The Planview Privacy Statement

Last modified: March 6, 2024
Planview Trust Toggle Expansion Expand Collapse All

What this Privacy Statement covers

Planview values your Privacy and understands its responsibilities when processing* your personal information / personal data (“PII” in the following). With this Privacy Statement we aim at explaining our use of PII Here you will find clear and comprehensive information about how and why we process your personal information.

*Processing means any type of operation or set of operations which is performed on PII, such as but not exclusively collection, storage and use.

Planview operates in the business-to-business industry and does not focus on consumer individual users or the collection of consumer data. We are a cloud service provider offering a range of different software solution services, and additional professional services for company’s and professionals.

This Privacy Statement covers product-specific information about how we process your PII when providing our services, information we collect on our websites, or by any other interaction with you. Additionally, we would like to let you know how we secure your PII, with whom we share it, and how you can contact us to exercise your rights.

Any reference to a Planview website includes all Planview websites as well as those of our subsidiaries. Planview maintains these same privacy practices with respect to PII that is collected off-line. This Privacy Statement does not apply to the practices of third parties that Planview does not own or control, nor to consumer individuals.

We encourage you to periodically review this Privacy Statement to stay informed about how we process your PII, as it may be updated with regards to the legal development of privacy, or any other changes on the measures and practices we adopt.

If you don’t receive enough information regarding our privacy practices in this statement, please let us know by sending an email to Planview privacy – [email protected].

Our commitment to our customers

Compliance with security and privacy is a part of our business DNA. That’s why we adhere to stringent standards such as ISO/IEC 27001 and undergo independent validation of compliance. We also perform annual SOC 2 Type I and/or II reports and penetration tests of our services. Planview also leverages an ISO/IEC 27701 certification of Privacy Information Management System (PIMS) which monitors our compliance with applicable privacy laws and regulations, and industry’s state-of-the-art controls. Planview is also subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Planview is subject to several privacy regulations and standards depending on where processing activities take place, such as the AB-375 California Consumer Privacy Act (CCPA) and other US privacy regulations within specific business industries, the General Data Protection Regulation 2016/679 (GDPR) for EU, and other country-specific privacy regulations. Adherence to these standards, along with regularly performed security evaluations, internal privacy policies, specific instructions and regular training of employees, serves as safeguards to ensure technical and organizational measures are in place to protect PII in our possession.

As a consequence of the Court of Justice of the European Union’s (CJEU) invalidation of the Privacy Shield, Planview enhanced the technical and organizational measures in place to protect the PII being transferred to countries outside the European Economic Area.

Our role in different relations

Our role, with respect to processing your data, varies depending upon the type of activities we perform.

  • For service delivery – Planview is a data processor for the Planview software services In these cases, our customers are data controllers.
  • For marketing purposes – Planview is a data controller for our marketing activities. We may either have a legitimate interest of processing PII or ask for your consent for these operations.
  • For Planview’s own administration and facilitation of Subscription Services – Planview is a data controller for Contract Billing and Payments Data (for Planview’s internal CRM system), disclosed Information (from third parties, e.g. Credit Reference Agencies or from Public Directories, for internal CRM system), user behavioral data (for measuring the use of the service and support), and user performance data (for measuring the use of service to tailor better features and support).
  • Planview communities and communication forums – Planview is a data controller when providing you access and participation on our communities and communication forums (for example, message boards and blogs). In these cases, we process your PII as necessary to provide you the access to these platforms in line with the applicable Terms of Use, and Community Guidelines. Your PII may also be used for marketing purposes on the basis of a legitimate interest of ours.

When and how we collect data

From the first moment you interact with Planview, we may be collecting data. Sometimes you provide us with data. Sometimes data about you is collected automatically. Data is occasionally also collected from third parties which Planview collaborates with, and uploaded to Planview systems. Such data comprise general information of companies and business representatives, often named individuals identified as appropriate contact of the business.

