1. General Information in Data Processing
1.1 Planflow as Data Controller
Questions about your data can be asked at firstname.lastname@example.org.
1.2 Scope of Data Processing
We as well as our external service partners process your data for the purpose of providing the Website and services, including providing hard- and software through such external service partners. You provide data if this is necessary for the aforementioned purposes. For more information please also refer to email@example.com.
In the event you refrain from providing such data you may face legal disadvantages, for example, limited or no possibility of using our Website or no answer to your email send to us.
1.3 Your Rights
At Planflow, we apply the same data rights to all customers, regardless of their location. Currently some of the most privacy-forward regulations in place are the European Union’s General Data Protection Regulation (“GDPR”) and California Consumer Privacy Act (“CCPA”) in the US. Planflow recognizes all of the rights granted in these regulations, except as limited by applicable law. These rights include:
- Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
- Right to Correction. You have the right to request correction of your personal information.
- Right to Erasure / “To be Forgotten”. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession and, by extension, all of our service providers. Fulfillment of some data deletion requests may prevent you from using Basecamp services because our applications may then no longer work. In such cases, a data deletion request may result in closing your account.
- Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed, including opting out of sale of personal information. (Again: we never have and never will sell your personal data).
- Right to Object. You have the right, in certain situations, to object to how or why your personal information is processed.
- Right to Portability. You have the right to receive the personal information we have about you and the right to transmit it to another party.
- Right to not be subject to Automated Decision-Making. You have the right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable law, or is based on your explicit consent.
- Right to Non-Discrimination. This right stems from the CCPA. We do not and will not charge you a different amount to use our products, offer you different discounts, or give you a lower level of customer service because you have exercised your data privacy rights. However, the exercise of certain rights (such as the right “to be forgotten”) may, by virtue of your exercising those rights, prevent you from using our Services.
Many of these rights can be exercised by signing in and directly updating your account information.
If you have questions about exercising these rights or need assistance, please contact us at firstname.lastname@example.org. For requests to delete personal information or know what personal information has been collected, we will first verify your identity using a combination of at least two pieces of information already collected including your user email address. If an authorized agent is corresponding on your behalf, we will first need written consent with a signature from the account holder before proceeding.
1.4 Storing and Deleting Data
1.5 Profiling and automated decision making
We do not use automated decision-making including profiling when processing data concerning our Website or Platform except as set forth herein. However, our third party providers may carry out such profiling in individual cases. We will inform you about such fact if possible.
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
You have the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effect on you or substantially impairs you in a similar manner.
1.6 Data Security
For a best possible security of user data our service through the Website is provided via a secured SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form. We have implemented suitable technical and organizational measures.
1.7 Data Processing by Third Parties / Data Processing outside the EU
1.8 Contact Us
If you send us an e-mail or otherwise contact us, your details in this online form or request, including the contact data, name, email address and other data provided respectively, are processed by us in order to deal with your inquiry or to be able to contact you at a later time for follow up questions. These data are processed only on the basis of your consent (legal basis Art. 6 (1) a. GDPR) or on the basis of an initiating or existing business relationship with us (legal basis Art. 6 (1) b. GDPR or TMG).
2. Data processing on our website
2.1 Visiting the Website
We (or the webspace provider) collect data on each visit to our website planflow.io ("Website") (so-called Server log files), which include:
Name of the Website visited, file, date and time of the visit, data amount transferred, information on a successful call, browser type as well as version, operating system of the user, referrer URL (the page visited before), IP address and the requesting provider as well as the following, if a mobile end device is being used: country code, language, name of device, name of operating system and version.
We use these server log files only for statistical evaluations for the purpose of optimizing our services and in order to guarantee the stability and operational security of the Website. When personal data (such as the IP-address) are stored the legal basis for this is Art. 6 (1) c. GDPR or Art. 6 (1) f. GDPR based on our legitimate interest of quality assurance or TMG.
In our newsletter we inform you about our services and products also described on our Website.
