Planful Web Sites Privacy Policy

TRUSTe

Effective Date:  July 22, 2020

Planful, Inc. respects individual privacy and values the confidence of its customers, business partners and others who may use our services (“clients”). Not only do we strive to collect, use and disclose personal information in a manner consistent with the laws of the countries in which we do business, but we also aim to uphold the highest ethical standards in our business practices. This Privacy Policy (the “Policy”) sets forth the privacy principles that Planful, Inc. follows with respect to transfers of personal information between the United States and member states of the European Union, Iceland, Liechtenstein and Norway (the European Economic Area, or EEA).

Definitions

For purposes of this Policy, the following definitions shall apply: “Planful, Inc.” will refer to its application service as described here. “Personal information” means any information or set of information that identifies or could be used by Planful, Inc. or its agents to identify an individual. Personal information does not include information that is encoded or anonymized, or publicly available information that has not been combined with non-public personal information. “Sensitive personal information” means personal information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, or that concerns health or sex life. In addition, Planful, Inc. will treat as sensitive personal information any information received from a third party where that third-party treats and identifies the information as sensitive.

Scope

This Policy applies to https://planful.com and our cloud application run as Software as a Service (SaaS) owned and operated by Planful, Inc. This Policy describes how Planful, Inc. collects and uses the personal information you provide. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information. The use of personal information collected through our service shall be limited to the purpose of providing the service for which the Client has engaged Planful, Inc.

To facilitate our operations, we may transfer, store and process your personal information in jurisdictions other than where you live, including in the United States.  Laws in these countries may differ from the laws applicable to your country of residence.  For instance, if you are a European Economic Area (EEA) data subject and your personal information is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection. This may be pursuant to: 

-an adequacy decision of the European Commission confirming an adequate level of data protection in the respective non-EEA country as set forth in GDPR Art. 45

-an agreement on the basis of approved EU standard contractual clauses as set forth in GDPR Art. 46.  For more information, see here:  https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

-derogations and safeguards as set forth in GDPR Art. 49

Upon request by contacting us as described in this Privacy Notice, we will provide you further information on the means of ensuring an adequately level of data protection.

Privacy Shield

Planful, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.  In order to protect personal data received from European Union (EU) member countries, the UK and Switzerland, on request from our customers, Planful, Inc. will enter into the EU’s Standard Contractual Clauses (SCCs).  In addition, Planful, Inc. has executed SCCs with its subcontractors who process personal data on behalf of Planful, Inc.

Planful, Inc. is responsible for the processing of personal data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Planful, Inc. complies with the Privacy Shield Principles and the SCCs for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Frameworks, Planful, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Planful, Inc. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  As provided by the SCCs, Planful, Inc. is also subject to the enforcement powers of the applicable EU supervisory data authority.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).

Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.

GDPR

Planful, Inc. complies with the provisions of the EU General Data Protection Regulation (“GDPR”).   For purposes of Article 14(2) of the GDPR, Planful, Inc. relies on the following lawful basis for processing Personal Data: consent, compliance with law and legitimate interest.

Under GDPR, Planful, Inc. acts as a Data Processor vis a vis data provided to it through the Planful, Inc. services by its Clients. Planful, Inc. acts as a Data Controller with regard to data collected as part of its marketing activities.  All transfers of data internally in the European Economic Area is done in accordance with Privacy Shield and the SCCs.  When acting as a Data Controller contracting with the third parties, Planful, Inc. will ensure there is a contractual agreement requiring such third parties to comply with the provisions of this Policy and the GDPR.

The Data Protection Officer is –

Planful, Inc. Trust
555 Twin Dolphin Drive, Suite 400
Redwood City, CA 94065
or via email at dpo@planful.com

If we are unable to resolve any complaint, you can contract the European Data Supervisory Authority for Planful, Inc., which is the Office of the Data Protection Commissioner. They can be contacted here:  Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland. email info@dataprotection.ie

California Consumer Privacy Act (“CCPA”)

Planful complies with the CCPA.  The CCPA provides California consumers the right to request disclosure of your business’ data collection and sales practices in connection with the requesting consumer, including the categories of personal information you have collected, the source of the information, your use of the information and, if the information was disclosed or sold to third parties, the categories of personal information disclosed or sold to third parties and the categories of third parties to whom such information was disclosed or sold, the right to request a copy of the specific personal information collected about them during the 12 months before their request (together with right #1, a “personal information request”) and the right to have such information deleted (as further described in the CCPA).  California consumers can request information from us whether we have disclosed personal information to any third parties for the third parties’ direct marketing purposes.  California consumers desiring to request further information about our compliance with these laws or who have questions or concerns about our privacy practices and policies may contact us using the contact information below.Planful will not unlawfully discriminate against California consumers who exercise their rights under the CCPA.  We do not sell customer data (as defined in the CCPA).   

Personal Information Collection and Use

Planful, Inc. as a Data Controller under the GDPR

When using our site or registering for our services, you may provide us with contact information or account registration information which includes but is not limited to your name, email address, phone number, and company name. If you do not provide this required information, unfortunately we will not be able to perform the services requested.  The information you provide will be used by us to administer your account, send you marketing emails, respond to your questions, and fulfill your business requests while using our services. If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you.

The legal basis for this processing is performance of the contract and our legitimate interests include system and cyber security, corporate operations, and product development and enhancement.

We will share your personal information with third parties only in the ways that are described in this privacy statement.

