Planful Privacy Policy

TRUSTe

Effective Date:  July 15, 2021
Planful Inc. and its affiliates (“Planful”, “We”, “Us”, “Our”) respects Your privacy rights. Not only do We strive to collect, process, use and disclose Personal Data in a manner consistent with the laws of the countries in which We do business, but We also aim to uphold the highest ethical standards in Our business practices. You may print a copy of this Policy by clicking here. If You require an alternative format of this Policy to be able to access it please contact dpo@planful.com.

Table of Contents

Scope and Applicability of this Policy

This Policy applies to https://planful.com  (“Site”) and services owned and operated by Planful, including the cloud application run as Software as a Service (SaaS) (“Services”). By using or accessing the Site or Services in any manner, You acknowledge that You accept the practices outlined in this Policy and You hereby consent that We will collect, use, and share Your information as outlined in this Policy.

This Policy does not apply to any third-party applications or software that integrate with Services or any other third-party products, services, or businesses.

If You use the Site and Services as part of an entity or organization that has a corporate account with Planful, like Your employer (“Client”), that Client may have entered into a separate agreement with Planful (“Client Agreement”), which may contain more restrictive terms than what is described in this Policy.

Definitions

For purposes of this Policy, the following definitions shall apply:
“Personal Data” means any information or set of information that directly or indirectly identifies or could be used by Planful or its agents to identify an individual, such as a name, address, location data, online identifier, one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual, and also includes information referred to as “personally identifiable information” or “personal information” under applicable data privacy laws, rules, or regulations.

“Aggregate Data” is de-identified information, learnings, logs, and data We collect about a group or category of services or users.

Personal Data does not include Aggregate Data or publicly available information that has not been combined with non-public Personal Data.

Planful’s Role as a Data Controller and Data Processor

Planful acts as a data controller when We collect and define the purpose for and control the means by which Personal Data is processed. For example, Planful acts as a data controller when collecting customer feedback or information to improve Our Services.

Planful acts as a data processor when We provide our Services to our Clients. When acting as a data processor, Planful will only process Personal Data in accordance with a Client’s instructions, Client Agreement, and this Policy.

Information that We Collect from You

We collect information You share with us through our Site and when You register for and use our Services or participate in Planful events.

Information collected from the Site:

  • Automatically Collected Information from the Site. We automatically receive certain types of information when You interact with Our Site, services, and communications. Your Web browser may automatically send information to every site You visit, including Ours. That information includes Your computer’s IP address, access times, Your browser type and language, Internet service provider (ISP), and referring site addresses. We may also collect information about the type of operating system You use, Your account activity, and files and pages accessed or used by You. We do not link this automatically-collected information to Personal Data.
  • Local Storage (HTML5). We and Our third-party partners use Local Storage (HTML5) to provide certain features on Our Site, display advertising based on Your Web browsing activities, or store content information and preferences. Various browsers may offer their own management tools for removing HTML5.
  • Information Provided by You. As You engage with the Site You may choose to share Personal Data, such as Your first and last name, job title, email address, mailing address, phone number, and company name.
  • Cookies and Tracking Technologies. We and Our partners, affiliates, or analytics or service providers may use certain kinds of technology such as cookies, Web beacons, scripts, and tags to collect information, analyze trends, administer the Site, track users’ movements around the Site, and gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies from these companies on an individual or aggregated basis. To learn more about Our use of cookies and tracking technologies, please refer to Our Cookie Policy.

Information collected from the Planful Sponsored events:

  • When You register for Planful sponsored events You may be required to provide Personal Data, such as Your first and last name, Company name, business email, Your job title, billing information (such as billing name, billing address, and credit card number), dietary restrictions and preferences.

Information collected when You Register as Planful’s Client:

  • Registration and Profile Information. When You register to use the Services, We may collect information about You, such as Your name, email address, title, company and other information You provide.
  • Payment Information. If You are Our Client, You will be providing Us with Your payment information to pay for the Services, including Your credit card information and billing address.
  • Submissions and Customer Service. From time to time, We may use surveys, contests, or sweepstakes requesting Personal Data or demographic information and Client feedback. Participation in these surveys or contests is completely voluntary and You have a choice whether to disclose this information. We may also use Personal Data to provide customer support, resolve customer issues, and apply fixes to bugs.

