Bueno Analytics Bueno Logo RGB Rev White Privacy Policy
Privacy Policy

Privacy Policy


This privacy policy (Policy) sets out how Built Environment Optimisation Pty Ltd ACN 163 590 789 (we, us and our) collects and treats your personal information.

We respect your right to privacy, are committed to safeguarding the privacy of our customers and comply with applicable privacy and data protection laws wherever we operate.

By providing us with personal information, you consent to the terms of this Policy and the types of disclosure covered by this Policy. If you are based in the EU or the UK, the legal basis for our data processing is GDPR Article 6(1)(a) and Article 6(1)(f), depending on the context.

What is personal information?

In Australia, personal information is any information or an opinion about an identified individual or an individual who can be reasonably identified from the information or opinion. Information or an opinion may be personal information regardless of whether it is true. Personal information/data in other countries may also broadly include any data that relates to an identified or identifiable natural person.

What personal information do we collect and hold?

The types of personal information we collect depends on the nature of our engagement with you. Examples of personal information we may collect include, but are not limited to:

  • name;
  • email address;
  • home or work address;
  • work information (e.g. employer, your role/position), and, when you register for and use our services:
  • we collect your email address to use as your unique user ID (which you use to log in to our services);
  • IP address;
  • country, region, locale, preferred language and time zone;
  • device details (manufacturer and type of device, operating system, browser, software versions and screen dimensions); and
  • activity history relating to the use of our services.

We may collect additional information at other times, including when you apply for employment, provide feedback, when you provide information about your personal, employment or business affairs, change your content or email preference, respond to surveys and/or promotions or provide financial or credit card information. Additionally, we may also collect any other information you provide while interacting with us.

Why do we collect, hold and use your personal information?

We collect, hold and use your personal information so that we can:

  • verify your identity in order to provide you with products and services and manage the security of our products and services;
  • provide you with products and services, personalise the products and services we provide you, and manage our relationship with you;
  • contact you, for example, to respond to your queries or complaints, or if we need to tell you something important;
  • send you marketing material as explained below;
  • understand how you access, use and interact with our website, products and services (so that we can improve our products, services and business practices); and
  • comply with our legal obligations, assist government and law enforcement agencies or regulators (where required by applicable laws), resolve disputes and enforce our agreements.

If you do not provide us with your personal information, we may not be able to provide you with our products or services, communicate with you or respond to your enquiries.

How do we collect your personal information?

We collect personal information from you in a variety of ways, including:

  • when you interact with us electronically or in person;
  • when you access our website or use our products or services;
  • when we provide our products or services to you (or your employer or other organisation); and
  • occasionally, when we receive it from your employer or third parties (in those cases, we will protect your personal information as set out in this Policy).

If you use our products and services, we generally collect:

  • your name and email address from your employer or other organisation who nominates you as an individual user; and
  • all other details from you directly, including automatically via electronic means, when you register for and use our products and services (if you choose to do so).

We may collect information about how you access, use and interact with our website, including by using a range of tools such as Google Analytics or other web analytic tools.

We use cookies on the website. A cookie is a small text file that the website may place on your device to store information. We may use persistent cookies (which remain on your computer even after you close your browser) to store information that may speed up your use of our website for any of your future visits to the website. We may also use session cookies (which no longer remain after you end your browsing session) to help manage the display and presentation of information on the website. You may refuse to use cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of the website.

How do we store personal information?

We store most personal information in computer systems and databases operated by either us or our external service providers. Some personal information about you is recorded in paper files that we store securely.

We may store and process data in any region or country where we, our related companies and our service providers operate. Generally, however, we store data at rest in the following locations:

  • in the UK, for UK and EU-based employers/organisations;
  • in Iowa, USA, for all US-based employers/organisations;
  • in Canada, for all Canada-based employers/organisations;
  • in Australia, for employers/organisations based on Australia and all other geographies.

We implement and maintain processes and security measures designed to protect personal information we hold from misuse, interference, or loss, and from unauthorised access, modification or disclosure. These processes and systems include:

  • the use of identity and access management technologies to control access to systems on which personal information is processed and stored;
  • regular penetration testing to ensure the integrity of our environment;
  • mandatory two-factor authentication implemented for our staff when accessing our systems; and
  • requiring all employees to comply with internal information security policies and keep personal information secure.

