Product Privacy Policy

Last Modified: June 3, 2020

We at Plottu (Plottu and its Affiliates) are committed to protecting your privacy. This Product Privacy Policy applies to your use of the Plottu Service as a customer of Plottu. This Product Privacy Policy describes how we collect, receive, use, store, share, transfer, and process your Personal Data.
This Product Privacy Policy also describes how we process Customer Data on behalf of our customers in connection with the Plottu Services. This Product Privacy Policy does not apply to any information or data collected by Plottu as a controller for other purposes, such as information collected on our public websites or through other channels for marketing purposes. Please find the Plottu Privacy Policy that covers this information or data by clicking here. Plottu processes Customer Data under the direction of our Customers and Users, and has no direct control or ownership of the Personal Data we process on behalf of our customers. Customers are responsible for complying with any regulations or laws that require providing notice, disclosure, and/or obtaining consent prior to transferring the Personal Data to Plottu for processing purposes. Terms not otherwise defined herein shall have the meaning as set forth in the Plottu Customer Terms of Service. In the event of a conflict between this Product Privacy Policy and the Customer Terms of Service, the terms of the Customer Terms of Service will prevail.

Use of the Service

Our online Service allows users to upload and find relevant know-how to support them in their daily work. The information added to the Service, e.g. when a Service user adds the information, is stored and managed on our service providers’ servers. Plottu provides the Service for their own know-how sharing needs.

When using the Service, the users may share Personal Data such as e.g. first and last name, email address, physical address, or phone number. Plottu does not control the content of Knowledge Slices or the types of Personal Data that users may choose to share using the Service. That Personal Data is controlled by them and is used, disclosed and protected by them according to the privacy policies applicable to them. Plottu processes our customers’ information as they direct and in accordance with our agreements with our customers, and we store it on our service providers’ servers. Our agreements with our customers prohibit us from using that information, except as necessary to provide and improve the Service, as permitted by this Product Privacy Policy, and as required by law. Our customers control and are responsible for correcting, deleting or updating information they have collected from using the Service.

How we Share Information we Collect

With Service Providers
We employ other third-party service providers to provide services on our behalf to our customers, and Users of the Service and may need to share information with them to provide information, products or services. Examples may include analysing data or performing statistical analysis, processing payments, supplementing the information you provide us in order to provide you with better service, and providing customer service or support. These service providers are prohibited from using your Personal Data except for these purposes, and they are required to maintain the confidentiality of your information. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.

Due to Corporate Events
If we (or our assets) are acquired by another company, whether by merger, acquisition, bankruptcy or otherwise, that company would receive all information gathered by Plottu on the websites and the Service. In this event, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your Personal Data, and choices you may have regarding your Personal Data.

In accordance with Compelled Disclosure
We reserve the right to use or disclose your Personal Data if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.

Product Specific Privacy Disclosures

Third Parties
We may provide links within our sites and services to the sites or services of third parties. We are not responsible for the collection, use, monitoring, storage or sharing of any Personal Data by such third parties, and we encourage you to review those third parties’ privacy notices and ask them questions about their privacy practices as they relate to you.

Web Application
Users can access the Plottu Service from any web browser. When you use the Web Application, you provide the following personal data to us:

  • User Account Data is data your social network provides when login to the public knowledge hub, which typically includes a valid email address and name. We need this data to provide the services to you as well as to maintain and support your account.
  • Customer Account and Registration Data is data you provide when login to your company’s knowledge hub, which typically include a valid email address and (encrypted) password. We need this data to provide the services to you as well as to maintain and support your account.
  • Service Data (including Session, Location and Usage data): When you use our Service, we receive data that is automatically logged by the Service – for example, duration of session, connections made, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and other diagnostic data. We need this information to provide, operate, and improve our Services. We may collect location-based data for the purpose of providing, operating, and supporting the Service and for fraud prevention and security monitoring; you can disable location data transmission on devices at any time by disabling location services from the settings menu on your device.

