Takes effect 01.01.2022
A. TERMS AND DEFINITIONS
"Service" — a set of functionalities of the Planfix software system managed by the Operator.
"Operator" — the company Planfix, Inc., which provides the Service; registered at 4445 Eastgate Mall, Suite 200, San Diego, CA, 92121, USA.
"Client" — individual or legal entity that has entered into a License Agreement to receive a free, trial, or paid Service plan.
"Website" — any automated information system available on the Internet using the web address (including subdomains): https://planfix.com/.
"Account domain" — the third-level domain name for a Website that looks as follows: https://account_name.Website, where Account_Name is the name provided (chosen) when registering the Account.
"Mobile applications" — computer programs intended for installation and use on a mobile device that allows for the use of various features of the Service.
"Applications" — an integrated software solution including the Website, Mobile Applications, and other computer programs and/or databases upon which the Service is based.
"Products" — Applications and databases making up the client part of the Planfix software for collaborative work with other users who are registered for the Service and for managing organizations, in the form of a data set and commands reproducible on the equipment of End Users.
"Account" — the Account Domain, together with the Application software and User Content available through it, associated with a specific Client.
"User Content" — any informational materials and data, including text, images, audiovisual content, and other materials uploaded to the account. In this context, "sending" includes sending, uploading, transferring, or otherwise making Client data available to or through Products.
"Account Owner" — a user status received when signing up for an Account. Account Owners have access to the maximum amount of features in the Service, including Account management.
"Controller" — the individual with the legal right to determine the purposes and tasks for which Personal Data will be processed and the means by which such processing will take place. This role is typically assigned to the Account Owner.
"Administrators" — End Users appointed by the Account Owner, with expanded Account management permissions that enable them to manage the Products on behalf of the Account Owner.
"End User" — denotes the person whom the Account Owner or Administrators invite and/or allow to use the Products according to their functional purpose. For clarity, persons invited by the Account Holder or Administrators and persons interacting with the Products as customers are also considered end users.
"User" — Account Owner, End Users.
"Personal data" — information about Users that can be used directly or indirectly to identify them (name, address, phone number, date of birth, email address, etc.) Data that cannot be used to identify a User, such as anonymized data, is not considered Personal Data.
"User data" — the combination of Personal Data and User Content.
"Processing of personal data" — any operation or set of operations that can be performed on Personal Data.
GDPR is the European Union's regulation on the protection of Personal Data.
1.1. The Policy describes the principles of the Operator's collection and use of Personal Data and User Content that Users enter during the course of their use of the Service. It also describes the options the Operator has for the use of Users' Personal Data, as well as how Users can access and modify that data.
1.2. In the Policy, you can also review several types of content and data, and methods for collecting and using content and data, that may not currently be used in the Service.
2. THE SCOPE OF THIS POLICY
2.1. This Policy applies to User Data. Under the GDPR and similar laws, the Operator is considered the processor of any Personal Data in the Customer's User Data.
2.2. The Operator shall process the Personal Data contained in the User Data in accordance with the instructions of the relevant Controller or in accordance with the legal requirements of the Client's country.
2.3. For any Account within the Service, the relevant Client is the one whom the Operator allows to manage the Account Owner's account. This Client is the Controller of all information submitted to this Account by any User.
2.4. The above is true even when these Users are employees of another Customer, as each Customer is the Controller of only his/her own Account. The Operator may disclose any User Data, including certain deleted User Data or data previously received from deactivated users, to the relevant Customer.
2.5. The Operator provides the Client with certain tools to modify, delete, or perform other actions with the User Data. Users and other individuals should contact the relevant Customer with any inquiries regarding their Personal Information that may appear in that Customer's User Data.
2.6. If the Client or Users of the Service carry out the processing of Personal Data of individuals in the Service, they must independently obtain permission from each such individual to process their Personal Data, as well as to ensure the safe storage and processing of these data.
2.7. If the Operator receives a request from a User to manage User Data rights, they will forward the User's request to the appropriate Client and will cooperate with that Client in processing that request.