Updating or Removing User Information

We respect your rights and control over your personal data.  You may exercise any of the following rights by updating your account on our website or by contacting us by telephone or postal mail at the contact information listed below. We will respond to your request within thirty (30) days. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes. 

  • Right of Access – the right to be informed of and request access to the personal data we process about you
  • Right to Rectification – the right to request that we amend or update your personal data where it is inaccurate or incomplete
  • Right to Erasure – the right to request that we delete your personal data;
  • Right to Restrict – the right to request that we temporarily or permanently stop processing all or some of your personal data
  • Right to Object – the right, at any time, to object to us processing your personal data on grounds relating to your particular situation; the right to object to your personal data being processed for direct marketing purposes
  • Right to Data Portability – the right to request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service

If you cancel your account, your personal information and other information may be retained in our archive or backup records.

Upon request Planful, Inc. will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information please contact us at the telephone or postal mail at the contact information listed below.

You may choose to stop receiving our newsletter or marketing emails by following the unsubscribe instructions included in these emails, accessing the email preferences in your account settings page, or you can contact us using the contact information found at the bottom of this policy.

Information Collected on Behalf of our Clients

Planful, Inc., acting as a Data Processor, collects information under the direction of its Clients acting as a Data Controller, and has no direct relationship with the individuals whose personal information it processes. The information we collect on behalf of our Clients may include but is not limited to name and email. The legal basis for this processing is performance of the contract.

If you are a customer or employee of one of our Clients and would no longer like to be contacted by one of our Clients that use our service, please contact the Client that you interact with directly. We may transfer personal information to companies that help us provide our service. Transfers to subsequent third parties are covered by the service agreements with our Clients.

An individual who seeks access, or who seeks to correct, amend, or delete inaccurate information should direct his query to the Planful, Inc.’s Client (the data controller). If requested to remove information we will respond within thirty (30) days.

We will retain personal information we process on behalf of our Clients for as long as needed to provide services to our Client. Planful, Inc. will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Law Enforcement; Subpoenas

Planful, Inc. may disclose personal information, including the information you submit to the application service, with or without notice (a) if required by a subpoena, bankruptcy proceedings, similar legal process or other judicial or administrative order, (b) where required by law, or (c) at our sole discretion, where we deem it necessary to protect the safety of any individual or the general public or to prevent violation of our agreements or the rights of Planful, Inc. or any third party.

Service Providers

We may provide your personal information to companies that provide services to help us with our business activities such as offering customer service. These companies are authorized to use your personal information only as necessary to provide these services to us.

These include service providers such as data centers, data upload tools, user satisfaction survey tools, analytics tools, and/or system monitoring tools etc. These service providers don’t have access to the data we collect.

Tracking Technologies

As is true of most websites, we gather certain information automatically. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and/or clickstream data.

We and our partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. The legal basis for this processing is legitimate interests, specifically product development and enhancement.

Users can control the use of cookies at the individual browser level.

We also partner with a third party to either display advertising on our website or to manage our advertising on other sites. Our third-party partner may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, click here (or if located in the European Union click here). Please note you will continue to receive generic ads.

Planful, Inc. And its Affiliates

Although Planful, Inc. currently operates as an independent corporation incorporated in the USA, any subsidiaries, joint ventures, or other companies under a common control (collectively, “affiliates”), may in the future receive some or all of your personal information, in which case Planful, Inc. will require our affiliates to honor this Privacy Policy.

Change of Ownership

In the event of a change in ownership, or a direct merger or acquisition with another entity, we reserve the right to transfer all of Planful, Inc. User information, including personal information, to a separate entity. We will use commercially reasonable efforts to notify you (by posting on our website or an email to the email address you provide when you register) of any change in ownership, merger or acquisition of Planful, Inc. assets by a third party, and you may choose to modify any of their registration information at that time.

SECURITY

Planful, Inc. uses industry standard security measures to protect against the loss, misuse and alteration of the personal information under our control. Although we make good faith efforts to store the personal information collected by Planful, Inc. in a secure operating environment that is not available to the public, Planful, Inc. cannot guarantee complete security. Further, while we take reasonable steps to ensure the integrity and security of our network and systems, we cannot guarantee that our security measures will prevent third-party “hackers” from obtaining this information.

DATA RETENTION

We will retain your personal information for a period of time consistent with the original purpose for which we collected it, as described in this Privacy Policy.  We determine the appropriate retention period based on the amount, nature and sensitivity of your personal information, and after the retention period ends, we will delete, anonymize or aggregate your personal information.  Where we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further such use of your personal information. 

We keep your personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include (i) for as long as we have an ongoing relationship with you and provide the services to you; (ii) as required by a legal obligation to which we are subject; or (iii) as advisable in light of our legal position (such as in regard of applicable statutes of limitations, litigation, or regulatory investigations).

Dispute Resolution

Any questions or concerns regarding the use or disclosure of personal information should be directed to Planful, Inc. at the address given below. Planful, Inc. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

Privacy Complaints

Any questions or concerns regarding the use or disclosure of personal information should be directed to Planful, Inc. at the address given below. Planful, Inc. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy.

Planful, Inc. Trust
555 Twin Dolphin Drive, Suite 400
Redwood City, CA 94065
or via email at trust@planful.com

Changes to this Privacy Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. Appropriate public notice will be given concerning material amendments or changes to this Policy. If we make any material changes, we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on this website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.