Privacy

PlanBase Inc. Privacy Policy

Effective: August 24, 2007
Updated: October 9, 2023

Our Commitment To Privacy

Your privacy is important to us. To better protect your privacy we provide this notice explaining our online information practices and the choices you can make about the way your information is collected and used. To make this notice easy to find, we make it available on our homepage and at every point where personally identifiable information may be requested.

The Information We Collect and How We Use It:

This notice applies to all information collected or submitted on the PlanBase.com website, PlanBase Hoshin/Scorecard, Memory Jogger Digital Library, and Digital library purchases/renewals made on goalqpc.com.

Unless you otherwise consent, we do not share the information you provide about yourself with outside parties except to the extent necessary to provide you with the services you ask for or pay for. We never use or share the personally identifiable information provided to us online in ways unrelated to the ones described below without also providing you an opportunity to opt-out or otherwise prohibit such unrelated uses.

PlanBase.com

On some pages, you can make requests, and register to receive materials. The types of personal information collected at these pages are:

  • Name
  • Company Name
  • Email
  • Phone

We use your email addresses to have a sales, support, billing, or other representative contact you about services you pay for or information you request. Such addresses are not used for any other purpose and are not shared with other outside parties.

Customers and users of our applications may be contacted for technical support reasons. You can allow us to contact you with occasional updates about our company and our products by checking the box labeled, “Keep me informed of news and updates” on the Contact Us form on our website. Information you submit elsewhere on our website will not be used for this purpose.

PlanBase Hoshin and PlanBase Scorecard

The types of personal information collected in these applications are:

  • Name
  • Address
  • Phone Number
  • Email Address
  • User ID
  • Password
  • Login and Logout times
  • IP address
  • Browser Type and Version
  • Operating System Type and Version

The email address users provide to the application may be used to send them password reset emails and reminders or notifications in keeping with the services provided by our applications. For instance, “Someone has just assigned you a strategy”, or “A tactic you own has not been reviewed yet for this quarter.

If you wish, you can unsubscribe from reminder emails by logging in and un-checking the Allow Email box on your Account screen. In addition, each such email contains an unsubscribe header and a one-click unsubscribe link at the bottom to prevent such emails from being sent to you in the future. There is no way to unsubscribe from the security emails that are sent when you change your password or change your email address.

Each user’s name appears next to each item they own in the system. Clicking on the mail icon next to the name begins a blank email to that person. Hovering the mouse over the name reveals the phone number. Pages can be printed out by you or other people at your company who can view that page. One user’s name and/or email address may appear in notifications to another user in certain relevant situations such as, “Alice Zimmerman has approved your strategy”

Collecting this information is an important part of ensuring the security and reliability of PlanBase Hoshin/Scorecard. Tracking users is one of the ways we keep the system safe for everyone. Being aware of the browser and operating system that people view the system on ensures that the application works well for our users as their browsing habits change over time.

Login times on our demo system may be used to help our sales team know when the best time would be to follow up with you.

An individual who wishes to opt-out of the above uses of their data must petition their organization to purchase an on-site install of our software, or to be excluded from their organization’s license.

Memory Jogger Digital Library

On some pages, you can make requests, and register to receive materials. The types of personal information collected at these pages are:

  • Name
  • Email
  • Phone
  • The names of any companies or groups you may be associated with in our system.
  • The billing name and address associated with your account, or the company or group who paid for your account.
  • Password OR Google Identifier (if you “sign in with Google”)
  • Login and Logout times
  • Failed logins with your user ID
  • IP address
  • Browser Type, Accept Headers, and Version
  • Operating System Type and Version

The email address users provide to the application may be used to send them password reset emails and reminders or notifications in keeping with the services provided by our applications. For instance, “Your account is due for renewal”, or “Your account has been locked for too many failed sign-ins”

There is no way to unsubscribe from the security emails that are sent when you change your password or change your email address.

You can write notes in the margin of books and choose to make them visible to other users in your group/company. If you choose to make a note visible, your name and email address may be visible to anyone within that group (the same visibility as the note).

Your name, email address, and/or anonymous but unique identifiers are added to every copyrighted page you view or try to copy or print. Some of these additions are obvious, others are hidden. It is your responsibility to protect all downloads, login credentials, and screen-shots of copyrighted materials. We watermark every page in multiple ways with your Memory Jogger Digital Library account number which we can trace back to all your account and billing information over time.

Collecting this information is an important part of ensuring the security and reliability of Memory Jogger Digital Library, and protecting against piracy. Tracking users is one of the ways we keep the system safe for everyone. Being aware of the browser and operating system that people view the system with ensures that the application works well for our users as their browsing habits change over time.

Printed copies of all books are available through goalqpc.com. An individual who wishes to opt-out of the above uses of their data should not access any digital content on Memory Jogger Digital Library. Once digital content is accessed, we reserve the right to keep all details on the accessor for the life of the US copyright on that work.

Third Parties

If our use of a third party product or service could expose your information to that party, we first ensure that they provide equal or greater protections for your information. We have signed contracts with each applicable vendor stating they will protect your information in accordance with this policy.

Types of Third Parties and Purposes for Sharing

We currently contract dedicated server, network, and firewall resources from a third party in order to host PlanBase Hoshin/Scorecard and Memory Jogger Digital Library. A second vendor manages PlanBase associate email mailboxes (used for sales and support communications with you). A third vendor tracks all system emails for accurate delivery, to report incorrect addresses, and to ensure that you actually receive the notifications you pay for (described under “PlanBase Hoshin/Scorecard” and “and Memory Jogger Digital Library” above).

For those who signed up for the “keep me informed” newsletter, we provide your name and address to a legitimate, mailing list service who ensures that your information will only be used for delivery of those emails.

