PRIVACY FOR YOU
Planday recognises the importance of respecting and protecting your personal data (information), and to be able to continue to provide you with the level of service you have come to expect from us, we need to collect, process and share a certain amount of information about you.
In this document, we explain what information we’re likely to hold, how we collect it and how we will use or share it. It also explains your rights and how to contact us or your local supervisory authority in the event you have a complaint. Our commitment to you is that we will continue to treat your personal data fairly and legally and with the same discretion and respect as we have always applied.
This policy applies to all your information however captured, including via our App, through our website or via telephone conversations with our staff. This includes situations when you:
- visit our branded social media pages
- use the workforce scheduling platform and associated services (the “App”) as an authorised user, for example, as an employee of one of our Planday customers who provided you with access to our services
- tick the “I agree” buttons when first registering or logging into the App
- access the “Subscription Centre”,
- visit our offices or contact our Operational teams via phone or email or otherwise receive communications from us
- register for, attend and/or otherwise take part in our events, webinars or campaigns including participating in the Planday community
When using the App, Planday A/S (registered in Denmark with CVR 27666248 and VAT number DK-27666248) is as a starting point the data processor of your information. The businesses to which we are providing the App and associated services warrant in our agreements with them that they have complied with and shall continue to comply with the relevant applicable data protection laws in relation to the data they control and pass to us and that they have the necessary legal basis to use the data in relation to the services we provide to them.
With regard to the other situations mentioned above, Planday A/S is the data controller. This means that we exercise judgment in determining how and why to process the information you share with us. We may share your information with the other members of our group of companies. If you are using the App as a private person (and not as an employee of our business customer), Planday A/S is also the data controller for that processing of your personal data.
If you have questions about how we process your information that aren’t answered in this policy, we invite you to get in touch with us at firstname.lastname@example.org or contact your local telephone support Contact.
What information we collect and how we use it
Here we summarise the information we collect, why and how we use it and who we share it with.
We will keep your data secure and won’t sell your personal data to third parties. We only use your personal data to help us provide you with a great service.
Planday is committed to protecting you and your employer’s privacy. We only collect and use Personal Data to provide you and your employer with the workforce scheduling platform and all associated services, and tailor the information we share with you to help make it relevant, useful and timely. We will only share your personal data with organisations involved in fulfilling our role as your workforce scheduling platform provider, such as:
- our operational service partners, including our data processors, in order to operate the App and the Sites and deliver the services you have requested and/or with trusted partners to help us perform statistical analysis, marketing campaigns, PR campaigns, remarketing, send you email or postal mail, or provide customer support; and
- any existing or future member of the Planday group of companies.
Please keep in mind that if you publicly disclose Personal Data and/or usage data through our App or our Sites, we are not responsible for the security of the personal data you publicly disclose (which may be collected and used by others).
The Sites may contain links to make it easier for you to visit other websites. These websites are managed by third parties and we encourage you to review the privacy statements of these websites so that you can understand how they collect, use and share your information. Planday is not responsible for the privacy statements or other content on websites it may link to.
Your information falls into one or more of the following categories:
|Why||What||From Whom||Lawful Basis||With Whom|
|To provide, operate, support use of, maintain and improve the App, Sites, associated services integrated with the App, and services we advertise on our Sites (including analytical services)||Your name, phone number, email address and App account information, including geographical data as required by the App, payroll data or contract data as entered into the system, device data, your IP address, geographical location, browser type and version, operating system, or any data entered into the custom fields||From you or your employer, or from your device that you use to access the App||The agreement between you and us (GDPR article 6(1)(b) (if you are a private customer), or the contract between us and your employer (if you are an employee using the App, in which case we are operating as data processor for this processing activity)||The people at our office HQ, our developers and our sub-processors, where required|
|To respond to your queries, provide clarification, resolve issues or to notify you or your employer about changes to our service and to provide and deliver any other products and services that you or your employer requests||Your name, App account information, email address or phone number, any additional data required to fulfil this associated service, including and not limited to contract data or payroll data or any other data collected by the Sites or App||From you, your account, and from our records of your interactions with us||The agreement between you and us (GDPR article 6(1)(b) (if you are a private customer), or our legitimate interest in fulfilling the contract between us and your employer (GDPR article 6(1)(f) (if you are an employee)||The people at our office HQ and our sub-processors, where required|
