Privacy Policy

Privacy Policy

Last Revised

September 19, 2023

Introduction

Please read our Privacy Policy, as you must agree to it in order to use our Site and Service. This Privacy Policy sets out how and why we collect, store, use, transfer and disclose your personal information and how you may access your personal information, correct it, or ask us to remove it.

This Privacy Policy applies when Planhat collects personal information about an individual who is not an employee or consultant of Planhat. This typically means it applies to users or prospective users of our Customer Success Platform (our “Service”), visitors to our website www.planhat.com (our “Site”) and those otherwise interacting with us, as examples in connection with events we host or when requesting demos.

Planhat AB (”Planhat”/”we”) is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. You can contact us and our Data Protection Officer at compliance@planhat.com. Planhat AB’s company number is 556991-6421 and the registered address is Malmskillnadsgatan 13, 111 57 Stockholm, Sweden. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

1. Information Collected

We collect certain personal information from you when you sign up to our Service or otherwise interact with us (for example, when requesting demos, attending events or signing up and participating in courses provided by us). Such information can be used to identify you and typically includes name, work email address, job title, telephone number, product usage, and any other information that we deem necessary for the provision of our Service to you or which you provide to us voluntarily (ex. information about yourself that you tell us in our correspondence).

Whenever you visit our Site or Service, we collect non-identifying information from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone can generally not be used to identify you and is used by us only on a statistical level to improve our Site and Service.

2. Use of your information

We may use your information to:

  • Provide, operate, and maintain our Service.

  • Improve, personalize, and expand our Service.

  • Understand and analyze how you use our Service.

  • Develop new products, services, features, and functionality.

  • Communicate with you via email, chat or text, either directly or through one of our partners, to provide you with customer service, updates and other information relating to the Service, and for marketing purposes (you can always opt-out or change settings for marketing communications).

  • Perform any other function that we reasonably believe is necessary to protect the security or proper functioning of our Site or Service.

  • Enforce our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

3. Legal basis for processing personal information

We have a legitimate interest in operating our Service and communicating with you to provide the Service as agreed. Our legal basis for collecting and using the personal information described above will depend on the information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you (i) where the processing is in our legitimate interests and those interests are not overridden by your rights; (ii) where processing is necessary to fulfil our contractual obligations with the company you are representing; or (iii) where we have your explicit consent to do so.

4. When we share your personal information with others

We only share your personal information in the following circumstances:

  • When you give us explicit consent to do so.

  • When needed, with trusted organisations we work with to provide the Service to you such as web hosts, cloud storage providers, customer support providers, education and training providers, pre-sales customer relationships systems, AI-technology providers (used to assist with electronic communication), payment processors, accountants, and insurers. You can find a list of our Processors here.

  • Your e-mail address may be shared with suppliers in order to make our marketing more efficient, for example via search engines and online advertising such as Google Ads or on social media. The data is not shared to enable marketing of our services to you, but to improve our marketing in relation to other potential customers.

  • On a need-to-know basis in connection with transactions involving our shares, business or assets.

  • When we are obliged to share it with regulators and authorities for the purpose of legal or contractual compliance, reporting purposes, or when disclosure is reasonably necessary to protect our rights, or the rights of third parties or the public.

5. Your rights

You have the following rights in relation to your personal information:

  • Right to access: a right to obtain confirmation and information about the processing of your personal information.

  • Right to rectification: a right to have your personal information corrected.

  • Right to erasure: a right to have your personal information erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.

  • Right to object: a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.

  • Right to restrict data processing: a right to demand that the processing of personal information is restricted, e.g. if you oppose the correctness of the data.

  • Right to data portability: a right to request that personal information be sent from one data controller to another. This right is restricted to data which you have submitted to us.

If you want to exercise any of those rights, please email compliance@planhat.com.

We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request. We may request documentary proof for certain requests and we always need to verify your identity.

We generally don’t charge a fee for reasonable requests, but we may charge a fee for time and cost if an extended amount of time is required to collate and prepare material for you or if you wish to receive and we are able to provide hard copies or physical media.

6. Security

We take all reasonable steps within our control to ensure that the personal information we hold about you is correct, complete and up-to-date. However, we also rely on you to tell us about any changes to your personal information.

We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we aim to create a safe, secure environment by limiting access to the Site and Service to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.

We will inform the authorities within 72 hours of the occurrence of any personal data breach which poses a risk to your rights and freedoms as a natural person. We will also inform you without undue delay unless the risk to your individual rights and freedoms is low. Please contact us at compliance@planhat.com immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.

7. Retention of personal information

We will keep your personal information for as long as we have an ongoing business relationship with you. After that, your personal information will be deleted (or anonymized) unless we are required to keep it longer, which may be the case for tax- and accounting purposes or/and for any applicable statute of limitations periods for the purposes of bringing and defending claims (generally 5-10 years retention requirements).

