Information collected about you

When you interact with our websites, products, services, customer support channels, or job application process at Anaplan, we may ask you to provide some personal information. When we request this type of information, we will notify you as to why we are asking for information and how this information will be used.

• Contact data: The information we may collect includes your personal and/or business contact information, such as your first and last name, email address, phone number, mailing address, and information about the organization you represent, and other similar data and identifiers.
• Account data: We collect first and last name, username, and passwords when your Anaplan account is activated.
• Professional and employment data: We may collect your job title, professional certifications details, employment history, and similar information when you register for our events, participate in user research, or apply for a job at Anaplan.
• Payment and billing data: We collect information necessary for processing payments and preventing fraud, including bank account details and other related billing information.
• Location data: We collect location data when you choose and opt-in to provide location-related information when interacting with our website.
• Demographic data: We may collect when you choose to provide some demographic data, such as your gender, diversity and inclusion, veteran, or disability details when you apply for a job at Anaplan.
• Video or voice data: When you interact with our customer support or participate in user research studies, we may collect video and/or audio recordings, and transcripts of those recordings. We may also collect your photo or video footage via CCTV cameras or other technologies when you visit our office or participate in our events and conferences.
• Other information: Examples of other information that we may collect from you include information you provide when you interact online or by phone with our customer support channels, or any additional information you chose to provide to us while interacting with our websites, products, and services.

Information collected automatically

We may collect information automatically from your device, such as through the website’s internet access logs and technology.

• Device data: We may collect information about your device, including internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the site.
• Online activity data: we use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather other information about our user-base. You can control the use of cookies at the individual browser level by updating your cookie preferences, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.

Information collected from third parties

• Data brokers: We may receive commercially available data such as name, mailing address, email address, job title, and other business contact details.
• Advertising providers: Our third-party providers may use technologies such as cookies to gather information about your activities on this site and other sites to provide you with advertising based upon your browsing activities and interests if you have accepted the use of such cookies when first accesing our site.  You can change your cookies settings at the individual browser level by updating your cookie preferences, but if you choose to disable cookies, it may limit your use of certain features or functions on our website or service.
• Analytics providers: We may receive non-personal data, such as aggregated or de-identified demographic/profile data, from third-party sources including selected partners and companies that specialize in providing enterprise data, analytics, and software as a service.

Data submitted through the Anaplan platform

While using Anaplan product and services, customers may load various types of data to our platform. Platform data is governed by the contractual agreements between Anaplan and customers. Anaplan will not disclose or distribute any such platform data except as provided in the contractual agreement between Anaplan and the customer or as may be required by law.

We use and process your data for the following business purposes:

• Provisioning and operating: We use your data to operate our websites and provision our products and services. The use of information collected through the platform is limited to the purpose of providing the service for which a customer engaged Anaplan.
• Marketing and advertising: We use your data to inform you about current and new products and services.
• Billing and payments: We use your data to invoice and process payments.
• General communication: We may use your data to respond appropriately to your comments, questions, requests, and inquiries.
• Product service communication: We may use your data to communicate with you directly for upcoming product releases, service updates, or if we detect suspicious activity on your account.
• Product support and improvement: We use your data to address or prevent service or technical problems and to respond to support issues. We may also use your data to improve the performance of our products, services, and support channels.
• Security: We use your data to provide online security for our websites, products, and services. We may also maintain additional security measures, such as CCTV, to safeguard our physical locations.
• Research and development: We use your data to innovate new and existing product features using research and development tools and incorporating data analysis activities.
• Mergers and acquisitions: If we take steps to enter into a reorganization, restructuring, merger, acquisition, or transfer of assets (“Business Transfer”), we may also use your personal information as reasonably necessary to give effect to that Business Transfer.
• Job applications: We may use your data to manage your job application process.
• Administering online education: We may use your data to manage your Anaplan online education account, to administer online courses, tests, and to issue certifications.
• Events and webinars: We may use your data to facilitate conferences, webinars, and other events.
• Compliance with law: Where required, we may use your data to comply with applicable laws, regulations, court orders, government, and law enforcement requests, to investigate security and privacy incidents, and to solve any customer disputes.
• Legal basis for processing: Under the General Data Protection Regulation (GDPR), we process your personal data on several different legal basis, as follows:
  • Based on necessity to perform contracts with you: When you access, use, or register for services, you form a contract with us based on the applicable terms of use or terms of service. We need to process your personal data to discharge our obligations in any such contract, fulfill your requests and orders, answer questions and requests from you, and provide tailored customer support.
  • Based on compliance with legal obligations: We may need to process your personal data to comply with relevant laws or regulatory requirements, and to respond to lawful requests, court orders, and legal processes.
  • Based on our legitimate interests: We process your personal data to send you invitations to relevant Anaplan products, services, and newsletters (unless you have opted out), understand which offerings may be relevant to you, and to improve our products, solutions, and business practices.
  • Based on your consent: In certain situations, we process your data based on your consent. When applicable, we will ask for your consent before we process your information. You have a right to withdraw your consent at any time.
• We may also use your personal information as instructed by you for other purposes, which we would describe to you when we collect the information.

