At Plansight, our core mission is to help teams protect data on the internet. As a result, our goal is to set a high standard for protecting the privacy of your information. We want to be clear about how we collect, use, protect, and share your information, including your personal information and company information, and the rights and choices you have about the ways in which you can help us protect your privacy.
- What information we collect and why we collect it.
- How we use that information and when we disclose it.
- Your rights regarding that information, including how to access and update your information.
- The steps we take to protect your information.
Plansight is a U.S.-based company that offers our Services to domestic business customers. As a result, information that we collect, including personal information, may be transferred to our U.S. offices to permit us to comply with our legal and contractual obligations, to provide information and services to prospective and current clients, and to perform related business activities. In addition, we may provide information to third-party service providers in the U.S. to the extent necessary to support Plansight’s business activities, and we may access personal information collected by our customers to support the Services that we provide to our customers. Thus, personal information may be transferred to and stored on servers located in the United States. Similarly, information we collect may be accessed by Plansight and our third-party service providers and business partners from countries other than the ones in which the information is stored. For more information about how we handle personal information from EU-based individuals, see below.
“Sensitive Personal Information” includes data about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union memberships, genetic and biometric data when used for identification purposes, and data about health, sex life, and sexual orientation.
Types of Personal Information that We Collect:
- Physical address
- Email addresses
- Telephone numbers
- Business contact information, including names, email addresses, business addresses, telephone numbers, company name or business affiliation, and title.
- User IDs and passwords
- Personal information that you choose to share within our Services, RFPs, bids, of communication on the platform.
- Identifiers of devices used to access our Services.
Account and profile information:
We collect and store content that you create, input, submit, post, upload, transmit, or store while using our Services. Such content may include any personal or other sensitive information submitted using our Services, such as HIPAA protected health information, EU personal data, and other information such as source code or regulatory compliance materials.
Other data submissions:
We collect other data that you may submit to our Services or to us directly, such as when you request customer support or communicate with us via email or social media sites.
We record certain information and store it in log files when you interact with our Services. This information may include Internet protocol (IP) or other device addresses or ID numbers as well as browser type, Internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information that you search for, your locale and language preferences, your mobile carrier, and system configuration information. We and our analytics providers (see our vendor directory), also collect and store analytics information when you use our Services to help us improve our Services.
Cookies and other tracking technologies:
Information from third parties:
Information provided by other individuals:
Information that we receive about individuals from our customers:
Our customers and their designated users use our Services, in particular the Plansight platform, to develop, establish, implement, and maintain secure for processing sensitive data, including personal information and sensitive personal information. While using our Services, our customers may create, input, submit, post, upload, transmit, or store personal information that they have collected from individuals. During the course of our business relationship, we may need to access a customer’s account and the information it contains to provide support for our Services.
Our customers and prospective customers are responsible for complying with all applicable federal, state, local, and international laws and regulations regarding notice, disclosure, consent, and transfer of personal information, prior to providing that personal information to Plansight.
Unlike the other collections of information described in this section, our agreements with customers include specific protections and limitations regarding our access to and use of personal information collected by customers, and we do not access, use, copy, retain, or aggregate that customer data except as stated in those agreements.
Why we collect information:
We will not use your personal information for anything other than the following lawful purposes listed in this section.
To establish and maintain contractual relationships with our customers:
- To establish relationships with new customers.
- To fulfill our obligations to current customers.
- To contact customers regarding account-related issues and business communications relating to the Services, including technical notices, updates, security alerts, and administrative messages.
- To enable individuals to access and use our Services.
To comply with our legal obligations:
- To comply with legal obligations, including but not limited to complying with tax and financial reporting requirements.
- To demonstrate compliance with applicable privacy and data security laws and regulations, such as HIPAA and GDPR.
- To comply with incident monitoring, reporting, assessment, and notification requirements.
- To comply with other applicable criminal and civil law and regulatory requirements under federal, state, and international law.
To provide services and information that you request and consent to receive:
- To provide customer service and support.
- To communicate with you, including responding to your comments, questions, and requests regarding our Services.
- To process and complete transactions, and send you related information, including purchase confirmations and invoices.
- To provide direct marketing, email, and other distributed information distribution.
To fulfill our other legitimate interests to the extent that they are not overridden by individual interests, fundamental rights, or freedoms:
- To administer, operate, maintain, and secure our website and Services.
- To monitor and analyze trends, usage, and activities in connection with our Services.
- To investigate and prevent fraudulent transactions, unauthorized access to our Services, and other illegal activities.
- To verify compliance with our internal policies and procedures.
- For accounting, recordkeeping, backup, and administrative purposes.
- To customize and improve the content of our communications, websites, and social media accounts.
- To educate and train our workforce in data protection and customer support.
- To provide, operate, maintain, improve, personalize, and promote our Services.
- To develop new products, services, features, and functionality.
- To market our products and services (first-party marketing only; we do not provide personal information for use in marketing any non-Plansight, third-party goods or services).
