 2016/679)), and all other applicable laws relating to processing of personal data and privacy that may exist in any relevant jurisdiction. Customer Further agrees that it is the responsibility of Customer to ensure that any and all personal data obtained and processed by it and inputted, entered, stored and processed by it to Oculo Service and Application which allows users to create interactive panoramas of construction sites (“Service”) has been obtained and processed in accordance with all applicable Data Protection Laws.

In the course of providing the Service to Customer pursuant to the Agreement, Oculo may process personal data on behalf of Customer. Oculo agrees to comply with the following provisions with respect to any personal data submitted by or for Customer to the Service or collected and processed by or for Customer through the Service. Any capitalized but undefined terms herein shall have the meaning set forth in the Agreement. “data controller”, “data processor”, “data subject”, “personal data”, “processing”, and “appropriate technical and organisational measures” shall be interpreted in accordance with applicable Data Protection Legislation.

The parties agree that Customer is the data controller and that Oculo is its data processor in relation to personal data that is processed in the course of providing the Service. Customer shall comply at all times with Data Protection Legislation in respect of all personal data it provided to Oculo pursuant to the Agreement.

The subject-matter of the data processing covered by this DPA are the Service ordered by Customer. The processing will be carried out until the term of Customer’s ordering of the Service ceases.

In respect of personal data processed in the course of providing the Service:

  • Oculo will only process the personal data in accordance with the documented instructions of Customer, including with regard to transfers of the personal data to a third country and solely as strictly necessary for the performance of its obligations under this Agreement; The Instruction at the time of entering into this Terms of Service agreement is that Oculo may only process the personal data supplied by Customer on its behalf with the purpose of delivering the Service, especially, Oculo is allowed to contact Customer via e-mail for purposes of delivering Service;

  • If Oculo is required to process the Personal Data for any other purpose provided by applicable law to which it is subject, Oculo will inform Customer of such requirement prior to the processing unless that law prohibits this on important grounds of public interest;

  • Oculo will implement and maintain appropriate technical and organisational security measures to protect the personal data processed, and  will ensure that all personnel that have access to the personal data have entered into appropriate contractually binding confidentiality undertakings;

  • Oculo shall, taking into account the nature of the processing, assist Customer by implementing appropriate technical and organisational measures (insofar as this is possible) to assist Customer to comply with requests from data subjects to exercise their rights under Data Protection Law [and any such assistance shall be at the cost of Customer];

  • Oculo shall assist Customer in ensuring compliance with its obligations in respect of security of personal data, data protection impact assessments and prior consultation requirements under Data Protection Law [and any such assistance shall be at the cost of Customer];

  • Oculo is authorised to engage sub-processors in connection with the provision of the Service under this Agreement. Oculo shall inform Customer if it intends to engage a sub-processor or replace a sub-processor and will provide Customer with an opportunity to object to such changes;

  • Where any sub-contractor of Oculo will be processing the personal data on behalf of Customer, Oculo shall ensure that a written contract exists between Oculo and the subcontractor containing clauses equivalent to those imposed on Oculo including GDPR compliance. In the event that any sub-processor fails to meet its data protection obligations Oculo shall remain fully liable to Customer for the performance of the sub-processor’s obligations; Customer consents to Oculo engaging third party sub-processors to process the Customer’s Data related to providing the Service based on the Terms and conditions agreement provided that: (i) Oculo maintains an up-to-date list of its sub-processors which it shall update with details of any change in sub-processors prior to any such change. (ii) Customer may object to Oculo’s appointment or replacement of a sub-processor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such an event, Oculo will either not appoint or replace the subprocessor or, if this is not possible, Customer may suspend or terminate the Service;

  • Oculo may transfer personal data from the EEA to the US for the purposes of this DPA subject to the satisfactory outcomes of a data transfer impact assessment  (TIA) considering the data transferred and the nature of the service provided by the sub-processor, and pursuant to the Standard Contractual Clauses (SCCs) for international transfers appropriate for UK or EU being included in sub-processor agreements;

  • Oculo shall at the choice of Customer made in writing: (i) delete or return the personal data to Customer; or (ii) delete all existing copies of such personal data unless EU law or the laws of an EU Member State require storage of the personal data [and any such return or deletion of data shall be at the cost of Customer];

  • Oculo shall: (i) make available to Customer all information necessary to demonstrate compliance with the obligations laid down in this clause; and (ii) allow for and assist with audits, including inspections, conducted by Customer or another auditor mandated by Customer, in order to ensure compliance with the obligations laid down in this clause [Oculo shall be entitled to charge the Customer any costs incurred in connection with compliance with the obligations at (i) and (ii) above and work performed at the request of the Customer]. For the purposes of demonstrating compliance with the data security obligations under Data Protection Law, Customer agrees that it shall be sufficient for Oculo to provide evidence of adherence by Oculo to an approved code of conduct or an approved certification mechanism;

  • Oculo shall promptly inform the Customer in the event that it receives an instruction that in its opinion would contravene Applicable Data Protection Law; and

  • Taking into account the nature of the processing and the information available to Oculo, Oculo shall notify Customer without undue delay after becoming aware of any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, the personal data that is transmitted, stored or otherwise processed by Oculo under this Agreement, and shall provide Customer with such reasonable cooperation and assistance as may be required to mitigate against the effects of, and comply with any reporting obligations which may apply in respect of, any such breach.

  • Oculo shall provide information requested by Customer to demonstrate compliance with the obligations set out in this DPA.

Customer shall be responsible for complying with any and all requests that it may receive from data subjects under any Applicable Data Protection Laws to obtain access to, have corrected, erased or blocked any personal data relating to such data subjects which is held on Service software. Customer shall be responsible for implementing all other technical and organisational security measures required under Applicable Data Protection Laws in relation to its use of the Service, and the processing by it of any personal data on the Service.

Details of the Data Processing

Oculo shall process information to provide the Service pursuant to the Agreement. Oculo shall process information sent through Customer’s implementation of the Service. As an example, in a standard programmatic implementation, to utilise the Service, Customer may allow the following information to be sent by default as “default properties:”

Oculo shall process the following personal data:

  • For Authorised Users: name, email address, company name, job title, device IDs, IP addresses, usage of the website/app

Oculo shall process personal data in relation to:

  • Account registration

  • Provision of Service

  • Business operations

  • Internal quality review

  • Development of new services

  • Communication with users and collecting feedback

on behalf of Customer in the context of providing the services under this Agreement, for the duration of the term of this Agreement. The obligations and rights of Customer shall be as set out in this Agreement.

The following sub-processors shall process personal data in connection with the provision of the services under this Agreement:

Sub-processor Activity Service Location

AWS Cloud services and infrastructure UK or EU

MongoDB Cloud services UK or EU

Auth0 User management and authorisation EU

Autodesk BIM model hosting and viewer EU

Mailchimp Email notifications US

Mezmo Application logs US

Sentry Application monitoring and errors US

Google Workspaces EU

Slack Internal comms and operations EU

Amplitude User analytics US*

Hubspot CRM and Customer Support US*

*Being migrated to EU in 2023