Information collected about you

When you interact with our websites, products, services, customer support channels, or job application process at Anaplan, we may ask you to provide some personal information. When we request this type of information, we will notify you as to why we are asking for information and how this information will be used.

• Contact data: The information we may collect includes your personal and/or business contact information, such as your first and last name, email address, phone number, mailing address, and information about the organization you represent, and other similar data and identifiers.
• Account data: We collect first and last name, username, and passwords when your Anaplan account is activated.
• Professional and employment data: We may collect your job title, professional certifications details, employment history, and similar information when you register for our events, participate in user research, or apply for a job at Anaplan.
• Payment and billing data: We collect information necessary for processing payments and preventing fraud, including bank account details and other related billing information.
• Location data: We collect geolocation data when you choose to provide location-related information when interacting with our website.
• Sensitive data: We do not generally seek to collect sensitive personal data. However, we may collect some sensitive data, such as your gender, diversity and inclusion, veteran, or disability details when you apply for a job at Anaplan.
• Biometric data: When you interact with our customer support or participate in user research studies, we may collect video and/or audio recordings, and transcripts of those recordings. We may also collect your photo or video footage via CCTV cameras when you visit our office.
• Other information: Examples of other information that we may collect from you include information you provide when you interact online or by phone with our customer support channels, or any additional information you chose to provide to us while interacting with our websites, products, and services.

Information collected automatically

We may collect information automatically from your device, such as through the website’s internet access logs and technology.

• Device data: We may collect information about your device, including internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
• Online activity data: we use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather other information about our user-base. You can control the use of cookies at the individual browser level by updating your
   
  but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

Information collected from third parties

• Data brokers: We may receive commercially available data such as name, mailing address, email address, job title, and other business contact details.
• Advertising providers: Our third-party providers may use technologies such as cookies to gather information about your activities on this site and other sites to provide you with advertising based upon your browsing activities and interests.
• Analytics providers: We may receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including selected partners and companies that specialize in providing enterprise data, analytics, and software as a service.

Data submitted through the Anaplan platform

While using Anaplan product and services, customers may load various types of data to our platform. Platform data is governed by the contractual agreements between Anaplan and customers. Anaplan will not disclose or distribute any such platform data except as provided in the contractual agreement between Anaplan and the customer or as may be required by law.

We use and process your data for the following business purposes:

• Provisioning and operating: We use your data to operate our websites and provision our products and services. The use of information collected through the platform is limited to the purpose of providing the service for which a customer engaged Anaplan.
• Marketing and advertising: We use your data to serve personalized content on our websites to you and inform you about the products and services that we think may be of interest to you.
• Billing and payments: We use your data to invoice and process payments.
• General communication: We may use your data to respond appropriately to your comments, questions, requests, and inquiries.
• Product service communication: We may use your data to communicate with you directly for upcoming product releases, service updates, or if we detect suspicious activity on your account.
• Product support and improvement: We use your data to address or prevent service or technical problems and to respond to support issues. We may also use your data to improve the performance of our products, services, and support channels.
• Security: We use your data to provide online security for our websites, products, and services. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
• Research and development: We use your data to innovate new and existing product features using research and development tools and incorporating data analysis activities.
• Mergers and acquisitions: If we take steps to enter into a reorganization, restructuring, merger, acquisition, or transfer of assets (“Business Transfer”), we may also use your personal information as reasonably necessary to give effect to that Business Transfer.
• Job applications: We may use your data to manage your job application process.
• Events and webinars: We may use your data to facilitate conferences, webinars, and other events.
• Compliance with law: Where required, we may use your data to comply with applicable laws, regulations, court orders, government, and law enforcement requests, to investigate security and privacy incidents, and to solve any customer disputes.
• Legal basis for processing: Under the General Data Protection Regulation (GDPR), we process your personal data on several different legal basis, as follows:
  • Based on necessity to perform contracts with you: When you access, use, or register for services, you form a contract with us based on the applicable terms of use or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
  • Based on compliance with legal obligations: We may need to process your personal data to comply with relevant laws or regulatory requirements, and to respond to lawful requests, court orders, and legal processes.
  • Based on our legitimate interests: We process your personal data to send you invitations to relevant Anaplan products, services, and newsletters (unless you have opted out), understand which offerings may be relevant to you, and to improve our products, solutions, and business practices.
  • Based on your consent: In certain situations, we process your data based on your consent. When applicable, we will ask for your consent before we process your information. You have a right to withdraw your consent at any time.