2.8. For requests from administrators of Customer accounts relating to their Personal Data, the Operator may process requests directly.
2.9. This Policy also applies to the Operator's processing of Personal Information that is not User Data, such as Personal Data about:
Visitors to the Service;
Users of the Products;
Potential customers and their staff;
People who subscribe to the Service's newsletters or other marketing materials.
3. TYPES OF PERSONAL DATA THE OPERATOR COLLECTS AND HOW IT IS USED
3.1. Because the Operator provides a Service that is independent of content and data, Customers have the right to provide the Operator with any Personal Data in the User Data.
3.2. Contact forms
3.2.1. When registering an Account, a form is used to collect contact data (including name and email address). This is done so the Client can register an Account, request information and support, and send the Operator suggestions regarding the Service.
3.2.2. The Operator receives and stores all information that Users input in the Service or provide to the Operator by other means, including email or conversation with representatives of the Service's customer service.
3.2.3. If the User contacts the Operator for support, the Operator will store information about what kind of assistance was provided.
3.2.4. The Operator uses the information provided by the User to contact the User regarding changes in the functionality of the Products and Service, and regarding special offers the Operator decides may be of interest to the User. If the User does not wish to receive such messages, he/she should change his/her settings as described in "Updating Your Information."
3.2.5. The Operator may send the User one or more welcome messages, including those necessary for the User's registration in the Service. The Operator may also send the User updates, service announcements, administrative messages, or other important information about one or more Websites and/or the Service.
3.2.6. The Operator may send newsletters, notifications, or other information about products, services, and special offers that the Operator deems of interest to the User via email. The User can unsubscribe from these messages at any time. For this purpose, the User is usually provided with a link to unsubscribe directly in the email.
3.2.7. The service allows the Account Owner or Administrators to import contacts, tasks, transactions, directory entries, and other data into their Account by uploading a file or by copying and pasting information from another source. Data can also be loaded to Planfix using an API. The Operator uses this information solely for the lawful purpose of importing Customer data in accordance with the Operator's instructions. If the Customer imports or otherwise enters Personal Data into the Service for contacts, tasks, directories, or other tools available in the Service, the Operator shall use them only for the purposes for which the Customer provided them to the Operator.
3.3. Cookies and other similar technologies.
3.3.1. Like most websites, the Operator collects certain information automatically when the User visits the Service, reads emails from the Service, or communicates with the Service's support team.
3.3.3. The Operator usually collects this information using various tracking techniques, including cookies, web beacons, and similar technology. For example, the Operator collects information about the User's device and its software, such as its IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, and unique identifier.
3.3.4. The Operator also collects information about how the User uses the Service. For example, the site from which the User came and the site to which the User is directed when leaving the Site; the pages the User visits; the links the User clicks; how often the User accesses the Service; whether the User opens emails from the Service; whether the User clicks the links contained in such emails; and what other activities the User performs on the Service when using the Service on different devices.
For example, cookies help:
(a) keep track of whether the User is registered in the system so that the Service can display all available features;
(b) remember the User's settings on the pages that he or she visits, so that the Service can display the User's preferred content on his or her subsequent visits;
(c) display personalization of content and background information on the Service, as well as on Operator's other Websites and Products;
(d) collect analytics, measure trends in traffic and use of the Service, and better understand the demographics of Service users;
(e) diagnose and correct technological issues of the Service;
(f) plan and improve the Service.
3.3.6. Most browsers allow disabling or rejecting certain cookies. Users can do this by configuring their browser settings. Users should use the "Help" function of their browser for more information about refusing cookies.
3.4. Log data
3.4.1. As with other Internet resources, data collection in the Service is automatic, and the information obtained is stored in special log files.
3.4.2. The Operator uses the information collected while working with the Service to personalize search results, diagnose problems on the servers of the Service, as well as to administer the Service. The Operator obtains a variety of demographic information from this data, which helps the Operator improve the Service and make it more enjoyable for Users.