|To provide product-related news, status updates, or automated responses to certain services, for example product onboarding, website chatbots, or Help Centre articles.||Your name, App account information, telephone number, email address, and/or device or browser data, where required for in-product notifications or “help” functionality via the browser||From you or your employer, our records and your interactions with us||Our legitimate interest (GDPR article 6(1)(f)) in providing you with up-to-date service and products (if you are a private customer), or the contract between us and your employer (if you are an employee using the App, in which case we are operating as data processor for this processing activity)||The people at our office HQ, our product management team, our developers and our sub-processors, where required|
|To protect your data, review our security, review our compliance, comply with legal obligations, and protect against, investigate and deter fraudulent, unauthorised or illegal activity||Your account information and activity||From you or from our records of your interactions with us via the App and our Sites||Our legitimate interests (GDPR article 6(1)(f)) in upholding an appropriate level of security and ensuring a trustworthy and legal business operation||The people at our office HQ and relevant third parties instructed by us, where required|
|To manage event registrations, including training webinars or commercial promotions||Your name, email address, phone number, computer device or mobile device used||From you or from our records of your interactions with us via the App and our Sites||The agreement between you and us (GDPR article 6(1)(b) (if you registered for yourself), or our legitimate interest in fulfilling the contract between us and your employer (GDPR article 6(1)(f) (if you registered as a representative for your employer)||The people at our office HQ, selected third parties where relevant including those we have engaged to support our training or marketing activities|
|To provide you with information about goods or services we feel may interest you.||Your name, email address, phone number||From you and from our records of your interactions with us||Your consent (GDPR article 6(1)(a))||The people at our office HQ, relevant third parties engaged by us|
|To manage subscriptions and payments||You or your employer’s billing and payment details||From you or your employer||The agreement between you and us (GDPR article 6(1)(b) (if you are a private customer), or our legitimate interest in fulfilling the contract between us and your employer (GDPR article 6(1)(f) (if you are an employee representing a business customer)||The people at our office HQ|
Planday uses “cookies” to help you personalise your online experience. A cookie is a small text file that is placed on your hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a web server in the domain that issued the cookie to you.
The Planday App only uses Necessary cookies, which are detailed in the Planday App Cookies Policy.
Planday website uses all types of cookies, which are detailed on the Cookie banner on the website:
|Cookie Type||Description||How to manage your preferences|
Necessary cookies are necessary for basic website functionality, for example session cookies needed to transmit the website, authentication cookies, and security cookies.
If you have chosen to identify yourself to us, we may place on your browser a cookie that allows us to uniquely identify you when you are logged into the websites and to process your online transactions and requests.
These cookies are necessary to operating the Sites, and you cannot opt out of these types of cookies.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in.
You can opt out of these cookies via the Cookie banner or through your browser settings.
Statistic cookies help us to understand how you interact with Planday’s websites by collecting and reporting information anonymously.
Planday uses Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. You can learn about Google’s privacy practices by going to Privacy and Terms.
You can opt out of these cookies via the Cookie banner or through your browser settings.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third-party advertisers.
You can opt out of these cookies via the Cookie banner or through your browser settings.
Social Media Features
Our Sites may use social media features, such as the LinkedIn sharing button, Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may be hosted by the social media network or hosted directly on our website. A social media network may receive information that you have visited the Planday website if you click through to the social media platform from the Planday website, to the extent the Social Media Features are hosted by the respective social media networks. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.
Does Planday collect or process sensitive data?
Planday does not process sensitive data (what is known as “special categories of personal data” under the GDPR), but the App does have custom text fields in which sensitive data can be added by either you and/or your employer. These fields are configured by you and/or your employer, and you and/or your employer accept full liability (and hold Planday free from any liability under the relevant data protection laws) for any sensitive data entered into these fields. We recommend that you and/or employer do not add sensitive data to these fields. Any data entered into these fields will be processed in the same way as we process personal data.
Our Site, associated services or App are not directed at children. We do not knowingly collect Personal Data from children under the age of 16. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us at email@example.com and we will take steps to delete such Personal Data from our systems.
Marketing Preferences for E-Mails and SMS marketing
We incorporate your marketing preferences in your Subscription Centre, accessible via any marketing communications, which affect how we will process your information. By using the marketing preferences functionality in the Subscription Centre, you can specify whether you would like to receive direct marketing communications and limit the use of your information. You can alternatively contact us at firstname.lastname@example.org to manage your preferences.
Anonymous Data is the type of data that does not enable us to identify you, either by using this data by itself or combining it with any other information, for example data derived from personal data that is aggregated and compiled in anonymous form, Analytics Information and information collected from cookies.