When registering for the newsletter, you have to provide an email address. This email address will be transmitted to and stored by us (or a provider as specified below). After registration, the user will receive an email to confirm the registration ("double opt-in"). Via clicking the registration link you have given your consent to the processing of your personal data for receiving our newsletter and we may process such data accordingly. In case of registration for the newsletter we (or our provider as specified below) also store the IP address, the device name, the mail provider as well as the user's first and last name and the date of registration.
We use the mail provider "Loops" at 9450 SW Gemini Dr. PMB 22902 Beaverton, Oregon 97008-7105 who receives and processes on our behalf the data necessary for the mailing, in particular email address, IP address, device name. These data are processed on servers in the USA. Loops is a service with which the dispatch of emails can be organized and analyzed. With the help of Loops we can analyze our emails. When you open an email sent with Loops, a file contained in the email (so-called web beacon) connects to the customer.io servers in the USA. This allows you to determine whether a message has been opened and which links have been clicked on. In addition, technical information is recorded (e.g. time of registration, IP address, browser type and operating system). This information cannot be assigned to the respective email recipient. They are used exclusively for statistical analysis of our emails. The results of these analyses can be used to better adapt future emails to the interests of the recipients. Loops is certified according to "privacy shield". The "privacy shield" is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA. For more information please refer to loops.so.
The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 (1) f. GDPR) and/or on Art. 6 (1) f. GDPR with our legitimate interest of quality assurance and marketing.
OPT-OUT: If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data through such newsletters please use the "unsubscribe" link contained in each newsletter or send us an email to email@example.com.
2.3 Careers Section on our Website
We process your personal data for fulfilling our contractual or pre contractual obligations (based on Art. 6 (1) b. GDPR) or -- as applicable -- for the purpose of the employment relationship with you (Section 26 BDSG), in particular, we use your data:
To get in touch with you, communicate with you, update you and to facilitate your application,
To offer an online-application system that is connected to our website,
To respond to your questions or concerns,
To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed,
When necessary and for the purposes of our legitimate interests to maintain adequate records, we may collect and handle information related to medical information, ethnic origin or criminal records,
To assist in any disputes, claims or investigations relating to your application, or
To comply with our legal, regulatory and professional obligations.
We may also use your data with your explicit consent (based on Art. 6 (1) a. GDPR or Section 26 BDSG), for example to keep you informed about other opportunities if you wish us to do so. If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with our recruiting processes or keep you informed about future opportunities.
A list of the data processors processing data (outside the EU) and corresponding information is available by request via email to firstname.lastname@example.org.
With your explicit consent, we will keep your information in case any other opportunities become available which you might be interested in; we will only keep your information for a limited period and your details will be deleted on a general basis after 12 months of inactivity on your account latest. You may withdraw such consent with effect for the future at any time via email to email@example.com.
3. Cookies and Third Party Providers on the Website
Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective and safer. Cookies are small text files which are stored on your device and in your browser.
Most of the cookies we use are so-called session cookies. After the end of the session these cookies will be deleted automatically. The session cookies are used in order to associate successive page requests with the individual users, who at the same time access our Website. Other cookies will be stored on your device until you delete them. These cookies enable us to recognize your browser during your next visit.
By clicking "I agree" in the cookie banner appearing on your screen when visiting planflow.io for the first time you agree that all cookies set out in this clause will be set. This applies both to regular cookies and essential cookies; essential cookies are such cookies which are necessary to correctly display the Website and/or carry out its basic functionalities. If you, however, choose to not agree with our usage of those non-essential cookies – either by ignoring the banner or by clicking the top right "X" – only essential cookies will be set. Your decision will be stored in one cookie which is used to recognize your browser during your next visit, so you will not be asked again until you decide to delete this cookie. Please find information on how to opt-out in connection with cookies in general in the following paragraph and in particular in the respective subsection of this clause.
