The Planview Privacy Statement
Last modified: November 22, 2022What this Privacy Statement covers
Planview values your Privacy and understands its responsibilities when processing* your personal information / personal data (“PII” in the following). With this Privacy Statement we aim at explaining our use of PII Here you will find clear and comprehensive information about how and why we process your personal information.
*Processing means any type of operation or set of operations which is performed on PII, such as but not exclusively collection, storage and use.
Planview operates in the business-to-business industry and does not focus on consumer individual users or the collection of consumer data. We are a cloud service provider offering a range of different software solution services, and additional professional services for company’s and professionals.
This Privacy Statement covers product-specific information about how we process your PII when providing our services, information we collect on our websites, or by any other interaction with you. Additionally, we would like to let you know how we secure your PII, with whom we share it, and how you can contact us to exercise your rights.
Any reference to a Planview website includes all Planview websites as well as those of our subsidiaries. Planview maintains these same privacy practices with respect to PII that is collected off-line. This Privacy Statement does not apply to the practices of third parties that Planview does not own or control, nor to consumer individuals.
We encourage you to periodically review this Privacy Statement to stay informed about how we process your PII, as it may be updated with regards to the legal development of privacy, or any other changes on the measures and practices we adopt.
If you don’t receive enough information regarding our privacy practices in this statement, please let us know by sending an email to Planview privacy – [email protected].
Our commitment to our customers
Compliance with security and privacy is a part of our business DNA. That’s why we adhere to stringent standards such as ISO/IEC 27001 and undergo independent validation of compliance. We also perform annual SOC 2 Type I and/or II reports and penetration tests of our services. Planview also leverages an ISO/IEC 27701 certification of Privacy Information Management System (PIMS) which monitors our compliance with applicable privacy laws and regulations, and industry’s state-of-the-art controls. Planview is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).
Planview is subject to several privacy regulations and standards depending on where processing activities take place, such as the AB-375 California Consumer Privacy Act (CCPA) and other US privacy regulations within specific business industries, the General Data Protection Regulation 2016/679 (GDPR) for EU, and other country-specific privacy regulations. Adherence to these standards, along with regularly performed security evaluations, internal privacy policies, specific instructions and regular training of employees, serves as safeguards to ensure technical and organizational measures are in place to protect PII in our possession.
As a consequence of the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield, Planview enhanced the technical and organizational measures in place to protect the PII being transferred to countries outside the European Economic Area. Nevertheless, Planview has kept its Privacy Shield Framework certification and continues to adhere to the principles of notice, choice, security, data integrity, access, recourse, enforcement and liability.
Our role in different relations
Our role, with respect to processing your data, varies depending upon the type of activities we perform.
- For service delivery – Planview is a data processor for the Planview software services In these cases, our customers are data controllers.
- For marketing purposes – Planview is a data controller for our marketing activities. We may either have a legitimate interest of processing PII or ask for your consent for these operations.
When and how we collect data
From the first moment you interact with Planview, we may be collecting data. Sometimes you provide us with data. Sometimes data about you is collected automatically. Data is occasionally also collected from third parties which Planview collaborates with, and uploaded to Planview systems. Such data comprise general information of companies and business representatives, often named individuals identified as appropriate contact of the business.
These are examples of when and how data is collected:
- You browse any page on one of our websites
- You complete a form on one of our websites
- You use one of our services
- We call you
- You receive emails from us
- You view and sign contracts
- You call us for customer support
- You chat with us for customer support
- You integrate 3rd-party applications with one of our services
- You interact with partners and other third-parties that provide us data
For service delivery
Users of our services sign up for access to the different systems that Planview is hosting. A few fields of user information are mandatory and must be stated for the service to work at all. Full name, email and country of residence is required. Name is needed for the ability to identify users, email is needed for authentication, and country is needed for financial reasons (VAT) and trade compliance.