We may also use your personal information as instructed by you for other purposes, which we would describe to you when we collect the information.

• Anaplan entities: We may transfer your personal data to other Anaplan entities in the United States and internationally for the purposes outlined in this Statement.
• Service providers: We may disclose your information to affiliated and unaffiliated service providers such as our hosting, billing, collaboration, email service, analytics, advertising, customer service, event, or campaign management providers to help us with the activities described in this Statement. These companies are authorized to use your personal information only as necessary to provide these services to us or on our behalf.
• Trusted partners: We may partner with other companies that offer products or services related to ours or that host or sponsor-related events. We may disclose your information to these business partners if you express interest in such products, services or events. If you provide your personal information to event sponsors at their booths or presentations, you should review their privacy policies to learn how they use personal information.
• Business transfers: If Anaplan is involved in a business transfer, you will be notified of any change in ownership or new uses of your personal information, as well as any choices you may have regarding your personal information.
• Compliance with law: We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process and when we believe, in good faith, that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

Anaplan will not use or disclose your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether we may use your personal information in a different manner.

In accordance with applicable laws, personal information covered by this Statement may be transferred to and processed outside of the country in which you are resident to Anaplan or its affiliates, subsidiaries, or service providers, including to the United States, Australia, Singapore, and other countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Statement wherever it is processed. By submitting your personal information to Anaplan, you consent to such transfers and to the worldwide processing of your personal information.

Certain recipients (our service providers and/or Anaplan group companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will make sure that an appropriate transfer agreement is put in place to protect your personal data.
 

EU-U.S. transfer of personal data

When we transfer personal data out of the European Economic Area (EEA), Switzerland, and the UK to countries that do not benefit from an adequacy decision, as determined by the European Commission, we will rely on Standard Contractual Clauses approved by the European Commission and other contractual measures to ensure that adequate safeguards are in place with respect to the data.
 

EU and Swiss – U.S. Privacy Shield

Anaplan participates in and has certified its compliance with the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks (collectively, the “Privacy Shield”). We are committed to subjecting all personal data received from European Union (EU) member countries, United Kingdom, and Switzerland, respectively, in reliance on the Privacy Shield and in accordance with the Privacy Shield’s Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity, Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Privacy Statement and the Privacy Shield Principles, the more privacy protective terms shall govern. To learn more about the Privacy Shield, visit the U.S. Department of Commerce’s Privacy Shield site.

Under the Privacy Shield, we are responsible for the processing of personal data we receive and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

Although Anaplan adheres to the EU-U.S. Privacy Shield and the Swiss-US Privacy Shield Frameworks, Anaplan no longer relies on the Privacy Shield Frameworks as a legal mechanism for transfers of personal data considering the invalidation by the Court of Justice of the European Union and the Federal Data Protection and Information Commissioner (FDPIC) of Switzerland.

In compliance with Privacy Shield Principles, Anaplan commits to resolve complaints about your privacy and our collection or use of you personal information. EU and Swiss individuals with inquiries or complaints regarding our privacy practices should first contact Anaplan.

If you live in the EU or Switzerland and have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request. You may have the option to select binding arbitration for the resolution of your complaint when other dispute resolution procedures have been exhausted.

For purposes of enforcing compliance with the Privacy Shield, we are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

We retain your personal data as required or permitted by law and while the data continues to have a legitimate business purpose.

