Planview maintains a comprehensive privacy statement describing the types of personal identifiable information we collect, how and why we use, share and in what way we secure that information. We also inform about how you can access and exercise your rights as a registered , and how to update your information.
From a privacy perspective, Plainview’s operations are divided between processing activities we perform on behalf of our customers (our products), and activities performed for our own business (for marketing). Our responsibilities are varying depending on the subject matter of the processing activities.
The California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act, Cal. Civ. Code §§ 1798.100 et seq. (CCPA) is a U.S. California privacy law entering into force 1 January 2020. It expands upon the privacy rights available to Californian citizens, listing data protection requirements with which companies must comply. Planview is closely following the CCPA requirements, including opinions and guidance’s from regulatory authorities. We will adapt our practices where necessary to ensure that we are compliant also to this law if there are specific additional requirements that the EU General Data Protection Regulation (2016/679) is not covering with regards to processing of PII. Planview does not “sell” our customers’ personal identifiable information (PII). Planview does not rent, disclose, release, transfer, make available or otherwise communicate PII to a third party for monetary or other valuable consideration. Planview does share user aggregated and/or anonymized information regarding customer and users’ usage of our offered services with third parties (i.e. Sub-processors) through integrations, for the performance of the contracted services and to provide customers with more relevant content of our services. As Planview is a SaaS provider and processes customer and user data only as instructed for the purpose of delivering and performing the services as we’ve committed to in our customer contracts, we do not distribute or deploy customer data for any other commercial purposes.
For information of what PII we have received or collected of you as a user, or to exercise your rights as a registered, please make a request at our Data Subjects Access Request portal (DSAR).
EU General Data Protection Regulation (GDPR)
GDPR went into effect in 2018 and imposes strict requirements related to the way organizations store and process the personal data of EU citizens. As a global company, Planview understands the important link between privacy and customer trust. All Planview entities adheres to GDPR. The appointment and ongoing efforts of a dedicated Data Privacy Officer (DPO), based in EU (Sweden), are the basis of an increased focus toward earning that trust.
The principles relating to processing of personal data as stated in the GDPR are focus for our compliance work.
Purpose limitation – We process personal data strictly for the purpose of 1) fulfilling the contractual requirements agreed upon between our customers and us, and/or 2) marketing our products to customers and prospects.
Data Minimization – We require only identifiable contact information of customers and users of our products, as well as for our marketing activities. Customer records are being is regularly reviewed and evaluated for accuracy. We have processes in place to ensure we fulfill the rights of a registered individual (data subject) by our DSAR portal.
Storage limitation (retention) – We keep and store customer data during the term of contract. Customer accounts are deleted 30 days after contract expiry. Back up logs are stored for the maximum 90 days for customer convenience. Information in customer and user records are stored in our marketing systems for one year after terminated contract. Consent is required for longer storage. At any time during the term of contract, all customer data used in the product is offered portability.