• Anaplan entities: We may transfer your personal data to other Anaplan entities in the United States and internationally for the purposes outlined in this Statement.
• Service providers: We may disclose your information to affiliated and unaffiliated service providers such as our hosting, billing, collaboration, email service, analytics, advertising, customer service, event, or campaign management providers to help us with the activities described in this Statement. These companies are authorized to use your personal information only as necessary to provide these services to us or on our behalf.
• Trusted partners: We may partner with other companies that offer products or services related to ours or that host or sponsor-related events. We may disclose your information to these business partners if you express interest in such products, services, or events. If you provide your personal information to event sponsors at their booths or presentations, you should review their privacy policies to learn how they use personal information.
• Business transfers: If Anaplan is involved in a business transfer, you will be notified of any change in ownership or new uses of your personal information, as well as any choices you may have regarding your personal information.
• Compliance with law: We may also disclose your personal information as required by law or respond to valid legal requests.

Anaplan will not use or disclose your personal information in ways unrelated to those described above without first notifying you and offering you a choice as to whether we may use your personal information in a different manner.

In accordance with applicable laws, personal information covered by this Statement may be transferred to and processed outside of the country in which you are resident to Anaplan or its affiliates, subsidiaries, or service providers, including to the United States, Australia, Singapore, and other countries as we deem appropriate from time to time. These countries may not have equivalent privacy and data protection laws (and, in some cases, may not be as protective). We will protect your personal data in accordance with this Statement wherever it is processed. By submitting your personal information to Anaplan, you consent to such transfers and to the worldwide processing of your personal information.

Certain recipients (our service providers and/or Anaplan group companies) who process your personal data on our behalf may also transfer personal data outside the country in which you are resident. Where such transfers occur, we will put in place a transfer agreement to protect your personal data.

EU-U.S. transfer of personal data
When we transfer personal data out of the European Economic Area (“EEA”), Switzerland, and the UK to countries that do not benefit from an adequacy decision, as determined by the European Commission, we will rely on Standard Contractual Clauses approved by the European Commission and other contractual measures to ensure that adequate safeguards are in place with respect to the data. Additionally, Anaplan will rely on the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) for transfers of personal data from the EEA, UK, and Switzerland.

Data Privacy Framework

Anaplan Inc. (“Anaplan-U.S.”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Anaplan-U.S. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regards to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.  Anaplan-U.S. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regards to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this Privacy Statement and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (“DPF”) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

Anaplan-U.S. is responsible for the processing of personal data it receives, under the DPF, and subsequently transfers to a third party acting as an agent on its behalf. Anaplan-U.S. complies with the DPF Principles for all onward transfers of personal data from the EEA, UK, and Switzerland, including the onward transfer liability provisions. 

Anaplan-U.S. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Anaplan-U.S. may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.   

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Anaplan-U.S. commits to refer unresolved complaints concerning its handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF to our U.S.-based third-party dispute resolution provider (free of charge). If you have an unresolved DPF-related privacy or data concern that we have not addressed satisfactorily, please contact our U.S.- based third-party dispute resolution provider.
For complaints regarding DPF compliance not resolved by any of the other DPF mechanisms, you have the possibility, under certain conditions, to invoke binding arbitration. Further information can be found on the official DPF website.

APEC Cross Border Privacy Rules System   

Anaplan’s global privacy practices, described in this Privacy Statement, comply with the Asia Pacific Economic Cooperation (“APEC”) Cross Border Privacy Rules system (“CBPRs”). The APEC CBPR system provides a framework for organizations to ensure protection of personal information transferred among participating APEC economies. More information about the APEC framework can be found on the CBPRs site.

If you have an unresolved privacy or data concern related to Anaplan’s APEC Certification that we have not addressed satisfactorily, please contact our U.S.- based third-party dispute resolution provider (free of charge).

We retain your personal data as required or permitted by law and while the data continues to have a legitimate business purpose.

We have taken steps intended to maintain the security of your data and follow generally accepted standards to protect the personal information submitted to us, both during transmission and once we receive it. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, we cannot guarantee its absolute security. You should understand that the open nature of the internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. If you have any questions about security or any reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us at security@anaplan.com.

Platform data retention and security

Anaplan retains platform data according to the timeframes set forth in the relevant agreements with its customers and in compliance with applicable law. We will retain your information for as long as your account is active or as needed to provide you with services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Anaplan maintains a comprehensive written information security program that contains administrative, technical, and physical safeguards designed to prevent unauthorized access to customer data.