Over and above that, a user may add any other information and PII relating to themselves (or others) as they find relevant. Planview will not have any implication with whatever information a user provides to the service and system.
PII is stored during the time period the user is utilizing the service. A user is always able to adjust or delete its PII. Users are permanently deleted from an account by the account administrator, which the customer is solely responsible for.
Planview will have access to information about user data that a user provides to the service himself, and also IP-address. Such information is necessary for the administration of the services, in case there’s a need for support or troubleshooting. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.
Planview may also collect information during your work in our services, or when you visit our website, through the use of automatic data collection tools such as cookies (described below) and other commonly used information-gathering tools.
For marketing purposes
In order to serve you with relevant information regarding our services, and to respond to any requests you may have, we collect information about you when signing up for a user account, a webinar or seminar, or when downloading content such as eBooks or whitepapers from our website. We may also receive information about you when collected by our partners or collect it from public sources such as LinkedIn. This information may comprise all or some of these PII’s; your name, contact information (phone and fax numbers, street address, and email address), company name, work title and payment data.
We retain this information as you wish to receive information from us. We will ensure that the information we have is accurate and updated by regular control mechanisms. You may – at any time – require us to delete, rectify, restrict or object to any PII we hold about you. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.
How and why we use your data
A growing body of data protection regulations specify how we can process your data. The regulations may vary between country, state or region. Considering such variations, we may need a specific reason, and a legal basis (among other requirements), for processing your data.
Some of the reasons may be:
To enable you to use our product
Planview is a data processor for the Planview software services. Our customers are the data controllers in these processing activities. Our legal basis is the execution of the software services contract with our customers. Customers shall give explicit instructions of how we may process their data in a Data Processing Agreement (DPA). User login name is necessary to verify the user is authorized and permitted to use the services.To improve our services and websites
Examples include: Testing features, interacting with feedback platforms, managing landing pages, heat mapping, traffic optimization, and data analysis and research. We have a legitimate interest of developing, ameliorating and improving our services for the benefit of our customers and users.For customer support
Examples include: When users submit a ticket to assistance and/or help, notifying users of any changes to our service and solving issues via chat, phone or email. We are contractually committed to communicate with users and help if required.For direct marketing purposes
Examples include: Sending you emails and in-product messages about new features, products and services. We have a legitimate interest of developing, ameliorating and improving our services, including demonstrating new features and products, for the benefit of our customers and users. In some cases, we may request your consent for marketing purposes.
For service delivery
For our services, we need information about you to be able to identify you. These uses may include providing you with service and support, communicating with you and responding to your requests, and sending you information in relation to new products and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product. We believe you benefit in your work with our services thereby.
For marketing purposes
For marketing, we use the information we collect about you to communicate with you about our products and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product.
Data sharing
Planview shares information for business purposes only on a need-to-know basis and only with its own employees and affiliates; the customer from which Planview received the information; Planview agents, consultants, sub-processors, and third-party service-provider companies, that have agreed to take measures to safeguard your information and other entities authorized to have access to such information under applicable law or regulation.
If data transfer is required, Planview ensures that such transfer complies with the applicable privacy and data protection regulation, including adopting the necessary technical and organizational measures to guarantee an adequate level of protection to the transferred information. Except as described in this Privacy Statement, Planview will not share the personal information you provide to Planview with non-Planview third parties without your permission except as required by law.
Links to non-Planview websites
The website may provide links to unaffiliated, third-party websites for your convenience and information. If you access these links, you will leave the Planview website. Planview has no control over these websites and is not responsible or liable for the policies and practices followed by third parties. The PII you choose to provide, or that is collected by these third parties, is not covered by this Privacy Statement. If you link to or otherwise visit any other websites managed by third parties, we encourage you to review the privacy policies posted at those sites before submitting your personal information.
How we use cookies and web analytics tools
Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly:
- Session cookies can be used to help a user’s browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (e.g., a website of an affiliated company) and can give helpful information.