When and why we share or disclose personal information:
We may share your information in the following ways:
- With your express consent we will share your personal information with companies, organizations, or individuals outside of Plansight when we have your consent to do so.
- When you choose to directly share your information while using our Services. When you use our Services, certain features allow you to make some of your content accessible to the public or other users of the Services. We urge you to consider the sensitivity of any information prior to sharing it publicly or with other users.
Information available to Plansight administrators: Your Plansight account owners and administrators may be able to:
- Access information in and about your Plansight account;
- Disclose, restrict, or access information that you have provided or that is made available to you when using your Plansight account, including your content; and
- Control how your Plansight account may be configured, accessed, or deleted.
- With our vendors and business partners, to accomplish our business purposes: We may share your information with our service providers and other third parties who perform services on our behalf, listed in our vendor directory. We provide your payment information to our service providers for payment processing and verification. Service providers such as analytics providers may collect information about your online activities over time and across different online services when you use our Services. We also work with third-party service providers to provide the cloud-based tools that our customers use to create their secure storage containers and securely store their sensitive information, including personal information.
Compliance with legal authority:
When necessary to comply with laws and law enforcement requests, or otherwise to protect our rights or those of individuals we may disclose your information (including your personal information) to a third party if we believe that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process or governmental request;
- To enforce our agreements, policies and terms of service;
- To protect the security or integrity of Plansight’s products and services;
- To respond to an incident involving personal data for which Plansight has direct or indirect responsibility
- To protect the property, rights, and safety of Plansight, our customers or the public from harm or illegal activities;
- To respond to an emergency which we believe in the good faith requires us to disclose information to assist in preventing the death or serious bodily injury of any person; or
- To investigate and defend ourselves against any third-party claims or allegations.
Sharing aggregate, anonymized, de-identified, or otherwise non-personal data:
Your control over your personal information:
- You may decline to share certain personal information with us, in which case we may not be able to provide to you some of the features and functionality of our Services or fulfill your requests. For example, we need your email address to authenticate you and perform account services such as password resets, or to provide you with customer support.
- You may decline to accept cookies, but that decision may affect the functionality and performance of our Services.
- You may update or correct your personal information at any time by accessing the account settings page on the website or within our platform.
- You may opt out of receiving promotional communications from Plansight by using the unsubscribe link within each email. Note that, as long as you maintain an account with us, you will continue to receive administrative messages from us regarding the Services.
- You may request information about, and access to, the personal data that we collect from you.
- You may ask questions or make complaints about our privacy and data security practices with regard to your personal data.
- You may request that we delete information that we have collected about you.
- You may ask us for a copy of the information that we collected from you.
Unfortunately, no data transmission over the Internet or data storage system can be guaranteed to be 100% secure. That said, we certainly try very hard, employing a variety of organizational, technical and administrative measures to provide a level of security appropriate to the risk associated with the personal information you trust us with.
To that end, we manage our data protection program consistent with ISO 27001, SOC 2, and applicable legal and regulatory requirements such as HIPAA and GDPR. Plansight’s current SOC 2 Type 2 report is available under NDA to customers only, if you would like a copy to review please contact us at firstname.lastname@example.org.
Plansight protects personal information under its control and requires its service providers (see our vendor list) to also protect against, accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to, personal data transmitted, stored, or otherwise processed.
We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus one year, and then securely disposes of that information.
Our Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us at email@example.com.
California Privacy Rights:
California Civil Code Section 1798.83 permits Plansight customers who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us at firstname.lastname@example.org.
Information for International Users:
The core Plansight platform are hosted in the United States. You may choose to access the Plansight platform from non-U.S. regions, such as the European Union or other regions of the world with laws governing data collection and use that may differ from U.S. law. Please note that when you use the core Plansight platform, you are transferring your information outside of those regions to the United States for storage and processing. By providing your information, you consent to any transfer and processing in accordance with this Policy.
Information for EU-Based Individuals:
Plansight, Inc. is a participant in the U.S. Department of Commerce’s EU-U.S. Privacy Shield program and has certified that we adhere to the EU-U.S. Privacy Shield Principles. Plansight is subject to the investigatory and enforcement powers of the Federal Trade Commission. For more information about the EU-U.S. and Swiss-U.S. Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield website.
EU-U.S. Privacy Shield Onward Transfers:
For personal data transferred from the EU to the U.S. or other third country not determined to meet EU adequacy requirements, if we transfer your personal data to a third party, we will ensure that the third party is contractually obligated to process your data only for limited, specific purposes consistent with this policy. We will also ensure that the third party will apply the same level of protection to that data as the EU-U.S. Privacy Shield Principles and will notify us if it makes a determination that it can no longer meet this obligation. Plansight may be potentially liable if these requirements are not met.
Complaints, Questions, and Arbitration:
In compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Principles, we strive to resolve all complaints about privacy and the collection or use of customer information. Under the Privacy Shield programs, any unresolved privacy complaints can be referred to an independent dispute resolution mechanism. If you have questions about our participation in the Privacy Shield programs or have a complaint, please send an e-mail to email@example.com.