Privacy Policy

Privacy Policy

Last Revised

May 2, 2022

Introduction

Thank you for visiting Planhat!

Please read our Privacy Policy, as you must agree to it in order to use our Site and Service. This Privacy Policy sets out how and why we collect, store, use, transfer and disclose your personal information and how you may access your personal information, correct it, or ask us to remove it.

This Privacy Policy applies when Planhat collects personal information about an individual who is not an employee or consultant of Planhat. This typically means it applies to users or prospective users of our Customer Success Platform (our “Service”), visitors to our website www.planhat.com (our “Site”) and those otherwise interacting with us, as examples in connection with events we host or when requesting demos.

Planhat AB (”Planhat”/”we”) is the controller of your personal information covered by this Privacy Policy for purposes of European data protection legislation. You can contact us and our Data Protection Officer at compliance@planhat.com. Planhat AB’s company number is 556991-6421 and the registered address is c/o WeWork, Regeringsgatan 29, 111 53 Stockholm, Sweden. References to “personal information” in this Privacy Policy are equivalent to “personal data” governed by European data protection legislation.

Information Collected

We collect certain personal information from you when you sign up to our Service or otherwise interact with us (when requesting demos or attending events). Such information can be used to identify you and typically includes name, work email address, job title, telephone number, product usage, and any other information that we deem necessary for the provision of our Service to you or which you provide to us voluntarily (ex. information about yourself that you tell us in our correspondence).

Whenever you visit our Site or Service, we collect non-identifying information from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone can generally not be used to identify you and is used by us only on a statistical level to improve our Site and Service.

Use of your information

We may use your information to:

  • Provide, operate, and maintain our Service.

  • Improve, personalize, and expand our Service.

  • Understand and analyze how you use our Service.

  • Develop new products, services, features, and functionality.

  • Communicate with you via email, chat or text, either directly or through one of our partners, to provide you with customer service, updates and other information relating to the Service, and for marketing purposes (you can always opt-out or change settings for marketing communications).

  • Perform any other function that we reasonably believe is necessary to protect the security or proper functioning of our Site or Service.

  • Enforce our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.

Legal basis for processing personal information

We have a legitimate interest in operating our Service and communicating with you to provide the Service as agreed. Our legal basis for collecting and using the personal information described above will depend on the information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you (i) where the processing is in our legitimate interests and those interests are not overridden by your rights; (ii) where processing is necessary to fulfil our contractual obligations with the company you are representing; or (iii) where we have your explicit consent to do so.

When we share your personal information with others

We only share your personal information in the following circumstances:

  • When you give us explicit consent to do so.

  • When needed, with trusted organisations we work with to provide the Service to you such as web hosts, cloud storage providers, customer support providers, pre-sales customer relationships systems, payment processors, accountants, and insurers. You can find a list of our sub-processors here.

  • On a need-to-know basis in connection with transactions involving our shares, business or assets.

  • When we are obliged to share it with regulators and authorities for the purpose of legal or contractual compliance, reporting purposes, or when disclosure is reasonably necessary to protect our rights, or the rights of third parties or the public.

Your rights

You have the following rights in relation to your personal information:

  • Right to access: a right to obtain confirmation and information about the processing of your personal information.

  • Right to rectification: a right to have your personal information corrected.

  • Right to erasure: a right to have your personal information erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.

  • Right to object: a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.

  • Right to restrict data processing: a right to demand that the processing of personal information is restricted, e.g. if you oppose the correctness of the data.

  • Right to data portability: a right to request that personal information be sent from one data controller to another. This right is restricted to data which you have submitted to us.

If you want to exercise any of those rights, please email compliance@planhat.com.

We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request. We may request documentary proof for certain requests and we always need to verify your identity.

We generally don’t charge a fee for reasonable requests, but we may charge a fee for time and cost if an extended amount of time is required to collate and prepare material for you or if you wish to receive and we are able to provide hard copies or physical media.

Security

We take all reasonable steps within our control to ensure that the personal information we hold about you is correct, complete and up-to-date. However, we also rely on you to tell us about any changes to your personal information.

We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we aim to create a safe, secure environment by limiting access to the Site and Service to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.

We will inform the authorities within 72 hours of the occurrence of any personal data breach which poses a risk to your rights and freedoms as a natural person. We will also inform you without undue delay unless the risk to your individual rights and freedoms is low. Please contact us at compliance@planhat.com immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.

Retention of personal information

We will keep your personal information for as long as we have an ongoing business relationship with you and generally for twelve (12) months thereafter. After that, your personal information will be deleted (or anonymized) unless we are required to keep it longer, which may be the case for tax- and accounting purposes (generally 5-7 years retention requirements).

International transfer

Regardless of where we use, process, or store your data, we will comply with the protections set out in this Privacy Policy. Where local data protection regulations so require, we have put in place security measures for the export of personal information from its original jurisdiction. We have made arrangements with the third parties receiving your personal information that they shall ensure that security measures are in place, and that your personal data is processed only in accordance with EU Data Protection laws.

The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe. If you wish to know more about international transfers of your personal information, feel free to contact us.

You understand and acknowledge that the country where you are resident may have data privacy laws that are different from the laws to which your personal information may be transferred. You acknowledge that the personal information may be transferred to recipients in the member states of the European Economic Area, the UK and other countries that may not be deemed to have “adequate” data protection laws, such as the United States, which is generally deemed to have less stringent data privacy laws and protections than the European Economic Area. Further, you acknowledge and understand that the transfer of the personal information to such third parties is necessary for the use of the Site and Services. Provided that we have sufficient arrangements in place for such transfer (as described above in this clause), you explicitly consent to the transfer.

Cookies

To make the Site and Service work properly, we sometimes place small data files called cookies on your device. You can read about this in our Cookie Policy.

Links to third party websites

Our Site may contain links to and from third party websites, including social media sites. If you click on such links, you do so at your own risk and subject to the privacy policy and/or website terms governing the use of such websites. As an example, if you click on a social media plug-in provider’s button in our Site, the social media plug-in provider is generally notified about your IP address. We have no control over, and are not responsible, nor liable for, the content, privacy practices or website terms of such websites or any information you provide to them. You should read the privacy policy of these third parties to find out how they handle your personal information when you visit their websites.

Complaints

If you have any questions regarding our processing of your personal data, or if you would like to invoke any of your rights – please contact us at compliance@planhat.com. If you have a complaint regarding our processing of your personal information, you have the right to submit such complaint to a Data Protection Authority (e.g. Integritetsskyddsmyndigheten in Sweden or any other Data Protection Authority in the EU or where you are resident).

Amendments

We may amend this Privacy Policy from time to time. When we amend this Privacy Policy in any way relevant to your rights, we will update this page accordingly and, to the extent we have your email address, email you to inform you that there has been an amendment. Your continued use of our Site and Service will constitute your acceptance of any such amendments.