Privacy notice

Customers and potential customers

Perjantai Markkinointiviestintä Oy (trading as Plan-365)

Updated on 19 June 2022

1. General

   1. The purpose of this notice is to provide the information required by the EU General Data Protection Regulation 2016/679 (GDPR) to the data subject, in particular on how we collect, store and process personal data of our customers and potential customers. The term customers refers to customers who have downloaded or otherwise taken into use of the Plan-365 plan management tool (whether as a cloud-based or on-premises version), thereto related websites or other aspects of the service (the "Service"), the representatives of such customers, and the users of the Service within their respective organisations. The term potential customers refers to persons who have subscribed to the Plan-365 newsletter, or have shared with us their contact details in a chat, social media or through another similar instance.

2. Data controller

   1. Perjantai Markkinointiviestintä Oy (Business ID: 1907872-1, hereinafter "Plan-365", “we”) acts as the data controller with respect to the subscription data (including e.g. names, contact information, login information and payment details) collected or received in connection with the Service from the customer, any of the customer's users, or potential customers. With respect to the personal data stored by the customer (including its users) to the Service, the Service Provider will act as the data processor. Please note that the customer is the data controller with respect to such data, and the customer's privacy notice will govern the processing of such data.

3. Contact details

   1. Address: Linnankatu 3 A, 20100, Turku Finland. Email: privacy@plan-365.com

4. Purposes of processing and applicable lawful basis for processing

   Customers

   Potential customers

   1. We process personal data for the following purposes:
      • Maintenance of the Service and user data
      • Login and user log management
      • Customer relationship management and development, including billing
      • Customer service and technical support
      • Customer communication
      • Electronic direct marketing for add-on sales
      • Sales and marketing related activities, such as marketing events
      • Analytics and statistics, including visitor tracking and targeting of marketing
      • Maintenance of the Service and user data and login management (as applicable)
      • Sales and marketing related activities, such as marketing events and electronic direct marketing
      • Analytics and statistics, including visitor tracking on our website and targeting of marketing
   2. The processing of personal data for the maintenance of the Service and user data, login management as well as customer relationship management and development, including billing, customer service and technical support, customer communication and login management is based on the performance of a contract between the customer and us, as well as our legal obligation with respect to financial and subscription data needed for bookkeeping and similar regulated purposes.
   3. The processing of personal data for sales and other marketing related activities, such as marketing events, analytics and statistics, visitor tracking and targeting of marketing, as well as electronic direct marketing is based on our legitimate interest as well as (with respect to electronic direct marketing and use of cookies and other similar technologies) your consent, as applicable.

5. Categories of personal data and sources of personal data

   1. We process the following personal data of the customers and potential customers.
   2. Personal data related to customers and their representatives
      • Name and contact details such as e-mail address, phone number and the address of the company/organisation
      • Name of the company/organisation and a job title (as applicable)
      • Customer history (e.g. subscription periods and participation in events)
      • Login management (username and password)
      • Customer service and support related personal data
      • Marketing related personal data such as information on newsletter subscription
      • Marketing permissions and marketing bans
      • Personal data retrieved via cookies
      • Any other personal data given to us by you directly
   3. Note that we do not collect any payment information when you subscribe to or purchase one of our Services. We have an agreement with Paddle as reseller of our Services. See the section Recipients of Personal Data below for more information.
   4. Personal data related to potential customers
      • Name and (as applicable) contact details such as e-mail address, phone number and the address of the company/organisation
      • Name of the company/organisation
      • Marketing related personal data such as information on newsletter subscription
      • Marketing permissions and marketing bans
      • Personal data retrieved via cookies or similar technologies
      • Any personal data given to us by you directly
   5. We may also retrieve information from public sources such as the Finnish Business Information System.
   6. Website visitors
   7. We use cookies on our website. Cookies are small text files stored on the user's device used for login management, targeting of marketing, visitor analytics and other web analytics. For third party cookies, please see for more information here. Personal data is not used for profiling, and processing does not include automated decision-making.
   8. Personal data is not used for profiling, and processing does not include automated decision-making.
   9. Online purchases
   10. Your data that is required for your purchase will be collected by our online reseller and Merchant of Record, Paddle. Paddle will share your data with us for product fulfilment purposes. The non-personal purchase information we receive from Paddle may be linked to the Personal Information you provide to us. Paddle does not supply us with your credit card number and it’s stored only in Paddle’s or their subcontractors systems.
   11. Paddle has a privacy policy (https://www.paddle.com/legal/checkout-buyer-terms) that describes their collection and use of personal information. Plan-365 does not control Paddle or its collection or use of information. Any questions or concerns about Paddle’s practices should be directed to Paddle.