Information collected when You Apply to Planful’s Job Postings

  • Contact Information. When You apply to work at Planful, We collect personal identifiers and contact information from You, such as Your first name, last name, mailing address, email address, and phone number.
  • Employment History and References. When You apply to work at Planful, We collect information about Your current and previous employment information, such as Your job title, name of the employer, and employment history. You may also be asked to provide professional references, which includes disclosure of the following Personal Data of Your references: the first and last name, job title, email address, and phone number.
  • Protected Classifications Under State and Federal Law. As part of Your employment application, We may also collect data regarding Your gender, veteran status, race, and disability status. The provision of this data by You is optional.

Information Provided by Third Party Sources

Planful may collect Personal Data about You from third parties from whom Planful purchased business contact information. Planful may also use publicly accessible Websites, such as professional network sites, press releases, or Your employer’s Website to collect such information. The Personal Data that Planful may collect from Third Parties includes: first and last name, email address, phone number, company’s mailing address, job title, employment history, company name, and online identifier.

How We Use Your Personal Data

  • To provide You with Services, Site, and support;
  • To contact You: We use Your Personal Data and information We collect about Your activities on the Site to contact You with promotional content based on Your preferences, including but not limited to telemarketing calls, marketing emails, newsletters, whitepapers, and information on upcoming events. We also use it to send administrative information, such as notices related to Services or policy changes.
  • To administer Your account: We may also use Your Personal Data to facilitate Your account administration and use of the operation of the Site and Services;
  • To inform You: We use Your Personal Data to provide You with information or services You request, including our product documentation and white papers as Well as update You on our events, promotions, products or services We believe will be of interest to You;
  • To elicit Your feedback: We may use Your Personal Data to contact You for feedback to enable Us to develop, customize, and improve the Site and Services;
  • To communicate with You: We may use Your Personal Data to send You an onboarding Welcome email and contact You about Your use of the Site and Services; to respond to Your emails, submissions, requests, or complaints; to perform after-sales services; to anticipate and resolve problems with our Services; to respond to support inquiries, and to inform You of updates to the Services;
  • To Manage Events: We use Your Personal Data to manage events sponsored by Planful, including registration, billing, and connecting with other event attendees, or to contact You further about relevant products and services. You may also provide Us with information about Your emergency contacts or dietary preferences, which would be used solely for Your safety and health.
  • To Process Your Application for Employment with Us: We use Your Personal Data to review Your candidacy for the job postings to which You applied.
  • Accomplish other purposes about which We notify You.

Planful does not sell Personal Data that We collect or process under this Privacy Policy.

Aggregate Data

Aggregate Data helps us understand trends in our users’ needs, so that We can consider new features or better tailor our services. This Policy in no way restricts or limits our collection and use of Aggregate Data. We may share Aggregate Data about our users with third parties for various purposes, including to help us better understand our Customers’ needs, improve our services, and for advertising and marketing purposes.

How We Share Your Personal Data

  • Service Providers. We engage with service providers to perform business functions and provide services to us. We use third-party services to help operate our services and use third party providers for such functions as data hosting, analytics, customer relationship management, and email service. Planful may share Your Personal Data with these service providers only on Planful’s behalf and solely pursuant to Our instructions and subject to obligations consistent with this Policy and any other appropriate confidentiality, privacy, and security measures.
  • To comply with applicable laws. We may disclose information to a third party as required by law when We believe in good faith that disclosure is necessary (i)to comply with a regulation, court order, subpoena, or a similar legal process, (ii) to enforce Our policies, terms of use, or Our contracts, (iii) to protect Us, Our agents, Our customers, and Our associates, (iv) to respond to an emergency, protect personal safety, or to help prevent security threats, fraud, or other malicious activity, (v) to respond to an authorized information request of a government or law enforcement authorities. We will have no duty to notify You of such compliance with local law where applicable.
  • Events and Partners. Planful and its partners may offer services jointly – Webinars, events, whitepaper downloads, or other services related to Planful offerings or services. We may share Your contact information and interests in these offerings with these approved partners and third parties solely to communicate with You about Planful’s Services and the approved partner’s services.
  • Corporate Affiliates. Planful may share Personal Data with its corporate affiliates, parent(s), or subsidiaries.
  • Business Transition. We may also share Personal Data in connection with an acquisition, merger, or sale of all or a substantial portion of Our business, with or to another company. In any such event, We will notify You if Your data is transferred and becomes subject to a substantially different privacy policy

Global Operations and International Data Transfers

To facilitate Our global operations, We may transfer, store and process Your Personal Data in jurisdictions other than where You live, including in the United States.  Laws in these countries may differ from the laws applicable to Your country of residence.  For instance, if You are a European Economic Area (EEA) data subject and Your Personal Data is shared with our affiliates, partners, or third-party service providers acting on Our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.