Browser Extension
Users of the Plottu Service can install the Plottu Browser extension to access know-how from either the public or customer’s knowledge hub directly from the browser. When you use the browser extension, you provide the following personal data to us:

  • User Account Data is data your social network provides when login to the public knowledge hub, which typically includes a valid email address and name. We need this data to provide the services to you as well as to maintain and support your account.
  • Customer Account and Registration Data is data you provide when login to your company’s knowledge hub, which typically include a valid email address and (encrypted) password. We need this data to provide the services to you as well as to maintain and support your account.
  • Service Data (including Session, Location and Usage data): When you use our Service, we receive data that is automatically logged by the Service – for example, duration of session, connections made, hardware, equipment and devices used, IP addresses, location, language settings, operating system used, unique device identifiers and other diagnostic data. We need this information to provide, operate, and improve our Services. We may collect location-based data for the purpose of providing, operating, and supporting the Service and for fraud prevention and security monitoring; you can disable location data transmission on devices at any time by disabling location services from the settings menu on your device.
  • Websites you are looking at in an active browser tab are scraped to extract the main topics from the active webpage. The scraping of webpages only occurs when a user opens the extension in the browser. These keywords are then used to create a search query on the company’s knowledge hub. These keywords are not stored, shared or used for any other purpose than to provide you with relevant suggestions of content from your company’s knowledge hub.

Data Practices and Service Data
We automatically collect metrics and information about how Users interact with and use the Service. We use this information to develop and improve the Services. We may share or publish this service data with third parties in an aggregated and anonymised manner, but we will not include any User and Customer Data or Personal information that could identify Users.
We use User and Customer Data in an anonymised manner for machine learning that supports certain product features and functionality within the Service.
When you use the Service, we automatically collect log files. These log files contain information about a Users’ IT system, a User’s IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times, and referring website addresses. We use this information to ensure the optimal operation of the Service and for security purposes.

Why we collect data from users

We use the data we collect from users to:

  • provide and operate our Services;
  • address and respond to service, security, and customer support needs;
  • detect, prevent, or otherwise address fraud, security, unlawful, or technical issues;
  • comply with applicable laws and administrative requests, protect our rights, assert and defend against claims;
  • fulfil contracts;
  • maintain and improve our Services;
  • provide analysis or valuable data back to our customers and users;
  • conduct research and analysis for business planning and product development;
  • display content based upon your interests;

We strive to limit the types of personal data that is collected from, and processed on behalf of, our users to include only information which is necessary to achieve the purpose(s) for which it was collected and we do not use personal data for additional purpose(s) which are incompatible with their initial collection. In other words, we have measures and policies in place designed to ensure that we only collect and process information from our users that we believe is necessary to operate and provide them with a world-class Service.

How We Transfer Data We Collect Internationally

International Transfers within Plottu’s Entities
To facilitate our global operations, we transfer information to other countries and allow access to that information from countries in which the Plottu affiliated entities have operations for the purposes described in this policy.
This Privacy Policy shall apply even if we transfer Personal Information to other countries. We have taken appropriate safeguards to require that your Personal Information will remain protected. When we share information about you within and among Plottu’s affiliated entities, we make use of standard contractual data protection clauses, which have been approved by the European Commission, and we rely on the EU-U.S. and Swiss-U.S. Privacy Shield Framework to safeguard the transfer of information we collect from the European Economic Area and Switzerland.

International transfers to third parties
Some of the third parties described in this privacy policy, which provide services to us under contract, are based in other countries that may not have equivalent privacy and data protection laws to the country in which you reside. When we share information of customers in the European Economic Area or Switzerland, we make use of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks, European Commission-approved standard contractual data protection clauses, binding corporate rules for transfers to data processors, or other appropriate legal mechanisms to safeguard the transfer.

How We Protect Your Data

Securing your data, both online and offline, is a priority for us. We have implemented appropriate technical and organisational measures to protect your personal information and ensure a level of security appropriate to the risk.
Our servers are hosted in a world class data center that is protected by biometric locks and 24-hour surveillance. We ensure that our application is always up to date with the latest security patches.
All the services in our datacenter have certification for compliance with ISO/IEC 27001:2013, 27017:2015 27018:2019 and ISO/IEC 9001:2015.

Our data center is located in The Netherlands, Amsterdam and EU Safe Harbor compliant and all our plans include 256-bit SSL encryption for communication between servers and storage to keep your data and personal information safe at all times.

Data Subject Requests

We will work with Business Customers to respond to data subject requests as outlined in our DPA. You should also review our DPA to understand our obligations as a processor of your data and how we comply with relevant data protection laws.

Data Retention

Customer Data collected during your use of the Service is retained in accordance with the provisions of the DPA and is retained for as long as you have a paid Subscription and/or remain an active customer. Your data is deleted upon your written request or after an established period following the termination of all customer agreements. In general, Customer Data is deleted after your paid Subscription ends and your knowledge hub becomes inactive.