Takes effect 01.07.2023
Previous versionTakes effect 01.07.2023
Previous versionA. TERMS AND DEFINITIONS
-
"Service" — a set of functionalities of the Planfix software system managed by the Operator.
-
"Operator" — Planfix, Inc., which provides the Service; registered at 4445 Eastgate Mall, Suite 200, San Diego, CA, 92121, USA.
-
"Client" — an individual or legal entity that has entered into a Terms of Service to receive a free, trial, or paid Service plan.
-
"Website" — any automated information system available on the Internet using the web address (including subdomains): https://planfix.com/, https://planfix.net/, https://planfix.pl/, https://planfix.us/, https://planfix.es/, https://planfix.cz/, https://planfix.ro/, https://planfix.id/, https://planfix.mx/, https://planfix.nl/, https://planfix.ph/, https://planfix.uk/, https://planfix.ua/, https://planfix.cc.
-
"Account domain" — the third-level domain name for a Website that looks as follows: https://account_name.Website, where Account_Name is the name provided (chosen) when registering the Account.
-
"Mobile applications" — computer programs intended for installation and use on a mobile device. They allow users to access various service features.
-
"Applications"—an integrated software solution that includes the Website, Mobile Applications, and other computer programs and/or databases on which the Service is based.
-
"Products" — Applications and databases making up the client part of the Planfix software for collaborative work with other users who are registered for the Service and for managing organizations, in the form of a data set and commands reproducible on the equipment of End Users.
-
"Account" — the Account Domain, with the Application software and User Content available through it, associated with a specific Client.
-
"User Content" — any informational materials and data, including text, images, audiovisual content, and other materials uploaded to the account. In this context, "sending" includes sending, uploading, transferring, or making Client data available to or through Products.
-
"Account Owner" — a user status received when signing up for an Account. Account Owners have access to the maximum number of Service features, including Account management.
-
"Controller" — the individual with the legal right to determine the purposes and tasks for which Personal Data will be processed and how such processing will occur. This role is typically assigned to the Account Owner.
-
"Administrators" — End Users appointed by the Account Owner, with expanded Account management permissions that enable them to manage the Products on behalf of the Account Owner.
-
"End User" — denotes the person whom the Account Owner or Administrators invite and/or allow to use the Products according to their functional purpose. For clarity, persons invited by the Account Holder or Administrators and persons interacting with the Products as customers are also considered end users.
-
"User" — Account Owner, End Users.
-
"Personal data" — information about Users that can be used directly or indirectly to identify them (name, address, phone number, date of birth, email address, etc.) Data that cannot be used to identify a User, such as anonymized data, is not considered Personal Data.
-
"User data" — the combination of Personal Data and User Content.
-
"Processing of personal data" — any operation or set of operations that can be performed on Personal Data.
-
"Privacy Policy"—the text of this document with all appendices, amendments, and additions describing the Operator's personal data collection and processing policy, located at https://planfix.com/doc/privacy/.
-
GDPR is the European Union's regulation on the protection of Personal Data.
1. ON THE PRIVACY POLICY
1.1. The Policy describes the principles of the Operator's collection and use of Personal Data and User Content Users enter while using the Service. It also describes the Operator's options for using Users' Personal Data, as well as how Users can access and modify that data.
1.2. The Policy also contains several types of content and data and methods for collecting and using content and data that may not currently be used in the Service.
2. THE SCOPE OF THIS POLICY
2.1. This Policy applies to User Data. Under the GDPR and similar laws, the Operator is considered the processor of any Personal Data in the Customer's User Data.
2.2. The Operator shall process the Personal Data contained in the User Data following the instructions of the relevant Controller or under the legal requirements of the Client's country.
2.3. For any Account within the Service, the relevant Client is the one whom the Operator allows to manage the Account Owner's account. This Client is the Controller of all information submitted to this Account by any User.
2.4. The above is true even when these Users are employees of another Customer, as each Customer is the Controller of only his/her own Account. The Operator may disclose any User Data, including certain deleted User Data or data previously received from deactivated users, to the relevant Customer.
2.5. The Operator provides the Client with certain tools to modify, delete, or perform other actions with the User Data. Users and other individuals should contact the relevant Customer with any inquiries regarding their Personal Information that may appear in that Customer's User Data.
