Last updated: May 23, 2018
This Policy applies to services offered by Planbox, its subsidiaries and affiliated companies under the domain and sub-domains of planbox.com, planbox.ca, planbox.net and idealink.io (the “Sites”). This Policy describes the information, as part of the normal operation of our services that we collect from you and what may happen to that information. Our subsidiaries and affiliated companies operate under similar privacy practices as described in this Policy and, subject to the requirements of applicable law, we strive to provide a consistent set of privacy practices throughout our global user community.
This privacy statement and the procedures outlined herein comply with EU General Data Protection Regulation 2016/679 of April 27, 2016 (“GDPR”) and the relevant national legislation of the EU Member States implementing the GDPR (together the “Regulations”). For the purposes of this privacy statement “Company” or “Planbox” refers to Planbox Inc. and affiliated group companies.
If you submit your personal data to Planbox (irrespective of the manner or form), you agree to the terms of this Policy and to its processing in accordance with the Regulations.
International data transfers
Planbox operates in multiple jurisdictions some which are located outside the European Economic Area (EEA). Countries located outside the EEA may have data protection laws which do not provide the same level of protection for personal data as within the EEA. Planbox transfers personal data outside the EEA only to the extent required for legitimate business purposes. Planbox utilizes standard means under the Regulations to legitimize data transfers outside the EEA.
Information we collect
In general, you can browse planbox.com without telling us who you are or revealing any personal information about yourself. Once you give us your personal information, you are not anonymous to us. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide information by choosing not to use a particular feature.
With or without cookies, our Web sites track usage data, such as the source address that a page request is coming from, your IP address or domain name, the date and time of the page request, the referring Web site (if any) and other parameters in the URL. We use this data to better understand Web site usage in the aggregate so that we know what areas of our Web site users prefer. This information is stored in log files and is used for aggregated and statistical reporting. This log information is not linked to personal information gathered elsewhere on the site.
If you send us personal correspondence, such as emails or letters, we may collect such information into a file specific to you.
Our use of your information
We collect personal information (Personal Information) for the following purposes (“Purposes”):
- For a specific reason: If you provide Personal Information for a certain purpose, we may use the Personal Information in connection with the purpose for which it was provided. For instance, if you contact us by e-mail, we will use the Personal Information you provide to respond to your inquiry, answer your question or resolve your problem and will respond to the email address from which the contact was made.
- Marketing: Where it is in accordance with your marketing preferences, we may use your Personal Information to contact you in the future for our marketing and advertising purposes, including without limitation, to inform you about services or events we believe might be of interest to you, to develop promotional or marketing materials and provide those materials to you, and to display content and advertising on or off the Services that we believe might be of interest to you.
- Access and Use: If you provide Personal Information in order to obtain access to or use of the Services or any functionality thereof, we will use your Personal Information to provide you with access to or use of the Services or functionality and to monitor your use of such Services or functionality. For instance, if you supply Personal Information relating to your identity or qualifications to use certain portions of the Services, we will use that information to make a decision as to granting you access to use such Services and to monitor your ongoing qualification to use such Services.
- Internal Business Purposes: We may use your Personal Information for internal business purposes, including without limitation, to help us improve the content, user experience and functionality of the Services, to better understand our Users, to improve the Services, to protect against, identify or address wrongdoing, to enforce our Terms of Service, to manage your account and provide you with customer service, and to generally manage the Services and our business.
We only collect personal information about you that we consider necessary for achieving the above mentioned purposes.
As you browse planbox.com or our other Sites, cookies will be placed on your computer so that we can cache some information and understand what you are interested in. For our website at www.planbox.com, our partners, then enable us to present you with retargeting advertising on other sites based on your previous interaction with www.planbox.com. The techniques our partners employ do not collect personal information such as your name, email address, postal address, or telephone number.
Legal basis for collecting Personal Information
Our legal basis for collecting and using the Personal Information described above will depend on the personal information concerned and the specific context in which we collect it.