Our websites include links to other third-party sites for your convenience and information. If you access those links, you will leave the Anaplan websites and if you submit personal information to any of those third-party sites, your information is governed by their privacy policy, which may differ from Anaplan’s. Anaplan does not endorse or make any representations about third-party websites. We encourage you to carefully read the privacy policy of any website you visit.

Our websites include social media features, such as the Facebook Like button and widgets, the “Share this” button, or interactive mini-programs that run on our site. These features may collect your IP address and which page you are visiting on our site and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or are hosted directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the feature.

Testimonials

We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, please contact us at legal@anaplan.com 

Blog/forum

Our website offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. Anaplan is not responsible for any information you choose to submit in these forums. Please request the removal of your personal information from our blog or community forum by submitting an Individual Rights Management request. In some cases, we may not be able to remove your personal information, in which case, we will let you know if we are unable to do so and why.

Community sites

When you get access to the Anaplan Platform, you may also have access to community sites that allow you to subscribe using your email address and to post information under your user name. As a user, you can request deletion of your community profile by sending an email to support@anaplan.com.

We give you the option to receive a variety of marketing communications that may include product or services information, events and conferences, blog updates, premium content, training information, or invitations to participate in user research. Subscription communications include email newsletters, software updates, etc. that may be expressly requested by you or which you consented to receive. You can manage your communication preferences at any time. If you don’t want to receive a particular type of marketing material from us, click the “unsubscribe” link in the corresponding emails, or update your preferences in our Preference Center.

Anaplan provides you with choices about the setting of cookies and other automatic data collection tools. You can learn more about our use of these tools and how to opt-out by visiting your cookie preferences, or, if located in the European Union, click here.

Our websites, products and services are not intended for use by anyone under the age of 16. Anaplan does not knowingly collect personal information from anyone under the age of 16. If you are under 16, you may not attempt to register for our events and services or send any information about yourself to us, including your name, address, telephone number, or email address. If we become aware that we have collected personal information from someone under the age of 16 without verification of parental consent, we will delete that information promptly. If you are a parent or legal guardian of a child under 16 and believe that a child has provided us with their personal information, please contact us at the email or mailing address provided at the end of this Statement.

Depending on your location and subject to applicable laws, you may have certain data protection rights. You may exercise your rights of access and request corrections, suppression, objection, and deletion under applicable data protection laws in accordance with the process outlined below.

Subject to limited exceptions under applicable law, if you are a natural persons residing in Virginia, Colorado, Connecticut or Utah acting only in an individual or household context (not for commercial or employment purposes), you may have the right to (i) request to access or obtain a copy of personal information we hold about you, (ii) request that we correct inaccurate personal information, and (iii) request that we delete certain personal data we have collected from you, subject to certain exceptions under the law. We may deny certain requests, or fulfill a request only in part, based on our legal rights and obligations. We will not discriminate against you if you exercise any of these rights under applicable laws.

To exercise your rights, please submit a Individual Rights Management request or call +1 (833) 312-0166. For your protection, we may only process requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before processing your request. We will respond to your requests within the timelines prescribed by applicable law.

California residents

If you are a California resident, you can find information about how we use your personal data and about your privacy rights in the California Privacy Notice section of this Statement.

Platform Users' Rights

Subject to limited exceptions under applicable law, Anaplan acknowledges that you may have the right to access, update, correct, and delete your personal information.

Please be advised that if we act as data processor/service provider to process personal information, we do so on behalf of our customers under the terms of a service agreement or similar agreement, and the information you have requested therefore is under the control of that customer. Accordingly, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data, should direct his or her question to the applicable customer. If the customer requests Anaplan to remove the personal data to comply with data protection regulations, Anaplan will assist the customer with such removal in accordance with customer’s instructions and subject to Anaplan’s ability to access the data as needed to respond to the request.

This Notice supplements information contained in Anaplan’s Privacy Statement and is applied solely to residents of the State of California (“consumers” or “you”). Anaplan adopts this Notice and Statement to comply with the California Consumer Privacy Act of 2018 and its regulations (CCPA). Any terms defined in the CCPA have the same meaning when used in this Notice and Statement. This Notice and Statement does not reflect our collection, use, or disclosure of California residents’ personal information where an exception under the CCPA applies.

Collection of personal information

Please see the “What personal information we collect and how we collect it” section earlier in this Statement to understand the sources from which we get personal information.