2.6. If the Client or Users of the Service process the Personal Data of individuals in the Service, they must independently obtain permission from each such individual to process their Personal Data and ensure the safe storage and processing of these data.
2.7. If the Operator receives a request from a User to manage User Data rights, they will forward the User's request to the appropriate Client and cooperate with that Client to process that request.
2.8. The Operator may process requests from administrators of Customer accounts regarding their Personal Data directly.
2.9. This Policy also applies to the Operator's processing of Personal Information that is not User Data, such as Personal Data about:
-
Visitors to the Service;
-
Users of the Products;
-
Potential customers and their staff;
-
People who subscribe to the Service's newsletters or other marketing materials.
3. TYPES OF PERSONAL DATA THE OPERATOR COLLECTS AND HOW IT IS USED
3.1. Because the Operator provides a Service independent of content and data, Customers have the right to provide the Operator with any Personal Data in the User Data.
3.2. Contact forms
3.2.1. When registering an Account, a form collects contact data (including name and email address). This is done so the Client can register an Account, request information and support, and send the Operator suggestions regarding the Service.
3.2.2. The Operator receives and stores all information that Users input in the Service or provide to the Operator by other means, including email or conversation with representatives of the Service's customer service.
3.2.3. If the User contacts the Operator for support, the Operator stores information about what assistance was provided.
3.2.4. The Operator uses the information provided by the User to contact the User regarding changes in the functionality of the Products and Service and regarding special offers the Operator decides may be of interest to the User. If the User does not wish to receive such messages, he/she should change his/her settings as described in "Updating Your Information."
3.2.5. The Operator may send the User one or more welcome messages, including those necessary for the User's registration in the Service. The Operator may also send the User updates, service announcements, administrative messages, or other important information about one or more Websites and/or the Service.
3.2.6. The Operator may send newsletters, notifications, or other information about products, services, and special offers that the Operator deems of interest to the User via email. The User can unsubscribe from these messages at any time. For this purpose, the User is usually provided with a link to unsubscribe directly in the email.
3.2.7. The service allows the Account Owner or Administrators to import contacts, tasks, transactions, directory entries, and other data into their Account by uploading a file or copying and pasting information from another source. Data can also be loaded to Planfix using an API. The Operator uses this information solely to import Customer data following the Operator's instructions. If the Customer imports or otherwise enters Personal Data into the Service for contacts, tasks, directories, or other tools available in the Service, the Operator shall use them only for the purposes for which the Customer provided them to the Operator.
3.3. Cookies and other similar technologies.
3.3.1. Like most websites, the Operator collects certain information automatically when the User visits the Service, reads emails from the Service, or communicates with the Service's support team.
3.3.2. The Service uses cookies and other tracking technologies so that the User does not have to sign in whenever they wish to access the Service.
3.3.3. The Operator usually collects this information using various tracking techniques, including cookies, web beacons, and similar technology. For example, the Operator collects information about the User's device and software, such as its IP address, browser type, Internet service provider, platform type, device type, operating system, date and time stamp, and unique identifier.
3.3.4. The Operator also collects information about how the User uses the Service. For example, the site from which the User came and the site to which the User is directed when leaving the Site; the pages the User visits; the links the User clicks; how often the User accesses the Service; whether the User opens emails from the Service; whether the User clicks the links contained in such emails; and what other activities the User performs on the Service when using the Service on different devices.
3.3.5. The Operator uses cookies to better display the Products, save the User time, provide better technical support, and anonymously monitor the use of the Service to improve it.
For example, cookies help:
(a) keep track of whether the User is registered in the system so that the Service can display all available features;
(b) remember the User's settings on the pages that he or she visits so that the Service can display the User's preferred content on his or her subsequent visits;
(c) display personalization of content and background information on the Service, as well as on the Operator's other Websites and Products;
(d) collect analytics, measure trends in traffic and use of the Service, and better understand the demographics of Service users;
(e) diagnose and correct technological issues of the Service;
(f) plan and improve the Service.
3.3.6. Most browsers allow disabling or rejecting certain cookies. Users can do this by configuring their browser settings. Users should use their browser's "Help" function for more information about refusing cookies.
3.3.7. Cookies are linked to the User's customer number, which, in turn, is linked to the User's Account information. The user can control the use of cookies at the browser level, but if he or she decides to disable them completely, he or she may lose access to certain Service features, including the ability to use the Service.
