Last Modified: September 19, 2023
Thank you for visiting Planhat!
1. Information Collected
We collect certain personal information from you when you sign up to our Service or otherwise interact with us (for example, when requesting demos, attending events or signing up and participating in courses provided by us). Such information can be used to identify you and typically includes name, work email address, job title, telephone number, product usage, and any other information that we deem necessary for the provision of our Service to you or which you provide to us voluntarily (ex. information about yourself that you tell us in our correspondence).
Whenever you visit our Site or Service, we collect non-identifying information from you, such as your IP address, referring URL, browser, operating system, cookie information, and Internet Service Provider. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, this information alone can generally not be used to identify you and is used by us only on a statistical level to improve our Site and Service.
2. Use of your information
We may use your information to:
Provide, operate, and maintain our Service.
Improve, personalize, and expand our Service.
Understand and analyze how you use our Service.
Develop new products, services, features, and functionality.
Communicate with you via email, chat or text, either directly or through one of our partners, to provide you with customer service, updates and other information relating to the Service, and for marketing purposes (you can always opt-out or change settings for marketing communications).
Perform any other function that we reasonably believe is necessary to protect the security or proper functioning of our Site or Service.
Enforce our Terms of Service, or other legal rights, or as may be required by applicable laws and regulations or requested by any judicial process or governmental agency.
3. Legal basis for processing personal information
We have a legitimate interest in operating our Service and communicating with you to provide the Service as agreed. Our legal basis for collecting and using the personal information described above will depend on the information concerned and the specific context in which we collect it. However, we will generally only collect personal information from you (i) where the processing is in our legitimate interests and those interests are not overridden by your rights; (ii) where processing is necessary to fulfil our contractual obligations with the company you are representing; or (iii) where we have your explicit consent to do so.
4. When we share your personal information with others
WWe only share your personal information in the following circumstances:
When you give us explicit consent to do so.
When needed, with trusted organisations we work with to provide the Service to you such as web hosts, cloud storage providers, customer support providers, education and training providers, pre-sales customer relationships systems, payment processors, accountants, and insurers. You can find a list of our Processors here.
Your e-mail address may be shared with suppliers in order to make our marketing more efficient, for example via search engines and online advertising such as Google Ads or on social media. The data is not shared to enable marketing of our services to you, but to improve our marketing in relation to other potential customers.
On a need-to-know basis in connection with transactions involving our shares, business or assets.
When we are obliged to share it with regulators and authorities for the purpose of legal or contractual compliance, reporting purposes, or when disclosure is reasonably necessary to protect our rights, or the rights of third parties or the public.
5. Your rights
You have the following rights in relation to your personal information:
Right to access: a right to obtain confirmation and information about the processing of your personal information.
Right to rectification: a right to have your personal information corrected.
Right to erasure: a right to have your personal information erased. This right is limited to data that, by law, requires your consent to be processed, if you withdraw that consent and oppose the processing.
Right to object: a right to object against our processing if the legal ground for the processing is based on a balancing of interests or if it is used for direct marketing.
Right to restrict data processing: a right to demand that the processing of personal information is restricted, e.g. if you oppose the correctness of the data.
Right to data portability: a right to request that personal information be sent from one data controller to another. This right is restricted to data which you have submitted to us.
If you want to exercise any of those rights, please email firstname.lastname@example.org.
We aim to process all requests within a month for simple requests, however complex and/or voluminous requests may take up to three months to process. If we deny you access, we will provide our reason for doing so at the time of your request. We may request documentary proof for certain requests and we always need to verify your identity.
We generally don’t charge a fee for reasonable requests, but we may charge a fee for time and cost if an extended amount of time is required to collate and prepare material for you or if you wish to receive and we are able to provide hard copies or physical media.
We take all reasonable steps within our control to ensure that the personal information we hold about you is correct, complete and up-to-date. However, we also rely on you to tell us about any changes to your personal information.
We take reasonable steps to ensure that your personal information is treated securely and to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks. Although we aim to create a safe, secure environment by limiting access to the Site and Service to legitimate users, we cannot guarantee that unauthorised parties will not gain access. To the extent permitted by applicable law, we expressly exclude any liability arising from any unauthorised access to your personal information.
We will inform the authorities within 72 hours of the occurrence of any personal data breach which poses a risk to your rights and freedoms as a natural person. We will also inform you without undue delay unless the risk to your individual rights and freedoms is low. Please contact us at email@example.com immediately if you become aware of any unauthorised use of your account by anyone else or any other breach of security.
7. Retention of personal information
We will keep your personal information for as long as we have an ongoing business relationship with you. After that, your personal information will be deleted (or anonymized) unless we are required to keep it longer, which may be the case for tax- and accounting purposes or/and for any applicable statute of limitations periods for the purposes of bringing and defending claims (generally 5-10 years retention requirements).
