Privacy Policy

This privacy policy informs you about data processing by us and is available at We may also give you additional information on data processing by us.

1. General Information in Data Processing

1.1 Planflow as Data Controller

Questions about your data can be asked at

1.2 Scope of Data Processing

We as well as our external service partners process your data for the purpose of providing the Website and services, including providing hard- and software through such external service partners. You provide data if this is necessary for the aforementioned purposes. For more information please also refer to

In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Website or no answer to your email send to us.

1.3 Your Rights

At Planflow, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. Planflow recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:

  • Right to Know. You have the right to know what personal information is collected, used, shared or sold. We outline both the categories and specific bits of data we collect, as well as how they are used, in this privacy policy.
  • Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  • Right to Correction. You have the right to request correction of your personal information.
  • Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using Basecamp services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
  • Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data).
  • Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
  • Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
  • Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
  • Right to Non-Discrimination. This right stems from the CCPA. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right “to be forgotten”) may, by virtue of your exercising those rights, prevent you from using our Services.

Many of these rights can be exercised by signing in and directly updating your account information.

If you have questions about exercising these rights or need assistance, please contact us at For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.

1.4 Storing and Deleting Data

The data are deleted if you withdraw your consent and/or such data are no longer necessary for the purpose of processing. The log files and IP addresses of website visitors, which we process as described below, are deleted within 30 days. Data are also stored as set forth in this privacy policy. Furthermore, we store your data if we are obliged to do so in accordance with legal retention periods (e.g. German Commercial Code (HGB) or German Fiscal Code (AO)) (legal basis: Art. 6 (1) c. GDPR). We may also store your data to enforce, exercise and defense legal claims (legal basis: Art. 6 (1) f. GDPR) with our legitimate interest that may be, for example, in the assertion of legal claims and defense in legal disputes. Criteria for storing data are the respective interests of you or us for storing such data for example considering economic and technical restrictions, the time periods offered by third party providers engaged by us etc.

1.5 Profiling and automated decision making

We do not use automated decision-making including profiling when processing data concerning our Website or Platform except as set forth herein. However, our third party providers may carry out such profiling in individual cases. We will inform you about such fact if possible.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or substantially impairs you in a similar manner.

1.6 Data Security

For a best possible security of user data our service through the Website is provided via a secured SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.

1.7 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes named in this privacy policy. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. A list of the data processors processing data outside the EU and corresponding information is available by request via email to

1.8 Contact Us

If you send us an e-mail or otherwise contact us, your details in this online form or request, including the contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions. These data are processed only on the basis of your consent (legal basis Art. 6 (1) a. GDPR) or on the basis of an initiating or existing business relationship with us (legal basis Art. 6 (1) b. GDPR or TMG).

2. Data processing on our website

2.1 Visiting the Website

We (or the webspace provider) collect data on each visit to our website ("Website") (so-called Server log files), which include:

Name of the Website visited, file, date and time of the visit, data amount transferred, information on a successful call, browser type as well as version, operating system of the user, referrer URL (the page visited before), IP address and the requesting provider as well as the following, if a mobile end device is being used: country code, language, name of device, name of operating system and version.

We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website. When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) c. GDPR or Art. 6 (1) f. GDPR based on our legitimate interest of quality assurance or TMG.

2.2 Newsletter

In our newsletter we inform you about our services and products also described on our Website.

When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below). After registration, the user will receive an email to confirm the registration ("double opt-in"). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter and we may process such data accordingly. In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration.

We use the mail provider "Loops" at 9450 SW Gemini Dr. PMB 22902 Beaverton, Oregon 97008-7105 who receives and processes on our behalf the data necessary for the mailing, in particular email address, IP address, device name. These data are processed on servers in the USA. Loops is a service with which the dispatch of emails can be organized and analyzed. With the help of Loops we can analyze our emails. When you open an email sent with Loops, a file contained in the email (so-called web beacon) connects to the servers in the USA. This allows you to determine whether a message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective email recipient. They are used exclusively for statistical analysis of our emails. The results of these analyses can be used to better adapt future emails to the interests of the recipients. Loops is certified according to "privacy shield". The "privacy shield" is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For more information please refer to

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) f. GDPR) and/or on Art. 6 (1) f. GDPR with our legitimate interest of quality assurance and marketing.

OPT-OUT: If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to

2.3 Careers Section on our Website

We will also process your data through the careers section of the Website. Such data may include name, email, address and telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with us. We may also ask for additional information to assist us with our recruitment process and in the event you are offered a job an example would be date of birth, work documents. You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Pitch or otherwise). In those circumstances, you will need to check with that person that they are happy for you to share their personal information with us, and for us to use it in accordance with this privacy policy.

We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG), in particular, we use your data:

To get in touch with you, communicate with you, update you and to facilitate your application,

To offer an online-application system that is connected to our website,

To respond to your questions or concerns,

To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed,

When necessary and for the purposes of our legitimate interests to maintain adequate records, we may collect and handle information related to medical information, ethnic origin or criminal records,

To assist in any disputes, claims or investigations relating to your application, or

To comply with our legal, regulatory and professional obligations.

We may also use your data with your explicit consent (based on Art. 6 (1) a. GDPR or Section 26 BDSG), for example to keep you informed about other opportunities if you wish us to do so. If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.