These are examples of when and how data is collected:

  • You browse any page on one of our websites
  • You complete a form on one of our websites
  • You use one of our services
  • We call you
  • You receive emails from us
  • You view and sign contracts
  • You call us for customer support
  • You chat with us for customer support
  • You integrate 3rd-party applications with one of our services
  • You interact with partners and other third-parties that provide us data

For service delivery

Users of our services sign up for access to the different systems that Planview is hosting. A few fields of user information are mandatory and must be stated for the service to work at all. Full name, email and country of residence is required. Name is needed for the ability to identify users, email is needed for authentication, and country is needed for financial reasons (VAT) and trade compliance.

Over and above that, a user may add any other information and PII relating to themselves (or others) as they find relevant. Planview will not have any implication with whatever information a user provides to the service and system.

PII is stored during the time period the user is utilizing the service. A user is always able to adjust or delete its PII. Users are permanently deleted from an account by the account administrator, which the customer is solely responsible for.

Planview will have access to information about user data that a user provides to the service himself, and also IP-address. Such information is necessary for the administration of the services, in case there’s a need for support or troubleshooting. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.

Planview may also collect information during your work in our services, or when you visit our website, through the use of automatic data collection tools such as cookies (described below) and other commonly used information-gathering tools.

For marketing purposes

In order to serve you with relevant information regarding our services, and to respond to any requests you may have, we collect information about you when signing up for a user account, a webinar or seminar, or when downloading content such as eBooks or whitepapers from our website. We may also receive information about you when collected by our partners or collect it from public sources such as LinkedIn. This information may comprise all or some of these PII’s; your name, contact information (phone and fax numbers, street address, and email address), company name, work title and payment data.

We retain this information as you wish to receive information from us. We will ensure that the information we have is accurate and updated by regular control mechanisms. You may – at any time – require us to delete, rectify, restrict or object to any PII we hold about you. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

Users of our communities and communication forums sign up for accessing to the different platforms that Planview provides for these purposes. A few fields of user information are mandatory and must be stated for the service to work at all. To set up your account, we will collect basic PII such as name (to identify you as a user); and email (for authentication purposes). PII is stored during the time period the user is utilizing the platform. You may – at any time – require us to delete, rectify, restrict or object to any PII we hold about you. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.

Learn more about what information we collect and process

Show • Learn more about what information we collect and process

How and why we use your data

A growing body of data protection regulations specify how we can process your data. The regulations may vary between country, state or region. Considering such variations, we may need a specific reason, and a legal basis (among other requirements), for processing your data.

Some of the reasons may be:

  • To enable you to use our product

    Planview is a data processor for the Planview software services. Our customers are the data controllers in these processing activities. Our legal basis is the execution of the software services contract with our customers. Customers shall give explicit instructions of how we may process their data in a Data Processing Agreement (DPA). User login name is necessary to verify the user is authorized and permitted to use the services.
  • To improve our services and websites

    Examples include: Testing features, interacting with feedback platforms, managing landing pages, heat mapping, traffic optimization, and data analysis and research. We have a legitimate interest of developing, ameliorating and improving our services for the benefit of our customers and users.
  • For customer support

    Examples include: When users submit a ticket to assistance and/or help, notifying users of any changes to our service and solving issues via chat, phone or email. We are contractually committed to communicate with users and help if required.
  • For direct marketing purposes

    To be able to provide you with information about our products, new features, and enhanced services, via email or tailored advertising. We have a legitimate interest to process your data to develop, ameliorate and improve our services. In some cases, we may request your consent for marketing purposes.

For service delivery

For our services, we need information about you to be able to identify you. These uses may include providing you with service and support, communicating with you and responding to your requests, and sending you information in relation to new products and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product. We believe you benefit in your work with our services thereby.

For marketing purposes

For marketing, we use the information we collect about you to communicate with you about our products and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product.

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

For our communities and communication forums, we need the information we collect to be able to identify you and authenticate you when accessing these platforms. Other uses may include providing you with service and support, communicating with you and responding to your requests, and sending you information in relation to new products and services. We are collecting metadata related to you for improving your user experience of our platforms, and for us to be able to provide you with a better, more user-friendly platform. We believe you benefit in your work with our services thereby.