8. International transfer
The European Commission has adopted standard data protection contract clauses (known as the Model Clauses) which provide safeguards for personal information that is transferred outside of Europe. We use Model Clauses when transferring personal data outside of Europe, unless the European Commission has decided that a certain country outside the EU/EEA ensures an adequate level of protection and the data can be transferred without any further safeguards being necessary. If you wish to know more about international transfers of your personal information, feel free to contact us.
You understand and acknowledge that the country where you are resident may have data privacy laws that are different from the laws to which your personal information may be transferred. You acknowledge that the personal information may be transferred to recipients in the member states of the European Economic Area, the UK and other countries, such as the United States, which is generally deemed to have less stringent data privacy laws and protections than the European Economic Area. Further, you acknowledge and understand that the transfer of the personal information to such third parties is necessary for the use of the Site and Services. Provided that we have sufficient arrangements in place for such transfer (as described above in this clause), you explicitly consent to the transfer.
10. Links to third party websites
If you have any questions regarding our processing of your personal data, or if you would like to invoke any of your rights – please contact us at firstname.lastname@example.org. If you have a complaint regarding our processing of your personal information, you have the right to submit such complaint to a Data Protection Authority (e.g. Integritetsskyddsmyndigheten in Sweden (www.imy.se) or any other Data Protection Authority in the EU or where you are resident).
13. California Privacy Rights
This section applies only to California residents. For purposes of this section "Personal Information" has the meaning given in the California Consumer Privacy Act (“CCPA”). It describes how we collect, use, and share California residents' Personal Information in our role as a business, and the rights applicable to such residents. The CCPA requires businesses to disclose whether they sell Personal Information. Planhat is a business, but does not sell Personal Information. For information on the categories of Personal Information we process, please see “Information Collected” above. The business and commercial purposes for which we process Personal Information are described in the “Use of your information” section. For information on how we share the categories of Personal Information we collect, please see “When we share your personal information with others.”
13.1. Your California Rights
You have certain rights regarding the Personal Information we collect or maintain about you. Please note these rights are not absolute, and there may be cases when we decline your request as permitted by law.
The right of access means that you have the right to request that we disclose what Personal Information we have collected, used and disclosed about you in the past 12 months.
The right of deletion means that you have the right to request that we delete Personal Information collected or maintained by us, subject to certain exceptions.
The right to correct means that the Employee has the right to correct any personal data held by the Company that the Employee believes is inaccurate.
The right to non-discrimination means that you will not receive any discriminatory treatment when you exercise one of your privacy rights.
Planhat does not sell Personal Information to third parties (pursuant to California Civil Code §§ 1798.100–1798.199, also known as the California Consumer Privacy Act of 2018).
13.2. How to Exercise your California Rights
You can exercise your rights yourself or you can alternatively designate an authorized agent to exercise these rights on your behalf. Please note that to protect your Personal Information, we will verify your identity by a method appropriate to the type of request you are making. We may also request that your authorized agent have written permission from you to make requests on your behalf, and we may also need to verify your authorized agent's identity to protect your Personal Information.
If you want to exercise any of your rights, access this policy in an alternative format, learn more about your rights or our privacy practices, or designate an authorized agent to make a request on your behalf, please email email@example.com.
14. Other U.S. State Privacy Rights*
*States regulations include Virginia Consumer Data Protection Act, Colorado Privacy Act, and Connecticut Act Concerning Personal Data Privacy and Online Monitoring, hereinafter “State Privacy Regulation”.
This section applies to residents of Virginia, Colorado, and Connecticut. For purposes of this section "Personal Information" has the meaning given in each State Privacy Regulation. For information on the categories of Personal Information we process, please see “Information Collected” above. The purposes for which we process Personal Information are described in the “Use of your information” section. For information on how we share the categories of Personal Information we collect, please see “When we share your personal information with others.”
14.1. Your State Rights
Right to Access. You have the right to confirm whether we are processing your Personal Information and to access such Personal Information.
Right to Delete. You have the right to delete Personal Information provided by or obtained by you.
Right to Opt-Out. You have the right to opt-out of “targeted advertising” as defined under each State Privacy Regulation. We do not sell Personal Information.
Right to Correct. You have the right to correct inaccuracies in the Personal Information, taking into account the nature of the Personal Information and the purposes of the processing.
Right to Portability. You have the right to obtain a portable copy of the Personal Information that you provided to us.
14.2. How to Exercise Your State Rights
To make an access, deletion, or correction request, please email firstname.lastname@example.org. Before completing your request, we may need to verify your identity. We may request additional documentation or information solely for the purpose of verifying your identity.
To submit a request to opt out of targeted advertising, you may click on the link “Unsubscribe” on the footer of our emails.
To appeal our decision regarding a request related to these rights, you may email us at email@example.com.