The Planview Privacy Statement

For service delivery; Planview products

Users of our Planview Services sign up for access to the subscribed product that Planview is providing. A few fields of user information are mandatory and must be stated for the service to work at all. Full name, email and country of residence is required. Name is needed for the ability to identify users, email is needed for authentication, and country is needed for financial reasons (VAT) and trade compliance.

Users may add any other information and PII relating to themselves (or others) as they find relevant. Planview will not have any implication with whatever information a user provides to the service and system.

PII is stored during the time user is utilizing the service. A user is always able to adjust or delete its PII. Users are permanently deleted from an account by the account administrator, which the customer is solely responsible for.

Planview will have access to information about user data and also IP-addresses. Such information is necessary for the administration of the services in case there’s a need for support or troubleshooting. Our portal for Data Subjects Access Requests (DSAR portal) ensures users can exercise their rights as a registered.

Planview may also collect information of your work in our services, or when you visit our website, through the use of automatic data collection tools such as cookies (described below) and other commonly used information-gathering tools.

For marketing purposes

In order to serve you with relevant information regarding our services, and to respond to any requests you may have, we collect information about you when signing up for a user account, a webinar or seminar, or when downloading content such as eBooks or whitepapers from our website. We may also receive information about you if shared by our partners, or collect it from public sources such as LinkedIn. This information may comprise all or some of these PII’s; your name, contact information (phone and fax numbers, street address, and email address), company name, work title and payment data.

If you are a user of our services and we are processing your PII as a data processor, we will not use your data for marketing and advertising purposes without your prior consent unless you are a designated contact point or representative of a customer and we are legally authorized to do so. Your consent is not a condition for the provision of our services to our customers, and you may at all times withdraw your consent or opt-out/unsubscribe to the processing of your PII for marketing purposes, as applicable.

We retain this information as you wish to receive information from us. We ensure the information we have is accurate and updated by regular control mechanisms. You may – at any time – require us to delete, rectify, restrict or object to any PII we hold about you. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

Users of our communities and communication forums sign up for accessing to the different platforms that Planview provides. Some user information is mandatory and must be stated for access permissions. We collect basic PII such as name (to identify you as a user) and email (for authentication purposes). PII is stored during the time you are utilizing the platform. You may – at any time – require us to delete, rectify, restrict or object to any PII we hold about you. We use a data portal for Data Subjects Access Requests (DSAR portal) where you can exercise your rights as a registered.

FOR VENDOR ENGAGEMENT

When entering into an agreement with our third-party vendors, to ensure that the contractual obligations are binding on both parties, we need to collect the vendor representatives’ signature, alongside their name, company name and work title. Moreover, if you are a vendor employee, we may collect relevant information about and directly from you when you are providing services to Planview, such as your name, contact information, employment details (e.g. company name, work title, demographic and location data), and any email content and transmission data which are exchanged for the provision of the services.

For service delivery

For our services, we need information about you to be able to identify you, communicate with you and respond to requests. We also provide you with information of new features, functionalities and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product. We believe you benefit in your work with our services thereby.

For marketing purposes

For marketing, we use the information we collect about you to communicate with you about our products and services. We are collecting metadata related to you for improving your user experience of our services, and for us to be able to provide you with a better, more user-friendly product.

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

For our communities and communication forums, we need the information we collect to be able to identify you and authenticate you when accessing these platforms. Other uses may include providing you with service and support, communicating with you and responding to your requests, and sending you information in relation to new products and services. We are collecting metadata related to you for improving your user experience of our platforms, and for us to be able to provide you with a better, more user-friendly platform. We believe you benefit in your work with our services thereby.

Data sharing

Planview shares information for business purposes only on a need-to-know basis and only with its own employees and affiliates; the customer from which Planview received the information; Planview agents, consultants, sub-processors, and third-party service-provider companies, that have agreed to take measures to safeguard your information and other entities authorized to have access to such information under applicable law or regulation.