Data sharing

Planview shares information for business purposes only on a need-to-know basis and only with its own employees and affiliates; the customer from which Planview received the information; Planview agents, consultants, sub-processors, and third-party service-provider companies, that have agreed to take measures to safeguard your information and other entities authorized to have access to such information under applicable law or regulation.

If data transfer is required, Planview ensures that such transfer complies with the applicable privacy and data protection regulation, including adopting the necessary technical and organizational measures to guarantee an adequate level of protection to the transferred information. Except as described in this Privacy Statement, Planview will not share the personal information you provide to Planview with non-Planview third parties without your permission except as required by law.

Links to non-Planview websites

The website may provide links to unaffiliated, third-party websites for your convenience and information. If you access these links, you will leave the Planview website. Planview has no control over these websites and is not responsible or liable for the policies and practices followed by third parties. The PII you choose to provide, or that is collected by these third parties, is not covered by this Privacy Statement. If you link to or otherwise visit any other websites managed by third parties, we encourage you to review the privacy policies posted at those sites before submitting your personal information.

Learn more about for what purpose do we need your personal data and how do we use information about you

Show • Learn more about for what purpose do we need your personal data and how do we use information about you

How we use cookies and web analytics tools

Cookies are small text files that store information about your interactions with a particular website, either temporarily (known as a “temporary” or “session” cookie and deleted once you close your browser window) or more permanently on the hard drive of your computer (known as a “permanent” or “persistent cookie”). Cookies can make it easier to use a website by allowing servers to access certain information quickly:

  • Session cookies can be used to help a user’s browser navigate a website more smoothly and may show up if the user comes from a website with which the subsequent website has some relationship (e.g., a website of an affiliated company) and can give helpful information.
  • Persistent cookies can be used to customize a website for a user, such as by storing passwords, preferences, and registration and account information so that users do not have to re-enter this information each time they visit a website.

Planview uses Cookies both on its websites and in its software services.

Use of analytics tools and cookies on our websites

Planview uses web analytics services and similar technologies to analyze how users use the Planview websites. We also use your interactions on the website and the information you provide us with through registration forms to provide you services that better suit your preferences. This information is also used to assess our business performance, and our marketing effectiveness.

Our website may use both session cookies and persistent cookies to store information that allows us to improve our customer service to you and provide you with the ability to navigate the website more easily. To make our website easier to use, we combine information collected via cookies with personally identifiable information.

For detailed information regarding the cookies that we issue and to manage your cookie preferences, please visit our Privacy Preference Center.

Use of analytics tools and cookies on Planview software services

Planview’s software services only use Cookies when strictly necessary cookies, hence, these limited number of Cookies cannot be switched off. For more information on the use of Cookies on each of our software services, including the list of Cookies used and its purposes of use, please consult the Cookie Banners, or the Privacy Settings available on our software services.

Use of social media widgets

We use social media widgets as dynamic information sharing tools on our website to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these social media sites is governed by the security and privacy policies of those third-party sites.

Learn more about the cookies and analytics tools we use

Show • Learn more about the cookies and analytics tools we use

How we secure your data

Planview utilizes a risk-based information security management system incorporating a defense-in-depth strategy with preventative and detective controls at each of the layers where customer data is stored, processed or transmitted.

