Last Modified: May 2, 2022
Thank you for visiting Planhat!
We collect certain personal information from you when you sign up to our Service or otherwise interact with us (as examples, when requesting demos or attending events). Such information can be used to identify you and typically includes name, work email address, job title, telephone number, product usage, and any other information that we deem necessary for the provision of our Service to you or which you provide to us voluntarily (ex. information about yourself that you tell us in our correspondence).
Whenever you visit our Site or Service, we collect non-identifying information from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone can generally not be used to identify you and is used by us only on a statistical level to improve our Site and Service.
Use of your information
We may use your information to:
Provide, operate, and maintain our Service.
Improve, personalize, and expand our Service.
Understand and analyze how you use our Service.
Develop new products, services, features, and functionality.
Communicate with you via email, chat or text, either directly or through one of our partners, to provide you with customer service, updates and other information relating to the Service, and for marketing purposes (you can always opt-out or change settings for marketing communications).
Perform any other function that we reasonably believe is necessary to protect the security or proper functioning of our Site or Service.
Enforce our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
Legal basis for processing personal information
We have a legitimate interest in operating our Service and communicating with you to provide the Service as agreed. Our legal basis for collecting and using the personal information described above will depend on the information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you (i) where the processing is in our legitimate interests and those interests are not overridden by your rights; (ii) where processing is necessary to fulfil our contractual obligations with the company you are representing; or (iii) where we have your explicit consent to do so.
When we share your personal information with others
We only share your personal information in the following circumstances:
When you give us explicit consent to do so.
When needed, with trusted organisations we work with to provide the Service to you such as web hosts, cloud storage providers, customer support providers, pre-sales customer relationships systems, payment processors, accountants, and insurers. You can find a list of our sub-processors here.
On a need-to-know basis in connection with transactions involving our shares, business or assets.
When we are obliged to share it with regulators and authorities for the purpose of legal or contractual compliance, reporting purposes, or when disclosure is reasonably necessary to protect our rights, or the rights of third parties or the public.
You have the following rights in relation to your personal information:
Right to access: a right to obtain confirmation and information about the processing of your personal information.
Right to rectification: a right to have your personal information corrected.
Right to erasure: a right to have your personal information erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.
Right to object: a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.
Right to restrict data processing: a right to demand that the processing of personal information is restricted, e.g. if you oppose the correctness of the data.
Right to data portability: a right to request that personal information be sent from one data controller to another. This right is restricted to data which you have submitted to us.
If you want to exercise any of those rights, please email firstname.lastname@example.org.
We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request. We may request documentary proof for certain requests and we always need to verify your identity.
We generally don’t charge a fee for reasonable requests, but we may charge a fee for time and cost if an extended amount of time is required to collate and prepare material for you or if you wish to receive and we are able to provide hard copies or physical media.
We take all reasonable steps within our control to ensure that the personal information we hold about you is correct, complete and up-to-date. However, we also rely on you to tell us about any changes to your personal information.
We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we aim to create a safe, secure environment by limiting access to the Site and Service to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.
We will inform the authorities within 72 hours of the occurrence of any personal data breach which poses a risk to your rights and freedoms as a natural person. We will also inform you without undue delay unless the risk to your individual rights and freedoms is low. Please contact us at email@example.com immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.
Retention of personal information
We will keep your personal information for as long as we have an ongoing business relationship with you and generally for twelve (12) months thereafter. After that, your personal information will be deleted (or anonymized) unless we are required to keep it longer, which may be the case for tax- and accunting purposes (generally 5-7 years retention requirements).
The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe. If you wish to know more about international transfers of your personal information, feel free to contact us.
You understand and acknowledge that the country where you are resident may have data privacy laws that are different from the laws to which your personal information may be transferred. You acknowledge that the personal information may be transferred to recipients in the member states of the European Economic Area, the UK and other countries that may not be deemed to have “adequate” data protection laws, such as the United States, which is generally deemed to have less stringent data privacy laws and protections than the European Economic Area. Further, you acknowledge and understand that the transfer of the personal information to such third parties is necessary for the use of the Site and Services. Provided that we have sufficient arrangements in place for such transfer (as described above in this clause), you explicitly consent to the transfer.
Links to third party websites
If you have any questions regarding our processing of your personal data, or if you would like to invoke any of your rights – please contact us at firstname.lastname@example.org. If you have a complaint regarding our processing of your personal information, you have the right to submit such complaint to a Data Protection Authority (e.g. Integritetsskyddsmyndigheten in Sweden (imy.se) or any other Data Protection Authority in the EU or where you are resident.