3.3.8. In order to use features that require cookies, the User must accept the use of cookies for the Service and thus give the Service permission to link their data as described above.
3.4. Log data
3.4.1. As with other Internet resources, data collection in the Service is automatic, and the information obtained is stored in special log files.
3.4.2. The Operator uses the information collected while working with the Service to personalize search results, diagnose problems on the Service's servers, and administer the Service. The Operator obtains various demographic information from this data, which helps the Operator improve the Service and make it more enjoyable for Users.
3.5. Tracking
3.5.1. The Operator uses tracking tools such as CI codes (transition tracking), ISC (source tracking). The Operator uses analytics software to better understand how Mobile Apps and Apps work on User's phones. This software can track how often the User uses the Service's applications. It can gather generalized data about how the Service's applications are used and information about their performance. It can also tell where the User downloaded the Service's Applications.
3.6. Mobile applications
3.6.1. The Service's mobile applications automatically record the device operating system, phone model, application version, device identification number, and customer number. The mobile applications send this data back to their web services. These results are not shared with third parties and are used exclusively to decide the characteristics of main user categories to optimize the services provided for users of the relevant types of devices.
3.6.2. The Operator does not link the information stored in its analytics software with the User's Personal Data sent via Mobile Applications.
4. DISCLOSURE OF PERSONAL DATA
4.1. The Operator cooperates with the government and law enforcement officials to comply with laws and ensure that they are obeyed.
4.2. The Operator discloses information about you to the government or law-enforcement officials if, at our sole discretion, the Operator deems it necessary or appropriate for responding to a claim and court order (including, but not limited to, a subpoena), protecting the Operator's property and rights or the property and rights of third parties; ensuring public or personal safety; or preventing or terminating activities that the Operator deems to be illegal or unethical.
4.3. Generally, to the extent permitted by law, the Operator will take reasonable steps to notify the User if it needs to provide Personal Data to third parties as part of a legal process.
4.4. The Operator may have agreements with other parties to provide additional services to the User. When the User or its organization uses such services, the Operator may transfer Personal Data to such parties. In such cases, the Operator will use commercially reasonable efforts to limit the information provided to provide such services.
4.5. Owners and managers
4.5.1. Depending on the configuration and settings set by the Account Owner, User information may be available to other Account employees associated with the User's account. For example, an employer or manager may have access to certain information about how the User uses the Service.
4.6. Interaction of Users in the Service
4.6.1. The Service is designed so that Users can publish and exchange content, collaborate, and communicate. The information that Users choose to share will be available to Users who interact with each other on the Service.
4.6.2. If an End User accesses the Service because he or she has been invited by another User, remember that the processing of User and Personal Data is also governed by this Policy. The end user must read this Policy before submitting Personal or User Data.
4.7. Additional Account users
4.7.1. When an Account Owner or Administrators add additional End Users to their Account, the Operator invites them to join the Service and asks them to provide additional contact information, including their email address.
4.7.2. When the Account Owner or Administrators invite new End Users into their Account, they ensure the Operator that they have a valid business or personal relationship with such End Users sufficient to avoid liability under any law that applies to unsolicited email. In this situation, the person sending such an invitation will be considered the initiator of any such email (or other electronic communication), and the Operator will be considered merely a service provider facilitating the sending of such email (or other electronic communication).
4.8. Links between Accounts
4.8.1. The Service provides a feature for group work between different Accounts. In this case, the data previously added to the Service, name, language used, and avatar (photo) are transferred to another Account. When a User from another Account connects to a task in your Account, information about that task — name, description, dates, and other data from system fields, attached files, and checklist items — is transmitted to the User's Account. The following data of all users connected to the task will also be transmitted: name, language, and avatar (photo).
5. LEGAL BASIS OF PERSONAL DATA PROCESSING
5.1. The laws of some countries require companies that process Personal Data to inform their users of the legal basis on which they presume to use or disclose their Personal Data. To the extent that these laws apply, the Operator uses the following legal basis for processing Personal Data:
5.1.1. To fulfill the Operator's contractual obligations to the Service Users.
A certain part of the Operator's processing of Personal Data consists of fulfilling contractual obligations to the Users to whom the Personal Data relates or taking action at their request in anticipation of entering into a contract with them.
5.1.2. Consent.
In certain cases, when required by law and in certain other cases, the Operator processes Personal Data only based on consent. For example, some of the Operator's direct marketing activities are consent-based, such as sending marketing emails to Users who have requested them.