6. Recipients of personal data

   1. We may use the following processors in processing your personal data:
      • Amazon Web Services
      • Stripe
      • Paddle
      • ActiveCampaign
   2. We may disclose your personal data to the extent permitted and obligated by existing legislation, including in connection with business transactions and to selected partners in order to provide the Service, unless you deny the disclosure of your personal data. We may also transfer or disclose personal data to authorities, where required to do so by applicable laws.
   3. If Plan-365 is involved in a corporate transaction personal data may be disclosed to third parties in relation to such transaction in accordance with the applicable data protection laws.

7. Transfers of personal data to third countries

   1. As a rule, personal data processed by processors is not transferred outside the EU or the EEA. If any exceptions to the above prove necessary, we ensure that such transfers are subject to appropriate safeguards as required by data protection laws, such as the applicable standard contractual clauses approved by the European Commission.
   2. We also use cookies which may transfer personal data outside the EU or the EEA. More information on the use of cookies on our website is available here.

8. Retention of personal data

   1. The personal data of the customers is processed for the duration of the customer relationship and for a reasonable time after that as long as we have a legitimate basis for retaining the data. We retain certain personal data after the customer relationship based on a statutory requirements for the period required by accounting or other applicable mandatory laws, up to ten years. In individual cases, we may retain personal data in order to make, defend against or protect against a legal claim.
   2. We will retain the personal data of our potential customers for 12 months after the last user activity date, unless we are required by applicable laws to retain data longer. You can always object to processing your data or withdraw your consent during this period or prior to it.

9. Security of processing

   1. We have taken and maintain the necessary technical and organisational measures to ensure the security of processing and to monitor the use of personal data. Access to the personal data is limited only to persons for whom such access is necessary in the course of performing their tasks, and even then only to the extent required for the performance of such tasks.
   2. Appropriate access control is arranged in the business premises. IT systems and work equipment, such as the computers are protected with, inter alia, password, firewall, regular security updates and SSL / encrypted connections.

10. Your rights as a data subject

    1. As a data subject, you have the following rights:
       • Right to access
         • You have the right to know whether your personal data is being processed and what personal data is processed. You may also request for a copy of your personal data.
       • Right to rectify your personal data
         • You have the right to request that inaccurate and incorrect personal data relating to you be rectified or completed.
       • Right to erasure
         • You have the right to request the erasure of your personal data in some cases.
       • Rights to restrict processing of your personal data and to object to processing
         • You may in some cases have the right to restrict the processing of your personal data.
       • Right to object
         • You may have the right to object to the processing of your personal data in some cases.
         • You always have the right to object to the processing of your personal data for electronic direct marketing purposes.
       • Right to data portability
         • To the extent that we process your personal data on the basis of a contract or your consent and the processing is carried out automatically, you have the right obtain the personal data relating to yourself that you have provided to us in a structured, commonly used and machine-readable form, and the right to transmit this data to another controller.
       • Right to withdraw consent
         • You have the right at any time to withdraw your consent to the processing of personal data. Withdrawal of consent has no effect on the lawfulness of processing carried out prior to withdrawal.
    2. The use of a data subject’s rights depends on the details of the processing. Importantly, the data subject’s rights are determined by the legal basis used for specific processing situations (see section 4 above). For additional information on the use of a data subject’s rights in different situations, please visit e.g. the Finnish Data Protection Ombudsman’s website: https://tietosuoja.fi/en/what-rights-do-data-subjects-have-in-different-situations

11. Right to lodge complaint with supervisory authority

    1. You have the right to lodge a complaint with the competent supervisory authority, in particular in the EU/EEA member state of your habitual residence, place of work or place of the alleged infringement, if you consider that your personal data has been processed in violation of applicable data protection laws.
    2. In Finland, the supervisory authority is the Office of the Data Protection Ombudsman, whose contact information is accessible through the following link: https://tietosuoja.fi/en/contact-information