This includes:

  • Penetration tests and vulnerability scans
  • Tight control of access to environments where customer data is processed or stored
  • Encryption of data in transit using the Transport Layer Security (TLS) protocol
  • Encryption of data at rest using the Advanced Encryption Standard (AES) algorithm
  • A security management system built around the ISO 27001 standard
  • A Privacy Management Program built around the ISO 27701 standard
  • A dedicated team of information security professionals with decades of experience securing customer data
  • Individuals with access to PII are advised of, and understand, their responsibility to follow good data protection practices
  • Providing regular training on best practices for data protection
  • Regularly reviewing processes/procedures that involve access to PII
  • Privacy by Design is adopted for all new and/or modified systems and process
  • Agreements and mechanisms for transfers of PII to non-EU countries are in place
  • Market-leading endpoint security solutions that provide heuristic-based analysis of files and activity to prevent attacks, even when attackers use files that don’t match known signatures
Questions? Contact Planview’s security team at Planview security – [email protected]

We use a variety of appropriate physical, technical and administrative measures to safeguard and protect the information we receive and collect, including encryption techniques.

PII collected for the use of our services are stored within EU for EMEA customers, in the US for North and South American customers, and in Australia for Pacific customers.

We have specific internal authorized restrictions for our employee’s access to customer data and instructions in place for our different business areas.

We process information only in ways compatible with the purpose for which it was collected. As a user, password shall be used to help protect your accounts and PII. It is your responsibility to keep your password confidential.

We perform privacy and security assessments of all our vendors and suppliers that processes personal data on behalf of us.

Learn more about what information we collect and process

Show • Learn more about what information we collect and process

Third parties who process your data

A software as a service solution is built upon an infrastructure of several components. The third-party vendors we use are infrastructure facilitators that provide for communication, security control and monitoring of use in order for the services to function and protect the information therein. If our customers had the ability to consent to the transfers of the very few third-party suppliers used, we wouldn’t be able to provide the services at its current state.

When we do this, it is sometimes necessary to share data. Your data is shared only when strictly necessary and according to acknowledged legally required safeguards and good practices detailed in this Privacy Statement.

For service delivery

We encourage all customers to enter into a DPA with us, that shall ensure both parties having an adequate level of protection for PII during the processing activities, and to make sure international transfers within Planview systems on behalf of customers and under their instructions, are sufficient. The instructions of how we may process PII, including the use of specific third parties and transfers is stated in our DPA’s. Planview is also required to cooperate with EU Data Protection Agencies with regards to privacy matters of any kind.

Any transfer of PII to a third party (regardless of physical location) or between our systems located in different countries, must first be reviewed to ensure compliance with the requirements imposed by the privacy regulations we are subject to. In particular, these transfers are often linked with robust contractual agreements between the parties to ensure its lawfulness, and that the necessary technical and organizational measures are in place to protect the transferred information.

PII collected on Planview sites and through our services may be processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to the necessary measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy – [email protected]

For marketing and sales purpose

In accordance with Planview’s general data transfer procedures and applicable safeguards, we only share information in the context of marketing and sales for business purposes, on a need-to-know basis and exclusively with:

  • Our own employees and affiliates.
  • The customer from which Planview received the information.
  • Planview agents, consultants, subcontractors, and third-party service-provider companies, that have agreed to take measures to safeguard your information.
  • Other entities authorized to have access to such information under applicable law or regulation.

PII collected on Planview sites and through our services may be stored and processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to robust contractual agreements, and the necessary technical and organizational measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy – [email protected]

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

To provide our communities and communication forums, Planview may partner up with selected third parties who facilitate the service and ensure the correct functioning of these platforms. Sometimes, the PII collected through our platforms may be processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. In these cases, Planview is responsible for robust contractual agreements are put in place with these third parties to ensure compliant protection of your PII. For detailed information of our partners, location and where such processing activities takes place, please contact Planview privacy –Planview privacy – [email protected]

Learn more about the third parties who process your data

Show • Learn more about the third parties who process your data

How we transfer your data internationally

As we covered in the previous Section, Planview may share your data with third parties who will process your data to support our operations for Service Delivery, Marketing and Sales purposes, and in the context of our Communities and Communication Forums. Depending on the infrastructure, operation and geographic location of these third parties, our partnerships may lead to international transfers of your data.

Nonetheless, there are other scenarios that may also lead to international data transfers of your data such as when you interact with our Customer Care team. To ensure the availability and responsiveness that our Customers expect from us, our Customer Care team is structured to provide assistance within different time zones and, in doing so, we may connect you with representatives located across various regions of the globe. This set-up is used to ensure a more timely and accessible resolution to your request.