5.1.3. Legitimate interests.
In most cases, the Operator processes Personal Data because it serves legitimate interests in the commercial activities of the Service, such as Customer support and marketing; protection of Service Customers, Users, staff, and property; analysis and improvement of the Service and service offerings; and resolution of legal issues. The Operator may also process Personal Data in the same legitimate interests of its Customers and business partners.
5.1.4. Legal compliance.
The Operator must use and disclose Personal Data in a certain way to comply with its legal obligations.
6. INTEGRATION WITH THIRD-PARTY SERVICES
6.1. The Service may contain links to third-party websites of its partners, advertisers, and social networks, and the Service User may also post links to third-party websites. If the User follows a link to any of these websites, it should be noted that such websites have their own privacy policies and that the Operator is not responsible for their policies. The Operator strongly recommends that the User read the privacy policy and terms of use of such third-party resources to understand how they collect, use, and share information. The operator is not responsible for the privacy practices or the content of third-party resources.
6.2. Google Analytics (hereinafter referred to as "Analytics Tools" )
6.2.1. The Operator uses Analytics Tools to collect information about the use of Applications, such as the frequency of visits and use of the Service by the User, the pages visited, and the Websites visited by the User before going to this Site. Analytics tools collect only the IP addresses assigned to users when they visit this Site, not the name or other identifying information.
6.2.2. Analytics tools place a permanent cookie in the user's web browser to identify him or her as a unique user the next time he or she visits this Site. This cookie cannot be used by anyone other than the companies that own the analytics services. The Operator only uses the information obtained through the Analytics Tools to improve its Applications.
6.2.3. Analytics Tools' ability to use and share with third parties information collected through these services about users' visits to a particular site is limited by the privacy policy of the relevant service. Users can prevent Analytics Tools from recognizing them on repeat visits to this site by disabling the corresponding cookie in their browser.
6.3. Google Contacts
6.3.1. When enabling the integration of a selected list of contacts to the Service with Google Contacts, the Service will create a new group of contacts in Google Contacts with the contacts from the list. The following information is transmitted from the Service to Google Contacts: full name, title, company name, email addresses, phone numbers, birthday, contact notes, address, and pages (names) in messengers/social networks.
6.3.2. When enabling integration, the Service only gains access to the contacts in the group of contacts it created in Google Contacts. The Service only adds/modifies/deletes contacts from the group of contacts it creates.
6.3.3. When a user with Admin permissions deletes a contact or contacts in the Service, the Service deletes the corresponding contact(s) from Google Contacts.
6.3.4. When Google Contacts integration is disabled, information about contacts will not be updated, but the contacts will not be deleted from your Google account. The User must delete the contacts from Google Contacts as needed.
7. SECURITY
7.1. The Operator uses security features to protect against the loss, inappropriate use, or alteration of data under its control.
7.2. The Operator complies with the generally accepted standards for protecting personal data when it is being transferred and once it has been received. In addition, the Service provides features for protecting data and security, including:
-
RSA encryption is used in the channel to transfer data from user devices to the service and vice versa.
-
Providing two-factor authentication for login.
-
Providing a feature to limit account access based on IP address.
-
Providing a feature to limit account access based on time.
7.3. If third-party services with which the Service has an integration collect non-public personal information from the User, the Operator takes reasonable steps to protect such information during transmission. However, there is no entirely secure method of transferring or storing electronic data in electronic format over the Internet. Consequently, the Service cannot guarantee the absolute protection of data.
7.4. If the User uses third-party software integrated into the Service (e.g., Google Drive, Box, or Dropbox), their information will be processed by third parties, and the Operator cannot guarantee to the User that such information will be processed securely.
7.5. The Operator can store the User's information as long as his or her Account is active or as long as the User's information is necessary for the Operator to provide the relevant services, comply with the Operator's legal obligations, or settle disputes and fulfill agreements.
8. ADDITION OF INFORMATION
8.1. The Operator may receive information about the User from other sources, including publicly available databases and third parties from whom the Operator may acquire information and use it with the information it already has about the User. This allows the Operator to update, expand, and analyze our data, find new clients, and provide the User with a service tailored to his or her interests.
8.2. If the User provides the Operator with Personal information about other persons (or other persons provide the Operator with information about the User), the Operator uses this information only for the purposes for which it was provided.
