Last updated: 09 January 2019
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation (which applies across the European Union) and other data protection laws and we are responsible, as controller, for that personal information for the purposes of those laws.
|Full name of legal entity||Planit Canada Incorporated|
|Postal address||468 Rue Main, Hudson, QC, J0P 1H0|
|Telephone number||1 888 824 1474|
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender.
- Contact Data includes billing address, delivery address, contact details such as email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, network and device identification and other technology on the devices you use to access our website.
- Profile Data includes biographical information about yourself, which may include details of your social media presence, your job title/role, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.
How that personal data is collected
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when, amongst other things, you apply for our products or services, subscribe to our products or services, register on our website request marketing information from us, furnish our representatives with your business card, give us feedback or contact us or when we contact representatives of your company.
- Third parties or publicly available sources. We may obtain personal data about you from various third parties as set out below:
- Technical Data: from analytical providers.
- Contact, Financial and Transaction Data: from providers of technical and payment services.
- Identity and Contact Data: from data brokers or aggregators.
- Identity and Contact Data: from publicly available sources.
How we use/process your personal data
We will only use your personal data when the law allows There are various legal bases upon which we may rely, depending on what personal information we process and why. The legal bases we may rely on most commonly, include:
- Consent: Where you have given us clear consent for us to process your personal information for a specific purpose.
- Contract: Where our use of your personal information is necessary for a contract we are about to enter into or have entered into with you, or because you have asked us to take specific steps before entering into a contract.
- Legitimate interests: Where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information, which overrides our legitimate interests).
- Legal obligation: Where our use of your personal information is necessary for us to comply with the law (not including contractual obligations).
The purposes for which we will use your personal data
We have set out below, in a table format, a description of the ways (i.e. the purpose/activity) in which we may use your personal data (including the different kinds of personal data referred to above) and which of the legal bases on which we may rely to do so. We have also identified what our legitimate interests are where appropriate.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer with us||(a) Identity
|Performance of a contract with you|
|To process and deliver your order including:
(a) Providing quotations to you, order administration, providing our products and services to you/your company
(b) Responding to your service requests
(c) Invoicing, managing payments, fees and charges
(d) Collecting and recovering money owed to us
(f) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you which will include:
(b) Asking you to leave a review or to provide a customer testimonial or survey
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(f) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our websites, products or services, marketing, customer relationships and experiences||(a) Identity
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to improve our products, to develop our business and to inform our marketing strategy)|
|To carry out marketing and to make suggestions and recommendations to you about products or services that we offer and any publications and events that we think may be of interest to you based on previous purchases and interest shown in our products or services.||(a) Identity
(f) Marketing and Communications
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on which products, services and offers may be relevant for you.
You will receive marketing communications from us if you have requested information from us or purchased products or services from us and you have not opted out of receiving that marketing.
We will always obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.
Providing your personal data to others
We may share your personal data with the following:
- Internal third parties such as companies within the Hexagon group of companies.
- External third parties such as our partner service providers or suppliers (including our CRM solution providers) who manage and support us in providing the software applications we provide or in operating our website.
- Our professional advisers insofar as is reasonably necessary for the purposes of us managing risks, obtaining professional advice and managing legal disputes
Where we provide your personal data to any third party, we will ensure that this processing is protected by appropriate safeguards including a suitable data processing agreement with that third party.
In addition to the specific disclosures of personal data detailed above, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation we have to comply with, or in order to protect your vital interests or the vital interests of another individual.
Transfer of your personal data to third countries
Your personal data may be transferred to a country outside of EEA such as Canada (commercial organizations), New Zealand, Switzerland, and US (limited those providers that are part of the Privacy Shield framework) which offer similar level of protection as within the EEA.
Your personal data may be transferred to a country outside of EEA such as Australia, Brazil, Chile, China, Colombia, Hong Kong, India, Indonesia, Japan, Malaysia, Mexico, Peru, Philippines, Russia, Singapore, South Africa, South Korea, Taiwan, Thailand, UAE, United States, Venezuela, which may have a lower level of protection than within the EEA.
Whenever we transfer your personal data out of the EEA, we will ensure that either (a) The European Commission has made an “adequacy decision” with respect to the data protection laws of the country to which it is transferred, or (b) we have entered into a suitable data processing agreement with the third party situated in that country, using standard contractual clauses approved by the European Commission, to ensure the adequate protection of your data.
In all cases, transfers outside of the EEA will be protected by appropriate safeguards.
Retaining and deleting personal data
Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
We may retain also your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
What are your rights?
You have the right to:
Request access to your personal data (commonly known as a “data subject access request”). This enables to you receive a copy of the personal data we hold about your and to check that we are lawfully processing it. Provision of such information will be subject to: your request not being found to be excessive, in which case a charge may apply; and the supply of appropriate evidence of your identity.
Request correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove your personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons (including where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for establishing, exercising or defending legal claims) which will be notified to you.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request restriction of processing of your personal data. In certain circumstances, you have the right for the processing of your personal data to be restricted. This is the case where: you do not think that the personal data we hold about you is accurate: your personal data is being processed unlawfully but you do not want your data to be erased: it is no longer necessary for us to hold your personal data for the purposes of our processing, but you still require that personal data in relation to a legal claim; and you have objected to processing, and are waiting for that objection to be verified.
