Planaday Inc is the Controller (as defined under the EU GDPR, the entity that defines the “Purposes” and “Scope” of Personal Data Processing Activities to be carried out both by itself as by those subcontracted, the “Processors”) towards the Personal Data Processing Activities herein described in this Privacy Notice, the company headquarters is at 333 Bay St #2400, Toronto, ON M5H 2T6.
We are a global company. Our headquarters are in Canada with an affiliate company in the U.S. (Delaware). Keep you safe through ensuring the Security and Confidentiality nature of the Personal Data/ Personal Information pertaining to you that we Process is of the maximum importance to us. This Policy explains how we Process your data (collection; hosting; access to; processing and sharing), how we protect it and how we interact with you. There is some important information about your Personal Data and your rights in this Policy, so please take the time to read and understand it.
Children Under the Age of 16
Information We Collect About You and How We Collect It
Updating this Privacy Notice
From time to time, we may make changes to this Privacy Notice. The Privacy Notice is current as of the “last revised” date which appears at the top of this page.
The following topics will be covered in this Privacy Notice:
What laws do we comply with?
What is Personal Data/ Information?
How do we collect your Personal Information?
Your data is under your control
How do we your Personal Data
With whom do we share your Personal Data?
When and how do we obtain your consent?
How do we ensure the privacy of your Personal Data when dealing with our affiliates and Partners?
How long will we be Processing your Personal Data?
“Plan a Day” Data Protection Officer (DPO) contact information
Personal Data Security, Privacy, and Confidentiality Assurance
Are there any costs to you for exercising your Rights under the law?
How do we know that it is really you requesting your Personal Information?
What safeguards have we implemented to protect your Personal Information?
How do you contact us regarding access to your Personal Information or our privacy practices?
1. What laws do we comply with?
This Privacy Notice is provided to you in accordance with the following applicable Personal Data Protection laws:
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, also known as the General Data Protection Regulation (the GDPR).
Directive 2009/136/EC of the European Parliament and of the Council of 25 November 2009, also known as the ePrivacy Directive, Directive 2002/58/EC concerning the processing of Personal Data and the protection of privacy in the electronic communications sector and Regulation (EC) No 2006/2004 on cooperation between national authorities responsible for the enforcement of consumer protection laws.
Canada Personal Information Protection and Electronic Documents Act and the regulations thereunder (PIPEDA).
The California Consumer Privacy Act 2018 (CCPA) as amended by the California Consumer Privacy Rights Act (CPRA).
The Health Insurance Portability and Accountability Act (HIPAA) of 1996 is a United States federal law that sets national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
Other applicable national laws, if they are being enforced in the geography where you reside.
Information You Provide to Us
2. What is Personal Data/ Information?
“Personal Data” refers to any Data or Information that either on its own by being a unique identifier (e.g. “Social Security Number”) or where combined with other Data or Information (e.g. “name“ and “mobile phone number” ) enables the univocal identification of a specific natural person/ individual.
The Personal Data under Processing by us consists of:
credit card information
critical health condition
Information We Collect Through Automatic Data Collection Technologies
3. How do we collect your Personal Data/ Information?
We exclusively collect Personal Information Data directly from those natural persons to whom it pertains to, meaning you, the “Data Subject”; when you use our websites or our Kiosks and voluntarily submit such Data to us by registering and acquiring the Services we facilitate. Additionally, we may collect Personal Data pertaining to you from third parties, where we have obtained your Consent to do so or as otherwise required or permitted by law.
Last, we may collect Personal Data via Cookies about how and when you use our website. This information may include but, not be limited to:
your IP address and location data,
referring web addresses
other communication data
4. Your data is under your control
Every Data Subject maintains full control over their Personal Data as well as over the Personal Data processing activities undertaken by “Plan a Day” (as defined under applicable national Personal Data Protection legislation or the GDPR, whichever is stricter).
With regards to Cookies, you may deactivate any non-essential Cookies via the Cookie Management Tool which you can access on our website Pages.
How We Use Your Information
Any Cookie that, if not active, does not impair our website from working and our services being delivered to you are deemed non-essential Cookies as explained in the aforementioned tool.