PlanBase Inc. may be required to disclose personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements.

PlanBase Inc. may be liable for certain onward transfers to third parties.

Our Commitment To Data Security

To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

Our Commitment to Children’s Privacy:

We never collect or maintain information at our website or applications from those we actually know are under 13, and no part of our website or applications are structured to attract anyone under 13.

How You Can Access or Correct Your Information

You can access all your personally identifiable information that we collect online and maintain by signing into your account and changing it. You should use this same procedure to correct factual errors in your personally identifiable information. Depending on your contract, you may be directed to an administrator at your company for help, or you may be able to contact us directly. If you have our email address, you can email us, otherwise, you can use the Contact Us form on our website or the phone number found there.

To protect your privacy and security, we may also take reasonable steps to verify your identity before granting access or making corrections. If you work for a company that uses PlanBase Hoshin/Scorecard or Memory Jogger Digital Library, and they pay for your information to be stored in our systems, you may have to tell them of your intent to delete your information before contacting us to purge all your information from our systems.

Data Privacy Framework Compliance

PlanBase Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) as set forth by the U.S. Department of Commerce. PlanBase Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

The Federal Trade Commission is the enforcement authority with jurisdiction over PlanBase Inc. compliance with the EU-U.S. Data Privacy Framework.

Privacy Complaints by European Union Individuals

In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), PlanBase Inc. commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF. EU individuals with inquiries or complaints should first contact PlanBase Inc. by filling out the Contact Us form on our website, or by mail at:

Attn: EU-U.S. Data Privacy Framework
PlanBase Inc.
260 Bear Hill Rd, Suite 100
Waltham, MA 02451
USA

PlanBase Inc. has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf

How To Contact Us

Should you have other questions or concerns about these privacy policies, please fill out the Contact Us form on our website or mail us at:

Privacy Questions
PlanBase Inc.
260 Bear Hill Rd, Suite 100
Waltham, MA 02451
USA

GDPR

The following sections were added 2018-05-25 for GDPR compliance.

Our Commitment to Fair and Transparent Processing

PlanBase believes that protection of your personal data is a fundamental right. We consider data protection when designing every new feature and perform a data protection impact assessment when relevant to any new features. Your personal data is yours, and we aim to keep exemplary care of any personal data that you may enter into PlanBase systems.

Legitimate Interests Pursued by PlanBase in specific contexts

In order to protect everyone’s data in PlanBase systems, it is necessary for us to keep identifying information about PlanBase users for a period of 13 months after any request for data deletion in order to connect possibly malicious activity with any perpetrators. We will not share or show that information anymore, merely keep it in PlanBase records against the possibility of later discovering a security incident.

If you do not request deletion, we keep your data for 13 months after you stop paying for PlanBase services. Data is also kept in double-encrypted offsite backups for a period of 7 years, but such data is not accessible without a time-consuming restore and it is only used for the purposes of data recovery and fraud detection/prevention. (Required disclosure for consent to process data GDPR Art 13.2.a).

In addition, in order to track and prosecute piracy, if digital content is accessed on Memory Jogger Digital Library, we may keep all details on the accessor for the life of the US copyright on that work. It is the end-user’s responsibility to protect all downloads, login credentials, and screen-shots of copyrighted materials. We watermark every page in multiple ways with each user’s Memory Jogger Digital Library account number which we can trace back to all your account and billing information over time.

Collection of Personal Data

We do not collect any GDPR special categories of personal data.

Storage of Personal Data

Your data will be stored in the United States.

Pseudonymisation of Personal Data

Whenever practical, users will be referenced by their ID or similar anonymous value so that personal information is only stored in one place and not mixed with other data. One notable exception is that users who try to copy or print copyrighted Memory Jogger Digital Library materials may see their own name, email, and other data collected by Memory Jogger Digital Library in the resulting copy as a reminder not to share without permission.

Information Provided to the Public and to Data Subjects

When you enter your name, telephone (optional), and email into PlanBase Hoshin/Scorecard or Memory Jogger Digital Library, that information will be visible to you and any users in your company with add-users permission (company is defined in the PlanBase system as a group of users).

PlanBase Hoshin/Scorecard

If you have permission to own something and someone has permission to assign you ownership of it, your name will show up in the select-owner drop-down. If you then take ownership of anything in the system, your contact information becomes visible to anyone who can see what you own. Unless your company turns on “public plans” and actually makes a plan public, that information is only visible to other users in your company not to the general public.

Memory Jogger Digital Library

You can write notes in the margin of books and choose to make them visible to other users in your group/company. If you choose to make a note visible, your name and email address may be visible to anyone within that group (the same visibility as the note).

Exercise of the Rights of Data Subjects Under GDPR

At any time you can delete or change the data in your account from the My Account screen (ACCESS AND RECTIFICATION). You can also request a one-time free digital download of your personally identifiable information (DATA PORTABILITY). Subsequent requests for this information may incur a processing fee.

Because we already limit the amount of information we collect and how we use that data, we may not be able to further restrict personal information processing without terminating your account. You are free to terminate when your contract comes up for renewal (or at any time for a demo account). (GDPR Art 13.2.b). If you find an opportunity to further protect your privacy, please let us know and we will consider adding such a feature in a subsequent release.

You may also have the right to exercise your individual rights under GDPR, or make a GDPR complaint, to the relevant local data protection authority (DPA). A list of DPAs is available at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

PlanBase Hoshin/Scorecard

You can delete your whole account by contacting support (ERASURE).

Memory Jogger Digital Library

You can delete your whole account by contacting support (ERASURE), but only if you have not yet accessed any protected copyrighted content. Once you have, you cannot delete your data until the US copyright on the copyrighted content you accessed has expired.