3.5.1. The Operator uses tracking tools such as CI codes (transition tracking), ISC (source tracking). The Operator uses analytics software to better understand how Mobile Apps and Apps work on User's phones. This software can track how and how often the User uses the Service's applications. It can gather generalized data about how the Service's applications are used and information about their performance. It can also tell the place from which the User downloaded the Service's Applications.
3.6. Mobile applications
3.6.1. The Service's mobile applications automatically record the device operating system, phone model, application version, device identification number, and customer number. The mobile applications send this data back to their web services. These results are not shared with third parties and are used exclusively for making decisions about the characteristics of main user categories in order to optimize the Service and services provided for Users of the relevant types of devices.
3.6.2. The Operator does not link the information stored in its analytics software with the User's Personal Data sent via Mobile Applications.
4. DISCLOSURE OF PERSONAL DATA
4.1. The Operator cooperates with the government and with law-enforcement officials in order to comply with laws and ensure that they are obeyed.
4.2. The Operator discloses information about you to the government or law-enforcement officials if, at our sole discretion, the Operator deems it necessary or appropriate for responding to a claim and court order (including, but not limited to, a subpoena); protecting the Operator's property and rights or the property and rights of third parties; ensuring public or personal safety; or preventing or terminating activities that the Operator deems to be illegal or unethical.
4.3. Generally, to the extent permitted by law, the Operator will take reasonable steps to notify the User in the event that the Operator needs to provide Personal Data to third parties as part of a legal process.
4.4. The Operator may have agreements with other parties to provide additional services to the User. When the User or its organization uses such services, the Operator may transfer Personal Data to such parties. In such cases, the Operator will use commercially reasonable efforts to limit the information provided to provide such services.
4.5. Owners and managers
4.5.1. Depending on the configuration and settings set by the Account Owner, User information may be available to other Account employees associated with the User's account. For example, an employer or manager may have access to certain information about how the User uses the Service.
4.6. Interaction of Users in the Service
4.6.1. The Service is designed so that Users can publish and exchange content, collaborate, and communicate. The information that Users choose to share will be available to Users who interact with each other on the Service.
4.6.2. If an End User accesses the Service because he or she has been invited by another User of the Service, remember that the processing of User and Personal Data is also governed by this Policy. The end user must read this Policy before submitting any Personal or User Data.
4.7. Additional Account users
4.7.1. When an Account Owner or Administrators add additional End Users to their Account, the Operator sends them an invitation to join the Service and asks them to provide additional contact information, including their email address.
4.7.2. When the Account Owner or Administrators invite new End Users into their Account, they ensure the Operator that they have a valid business or personal relationship with such End Users sufficient to avoid liability under any law that applies to unsolicited email. In this situation, the person sending such an invitation will be considered the initiator of any such email (or other electronic communication), and the Operator will be considered merely a service provider facilitating the sending of such email (or other electronic communication).
4.8. Links between Accounts
4.8.1. The Service provides a feature for group work between different Accounts. In this case, the data previously added to the Service, name, language used, and avatar (photo), are transferred to another Account. When a User from another Account connects to a task in your Account, information about that task — name, description, dates and other data from system fields, attached files and checklist items — is transmitted to the User's Account. The following data of all users connected to the task will also be transmitted: name, language, avatar (photo).
5. LEGAL BASIS OF PERSONAL DATA PROCESSING
5.1. The laws of some countries require companies that process Personal Data to inform their users of the legal basis on which they presume to use or disclose their Personal Data. To the extent that these laws apply, the Operator uses the following legal basis for processing Personal Data:
5.1.1. To fulfill the Operator's contractual obligations to the Users of the Service.
A certain part of the Operator's processing of Personal Data consists of fulfilling contractual obligations to the Users to whom the Personal Data relates, or to take action at their request in anticipation of entering into a contract with them.