- Persistent cookies can be used to customize a website for a user, such as by storing passwords, preferences, and registration and account information so that users do not have to re-enter this information each time they visit a website.
Planview uses Cookies both on its websites and in its software services.
Use of analytics tools and cookies on our websites
Planview uses web analytics services and similar technologies to analyze how users use the Planview websites. We also use your interactions on the website and the information you provide us with through registration forms to provide you services that better suit your preferences. This information is also used to assess our business performance, and our marketing effectiveness.
Our website may use both session cookies and persistent cookies to store information that allows us to improve our customer service to you and provide you with the ability to navigate the website more easily. To make our website easier to use, we combine information collected via cookies with personally identifiable information.
For detailed information regarding the cookies that we issue and to manage your cookie preferences, please visit our Privacy Preference Center.
Use of analytics tools and cookies on Planview software services
Planview’s software services only use Cookies when strictly necessary cookies, hence, these limited number of Cookies cannot be switched off. For more information on the use of Cookies on each of our software services, including the list of Cookies used and its purposes of use, please consult the Cookie Banners, or the Privacy Settings available on our software services.
Use of social media widgets
We use social media widgets as dynamic information sharing tools on our website to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these social media sites is governed by the security and privacy policies of those third-party sites.
How we secure your data
Planview utilizes a risk-based information security management system incorporating a defense-in-depth strategy with preventative and detective controls at each of the layers where customer data is stored, processed or transmitted.
This includes:
- Penetration tests and vulnerability scans
- Tight control of access to environments where customer data is processed or stored
- Encryption of data in transit using the Transport Layer Security (TLS) protocol
- Encryption of data at rest using the Advanced Encryption Standard (AES) algorithm
- A security management system built around the ISO 27001 standard
- A Privacy Management Program built around the ISO 27701 standard
- A dedicated team of information security professionals with decades of experience securing customer data
- Individuals with access to PII are advised of, and understand, their responsibility to follow good data protection practices
- Providing regular training on best practices for data protection
- Regularly reviewing processes/procedures that involve access to PII
- Privacy by Design is adopted for all new and/or modified systems and process
- Agreements and mechanisms for transfers of PII to non-EU countries are in place
- Market-leading endpoint security solutions that provide heuristic-based analysis of files and activity to prevent attacks, even when attackers use files that don’t match known signatures
We use a variety of appropriate physical, technical and administrative measures to safeguard and protect the information we receive and collect, including encryption techniques.
PII collected for the use of our services are stored within EU for EMEA customers, in the US for North and South American customers, and in Australia for Pacific customers.
We have specific internal authorized restrictions for our employee’s access to customer data and instructions in place for our different business areas.
We process information only in ways compatible with the purpose for which it was collected. As a user, password shall be used to help protect your accounts and PII. It is your responsibility to keep your password confidential.
We perform privacy and security assessments of all our vendors and suppliers that processes personal data on behalf of us.
Third parties who process your data
A software as a service solution is built upon an infrastructure of several components. The third-party vendors we use are infrastructure facilitators that provide for communication, security control and monitoring of use in order for the services to function and protect the information therein. If our customers had the ability to consent to the transfers of the very few third-party suppliers used, we wouldn’t be able to provide the services at its current state.
When we do this, it is sometimes necessary to share data. Your data is shared only when strictly necessary and according to acknowledged legally required safeguards and good practices detailed in this Privacy Statement.
For service delivery
We encourage all customers to enter into a DPA with us, that shall ensure both parties having an adequate level of protection for PII during the processing activities, and to make sure international transfers within Planview systems on behalf of customers and under their instructions, are sufficient. The instructions of how we may process PII, including the use of specific third parties and transfers is stated in our DPA’s. Planview is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). Planview is also required to cooperate with EU Data Protection Agencies with regards to privacy matters of any kind.