8. International transfer

Regardless of where we use, process, or store your data, we will comply with the protections set out in this Privacy Policy. Where local data protection regulations so require, we have put in place security measures for the export of personal information from its original jurisdiction. We have made arrangements with the third parties receiving your personal information that they shall ensure that security measures are in place, and that your personal data is processed only in accordance with EU Data Protection laws.

The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe, unless the European Commission has decided that a certain country outside the EU/EEA ensures an adequate level of protection and the data can be transferred without any further safeguards being necessary. If you wish to know more about international transfers of your personal information, feel free to contact us.

You understand and acknowledge that the country where you are resident may have data privacy laws that are different from the laws to which your personal information may be transferred. You acknowledge that the personal information may be transferred to recipients in the member states of the European Economic Area, the UK and other countries, such as the United States, which is generally deemed to have less stringent data privacy laws and protections than the European Economic Area. Further, you acknowledge and understand that the transfer of the personal information to such third parties is necessary for the use of the Site and Services. Provided that we have sufficient arrangements in place for such transfer (as described above in this clause), you explicitly consent to the transfer.

9. Cookies

To make the Site and Service work properly, we sometimes place small data files called cookies on your device. You can read about this in our Cookie Policy.

10. Links to third party websites

Our Site may contain links to and from third party websites, including social media sites. If you click on such links, you do so at your own risk and subject to the privacy policy and/or website terms governing the use of such websites. As an example, if you click on a social media plug-in provider’s button in our Site, the social media plug-in provider is generally notified about your IP address. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them. You should read the privacy policy of these third parties to find out how they handle your personal information when you visit their websites.

11. Complaints

If you have any questions regarding our processing of your personal data, or if you would like to invoke any of your rights – please contact us at compliance@planhat.com. If you have a complaint regarding our processing of your personal information, you have the right to submit such complaint to a Data Protection Authority (e.g. Integritetsskyddsmyndigheten in Sweden (www.imy.se) or any other Data Protection Authority in the EU or where you are resident).

12. Amendments

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy in any way relevant to your rights, we will update this page accordingly and, to the extent we have your email address, email you to inform you that there has been an amendment. We encourage you to periodically review this Privacy Policy to stay informed about our collection, processing and sharing of your personal information. You can see when this Privacy Policy was last updated by checking the “last updated” date displayed at the top of this Privacy Policy.

13. California Privacy Rights

This section applies only to California residents. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”). It describes how we collect, use, and share California residents' Personal Information in our role as a business, and the rights applicable to such residents. The CCPA requires businesses to disclose whether they sell Personal Information. Planhat is a business, but does not sell Personal Information. For information on the categories of Personal Information we process, please see “Information Collected” above. The business and commercial purposes for which we process Personal Information are described in the “Use of your information” section. For information on how we share the categories of Personal Information we collect, please see “When we share your personal information with others.”

If you are unable to access this Privacy Policy due to a disability or any physical or mental impairment, please contact us and we will arrange to supply you with the information you need in an alternative format that you can access.

13.1. Your California Rights

You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.

  • The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.

  • The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.

  • The right to correct means that the Employee has the right to correct any personal data held by the Company that the Employee believes is inaccurate.

  • The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.

Planhat does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).

13.2. How to Exercise your California Rights

You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.

If you want to exercise any of your rights, access this policy in an alternative format, learn more about your rights or our privacy practices, or designate an authorized agent to make a request on your behalf, please email compliance@planhat.com.

14. Other U.S. State Privacy Rights*

*States regulations include Virginia Consumer Data Protection Act, Colorado Privacy Act, and Connecticut Act Concerning Personal Data Privacy and Online Monitoring, hereinafter “State Privacy Regulation”.

This section applies to residents of Virginia, Colorado, and Connecticut. For purposes of this section "Personal Information" has the meaning given in each State Privacy Regulation. For information on the categories of Personal Information we process, please see “Information Collected” above. The purposes for which we process Personal Information are described in the “Use of your information” section. For information on how we share the categories of Personal Information we collect, please see “When we share your personal information with others.”

14.1. Your State Rights
  • Right to Access. You have the right to confirm whether we are processing your Personal Information and to access such Personal Information.

  • Right to Delete. You have the right to delete Personal Information provided by or obtained by you.

  • Right to Opt-Out. You have the right to opt-out of “targeted advertising” as defined under each State Privacy Regulation. We do not sell Personal Information.

  • Right to Correct. You have the right to correct inaccuracies in the Personal Information, taking into account the nature of the Personal Information and the purposes of the processing.

  • Right to Portability. You have the right to obtain a portable copy of the Personal Information that you provided to us.

14.2. How to Exercise Your State Rights

To make an access, deletion, or correction request, please email compliance@planhat.com. Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.

To submit a request to opt out of targeted advertising, you may click on the link “Unsubscribe” on the footer of our emails.

To appeal our decision regarding a request related to these rights, you may email us at compliance@planhat.com.