In certain cases, when required by law and in certain other cases, the Operator processes Personal Data only on the basis of consent. As an example, some of the Operator's direct marketing activities are consent-based, such as sending marketing emails to Users who have requested them.
5.1.3. Legitimate interests.
In most cases, the Operator processes Personal Data on the grounds that they serve legitimate interests in the commercial activities of the Service, such as: Customer support; marketing; protection of Service Customers, Users, staff, and property; analysis and improvement of the Service and service offerings; and resolution of legal issues. The Operator may also process Personal Data in the same legitimate interests of its Customers and business partners.
5.1.4. Legal compliance.
The Operator must use and disclose Personal Data in a certain way to comply with its legal obligations.
6. INTEGRATION WITH THIRD-PARTY SERVICES
6.2. Google Analytics (hereinafter referred to as "Analytics Tools" )
6.2.1. The Operator uses Analytics Tools to collect information about the use of Applications, such as: the frequency of visits and use of the Service by the User, the pages visited, and the Websites visited by the User before going to this Site. Analytics tools collect only the IP addresses assigned to users on the day they visit this Site, but not the name or other identifying information.
6.2.2. Analytics tools place a permanent cookie in the user's web browser to identify him or her as a unique user the next time he or she visits this Site. This cookie cannot be used by anyone other than the companies that own the analytics services. The Operator uses the information obtained through the Analytics Tools only to improve its Applications.
6.3. Google Contacts
6.3.1. When enabling the integration of a selected list of contacts to the Service with Google Contacts, the Service will create a new group of contacts in Google Contacts with the contacts from the list. The following information is transmitted from the Service to Google Contacts: full name, title, company name, email addresses, phone numbers, birthday, contact notes, address, and pages (names) in messengers/social networks.
6.3.2. When enabling integration, the Service only gains access to the contacts that are in the group of contacts created by the Service in Google Contacts. The Service only adds/modifies/deletes contacts from the group of contacts it creates.
6.3.3. When a user with Admin permissions deletes a contact or contacts in the Service, the Service deletes the corresponding contact(s) from Google Contacts.
6.3.4. When Google Contacts integration is disabled, information about contacts will not be updated, but the contacts will not be deleted from your Google account. The User must delete the contacts from Google Contacts as needed.
7.1. The Operator uses security features to protect against the loss, inappropriate use, or alteration of data under its control.
7.2. The Operator complies with the generally-accepted standards for protecting personal data when it is being transferred and once it has been received. In addition, the Service provides features for protecting data and security, including:
Using RSA encryption in the channel for transferring data from user devices to the service and vice versa.
Providing two-factor authentication for login.
Providing a feature for limiting Account access based on IP address.
Providing a feature for limiting Account access based on time.
7.3. If third-party services with which the Service has an integration collect non-public personal information from the User, the Operator takes reasonable steps to protect such information during transmission. However, there is no entirely secure method of transferring data in electronic format over the Internet, or for storing electronic data. Consequently, the Service cannot guarantee the absolute protection of data.
7.4. If the User uses third-party software integrated into the Service (e.g. Google Drive, Box, or Dropbox), their information will be processed by third parties and the Operator cannot guarantee to the User that such information will be processed in a secure way.
7.5. The Operator can store the User's information as long as his or her Account is active or as long as the User's information is necessary for the Operator to provide the relevant services, comply with the legal obligations of the Operator, or settle disputes and fulfill agreements.
8. ADDITION OF INFORMATION
8.1. The Operator may receive information about the User from other sources, including publicly available databases and from third parties from whom the Operator may acquire information, and use it in combination with the information it already has about the User. This allows the Operator to update, expand, and analyze our data; find new clients; and provide the User with a service tailored to his or her interests.
8.2. If the User provides the Operator with Personal information about other persons (or other persons provide the Operator with information about the User), the Operator uses this information only for the purposes for which it was provided to the Operator.
9. "DO NOT TRACK" SIGNALS
9.1. The User has the ability to specify in his or her browser settings the automatic sending of a "Do Not Track" signal to the websites and services they use.