We have taken steps intended to maintain the security of your data and follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. You should understand that the open nature of the internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. If you have any questions about security or any reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us at security@anaplan.com.
 

Platform data retention and security

Anaplan retains platform data according to the timeframes set forth in the relevant agreements with its customers and in compliance with applicable law. Anaplan will retain this personal information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Anaplan maintains a comprehensive written information security program that contains administrative, technical, and physical safeguards designed to prevent unauthorized access to customer data.

Our websites include links to other third-party sites for your convenience and information. If you access those links, you will leave the Anaplan websites and if you submit personal information to any of those third-party sites, your information is governed by their privacy policy, which may differ from Anaplan’s. Anaplan does not endorse or make any representations about third-party websites. We encourage you to carefully read the privacy policy of any website you visit.

Our websites include social media features, such as the Facebook Like button and widgets, the “Share this” button, or interactive mini-programs that run on our site. These features may collect your IP address and which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or are hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the feature.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, please contact us at legal@anaplan.com.
 

Blog/forum

Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Anaplan is not responsible for any information you choose to submit in these forums. Please request the removal of your personal information from our blog or community forum by submitting an Individual Rights Management request. In some cases, we may not be able to remove your personal information, in which case, we will let you know if we are unable to do so and why.
 

Community sites

When you get access to the Anaplan Platform, you may also have access to community sites that allow you to subscribe using your email address and to post information under your user name. As a user, you can request deletion of your community profile by sending an email to support@anaplan.com.

We give you the option to receive a variety of marketing communications that may include product or services information, events and conferences, blog updates, premium content, training information, or invitations to participate in user research. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive. You can manage your communication preferences at any time. If you don’t want to receive a particular type of marketing material from us, click the “unsubscribe” link in the corresponding emails, or update your preferences in our Preference Center. Anaplan provides you with choices about the setting of cookies and other automatic data collection tools. You can learn more about our use of these tools and how to opt-out by visiting your cookie preferences or, if located in the European Union, click here.

Our websites, products and services are not intended for use by anyone under the age of 16. Anaplan does not knowingly collect personal information from anyone under the age of 16. If you are under 16, you may not attempt to register for our events and services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal information from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal information, please contact us at the email or mailing address provided at the end of this Statement.

Depending on your location and subject to applicable laws, you may have certain data protection rights.
 

California residents

If you are a California resident, you can find information about how we use your personal data and about your privacy rights in the California Privacy Notice section of this Statement.
 

EEA and UK residents

If you are a resident of the EEA or the UK, you have the following data protection rights:

You may be entitled under applicable privacy laws to know whether we hold information about you and, if we do, to have access to that information and require it to be corrected if it is inaccurate. Additionally, you may be entitled under applicable privacy laws to have your personal information deleted or removed, or to object to our processing of your personal information on grounds specified by applicable laws.

To exercise any privacy rights, please submit an Individual Rights Management request or by calling +1 (855) 928-6500. For your protection, we may only process requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before processing your request. We will respond to your requests within the timelines prescribed by applicable law.

We will retain your information for as long as your account is active or as needed to provide you with services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements
 

Platform user’s rights

Subject to limited exceptions under applicable law, Anaplan acknowledges that you may have the right to access, update, correct, and delete your personal information.

Please be advised that if we act as data processor/service provider to process personal information, we do so on behalf of our customers under the terms of a service agreement or similar agreement, and the information you have requested therefore is under the control of that customer. Accordingly, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her question to the applicable customer. If the customer requests Anaplan to remove the personal data to comply with data protection regulations, Anaplan will assist the customer with such removal in accordance with customer’s instructions and subject to Anaplan’s ability to access the data as needed to respond to the request.

This Notice supplements information contained in Anaplan’s Privacy Statement and is applied solely to residents of the State of California (“consumers” or “you”). Anaplan adopts this Notice and Statement to comply with the California Consumer Privacy Act (CCPA) of 2018, as amended from time to time. Any terms defined in the CCPA have the same meaning when used in this Notice and Statement. This Notice and Statement does not reflect our collection, use, or disclosure of California residents’ personal information where an exception under the CCPA applies.