Request the transfer of your personal data to you or a third party. We will provide you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent. Where you withdraw your consent, certain personal data (only to the extent that it is absolutely required), will be retained on our “do not contact” list.
Where we have sought your consent to the processing of your personal data, then you can withdraw your consent at any time by contacting us at the following e-mail address: email@example.com
Objections and complaints
We hope that we can resolve any query or concern you raise about our use of your personal data.
The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.
Identity of the controller
Planit Canada Incorporated of 468 Rue Main, Hudson, QC, J0P 1H0 is the controller of your personal data.
We are part of the Hexagon Group of companies and operate within a matrix/division structure, utilising data processing tools shared between Hexagon Group entities. It follows that your location and your business relationship with us are essential in determining the relevant controller(s) in terms of the processing of your personal data within the Hexagon Group.
Upon your request to the Privacy Officer, you will be provided with full details of the relevant controller(s) within the Hexagon Group which is/are responsible for the processing of your personal data. We will provide the name and the contact details of any data protection officer where appointed by the applicable controller.
Information regarding cookies
Cookies are small text files which are stored on your device and contain plain text. In all cases, cookies themselves do not have access to your device and can not ‘run’ like normal programs on your device.
Websites are ‘stateless’; each page exists in isolation, and so information can only be passed through URL parameters (the bits of text you sometimes see after a website address which start with a question mark), form parameters, or cookies. Cookies are the ‘cleanest’ and least intrusive (from a user’s point of view) and easiest to manage (from a website developer’s point of view) method for maintaining ‘state’ throughout your visit to a website.
Without the use of a cookie, you would be asked for the information stored in the cookie or to log in on every single page of the website!
Session cookies are temporary cookies, which exist for the duration your browser is running. When your browser is closed, the session cookies are lost. These are typically used to identify users when they log in. As the user browses the site, the web application knows which user is logged in and can tailor the experience accordingly and provide user-specific information, as appropriate.
Permanent cookies are permanent insofar as they remain on your device even after you close your browser. This makes them unsuitable for security purposes (such as session cookies), but perfect for storing personal preferences, such as your country and language preference (for formatting dates, times, etc.). Without these kinds of cookies, you would have to set such preferences on each visit to the website.
Third Party Cookies
Third party cookies are cookies (session or permanent) which are created not by our web applications, but by external agencies or companies. We use such cookies for tracking how visitors use our site, which enables us to improve our site content by seeing which pages are popular and how visitors navigate through the site. Such cookies are not created by our Web applications, but by the third parties. As such, the names of these may vary from time to time. Third party cookies do not personally identify you, but merely allow the third parties (and us in the case of analytics services) to keep a record of how you use the site.
Blocking and Removing Cookies
Any cookies can be blocked or removed from your browser at any time by following the relevant procedure specific to your browser. You retain full control of which cookies exist on your computer. You may also block the creation of cookies from all or individual sites.
You may block cookies on this site, but the site may not function as designed and you will be unable to log in where appropriate or retain any user preferences, so information may appear in the wrong locale or be unavailable.
Which cookies do you use?
|Session Cookies||PageProtect||Certain pages on this site may be password protected and require that a password is entered before they may be viewed. This cookie is created when the password has been entered successfully and allows users to view the one or more pages protected by the password, without needing to log in on each visit to the page(s) within one session.|
|Permanent Cookies||UserSettings||This cookie is used to store your country, language, time zone, and currency preferences. It means we can tailor content so that you only see content relevant to your country and in a format (e.g. date and time) which is familiar to you.|
|CFID/CFToken||These cookies are created automatically by our web application server to identify a visiting device uniquely. They do not track or record any of your activity.|
|Third Party Cookies||Google Analytics||We use Google Analytics for analysis of traffic to this website. Google create several cookies in connection with this service (e.g. __utma, utmb, __utmc, and __utmz). For more information about the cookies created, please see http://www.google.co.uk/intl/en/analytics/privacyoverview.html.
Google offers a browser add-on to prevent your data from being used by Google Analytics. See https://tools.google.com/dlpage/gaoptout
|YouTube||YouTube videos may be used in various places across this website. For more information about the cookies created, please see https://policies.google.com/technologies/cookies.|
|We may make use of Twitter’s integration code throughout our site, which allows visitors to identify useful information to others. For more information about the cookies created, please see http://twitter.com/privacy.|
|We may make use of Facebook’s integration code throughout our site, which allows visitors to identify useful information to others. For more information about the cookies created, please see http://www.facebook.com/about/privacy/.|
*These cookies require explicit opt-in consent from visitors. Functionality incorporating these will not be available until you consent.
HTML5 Local Storage
The local storage keys we user are as follows:
|Download_*||Stores the successful download of protected content.|
|PopUp_*||Stores information relating to display of pop-ups and pop-outs.|
|DataTables_DataTable_*||Used where datatables are displayed on stage to store user preferences and table status.|
Other local/session storage keys may be set via the third-party services mentioned above. As with cookies, local and session storage may be blocked by your chosen browser. Consult your browser provider for further information.
For further information and advice, including on how to manage and block cookies, see http://www.allaboutcookies.org.