9.2. The industry has not yet developed a framework for handling these signals. Like many other websites and web services, the Service does not respond to "Do not track" signals that it receives from visitors' browsers at this time.
10. PROCEDURE FOR DELETING THE ACCOUNT DATA FROM THE SERVICE
10.1. If there is no new activity in an Account (such as adding new tasks or actions) for one month, Planfix will automatically freeze the Account. One week before an account is frozen, the Account Owner will receive a warning and a suggestion to be active in the Account if they are planning on using it in the future.
10.2. A frozen Account can be unfrozen up to one month after the day it was frozen. Only the Account Owner can unfreeze an account. If a frozen Account is not unfrozen after one month, the Service will automatically delete the account and all of its data.
10.3. The Service keeps a copy of the Account for 180 days. After 180 days, all Account data will automatically be permanently deleted.
10.4. The User can delete their personal data left on the Service by sending a request to the Operator via their preferred communication channel.
10.5. Upon this request, within 30 days the Operator undertakes to delete all personal data provided by the User.
10.6. Deletion of the User's personal data may result in their inability to use part or all of the Operator's Services.
11. UPDATING YOUR INFORMATION
11.1. The User can modify or update their account data at any time or decline to receive messages from the Service. To do this, the User must log in to their Account and go to Employee Card > Subscriptions and Notifications.
11.2. To the extent that the User's Personal Data is reasonably necessary to provide the Services to the User and to make the Service function for other Customers, the collection, use, and disclosure of such data is mandatory, and the User cannot opt out or delete their information without ceasing to use the Service.
11.3. The Operator will use commercially reasonable efforts to make any changes to this data requested by the User in a timely manner.
12.1. At the request of the User, the Operator shall provide information on whether it is storing or processing the User's Personal Data on behalf of a third party. To receive access to this data, correct it, or request that it be deleted, the User can write to the Operator via their preferred method of communication.
12.2. The Operator undertakes to respond to the access request or to change or cancel the User's data within thirty (30) days.
13. DATA TRANSFER ABROAD
13.1. If the User uses the Service while located in a country other than the country where the servers of the Service are located, data may be transmitted across national borders during correspondence with representatives of the Service.
13.2. The User acknowledges and agrees that in order to process Customer requests and appeals as efficiently and promptly as possible, Customer support operations are performed all over the world.
13.3. If the User writes to a representative of the Service from their country of residence, their application may be received by a representative in another country (including, for example, outside the European Economic Area) and the information provided by the User will be transmitted to that country.
13.5. By using the Service, by contacting the customer service representatives of the Service, or by exchanging data electronically in any other way, the User agrees to such transfer.
14. INFORMATION RELATING TO CHILDREN
14.1. The Children's Online Privacy Protection Act (COPPA) governs the online collection of data from people under the age of 13. The Policy of the Service prohibits knowingly collecting or maintaining Personal Data relating to any person under 13 years of age.
14.2. If the User is under 13 years of age and he or she is certain that he or she has already provided Personal Data through the Service, he or she should immediately contact the Operator through his or her parents or guardians, via their preferred communication channel , so that the Operator can delete such information from the Service.
15. CHANGES IN PRACTICES
15.2. If the Operator decides to change this Policy, it will publish the changes in the Policy and any other places it deems necessary so that Users are always aware of what information the Operator collects, how it uses it, and under what circumstances, if any, it discloses it.
15.3. If Operator makes material changes to this Policy, it will notify users by email and/or through the Accounts' internal notification system at least thirty (30) days before the changes take effect.
15.5. If the User does not accept the changes, he or she should stop using the Service.
15.6. If the User continues to use the Service after the new rules of the Policy go into effect, this means that he or she agrees with them and has accepted their changes.
16. ANSWERS TO QUESTIONS
16.1. If any questions arise about confidentiality or the principles of processing of Personal Data to which the User has not found an answer, he or she may contact the customer service of the Service at any time with a request through their preferred channel of communication.