9. "DO NOT TRACK" SIGNALS
9.1. The User has the ability to specify in his or her browser settings the automatic sending of a "Do Not Track" signal to the websites and services they use.
9.2. The industry has not yet developed a framework for handling these signals. Like many other websites and web services, the Service does not currently respond to "Do not track" signals from visitors' browsers.
10. PROCEDURE FOR DELETING THE ACCOUNT DATA FROM THE SERVICE
10.1. If there is no new activity in an Account (such as adding new tasks or actions) for one month, Planfix will automatically freeze the Account. One week before an account is frozen, the Account Owner will receive a warning and a suggestion to be active in the Account if they plan on using it.
10.2. A frozen Account can be unfrozen up to one month after the day it was frozen. Only the Account Owner can unfreeze an account. If it is not unfrozen after one month, the Service will automatically delete it and all of its data.
10.3. The Service keeps a copy of the Account for 180 days. After 180 days, all Account data will automatically be permanently deleted.
10.4. The User can delete their personal data left on the Service by requesting it from the Operator via their preferred communication channel.
10.5. Upon this request, the Operator undertakes to delete all personal data provided by the User within 30 days.
10.6. Deleting the User's personal data may prevent them from using part or all of the Operator's Services.
11. UPDATING YOUR INFORMATION
11.1. The User can modify or update their account data at any time or decline to receive messages from the Service. To do this, the User must log in to their Account and go to Employee Card > Subscriptions and Notifications.
11.2. To the extent that the User's Personal Data is reasonably necessary to provide the Services to the User and to make the Service function for other Customers, the collection, use, and disclosure of such data is mandatory, and the User cannot opt-out or delete their information without ceasing to use the Service.
11.3. The Operator will use commercially reasonable efforts to promptly make any changes to this data requested by the User.
12. ACCESS
12.1. At the user's request, the Operator shall provide information on whether it is storing or processing the User's Personal Data on behalf of a third party. To receive access to this data, correct it, or request that it be deleted, the User can write to the Operator via their preferred method of communication.
12.2. The Operator undertakes to respond to the access request or to change or cancel the User's data within thirty (30) days.
13. DATA TRANSFER ABROAD
13.1. If the User uses the Service while located in a country other than the country where the servers of the Service are located, data may be transmitted across national borders during correspondence with representatives of the Service.
13.2. The User acknowledges and agrees that customer support operations are performed worldwide to process Customer requests and appeals as efficiently and promptly as possible.
13.3. If the User writes to a representative of the Service from their country of residence, their application may be received by a representative in another country (including, for example, outside the European Economic Area), and the information provided by the User will be transmitted to that country.
13.4. Regardless of the circumstances, this Privacy Policy will process the User's information.
13.5. By using the Service, contacting its customer service representatives, or exchanging data electronically in any other way, the User agrees to such transfer.
14. INFORMATION RELATING TO CHILDREN
14.1. The Children's Online Privacy Protection Act (COPPA) governs online data collection from people under 13. The Policy of the Service prohibits knowingly collecting or maintaining Personal Data relating to any person under 13 years of age.
14.2. If the User is under 13 years of age and is certain that he or she has already provided Personal Data through the Service, he or she should immediately contact the Operator through his or her parents or guardians via their preferred communication channel so that the Operator can delete such information from the Service.
15. CHANGES IN PRACTICES
15.1. The Operator reserves the right to modify this Privacy Policy anytime.
15.2. If the Operator decides to change this Policy, it will publish the changes in the Policy and any other places it deems necessary so that Users are always aware of what information the Operator collects, how it uses it, and under what circumstances, if any, it discloses it.
15.3. If the Operator makes material changes to this Policy, it will notify users by email and/or through the Accounts' internal notification system at least thirty (30) days before the changes take effect.
15.4. If the User accepts the modifications to the Privacy Policy, the User does not need to do anything.
15.5. If the User does not accept the changes, he or she should stop using the Service.
15.6. If the User continues to use the Service after the new rules of the Policy go into effect, this means that he or she agrees with them and has accepted their changes.
16. ANSWERS TO QUESTIONS
16.1. If any questions arise about confidentiality or the principles of processing Personal Data to which the User has not found an answer, he or she may contact customer service of the Service at any time with a request through their preferred communication channel.