We may create Anonymous Data from the personal data we receive from you and/or your employer through any of the methods listed in this Policy, including usage data. We convert personal data into Anonymous Data by removing personal information, such as names, ID’s, etc. We may use this data to analyse requests and usage patterns for innovation and for improving our App, or to create lookalike audiences within social networks to enable us to advertise our services, or to create anonymised high-level research reports on workplace trends in a given industry, geography, or to compare industries and/or geographies on key workforce metrics, or for any other marketing services, associated services, and Sites. We may share Anonymous Data with third parties.
Transferring your personal information outside of the European Economic Area (“EEA”)
The data that we collect from you is stored and hosted in the European Economic Area (“EEA”) but, occasionally, we may need to process your personal data outside the EEA, for example, where it is processed by staff operating outside the EEA who work for us or for one of our suppliers or by one of our sister companies. These transfers are subject to special rules under European and UK data protection law because non-EEA countries may not have the same data protection laws.If we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your data to such third-party suppliers who have agreed to comply with the required data security standards, policies and procedures and have put adequate security measures in place.
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission and the UK.
- Where we use certain service providers, we will use standard data protection contract clauses which have been approved by the European Commission. These are designed to re-create data protections equivalent to those we enjoy in the EEA and in the UK.
- Where possible, Planday offers you the options to opt out of these data transfers.
Please contact us at email@example.com if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. By ticking the “I agree” button when first registering or logging into the App and by submitting your personal data, you consent to this transfer, storing or processing of your personal data with our sister companies and business partners located outside of the EEA.
How long we hold on to your information
Whilst you are an active user of the App we will hold on to your information for as long as needed to give you the best possible customer service. We may also keep a record of correspondence with you (for example, if you have asked us a support question or made a complaint) for as long as is necessary to protect us from a legal claim. As a starting point, personal data related to a specific agreement (including data regarding the provision and use of the App, any data contained in day-to-day queries and communication with you and/or to your registration for events etc.) will be deleted 5 years after the end of the financial year in which the customer relationship ended. Any data contained in day-to-day queries and communication with you, and not related to a specific agreement, will as starting point be deleted no more than 12 months after the end of the last communication.
Where we have collected the personal information based on your consent and we have no other lawful basis to continue with that processing, if you subsequently withdraw your consent, then we will delete your personal information. Personal data collected for direct marketing communication (when we inform you about goods or services) based on your consent will as a starting point be deleted no more than 12 months after the last piece of communication was sent, or 12 months after your consent was withdrawn.
In certain circumstances we may retain your personal data for a longer period where such retention is necessary for compliance with a legal obligation to which we are subject, to resolve disputes and enforce our agreements.
|Access||You have the right to request a copy of the personal data we hold about you, but we will not include anything that compromises another person’s confidentiality or intellectual property. We’ll aim to send this to you within 1 month of your request. If we can’t do this, we’ll let you know within the 1 month|
|Rectification||You have the right to ask us to correct any mistakes in your personal data|
|To be forgotten||You have the right to require us to delete your personal data in certain situations|
|Restriction of processing||You have the right to require us to restrict processing of your personal data in certain circumstances for example, if you don’t think it’s accurate|
|Data portability||You have the right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party in certain situations|
The right to object:
|Automated decision-making||Planday does not use any automated profiling. You have the right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.|
How to exercise your rights
To exercise your rights, please contact us at firstname.lastname@example.org If you are an employee of a Planday customer, we recommend you contact your company’s system administrator for assistance.
Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.
To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. At any time, you can amend your marketing preferences to reduce, remove or increase the amount we contact you with special offers. You can do this by contacting us at email@example.com.
Right to complain
In the event that you wish to make a complaint about how we process your personal information, please contact us in the first instance at firstname.lastname@example.org and we will endeavour to resolve your query as soon as possible. If you consider that our processing of your personal information infringes data protection laws, you have a legal right to complain to your national supervisory authority.
ICO (registration no. is ZA259339)
Datatilsynet (registration no. is 35107207)
Securing your information
Planday implements organisational, technical and physical measures to help safeguard against the accidental or unlawful destruction, loss, alteration and unauthorised disclosure of, or access to, the personal data we process or use. Planday is a certified holder of ISO27001 and CyberEssentials (UK Government-backed cyber protection scheme).
All information you provide to us is stored on secure servers within a private network and is encrypted when in transit between those servers and a third-party supplier. The key solutions we use are well-known, global businesses that are GDPR compliant and secure. We may use other smaller, local service providers from time to time and in these cases, will ensure that they are bound by the GDPR and obligations of confidentiality.
We have a security policy to ensure that we and our partners keep all data, not just personal data, secure and confidential. Despite this, nothing can be 100% secure and we will notify you and the relevant supervisory authority of a suspected data security breach where we are legally required to do so. You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our Site, associated services or App, please contact us at email@example.com
About Changes to this Policy