Effective Date: May 25, 2018
1. Privacy Practices Specific to Service Data
a. Types of Service Data
b. Uses of Service Data
Subject to our contractual obligations, and depending on the particular PlanGrid Services, we use the information described above as follows:
c. Disclosures of Service Data
Subject to our contractual obligations, and depending on the particular PlanGrid Services, we share the information described above as follows:
To enforce the legal terms that govern the PlanGrid Services;
To comply with law, and where we deem disclosure appropriate to protect rights, safety and property (for example, for national security or law enforcement);
As part of a business sale, merger, consolidation, change in control, transfer of substantial assets or reorganization; or
For other purposes requested or permitted by our customers or users.
For those purposes, we may share Service Data with our affiliates and other entities that help us with any of the above.
2. Privacy Practices Specific to Business Data
a. Types of Business Data
Business Data consists of contact details, professional details (e.g., title and name of company), information about an individual’s interactions with PlanGrid or our partners, and payment information that we collect for our own business activities, as opposed to data that we collect on behalf of a particular customer.
We obtain Business Data directly from the relevant individuals, and also from third-party sources, such as their employers, marketing or lead generation companies and other third-party data aggregators, and social networking platforms (e.g., LinkedIn).
b. Uses of Business Data
PlanGrid uses and discloses Business Data as follows:
c. Disclosures of Business Data
Subject to our contractual obligations, we share the information described above as follows:
For those purposes, we may share Business Data with our affiliates and other entities that help us with any of the above.
d. Legal Basis for Processing Business Data
The laws in some jurisdictions require companies to tell you about the legal ground they rely on to use or disclose your personal data. To the extent those laws apply, our legal grounds for processing Business Data are as follows:
To honor our contractual commitments to you: Much of our processing of personal data is to meet our contractual obligations to our customers, or to take steps at customers’ request in anticipation of entering into a contract with them.
Consent: Where required by law, and in some other cases, we handle personal data on the basis of consent.
Legitimate interests: In many cases, we handle personal data on the ground that it furthers our legitimate interests in commercial activities such as the following in ways that are not overridden by the interests or fundamental rights and freedoms of the affected individuals:
Protecting our customers, personnel and property
Analyzing and improving our business
Managing legal issues
(We process Service Data pursuant to our contracts with our customers and applicable law.)
3. Additional Information About Our Privacy Practices (applicable to both Service Data and Business Data)
a. Security and Data Retention
To provide security for Service Data, we maintain physical, organizational and technical safeguards, which are subject to periodic changes. We use different safeguards to help secure Business Data.
If you use third-party software integrated into our service (for example, Google Drive, Box, Dropbox or other integrations), your information will be handled by such third party subject to their own privacy and security policies or procedures, which we do not control.
b. Personal Data Rights and Choices (including Direct Marketing Opt-Out)
All users can review and update certain user information by logging in to the relevant portions of the PlanGrid platform. You can unsubscribe from marketing emails by clicking the "unsubscribe" link they contain. Users can deactivate their accounts by contacting us at firstname.lastname@example.org, subject to any contractual provisions between PlanGrid and the customer responsible for the account. Controls related to cookies and other automated data collection are described in the section below.
Residents of the European Economic Area, Canada, Australia and many other jurisdictions have certain legal rights (including, in certain cases, under the EU-U.S. and EU-Swiss Privacy Shield Frameworks after our Privacy Shield certification takes effect) to obtain confirmation of whether we hold personal data about them, to access personal data we hold about them, and to obtain its correction, update, amendment, or deletion in appropriate circumstances. In limited cases, they have the right to receive information we hold about them in portable form and to have it transmitted to a third party. They also have rights to object to our handling of their personal data, to restrict its processing, and to withdraw any consent they have provided.
For example, individuals have a right to opt out of our processing of Business Data for direct marketing purposes.
Many of the rights described above are subject to significant limitations and exceptions under the Privacy Shield Frameworks and applicable law. For example, objections to the processing of personal data, and withdrawals of consent, typically will not have retroactive effect. Individuals also have a right to lodge a complaint with the relevant supervisory authority, but we encourage individuals to contact us first, and we will do our best to resolve any concern.
c. Cookies and Automated Data Collection
We and third parties may use automated means to read or write information on users’ devices, such as in various types of cookies and other browser-based or plugin-based local storage (such as HTML5 storage or Flash-based storage).