Any transfer of PII to a third party (regardless of physical location) or between our systems located in different countries, must first be reviewed to ensure compliance with the requirements imposed by the privacy regulations we are subject to. In particular, these transfers are often linked with robust contractual agreements between the parties to ensure its lawfulness, and that the necessary technical and organizational measures are in place to protect the transferred information.
PII collected on Planview sites and through our services may be processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to the necessary measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy – [email protected]
For marketing and sales purpose
In accordance with Planview’s general data transfer procedures and applicable safeguards, we only share information in the context of marketing and sales for business purposes, on a need-to-know basis and exclusively with:
- Our own employees and affiliates.
- The customer from which Planview received the information.
- Planview agents, consultants, subcontractors, and third-party service-provider companies, that have agreed to take measures to safeguard your information.
- Other entities authorized to have access to such information under applicable law or regulation.
PII collected on Planview sites and through our services may be stored and processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to robust contractual agreements, and the necessary technical and organizational measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy – [email protected]
How long we store your data
As data processors we keep customer information and PII as long as the service agreement with the customer is valid and in force. We keep backup logs stored for a limited time after termination for the sake of our customers convenience.
If a user of an account is deleted, all PII of the user is also deleted. Such measure can be managed by either the user himself or the customer account administrator. No assistance for such measures is required from the Planview Customer Support.
As data controllers we store PII of our users for marketing purposes as well as to keep you updated on our features and products. We also store your PII if you have provided this to us by interacting with us through different marketing channels. We keep our marketing records updated and correct by regular monitoring and by executing annual controls for accuracy. You may at any time unsubscribe from any communication from us without cost.
We work to ensure any new and/or modified systems that collect, process, or use PII are built only after giving adequate consideration to privacy issues and their impact, including completion of one or more data protection impact assessment(s) (DPIA).
Data minimization, pseudonymization, and anonymization for both services and marketing and sales operations will be used, if possible.
Your privacy choices and rights
A data processor must assist the data controller in fulfilling his obligations towards a registered natural person (data subject). Since we are data processors for our services, it is the data controller whom you shall contact if you want to exercise your rights as a registered user.
When using our services
Please note that you can adjust, add, or restrict your own personal data at any time.For marketing and sales operations
Planview is a data controller. As a registered user, you may exercise your rights stated below directly towards us.
Access: You have the right to be informed about what PII we hold on you, where we received it from, and for what purpose we want to use it.
Recipients: You have the right to know the recipients or categories of recipients that we transfer your PII to.
Retention: You have the right to know the period for which your PII will be stored.
Our legal basis for processing – the legitimate interest: You have the right to know why we consider having a legitimate interest of processing your PII. Your also have the right to object to this and restrict us from processing your data further by unsubscribing to direct marketing.
Contact: If you want to exercise your rights as a registered, please contact us at the Data Subjects Access Requests DSAR portal. For other privacy matters, please contact our Data Privacy Officer at Planview privacy – [email protected], or Planview Klarabergsgatan 60, 111 21 Stockholm SWEDEN.
Complain: If you want to file a complaint to the supervisory authority, you should contact 1) the authority in your own country if you are an EU citizen, or 2) the Swedish Integritetsskyddsmyndigheten (IMY) www.imy.se if you are a non-EU citizen. You also have the possibility, under certain conditions, to invoke binding arbitration*.
*Binding arbitration is a means of resolving a dispute that is private, less formal, less costly and less time-consuming than traditional litigation. We agree to submit a dispute to an impartial arbitrator authorized to resolve the controversy by rendering a final and binding award.
How you can hold us accountable
We are dedicated to maintaining transparency and open lines of communication for anyone with questions or concerns regarding the processing of their PII. You have two options for reaching out to Planview with questions or concerns.
Data Subject Access Request Portal
We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.Data Protection Officer
Planview has appointed a Data Protection Officer (DPO) situated in Sweden. If you want to get in contact with the DPO, please send us an email to the Data Protection Officer at [email protected].