If data transfer is required, Planview ensures that such transfer complies with the applicable privacy and data protection regulation, including adopting the necessary technical and organizational measures to guarantee an adequate level of protection to the transferred information. Except as described in this Privacy Statement, Planview will not share the personal information you provide to Planview with non-Planview third parties without your permission except as required by law.

Links to non-Planview websites

The website may provide links to unaffiliated, third-party websites for your convenience and information. If you access these links, you will leave the Planview website. Planview has no control over these websites and is not responsible or liable for the policies and practices followed by third parties. The PII you choose to provide, or that is collected by these third parties, is not covered by this Privacy Statement. If you link to or otherwise visit any other websites managed by third parties, we encourage you to review the privacy policies posted at those sites before submitting your personal information.

You can find more information below on the categories of PII we process from you and the categories of recipients with whom we may share that information, as well as the purposes for which we process it. Please know that the information we process from you at any given time may comprise all or some of these categories of PII, depending on several factors such as the data you provide to us, the data you make publicly available, your own actions (e.g. deleting your PII on our products and services, or deleting cookies or other similar tracking technologies from your browser) or your account administrator’s actions (e.g. deleting a user).

Use of analytics tools and cookies on our websites

Planview uses web analytics services and similar technologies to analyze how users use the Planview websites. We also use your interactions on the website and the information you provide us with through registration forms to provide you services that better suit your preferences. This information is also used to assess our business performance, and our marketing effectiveness.

Our website may use both session cookies and persistent cookies to store information that allows us to improve our customer service to you and provide you with the ability to navigate the website more easily. To make our website easier to use, we combine information collected via cookies with personally identifiable information.

For detailed information regarding the cookies that we issue and to manage your cookie preferences, please visit our Privacy Preference Center.

Use of analytics tools and cookies on Planview software services

Planview’s software services only use strictly necessary cookies. Accordingly, these limited number of Cookies cannot be switched off. For more information on the use of Cookies on each of our software services, including the list of Cookies used and its purposes of use, please consult the Cookie Banners, or the Privacy Settings available on our software services.

Use of social media widgets

We use social media widgets as dynamic information sharing tools on our website to engage in dialogue, share information and media, and collaborate with our visitors. Your activity on these social media sites is governed by the security and privacy policies of those third-party sites.

For service delivery

All Planview customers shall enter into a Data Processing Agreement with us to ensure an adequate level of protection for PII during the delivery of Planview services, and to make sure international transfers within Planview systems on behalf of customers and under their instructions, are compliant. Information of how we process PII, including use of specific third parties and transfers is stated therein. Planview is also required to cooperate with EU Data Protection Agencies with regards to privacy matters of any kind.

Any transfer of PII to a third party (regardless of physical location) or between our systems located in different countries, must first be reviewed to ensure compliance with the requirements imposed by the privacy regulations we are subject to. In particular, these transfers are often linked with robust contractual agreements between the parties to ensure its lawfulness, and that the necessary technical and organizational measures are in place to protect the transferred information.

PII collected on Planview sites and through our services may be processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to the necessary measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy –Planview privacy – [email protected]

For marketing and sales purpose

In accordance with Planview’s general data transfer procedures and applicable safeguards, we only share information in the context of marketing and sales for business purposes, on a need-to-know basis and exclusively with:

• Our own employees and affiliates.
• The customer from which Planview received the information.
• Planview agents, consultants, subcontractors, and third-party service-provider companies, that have agreed to take measures to safeguard your information.
• Other entities authorized to have access to such information under applicable law or regulation.

PII collected on Planview sites and through our services may be stored and processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. These activities are also subjected to robust contractual agreements, and the necessary technical and organizational measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy –Planview privacy – [email protected]

FOR PLANVIEW COMMUNITIES AND COMMUNICATION FORUMS

To provide our communities and communication forums, Planview may partner up with selected third parties who facilitate the service and ensure the correct functioning of these platforms. Sometimes, the PII collected through our platforms may be processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. In these cases, Planview is responsible for robust contractual agreements are put in place with these third parties to ensure compliant protection of your PII. For detailed information of our partners, location and where such processing activities takes place, please contact Planview privacy –Planview privacy – [email protected]

FOR VENDOR ENGAGEMENT

To ensure the effectiveness of our vendors’ services provision across our sites, platforms and products, we may need to share your information on a need-to-know basis and exclusively with:

• Our own employees and affiliates.
• The vendor from which Planview received the information.
• Planview agents, consultants, subcontractors, and other third-party service-provider companies, that have agreed to take measures to safeguard your information.
• Other entities authorized to have access to such information under applicable law or regulation.