We listed below categories of personal information we collect about California residents and that we have collected in the preceding 12 months. These categories correspond with the following categories listed in the CCPA’s definition of personal information:

• Identifiers: First and last name, address/billing address, telephone number, email address, user name, and IP address.
• Personal information categories listed in the California Customer Records Act (Cal. Civ. Code § 1798.80(e)): First and last name, date of birth, address, telephone number, bank account number, and other financial information.
• Characteristics of protected classifications under California or federal law: Age, gender, diversity, and inclusion information.
• Audio, electronic, visual, thermal, olfactory, or similar information: Video and voice recordings.
• Internet or network information: Browser type, internet service provider (ISP), referring/exit pages, the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data, the approximate physical location associated with your IP address.
• Professional or employment information: Your job title and organizational affiliation, professional certification details, and employment history.

Sharing of personal information

Please see the “To whom do we disclose personal information” section earlier in this Statement to understand how we may disclose your personal information.

We only collect sensitive personal information, as the CCPA defines this term, if you voluntarily disclose it to us. Please see “Howe we use your personal information” above for information about the purposes for which we use your personal information. We do not “sell” or “share” (as the CCPA defines these terms) personal information about you. We obtain your consent and direction before disclosing personal information to our advertising partners.
 

Additional subject rights:

If you are a California resident, you have the following rights:

• Right to Know: You may request access to personal information we have collected about you, including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom we disclose personal information, and the specific pieces of personal information we have collected about you. You may only exercise your right to know twice within a 12-month period.
• Right to delete: You may request deletion of personal information we have collected from you, subject to certain exceptions.
• Right to Opt-out of the “sale” or “sharing” of your personal information. We did not sell or share your personal information in the preceding 12 months, including for cross-context behavioral advertising.
• Right to limit the use and disclosure of sensitive personal information. We do not use or disclose sensitive personal information for purposes other than those specified in Cal. Civil Code 1798.121(a)To exercise your California privacy rights, submit a request using one of the methods described below, and provide the information required.
  
• Non-Discrimination: You may not be discriminated against because you exercise any of your rights under the CCPA, in violation of California Civil Code § 1798.125. including an employee's, applicant's, or independent contractor's right not to be retaliated against for the exercise of their CCPA rights.

To exercise your California privacy rights, submit a request using one of the methods described below, and provide the information required.

To exercise any privacy rights, please submit a Individual Rights Management request or by calling +1 (833) 312-0166. For your protection, we may only process requests with respect to the personal information associated with the email address that you use to send us your request, and we may need to verify your identity before processing your request. We will respond to your requests within the timelines prescribed by applicable law.

When a business sells your personal information, you have a right to opt out of such a sale. Anaplan does not sell, and in the preceding 12 months did not sell, California residents’ personal information. Anaplan does not have actual knowledge that it sells the personal information of minors under 16 years of age.
 

Verification

Only you, or someone legally authorized to act on your behalf, may make a request related to your personal information. You may designate an authorized agent by taking the steps outlined under "Authorized Agent" further below. In your request or in response to us seeking additional information, you, or your authorized agent, must provide sufficient information to allow us to reasonably verify that you are, in fact, the person whose personal information was collected which will depend on your prior interactions with us and the sensitivity of the personal information being requested. We may ask you for information to verify your identity and, if you do not provide enough information for us to reasonably verify your identity, we will not be able to fulfil your request. We will only use the personal information you provide to us in a request for the purposes of verifying your identity and to fulfill your request.
 

Authorized Agent

You can designate an authorized agent to make a request under the CCPA on your behalf if:

• The authorized agent is a natural person, or a business entity registered with the Secretary of State of California and the agent provides proof that you gave the agent signed permission to submit the request.
• You directly confirm with Anaplan that you provided the authorized agent with permission to submit the request.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please ensure that the authorized agent sends an email to privacy@anaplan.com with the subject line “California request to delete” and including the attachment of both the user in question and the Authorized agent’s ID with a notarized letter verifying the relationship (e.g., parent or guardian), and including detailed information about the requested data to be deleted.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4121 to 4130, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

California Shine the Light

Residents of the State of California, under California Civil Code § 1798.83, have the right to request a list of all third parties to which the company has disclosed personal information during the preceding year for direct marketing purposes from companies conducting business in California. Alternatively, the law provides that if the company has a privacy policy that gives either an opt-out or opt-in choice for use of your personal information by third parties (such as advertisers) for marketing purposes, the company may instead provide you with information about how to exercise your disclosure choice options.

This comprehensive Statement from Anaplan provides you with details about how you may either opt-out or opt-in to the use of your personal information by third parties for direct marketing purposes.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please feel free to contact our U.S.-based third party dispute resolution provider (free of charge).

Alternatively, you can contact the data protection supervisory authority in your jurisdiction for assistance. Contact details for data protection authorities in the EEA and the UK are available here, and for Swiss Federal Data Protection and Information Commissioner (FDPIC) here.

We may update this Statement from time to time in response to changing legal, technical, or business developments. When we update it, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We encourage you to periodically review this page for the latest information on our privacy practices.