These technologies help us (a) keep track of whether you are signed in or have previously signed in so that we can display all the features that are available to you; (b) remember your settings on the pages you visit, so that we can display your preferred content the next time you visit; (c) display personalize content; (d) perform analytics, and measure traffic and usage trends, and better understand the demographics of our users; (e) diagnose and fix technology problems; and (f) otherwise plan for and enhance our business.
Also, in some cases, we facilitate the collection of information by advertising services administered by third parties. The ad services may track users’ online activities over time by collecting information through automated means such as cookies, and they may use this information to show users ads that are tailored to their individual interests or characteristics and/or based on prior visits to certain sites or apps, or other information we or they know, infer or have collected from the users. For example, we and these providers may use different types of cookies, other automated technology, and data (a) to recognize users and their devices; (b) to inform, optimize, and serve ads; and (c) to report on our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services (including how they are related to visits to specific sites or apps).
To learn more about interest-based advertising generally, including how to opt out from the targeting of interest-based ads by some of our current ad service partners, visit aboutads.info/choices or youronlinechoices.eu from each of your browsers and devices.
You can opt out of Google Analytics and customize the Google Display Network ads by visiting the Google Ads Settings page. Google also allows you to install a Google Analytics Opt-out Browser Add-on for your browser.
To opt out of our use of Inspectlet, which makes a replayable record of visits to the marketing portion of our website (not the part that delivers our service) for analytics and troubleshooting purposes, go here.
To opt out of our use of Optimizely, which helps us understand what workflows customers like better, go here.
If you replace, change or upgrade your browser, or delete your cookies, you may need to use these opt-out tools again. We do not respond to browser-based do-not-track signals.
Please visit your mobile device manufacturer's website (or the website for its operating system) for instructions on any additional privacy controls in your mobile operating system, such as privacy settings for device identifiers and geolocation.
d. International Data Transfers
As a business subject to the investigatory and enforcement authority of the United States Federal Trade Commission, PlanGrid has certified that its U.S. operations adhere to the Privacy Shield with respect to the personal data that PlanGrid receives in reliance on the Privacy Shield. Our Privacy Shield certification has been submitted, and it will be available at https://www.privacyshield.gov/list when it takes effect. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.
When PlanGrid receives personal data under the Privacy Shield and then transfers it to a third-party service provider acting as an agent on PlanGrid’s behalf, PlanGrid may have certain responsibility under the Privacy Shield if both (a) the agent processes the information in a manner inconsistent with the Privacy Shield and (b) PlanGrid is responsible for the event giving rise to the damage.
PlanGrid has committed to refer unresolved privacy complaints under the EU-U.S. and Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism. Please visit JAMS for more information or to file a complaint.
If your complaint still is not resolved through these channels, under limited circumstances, an additional binding arbitration option may be available before a Privacy Shield panel, as described at https://www.privacyshield.gov.
Please note that PlanGrid’s customers may transfer personal data to PlanGrid on the basis of other legal mechanisms approved by the European Commission and other relevant authorities for cross-border data transfers, such as Standard Contractual Clauses. To exercise any legal right to see copies of the data transfer mechanism documents that PlanGrid uses to transfer data to third parties, please contact us. Our product allows our customers and users to make international data transfers to third parties, for which they are solely responsible.
e. Notification of Changes
f. Contact Information
PlanGrid, Inc. 2111 Mission St #404 San Francisco, CA 94110 Telephone: +1 (800) 646-0796
PlanGrid UK Limited. Floor 11, Whitefriars, Lewins Mead Bristol, BS1 2NT, UK Telephone: +44 (0)20 3695 0292
PlanGrid Australia PTY LTD. Level 10, 10 Spring St Sydney NSW 2000 Telephone: 1800 316 406
PlanGrid Canada ULC 40 University Avenue, Suite 904 Toronto, ON M5J 1T1 Canada
PlanGrid Hong Kong Limited 5/F., Heng Shan Centre, 145 Queen’s Road East, Wanchai, Hong Kong