Sometimes, the PII we collect from you when you are providing services to us may be stored and processed in the US or any other country in which Planview or its subsidiaries or service providers maintain facilities. In these cases, Planview is responsible for maintaining robust contractual agreements in place to ensure compliant protection of your PII, and for implementing the necessary technical and organizational measures to protect the transferred information. For detailed information of our sub processors, location and where such processing activities takes place, please contact Planview privacy –Planview privacy – [email protected]

Standard Contractual Clauses

For our Service deliveries, Planview uses EU-based data centers for hosting EMEA customer data and, in some cases, UK-based data centers to host UK customer data. In the event our customers share data with Planview resulting in an international data transfer to a country which does not ensure an adequate level of protection under the GDPR, Planview shall enter into the European Commission approved Standard Contractual Clauses to protect personal data. Moreover, when applicable, Planview shall also adapt Standard Contractual Clauses to protect personal data subject to Swiss law or enter into the UK Data Transfer Addendum.

Planview has a comprehensive and robust data protection security program in place that supplements the Standard Contractual Clauses, including the use of strong encryption methods. All systems, as well as all operational activities by Planview employees, are monitored to ensure confidentiality, availability, and resilience of the services, including restoration in the event of a breach. Regular testing, assessments and reviews of the security measures are performed to evaluate its effectiveness. Planview partners with the most acknowledged companies of data center providers, cloud service providers, analytic platforms and incident detection and response providers to facilitate and monitor the services. Planview is certified for ISO 27001 and 27701 and conducts SOC 2 third-party audits on an annual basis.

Planview believes the SCC’s in combination with additional safeguards in place ensure customer data remains protected in alignment with the GDPR requirements. However, Planview follows the development and guidance’s from the EU Supervisory authorities and the EDPS closely for additional supplementary arrangements as updated.

Data Privacy Framework

Planview, Inc and its U.S. subsidiaries PV Delaware LLC and Clarizen Inc. comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), including the Supplemental Principles, as set forth by the U.S. Department of Commerce (collectively, the “Data Privacy Framework”).

Furthermore, Planview, Inc and its U.S. subsidiaries have certified to the U.S. Department of Commerce that they adhere to the EU-U.S. Data Privacy Framework Principles (EU-US. DPF Principles) regarding the processing of personal data received from the European Union relying on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) relying on the UK extension to the EU-U.S. DPF. Planview, Inc and its U.S. subsidiaries have also certified to the U.S. Department of Commerce that they adhere to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) regarding the processing of personal data received from Switzerland relying on the Swiss-U.S. DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Planview commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

Planview is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). If there is any conflict between the terms in this statement and the EU-U.S. DPF Principles, and/or the Swiss-U.S. DPF Principles, the Principles shall govern. For more information about the DPF Program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Subject to the DPF Principles, you have the right to access your data as well as to limit the use and disclosure of your data. Planview ensures you can exercise your rights as described in this Privacy Statement and you can submit a request to us at any moment via our Data Subject Access Request portal.

If we receive data in the context of the DPF and subsequently transfer this data to a third-party acting as an agent on our behalf, we shall remain liable under the DPF Principles if that agent processes the data in a manner inconsistent with the Principles, unless we can prove that we are not responsible for the event giving rise to the damage.

Inquiries and complaints: Subject to the DPF, Planview is committed to resolving any complaints about our processing of personal data under the DPF Principles. Any inquires or complaints concerning our compliance with the DPF will be handled via our Data Subject Access Request portal.