However, we will normally collect Personal Information from you only (i) where we need the personal information to perform a contract with you; (ii) where the processing is in our legitimate interests and not overridden by your rights; or (iii) where we have your consent to do so for the Purposes describes above. We have a legitimate interest in operating our Services and communicating with you as necessary to provide these Services, for example when responding to your queries, improving our platform, undertaking sales and marketing, or for the purposes of detecting or preventing illegal activities.
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the Personal Information to protect your vital interests or those of another person.
If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Information is mandatory or not (as well as of the possible consequences if you do not provide your Personal Information).
Our disclosure of your information
As a matter of this Policy, we do not sell or rent any of your personal information to third parties for their marketing purposes.
External Service Providers: We do not disclose your personal information to external service providers.
Other Corporate Entities. We may share our data, including personal information about you, with our subsidiaries and affiliated companies or potential partners. To the extent that these entities may have access to your information, they will treat it at least as protectively as they treat information they obtain from their other users. Our subsidiaries, affiliated companies or potential partners shall follow privacy practices no less protective of all users than our practices described in this document, to the extent allowed by applicable law.
Legal Requests. We cooperate with law enforcement inquires, as well as other third parties to enforce laws such as: intellectual property rights, fraud and other rights, to help protect you and the planbox.com community from bad actors. Therefore, in response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorized us to) disclose your name, city, province, telephone number, email address, and order history without a subpoena. However, in an effort to balance your right to privacy and the ability to keep the community free from bad actors, we will not disclose additional information to law enforcement or other government officials without a subpoena, court order or substantially similar legal procedure, except when the additional disclosure of information is necessary to prevent imminent physical harm or financial loss.
Planbox will keep Personal Information only as long as necessary for the purposes described in this policy or as required by law. Planbox will follow internally set guidelines and use care in the disposal, destruction, or de-identification of personal information to prevent unauthorized parties from gaining access to personal information.
Advertising and tracking
Links to other websites
Planbox Sites may use Google Analytics to collect information about your use of our websites. This consists of information that your web browser automatically sends to Google, such as the web address of the page that you visit and your IP address. Google may also set cookies or read preexisting cookies. This information is stored on Google´s servers. Google uses this information to provide us with reports about traffic to our websites and your visit to our websites (such as the domain from which you access the internet, the web address of the website from which you linked to our site, the time, date and duration of your visit to the web pages that you view and click through). We use this data to improve our website structure, content and user experience.
You may opt-out of our use of Google Analytics by visiting the Google Analytics opt-out page and installing the Google Analytics browser add-on, currently made available by Google at https://tools.google.com/dlpage/gaoptout.
Planbox Sites may also use the following Google Analytics Advertising Features: Google Analytics Demographics and Interest Reporting. Google Analytics Demographics and Interest Reporting uses a third party cookie to collect information about our website traffic by tracking users across websites and across time, which generates a report for us to better understand our websites’ users.
If you do not want Google to collect and use this information you may visit the Google Ad Settings page:
or you can also visit the website http://www.networkadvertising.org/choices to change your consumer preferences with respect to certain online ads and to obtain further information about third party ad networks and online behavioral advertising. For the Google Analytics Advertising Features, you may also opt-out of our use of Google Analytics as described above. Please remember that changing your settings with certain browsers and ad networks will not carry your privacy choices across browsers and other ad networks.
Your Personal Information is stored and processed on computers maintained by Microsoft Azure or Amazon Web Services at various locations throughout the world depending on which Planbox Sites and services you access and use. Planbox uses strict security processes and technical safeguards to protect your personal information against loss or theft, as well as against unauthorized access or disclosure, to protect your privacy, including firewalls and data encryption at transit and at rest. We employ many different security techniques to protect such data from unauthorized access by users inside and outside the company. However, please bear in mind that the Internet cannot be guaranteed to be 100% secure.