Before we transfer any of your data internationally, Planview performs a careful assessment of the impact of the transfer and adopts the necessary measures to mitigate risks and ensure the transfer is made safely, and lawfully. All international transfers of your data are covered by robust contractual agreements and protected by appropriate technical and organizational measures. Subject to specific regulatory requirements for a certain region where Planview operates, we may also rely on additional safeguards to sufficiently protect your data.

Standard Contractual Clauses

For our Service Delivery, Planview uses EU- based data centers for hosting EMEA customer data and, in some cases, UK-based data centers to host our UK customer data. However, in the event that our customers share data with Planview resulting in an international data transfer to a country which does not ensure an adequate level of protection under the GDPR, Planview shall enter into the European Commission approved Standard Contractual Clauses to protect your information. Moreover, when applicable, Planview shall also adapt the Standard Contractual Clauses to protect personal data subject to Swiss law or enter into the UK Data Transfer Addendum.

Planview has a comprehensive and robust data protection security program in place that supplements the Standard Contractual Clauses including the use of strong encryption methods. All systems, as well as all operational activities by Planview employees, are monitored to ensure confidentiality, availability, and resilience of the services, including restoration in the event of a breach. Regular testing, assessments and reviews of the security measures are performed to evaluate its effectiveness. Planview partners with the most acknowledged companies of data center providers, cloud service providers, analytic platforms and incident detection and response providers to facilitate and monitor the services. Planview is certified for ISO 27001/27701 and SOC 2 audited on an annual basis.

Planview believes the SCC in combination with all other safeguards in place can ensure customer data remains protected in alignment with the GDPR requirements. However, Planview follows the development and guidance’s from the EU Supervisory authorities and the EDPS closely for additional supplementary arrangements as updated.

Data Privacy Framework

Planview, Inc and its U.S. subsidiaries PV Delaware LLC and Clarizen Inc. commit to the EU-US Data Privacy Framework (EU-US DPF), the UK Extension to the EU-US DPF, and with the Swiss-U.S. Data Privacy Framework (Swiss-US DPF), including the Supplemental Principles, as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”).

Furthermore, Planview, Inc and its U.S. subsidiaries are in the process of self-certifying their adherence to the Data Privacy Framework Principles with the U.S. Department of Commerce regarding the processing of personal data received from the European Union relying on the EU-US DPF and from the United Kingdom (and Gibraltar) relying on the UK extension to the EU-US DPF. We are also in the process of self-certifying our adherence to the Swiss-US DPF Principles regarding the processing of personal data received from Switzerland relying on the Swiss-U.S. DPF.

Planview is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between this statement and the Data Privacy Framework Principles, the Principles shall govern. For more information about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/s/.

Data processed and purposes of processing: For more information on the types of data we process about you and the purposes for which we process it, please review the sections “When and how we collect data”, and “How and why we use your data” of this Privacy Statement. In line with the Data Privacy Framework Principles, you have the right to access your data as well as to limit the use and disclosure of your data. Planview ensures you can exercise your rights as described in this Privacy Statement and you can submit a request to us at any moment via our DSAR Portal.

Third parties: For more information on the type of third parties to which we may disclose your data, and the purposes for which we do so, please review the section “Third Parties who process your data” of this Privacy Statement. If we receive your data in the context of the Data Privacy Framework and subsequently transfer to a third party acting as an agent on our behalf, we shall remain liable under the Principles if that agent processes your data in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

Inquiries and complaints: In compliance with the Data Privacy Framework, Planview is committed to resolving any complaints about our processing of personal data under the Data Privacy Framework Principles. Therefore, if as an EU, UK, or Swiss individual you wish to direct any inquires or complaints concerning our compliance with the Data Privacy Framework, please submit a request via our Data Subject Access Request portal.