Additionally, individuals may exercise their rights of choosing whether their personal information is (i) used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the individuals, or (ii) disclosed to a third party (other than a third-party acting as an agent to perform tasks on our behalf and under our instructions and with whom we’ve entered into a contract) by submitting a request through the same Data Subject Access Request portal.

Alternatively, regular mail may also be directed to our European Union‑based subsidiary, Planview International AB, by addressing it to:

Planview International AB.
Klarabergsgatan 60
111 21 Stockholm
Sweden

Planview has appointed a Data Privacy Officer who can be contacted at [email protected].

Planview will respond to any inquiries and complaints within forty-five (45) days.

Under certain circumstances as described by the DPF you may invoke binding arbitration. For more information on these conditions, please review the guidance provided by the Data Privacy Framework Program at: https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Planview may be required to disclose your data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

In the context of our Service Delivery, we will notify Customers of any such request unless otherwise prohibited by law or a legally binding order of such body or agency. In case we are prohibited by law from providing such notification, we shall use commercially reasonable efforts to obtain a waiver of the prohibition to enable such communication. In the event we do not consider the disclosure request to be legally binding, we shall not disclose any Customer data unless otherwise instructed by the Customer.

Planview reserves the right to update this section of the Statement from time to time in line with the DPF.

We work to ensure any new and/or modified systems that collect, process, or use PII are built only after giving adequate consideration to privacy issues and their impact, including completion of one or more data protection impact assessment(s) (DPIA).

Data minimization, pseudonymization, and anonymization for both services and marketing and sales operations will be used, if possible.

Access: You have the right to be informed about what PII we hold on you, where we received it from, and for what purpose we want to use it, as well as to obtain additional information about the processing (such as the recipients or categories of recipients that we transfer your PII to, and the period for which your PII will be stored). You may also request access to your PII, as well as obtain a copy of the data undergoing processing.

Rectification: You have the right to have your inaccurate or incomplete PII rectified and/or completed without undue delay. If you are using our services, you can at any time correct and adjust your PII.

Erasure/Deletion: You have the right to have your PII deleted without undue delay in specific circumstances as legally described, including when your PII is no longer necessary for the purposes for which we originally collected them, or when you withdraw consent and we have no other legal basis to process that information.

Restriction: You have the right to request the restriction of our processing of your PII in specific circumstances as legally described, such as when you contest the accuracy of your data. In this case, we will keep storing our data but cease any other processing activities, unless you consent to them or they are legally allowed.

Objection/Opt-out: You have the right to object at any time to the processing of your PII for direct marketing purposes. If we are processing your PII for other purposes based on our legitimate interests, you may also object to the processing of your information at any time and on grounds relating to your situation, in which case we will cease our processing activities unless we have compelling legitimate grounds which override your rights and interests.

Portability: You have the right to receive any PII you provided to us in a structured, commonly used and machine-readable format and to transmit those data to another data controller, when we are processing it based on your consent or on a contract with you.

Our legal basis for processing – the legitimate interest: You have the right to know why we consider having a legitimate interest of processing your PII. You also have the right to object to this and restrict us from processing your data further by unsubscribing to direct marketing, as stated above.

Our legal basis for processing – consent: If we are processing your PII based on your consent, you have the right to withdraw this consent at any time. Please be advised that this does not affect the lawfulness of any processing carried out prior to the withdrawal.

Contact: If you want to exercise your rights as a data subject, please contact us at the Data Subjects Access Requests DSAR portal. For other privacy matters, please contact our Data Privacy Officer at Planview privacy –[email protected], or Planview Klarabergsgatan 60, 111 21 Stockholm SWEDEN.

Complain: If you want to file a complaint to the supervisory authority, you should contact 1) the authority in your own country if you are an EU citizen, or 2) the Swedish Integritetsskyddsmyndigheten (IMY) www.imy.se if you are a non-EU citizen. You also have the possibility, under certain conditions, to invoke binding arbitration*.

*Binding arbitration is a means of resolving a dispute that is private, less formal, less costly and less time-consuming than traditional litigation. We agree to submit a dispute to an impartial arbitrator authorized to resolve the controversy by rendering a final and binding award.