Standard Contractual Clauses. Planful offers Standard Contractual Clauses, also known as E.U. Model Clauses, to meet the adequacy and security requirements for Our Clients that operate in the E.U. and other international transfers of Client data. To receive a copy of our standard Data Processing Addendum, incorporating Standard Contractual Clauses, please email dpo@planful.com. In addition, Planful, Inc. has executed Standard Contractual Clauses with its sub processors who process Personal Data on behalf of Planful, Inc.

Privacy Shield. Planful, Inc. participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework.  To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

Planful, Inc. is responsible for the processing of Personal Data it receives, under each Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. Planful, Inc. complies with the Privacy Shield Principles and the Standard Contractual Clauses for all onward transfers of Personal Data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to Personal Data received or transferred pursuant to the Privacy Shield Frameworks, Planful, Inc. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Planful, Inc. may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  Planful, Inc. is also subject to the enforcement powers of the applicable EU supervisory data authority.

If You have an unresolved privacy or data use concern that We have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider (free of charge).

Under certain conditions, more fully described on the Privacy Shield Website, You may invoke binding arbitration when other dispute resolution procedures have been exhausted.

European Union Resident Data Subject Rights Under the General Data Protection Regulation (“GDPR”)

If You are a resident of the European Union, United Kingdom, Lichtenstein, Switzerland, Iceland, or Norway, You have the data subject rights under the GDPR as described in the table below. If You have questions whether any of the following applies to you, please contact Us at dpo@planful.com and we will respond to Your questions as soon as practicable.

Please note that We process Personal Data of our Clients’ end users or employees in connection with our provision of Services, in which case We may not be able to respond to You request. As such, please contact the data controller (Your employer or university) to address your rights with respect to such data.

  • Personal Data Processed by Planful’s Services
  • Personal Data Collected by Planful
  • Right to Erasure
  • Planful does not have control over the Client data that is stored and processed by using the Services. As such, all requests to delete Personal Data should be addressed to Your employer or university (data controller). If the data controller cannot fulfill Your request and asks Us to address it, we will respond to the data controller within 30 days. Even if You request that We delete Your Personal Data, We may still retain data collected from you in an aggregated and anonymized form.
  • If You would like to delete Your Personal Data, please contact Us at dpo@planful.com and We will respond to your request within 30 days. Even if You request that We delete Your Personal Data, We may still retain data collected from you in an aggregated and anonymized form.
  • Right to Access and Rectification
  • Planful does not have control over the Client data that is stored and processed by using the Services. As such, all requests to access or rectify inaccurate or incomplete Personal Data should be addressed to Your employer or university (data controller). If the data controller cannot fulfill Your request and asks Us to address it, we will respond to the data controller within 30 days.
  • If You would like to access or rectify inaccurate or incomplete Personal Data, please contact Us at dpo@planful.com and We will respond to your request within 30 days.
  • Right to Data Portability
  • Planful does not have control over the Client data that is stored and processed by using the Services. As such, all requests to receive a copy of Your Personal Data should be addressed to Your employer or university (data controller). If the data controller cannot fulfill Your request and asks Us to address it, we will respond to the data controller within 30 days.
  • If You would like to access or rectify inaccurate or incomplete Personal Data, please contact Us at dpo@planful.com and We will respond to your request within 30 days.
  • Right to Object to Processing
  • If You object to any processing by Planful, please communicate such request to your employer or university (data controller). If you communicate such request to Us, We will notify the data controller as soon as possible.
  • Right to Restrict Processing
  • You have a right to restrict processing of Your Personal Data by Planful. Please send Your request to dpo@planful.com.
  • Right to Withdraw Consent
  • If We are processing your Personal Data based on Your consent, You have the right to withdraw Your consent at any time by emailing dpo@planful.com
  • Right to File a Complaint
  • You can contact our DPO by emailing dpo@planful.com. If We are unable to resolve Your complaint, You can contract the European Data Supervisory Authority for Planful, Inc., which is the Office of the Data Protection Commissioner. They can be contacted here:  Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland. email info@dataprotection.ie