Alternatively, regular mail may also be directed to our European Union‑based subsidiary, Planview International AB, by addressing it to:

Planview International AB.
Klarabergsgatan 60
111 21 Stockholm
Sweden

Planview will respond to any inquiries and complaints within forty-five (45) days.

Under certain circumstances and as described by the Data Privacy Framework, you may invoke binding arbitration. For more information on these conditions, please review the guidance provided by the Data Privacy Program at: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Compelled disclosure: Planview may be required to disclose your data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In the context of our Service Delivery, Planview will notify Customer of any such request unless otherwise prohibited by law or a legally binding order of such body or agency. In case Planview is prohibited by law from providing such notification, Planview shall use commercially reasonable efforts to obtain a waiver of the prohibition to enable such communication. In case Planview does not consider the disclosure request to be legally binding, Planview shall not disclose any Customer data unless otherwise instructed by the Customer.

Planview reserves the right to update this section of the Statement from time to time in line with the Data Privacy Framework.

Learn more about how we transfer your data internationally

Show • Learn more about how we transfer your data internationally

How long we store your data

As data processors we keep customer information and PII as long as the service agreement with the customer is valid and in force. We keep backup logs stored for a limited time after termination for the sake of our customers convenience.

If a user of an account is deleted, all PII of the user is also deleted. Such measure can be managed by either the user himself or the customer account administrator. No assistance for such measures is required from the Planview Customer Support.

As data controllers we store PII of our users for marketing purposes as well as to keep you updated on our features and products. We also store your PII if you have provided this to us by interacting with us through different marketing channels. We keep our marketing records updated and correct by regular monitoring and by executing annual controls for accuracy. You may at any time unsubscribe from any communication from us without cost.

We work to ensure any new and/or modified systems that collect, process, or use PII are built only after giving adequate consideration to privacy issues and their impact, including completion of one or more data protection impact assessment(s) (DPIA).

Data minimization, pseudonymization, and anonymization for both services and marketing and sales operations will be used, if possible.

Learn more about operation processes we are committing to

Show • Learn more about operation processes we are committing to

Your privacy choices and rights

A data processor must assist the data controller in fulfilling his obligations towards a registered natural person (data subject). Since we are data processors for our services, it is the data controller whom you shall contact if you want to exercise your rights as a registered user.

  • When using our services

    Please note that you can adjust, add, or restrict your own personal data at any time.
  • For marketing and sales operations

    Planview is a data controller. As a registered user, you may exercise your rights stated below directly towards us.

Access: You have the right to be informed about what PII we hold on you, where we received it from, and for what purpose we want to use it.

Recipients: You have the right to know the recipients or categories of recipients that we transfer your PII to.

Retention: You have the right to know the period for which your PII will be stored.

Our legal basis for processing – the legitimate interest: You have the right to know why we consider having a legitimate interest of processing your PII. Your also have the right to object to this and restrict us from processing your data further by unsubscribing to direct marketing.

Contact: If you want to exercise your rights as a registered, please contact us at the Data Subjects Access Requests DSAR portal. For other privacy matters, please contact our Data Privacy Officer at Planview privacy – [email protected], or Planview Klarabergsgatan 60, 111 21 Stockholm SWEDEN.

Complain: If you want to file a complaint to the supervisory authority, you should contact 1) the authority in your own country if you are an EU citizen, or 2) the Swedish Integritetsskyddsmyndigheten (IMY) www.imy.se if you are a non-EU citizen. You also have the possibility, under certain conditions, to invoke binding arbitration*.

*Binding arbitration is a means of resolving a dispute that is private, less formal, less costly and less time-consuming than traditional litigation. We agree to submit a dispute to an impartial arbitrator authorized to resolve the controversy by rendering a final and binding award.

Learn more about your rights as a registered data subject

Show • Learn more about your rights as a registered data subject

How you can hold us accountable

We are dedicated to maintaining transparency and open lines of communication for anyone with questions or concerns regarding the processing of their PII. You have two options for reaching out to Planview with questions or concerns.