We also use third party service providers for processing your career data. For job applications and the recruiting process we work together with the software recruiting service by Greenhouse (Greenhouse Software, Inc., 18 West 18th Street, 9th Floor, New York, NY 10011 USA) and process your data according to this privacy policy and as described in the Greenhouse’s Privacy Policy ( and on the basis of a Data Processing Agreement. Greenhouse may process your data outside the EU/EEA. Greenhouse is certified according to the EU-US agreement “Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. Further information is available by request via email to

A list of the data processors processing data (outside the EU) and corresponding information is available by request via email to

With your explicit consent, we will keep your information in case any other opportunities become available which you might be interested in; we will only keep your information for a limited period and your details will be deleted on a general basis after 12 months of inactivity on your account latest. You may withdraw such consent with effect for the future at any time via email to

3. Cookies and Third Party Providers on the Website

3.1 Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective and safer. Cookies are small text files which are stored on your device and in your browser.

Most of the cookies we use are so-called session cookies. After the end of the session these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users, who at the same time access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.

By clicking "I agree" in the cookie banner appearing on your screen when visiting for the first time you agree that all cookies set out in this clause will be set. This applies both to regular cookies and essential cookies; essential cookies are such cookies which are necessary to correctly display the Website and/or carry out its basic functionalities. If you, however, choose to not agree with our usage of those non-essential cookies – either by ignoring the banner or by clicking the top right "X" – only essential cookies will be set. Your decision will be stored in one cookie which is used to recognize your browser during your next visit, so you will not be asked again until you decide to delete this cookie. Please find information on how to opt-out in connection with cookies in general in the following paragraph and in particular in the respective subsection of this clause.

You can adjust your browser to notify you, before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web page the web page of the European Union We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.

In the event personal data are processed such processing is based on Art. 6 (1) a. GDPR.

3.2 Google Analytics

The service offered here uses Google Analytics, a web analytics tool offered by Google LLC, Mountain View, CA, USA ("Google"). This analysis service uses so-called "cookies". For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.

Adjusting the settings of your browser Platform can prevent the use of cookies. In this case, it may be possible that the functions of the service offered here cannot be used in its entirety. Furthermore, it is possible to prevent the acquisition and processing of data generated by the "cookies" in relation to the use of this website, by downloading and installing the browser plugin available at the following link:

We point out that an automated decision making ("profiling") can take place when integrating Google and an existing Google account.


Google LLC, USA is certified according to the EU-US agreement "Privacy Shield". The "Privacy Shield" is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.

3.3 Google Tag Manager

Our Website uses the Google Tag Manager by by Google LLC, Mountain View, CA, USA. Google Tag Manager is a solution that allows marketers to manage website tags through a single interface. The tool Google Tag Manager itself (which implements the tags) is a cookieless domain and does not collect any personal data. The tool triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If deactivation has been made at the domain or cookie level, it will remain in effect for all tracking tags implemented with Google Tag Manager. You can also find more information in Google's privacy policy:

3.4 June

June by June, Inc., 5 Villa Terrace, San Francisco, CA, 94114, USA: The service analyzes your usage data of the service on our behalf based on our legitimate interest of improving our product. To show compliance with EU data protection standards June is certified according to the EU-US-Privacy-Shield (see: For further information please also refer to

3.5 Segment

We use, provided by, Inc. (101 15th St., San Francisco, CA 94103, USA) (“Segment”), a data analysis service that aggregates usage data from our Website and our App. According to Segment, the recorded usage data is only processed in pseudonymised form; IP addresses are shortened accordingly after their collection and the data is not used to combine user profiles with your personal data. According to Segment, the information about the use of our website is usually transmitted to and stored by Segment on a server in the United States. To show compliance with EU data protection standards is certified according to the EU-US-Privacy-Shield (see: We have concluded a Data Processing Agreement (DPA) with

3.6 Pipedrive

To facilitate the messaging and customer service functionalities in our Service, we use Pipedrive, a tool by Pipedrive, Inc., 530 Fifth Avenue, 8th floor, Suite 802 New York, NY 10036 (“Pipedrive”). For this purpose, when using the message or customer service function in our Service, your data such as your name, mail address, operating system, browser page, referrer and IP address as well as the content of your message will be transferred to Pipedrive and such data may be stored on Pipedrive servers in the US. Pipedrive submits the collected data to us so that we can address your request.

The legal basis for our use of Pipedrive is Article 6 (1) a. GDPR. Pipedrive has submitted to the EU-US-Privacy Shield ( For more information about Intercom’s processing of your data, please refer to Intercom’s Terms of Use ( and Privacy Policy (

3.7 Integration of Services by Third Parties

When using this online service, contents of third parties, like for instance, links to Instagram, YouTube videos, map material provided by Google Map, RSS feeds or graphics are integrated from other websites. This always requires that the providers of this content ("Third Party Providers") use the IP address. Without this IP address these Third Party Providers would not be able to send the content to your browser. Consequently, the IP address is required in order to display the content. We make every effort to only use such content by Third Party Providers which use the IP address for the delivery of content only.

Such data are used in order to guarantee the stability and operational security of the websites of the Third Party Providers as well as for the purpose of optimizing our services via quality assurance. If the IP address is stored such processing is basedon Art. 6 (1) b., c. GDPR, Art. 6 (1) a. GDPR or TMG.

In the event of displayed content by Third Party Providers your data may be processed outside the EU.

4. Data Processing on our Social Media Pages

We do not operate any of our pages on social media, including Facebook, Linkedin, and X.

5. Questions?

For further information you may contact us any time, for example via email to

Version 0.1 (08/30/2020)

© Copyright 2020 Planflow, Inc.
All rights reserved.