Personal Data Processing Grounds

When We process Your Personal Data, We do so on the following grounds:

  • Performance under a Contract: We may process Your Personal Data as part of Our contractual obligations to You or Your employer/university.
  • Consent: We may process Personal Data based on the consent You expressly grant to us at the time we collect such data. You can withdraw Your consent at any time, which will not affect the lawfulness of the processing before Your consent was withdrawn.
  • Legitimate Interest: We process Personal Data for the legitimate interests of Planful and that Our partners, affiliates, and Clients. These legitimate interests include, investigating illegal activities, detecting security issues, improving and maintaining the Site and the Services, contacting You to provide support, sending you relevant marketing information (subject to applicable laws). We will balance our interests and rights against the impact of the processing on data subjects.
  • Legal Obligation & Other Grounds: We may need to process Your Personal Data to comply with a legal obligation, such as a lawful subpoena, court order, law-enforcement request, or to fulfill the lawful instructions of Our Clients (when they are acting as the data controller). We may also need to process Your Personal Data to protect vital interests and defend legal claims.

California Resident Rights

If You are a California resident, You have the following rights with regards to Your Personal Data. If You have any questions about this section or whether any of the following applies to You, please email dpo@planful.com.

  • Right to Disclosure & Access. You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information: (i) categories of Personal Data that We have collected about You; (ii) categories of sources from which that Personal Data was collected;(iii) categories of third parties with whom We have shared Your Personal Data; (iv) the purpose for collecting or selling Your Personal Data; (v) the specific items of Personal Data that We collected about You; (vi) if We disclosed/sold Your Personal Data over the last 12 months, We will identify the categories of Personal Data shared/sold with each category of third-party recipient.
  • Right to Deletion. You have the right to request that We delete the Personal Data that we have collected from You.
  • Right to be Free from Discrimination: You may freely exercise these rights without fear of being denied our Services. We will not charge You different prices or rates or provide You with a lower quality of services if You exercise Your rights under CCPA.

Exercising Your Rights. All requests pursuant to this section must be addressed to dpo@planful.com. In compliance with CCPA We will require certain identifying information from You to verify Your request. We will make best efforts to respond to Your valid request within 45 days from the receipt. In some instances, We may be required to continue to retain or share portions of your Personal Data to comply with regulatory or legal obligations.

Other State Resident Rights

Nevada. If You are a Nevada resident, You have the right to opt-out of the sale of certain Personal Data to third parties who intend to license or sell that Personal Data. You can exercise this right by contacting Us at dpo@planful.com and providing us with your name and the email address associated with your account. We do not currently sell Your Personal Data as sales are defined in Nevada Revised Statutes Chapter 603A.

Children’s Privacy

Planful does not knowingly collect or solicit Personal Data from anyone under the age of 16. If We learn that We have collected Personal Data from a child under age 16, We will delete the information We have stored as quickly as possible. If You believe that We might have any information from or about a child under 16, please contact us at dpo@planful.com.

Security

Planful, Inc. uses industry standard security measures to protect against the loss, misuse and alteration of the Personal Data under Our control. Although We make good faith efforts to store the Personal Data collected by Planful, Inc. in a secure operating environment that is not available to the public, Planful, Inc. cannot guarantee complete security. Further, while We take reasonable steps to ensure the integrity and security of our network and systems, We cannot guarantee that our security measures will prevent third-party “hackers” from obtaining this information.

Data Retention

Planful retains the Personal Data we receive as described in this Privacy Policy for as long as You use Our Services or as necessary to fulfill the purpose(s) for which it was collected, provide Our Services, resolve disputes, establish legal defenses, conduct audits, pursue legitimate business purposes, enforce our agreements, and comply with applicable laws.

Changes to this Privacy Policy

This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. Appropriate public notice will be given concerning material amendments or changes to this Policy. If We make any material changes, We will notify You by email (sent to the e-mail address specified in Your account) or by means of a notice on this Website prior to the change becoming effective. We encourage You to periodically review this page for the latest information on our privacy practices.

Contact Our Data Protection Officer

Any questions or concerns regarding the use or disclosure of Personal Data should be directed to Planful, Inc. at the address given below. Planful, Inc. will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Data in accordance with the principles contained in this Policy.

Planful, Inc. DPO
555 Twin Dolphin Drive, Suite 400
Redwood City, CA 94065
or via email at dpo@planful.com