California law defines “personal information” broadly as information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household. This notice also uses that definition for personal information.
 

Collection of personal information

Please see the “What personal information we collect and how we collect it” section earlier in this Privacy Statement to understand the sources from which we get personal information.

We listed below categories of personal information we collect about California residents and that we have collected in the preceding 12 months. For each category of personal information, we have collected, we have included the reference to the enumerated category or categories of personal information in the definition of this term in the CCPA that most closely describes such personal information.

• Identifiers: First and last name, address/billing address, telephone number, email address, user name, and IP address.
• Personal information categories listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)): First and last name, date of birth, address, telephone number, bank account number, and other financial information.
• Characteristics of protected classifications under California or federal law: Age, gender, diversity, and inclusion information.
• Biometric identifier: Video and voice recordings.
• Internet or network information: Browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data.
• Geolocation data: The approximate physical location associated with your IP address.
• Professional or employment information: Your job title and organizational affiliation, professional certification details, and employment history.
• Sensory information: Video and voice recordings.

Sharing of personal information

Please see the “To whom do we disclose personal information” section earlier in this Privacy Statement to understand how we may disclose your personal information.
 

California law provides you with the following rights:

• Access: You may request access to the specific pieces of personal information collected about you over the past 12 months.
• Deletion: You may request deletion of your personal information. We may retain personal information as required or permitted by law and will maintain a copy of your deletion request.
• Disclosure: You may request disclosure of the categories of personal information we collect, the purposes for which we collect, sell, or disclose that information, and the categories of third parties with whom we share the information.
• Non-Discrimination: You may not be discriminated against because you exercise any of your rights under the CCPA, in violation of California Civil Code § 1798.125.

To exercise your California privacy rights, submit a request using one of the methods described below, and provide the information required.

To exercise any privacy rights, please submit an Individual Rights Management request or by calling +1 (855) 928-6500. For your protection, we may only process requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before processing your request. We will respond to your requests within the timelines prescribed by applicable law.

When a business sells your personal information, you have a right to opt out of such a sale. Anaplan does not sell, and in the preceding 12 months did not sell, California residents’ personal information. Anaplan does not have actual knowledge that it sells the personal information of minors under 16 years of age.
 

Authorized Agent

You can designate an authorized agent to make a request under the CCPA on your behalf if:

• The authorized agent is a natural person, or a business entity registered with the Secretary of State of California and the agent provides proof that you gave the agent signed permission to submit the request.
• You directly confirm with Anaplan that you provided the authorized agent with permission to submit the request.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please ensure that the authorized agent sends an email to privacy@anaplan.com with the subject line “California request to delete” and including the attachment of both the user in question and the Authorized agent’s ID with a notarized letter verifying the relationship (e.g., parent or guardian), and including detailed information about the requested data to be deleted.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.
 

California Shine the Light

Residents of the State of California, under California Civil Code § 1798.83, have the right to request a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes from companies conducting business in California. Alternatively, the law provides that if the company has a privacy policy that gives either an opt-out or opt-in choice for use of your personal information by third parties (such as advertisers) for marketing purposes, the company may instead provide you with information about how to exercise your disclosure choice options.

This comprehensive Privacy Statement from Anaplan provides you with details about how you may either opt-out or opt-in to the use of your personal information by third parties for direct marketing purposes. Therefore, we are not required to maintain nor disclose a list of the third parties that received your personal information for marketing purposes during the preceding year.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please feel free to contact our U.S.-based third party dispute resolution provider (free of charge) here.

Alternatively, you can contact the data protection supervisory authority in your jurisdiction for assistance. Contact details for data protection authorities in the EEA and the UK are available here, and for Swiss Federal Data Protection and Information Commissioner (FDPIC) here.

We may update this Statement from time to time in response to changing legal, technical, or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We encourage you to periodically review this page for the latest information on our privacy practices.