Data Controller for Website Services
Planbox is considered a data controller under the Regulations for all services related to the general Planbox (www.planbox.com) website services (“Website Services”).
Data Processor for Innovation Management and Agile Project Management Software and Services
For innovation management software services and agile project management services (“Application Services”), Planbox only processes data stored in Planbox applications (“Application Data”) as per our Customer’s instructions. For purposes of the GDPR and the Swiss Federal Act on Data Protection, Planbox is the processor and not the controller of the Application Data. When Planbox acts as the data processor, a separately executed Master Service Agreement or Data Processing Addendum (“DPA”) between Planbox and the Customer defines Planbox’S data processing and privacy management obligations.
Rights of data subjects
If Planbox is a data processor for the services you access, please contact the data controller to find out what rights and services you have access to. With your consent, we will forward any request you make to Planbox to the appropriate data controller.
When Planbox acts as the data controller, you have the right to review and change your personal information that you have provided us. We will retain in our files some personal information you have requested us to remove in order to prevent fraud, troubleshoot problems, assist with any investigations, and comply with legal requirements as is permitted by law. Therefore, you should not expect that all of your personal information will be completely removed from our databases in response to your requests .
As a data subject whose personal data is processed by Planbox for the Purposes mentioned above, in applicable circumstances you have the right to access your Personal Information, request a copy of (e.g. for transfer to another IT environment), and request to update or correct, your personal data held by Planbox. To the extent that the processing of Personal Information by Planbox occurs on the basis of your consent (such as your right to prevent your Personal Information to be used for direct marketing) you have the right to withdraw such consent. Such withdrawal will however not restrict Planbox in continuing to process Personal Information if the justification therefore does not rely on your consent and is still necessary for any of the mentioned Purposes. You also have the right to object to the processing of your Personal Information by Planbox , to request that Planbox restrict the processing of your Personal Information or request that Planbox erase your personal data, all on the grounds mentioned in the Regulations. Planbox will respond to all such requests in accordance with the Regulations.
You have the right to lodge a complaint with the competent personal data protection authority if you believe that the processing of your Personal Information is not in compliance with Regulations, or if Planbox does not respond to your requests in timely and/or appropriate manner, or if they are not answered at all.
When Planbox acts as the data processor, a separately executed Master Service Agreement or Data Processing Addendum (“DPA”) between Planbox and the Customer defines Planbox retention policy and data processing obligations.
When Planbox acts as the data controller, Planbox will only store your personal data for the duration necessary and in a manner permitted by the Regulations or other applicable laws. We retain personal information we collect from you where we have an ongoing legitimate business need to do so (for example, to provide you with a service you have requested or to comply with applicable legal, tax, or accounting requirements). When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
When Planbox acts as the data controller, you have the right to exercise your Right To Be Forgotten via a request sent to firstname.lastname@example.org. Upon receiving such request, Personal Information will be removed except as required to comply with applicable legal, tax, or accounting requirements. Upon executing your Right to be Forgotten you understand and agree that:
- Your Planbox data, personal settings and personal details will be permanently removed
- Your Planbox accounts and services will be cancelled and terminated
- All your files, databases, email accounts and any other type of data stored in your Planbox account will be permanently removed
- Your invoices and billing data will no longer be accessible
- Your payment and credit card information will be permanently deleted
- Your support tickets and any information included in them will no longer be accessible
Contact details and further information
If you have any questions in connection with this notification or the processing of personal data by Planbox in general, or if you have questions or requests for information, you can contact Planbox ’s Data Protection Officer as follows:
Data Protection Officer
Address: 3090 Boul. le Carrefour #750 Laval QC, Canada H7T 2J7
This policy is an overview of information about our policies and practices relating to the management of personal information. We may amend this Policy at any time by posting the amended terms on planbox.com. Any changes or modifications to our privacy practices will be posted in this policy for 30 days before they take effect.