You can adjust your browser to notify you, before you receive a cookie or to decide to accept cookies on a case-by-case basis, to completely or partly exclude all incoming cookies and to activate the deletion of cookies automatically when the browser is closed. You may manage many online advertisement cookies provided by companies via the American web pagehttp://www.aboutads.info/choices/or the web page of the European Unionhttp://www.youronlinechoices.com/uk/your-ad-choices/. We would like to inform you that the usage and especially the convenience of usage without using any cookies may be limited.
In the event personal data are processed such processing is based on Art. 6 (1) a. GDPR.
3.2 Google Analytics
The service offered here uses Google Analytics, a web analytics tool offered by Google LLC, Mountain View, CA, USA ("Google"). This analysis service uses so-called "cookies". For analysis, text files will be stored on your device. The information stored in the corresponding files about the use of this website are generally transmitted and stored in Google server in the USA. As the IP anonymization is active on this Website, your IP address will be shortened by Google within the member states of the European Union (EU). This information will be used to evaluate your use of the services offered here and enable the operator of this website to analyze your website activity and provide other services associated with the website service. The IP address transmitted from your browser, as part of Google Analytics will not be merged with other data from Google.
We point out that an automated decision making ("profiling") can take place when integrating Google and an existing Google account.
Google LLC, USA is certified according to the EU-US agreement "Privacy Shield". The "Privacy Shield" is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA.
3.3 Google Tag Manager
June by June, Inc., 5 Villa Terrace, San Francisco, CA, 94114, USA: The service analyzes your usage data of the service on our behalf based on our legitimate interest of improving our product. To show compliance with EU data protection standards June is certified according to the EU-US-Privacy-Shield (see: https://www.privacyshield.gov). For further information please also refer to https://help.june.so/en/articles/6823521-privacy-policy
We use Segment.io, provided by Segment.io, Inc. (101 15th St., San Francisco, CA 94103, USA) (“Segment”), a data analysis service that aggregates usage data from our Website and our App. According to Segment, the recorded usage data is only processed in pseudonymised form; IP addresses are shortened accordingly after their collection and the data is not used to combine user profiles with your personal data. According to Segment, the information about the use of our website is usually transmitted to and stored by Segment on a server in the United States. To show compliance with EU data protection standards Segment.io. is certified according to the EU-US-Privacy-Shield (see:https://www.privacyshield.gov). We have concluded a Data Processing Agreement (DPA) with Segment.io.
To facilitate the messaging and customer service functionalities in our Service, we use Pipedrive, a tool by Pipedrive, Inc., 530 Fifth Avenue, 8th floor, Suite 802 New York, NY 10036 (“Pipedrive”). For this purpose, when using the message or customer service function in our Service, your data such as your name, mail address, operating system, browser page, referrer and IP address as well as the content of your message will be transferred to Pipedrive and such data may be stored on Pipedrive servers in the US. Pipedrive submits the collected data to us so that we can address your request.
3.7 Integration of Services by Third Parties
When using this online service, contents of third parties, like for instance, links to Instagram, YouTube videos, map material provided by Google Map, RSS feeds or graphics are integrated from other websites. This always requires that the providers of this content ("Third Party Providers") use the IP address. Without this IP address these Third Party Providers would not be able to send the content to your browser. Consequently, the IP address is required in order to display the content. We make every effort to only use such content by Third Party Providers which use the IP address for the delivery of content only.
Such data are used in order to guarantee the stability and operational security of the websites of the Third Party Providers as well as for the purpose of optimizing our services via quality assurance. If the IP address is stored such processing is basedon Art. 6 (1) b., c. GDPR, Art. 6 (1) a. GDPR or TMG.
In the event of displayed content by Third Party Providers your data may be processed outside the EU.
4. Data Processing on our Social Media Pages
We do not operate any of our pages on social media, including Facebook, Linkedin, and X.
For further information you may contact us any time, for example via email to firstname.lastname@example.org.
Version 0.1 (08/30/2020)
© Copyright 2020 Planflow, Inc.
All rights reserved.