We will also take reasonable steps to destroy or irreversibly anonymise your personal information once we no longer require it for the purposes mentioned in this policy:

(a) within 90 days of your employer or organisation closing their account or terminating their contract with us; or

(b) within 60 days of inviting you to register as a user of our products and services, if you choose not to register within that time (or reject the invitation),

subject to any requirement for us to retain information under applicable law.

When we delete or anonymise data, we do this securely and in accordance with prevailing industry standards, and permanently. We remove the data from both our operational systems and backups.

We conduct regular assessments to determine which data we hold continues to be necessary for the purposes set out in this Policy and to identify categories of personal information that should be deleted or anonymised.

We retain (and do not delete) non-personal information such as building metadata, equipment telemetry, and insights associated with your use of our products and services but this data is not associated with or capable of identifying you personally.

You can contact us at any time (see below for contact details) to request that we cease storing and processing your personal data. We will promptly respond to your request but if we do cease storing and processing your personal data, you may not be able to access our products and services any longer.

Who do we disclose your personal information to, and why?

We may disclose personal information for the purposes described in this Policy to:

  • our employees and related bodies corporate;
  • third party suppliers and service providers, including providers who:
    • host, maintain and support our website;
    • host our instances of our products and services, and all related data;
    • provide data analytics services on our behalf to provide us insights on the use of our products and services;
    • support our business to provide our products and services to you;
  • our existing or potential agents, business partners or professional advisors, regulators, courts and law enforcement bodies.

We may also disclose personal information where: (i) we are required or authorised by law to do so; or (ii) you have expressly consented to the disclosure.

If there is a change of control in our business or a sale or transfer of business assets, we reserve the right to transfer, to the extent permitted by law, our user databases together with any personal information and non-personal information contained in those databases. This information may be disclosed to a potential purchaser under an agreement to maintain confidentiality. We would only disclose information in good faith and where required in these circumstances.

Some of the recipients referred to above may be located outside of your country of origin, and may therefore process and store your data outside your country of origin. For those recipients, we take reasonable steps to ensure that they comply with applicable privacy obligations (for example, by ensuring they agree in writing to appropriately safeguard personal information) and in the case of EU or UK-based data subjects, we ensure that data transfers are the subject of an adequacy decision or subject to appropriate safeguards (in the form of approved standard contractual clauses which can be made available to you on request by emailing us at hello@buenoanalytics.com).

We do not sell your personal information.

Do we transfer or disclose your personal information outside of your country of origin?

Sometimes, we do. This is described in the previous sections “How do we store personal information” and “Who do we disclose your personal information to, and why?”

Do we use your personal information for marketing?

We may use your personal information to offer you products and services we believe may interest you, but only if you have first consented to receive marketing material. We will stop sending you marketing material if you tell us not to.

Where you receive electronic marketing communications from us, you may opt out of receiving further marketing communications by following the opt-out instructions provided in the communication.

You can also opt out of marketing communications at any time by emailing hello@buenoanalytics.com.

Complaints, Access and Your rights

If you have a complaint about the way in which we have handled any privacy issue, including your request for access or correction of your personal information, you should contact us. Our contact details are set out below.

You have the right to access your personal information. There is no charge for requesting access to your personal information, but we may require you to meet our reasonable costs in providing you with access (such as photocopying costs or costs for time spent on collating large amounts of material).

You have the right to ask us (using our contact details given below):

  • to correct any personal information we hold about you that you believe to be inaccurate or incomplete,
  • for the details of what personal information we have collected about you,
  • for the details of how we have used your personal information,
  • to erase your personal information or restrict our processing of it, or
  • to transfer your personal information to another organisation,

subject to some conditions and exceptions permitted by applicable laws.

We will consider your request or complaint and respond or determine whether it requires further investigation, within a reasonable time (and within the time frames required by applicable law). We will notify you of the outcome of this investigation and any subsequent internal investigation.

If you are not satisfied we have handled a privacy issue, you may approach an independent advisor or contact:

  • the Office of the Australian Information Commissioner (www.oaic.gov.au)
  • your local data protection authority (if located outside Australia),

to make a complaint or for guidance on alternative courses of action which may be available.

Contact details

If you have any questions, comments, requests or concerns, please contact us at:
Part Level 49, Melbourne Central Tower
360 Elizabeth Street
Melbourne VIC 3000


This site uses cookies to offer you a better browsing experience.