5. How do weProcess your Personal Data?
We Process the Personal Data pertaining to you for the following purposes (the “Purposes”):
to manage your account with Plan a Day;
to allow you to visualize, choose and purchase the services enabled by our Partners via our website.
to respond to questions, comments or concerns regarding Plan a Day and its related services;
to provide you with information about promotions and events;
to provide our service partners with feedback and data analytics regarding their events and promotions;
to collect opinions and comments in regard to Plan a Day’s operations;
to investigate legal claims;
to administer any Plan a Day software applications;
such other uses as may be permitted or required by applicable law.
Disclosure of Your Information
6. With whom do we share your Personal Data?
We share Personal Data with:
our Partners whose services you have chosen, under your explicit Consent in enrolling into those services
3rd party entities that enable the effective payment of our services by you, under both our as your Legitimate Interest
Legal entities that require the sharing of some Personal Data (e.g in the case of invoices), under a Legal Obligation
Amazon Web Services which acts as the hosting provider for our websites and Service platform (a “Processor” as defined under the GDPR), solely for the purposes of hosting and making such services available over the Internet, under our as well as your Legitimate Interest.
We may transfer your Personal Information to third party service providers with whom we have a contractual agreement that includes appropriate privacy standards and mutual commitments, where such third parties are assisting us with the Purposes – such as service providers that provide telephone support, data storage or processing, or hosting of our Kiosks, under Legitimate Interest.
7. When and how do we obtain your consent?
We generally obtain your consent prior to collecting, and in any case, prior to using or sharing your Personal Data for any purpose. You may provide your consent to us either orally, electronically or in writing.
8. How do we ensure the privacy of your Personal Data when dealing with our affiliates and Partners?
We ensure that all 3rd parties that are engaged to perform services on our behalf or whose services we retail have signed a Data Processing Agreement or have committed at contractual level to observe by applicable Personal Data Protection legislation requirements.
Choices About How We Use and Disclose Your Information
Please note that
Those Partners whose services we retail, act as Independent Controllers, meaning although there is a contractual commitment towards observing by applicable Personal Data Protection legislation requirements, those entities act independently while Processing your Personal Data, hence it is of paramount importance that you check their Privacy Notices/ Privacy Policies and any other information made available by those entities with regards to their practices over your Personal Data.
9. How long will we be Processing your Personal Data?
We may keep a record of your Personal Information, correspondence or comments, in a file specific to you for the duration of the services and up to 6 months following the end of such services in case of a potential complaint. We will also maintain your Personal Data for as long as required by law.
Accessing and Correcting Your Information
10. “Plan a Day” Data Protection Officer (DPO) contact information
All questions or requests regarding the processing of the Personal Data under “Plan a Day” control may be addressed to our Data Protection Officer.
Your State Privacy Rights
Phone number: NUMBER
11. Personal Data Security, Privacy, and Confidentiality Assurance
“Plan a Day” IT landscape is configured and monitored under guidance provided by the strictest security market standards (e.g., ISO 27000 family, Soc2, ITIL, Privacy by Design) and we have reviewed and adopted changes to our operational processes in a manner that ensures compliance with the requirements posed under applicable Personal Data protection legislation. This is intended to ensure confidentiality and privacy under Personal Data processing activities performed by us and our partners.
Under applicable Personal Data Protection Legislation, you have the following rights in respect of your personal data:
[GDPR and PIPEDA] Right of access - The right to obtain from us confirmation as to whether your Personal Data are being processed, and, if so, to access such Personal Data as well as related information. You may exercise this right by reviewing information on the “Plan a Day” website user account area or by submitting a request to our Data Protection Officer.
[CCPA/CPRA] Right to know and access your personal information – California residents have the right to:
Know the categories of personal information we collect and the categories of sources from which we got the information;
Know the business or commercial purposes for which we collect and share personal information;
Know the categories of third parties and other entities with whom we share personal information; and
Access the specific pieces of personal information we have collected about you.
[GDPR and PIPEDA] Right to rectification - The right to obtain the rectification of inaccurate Personal Data. Participants may directly amend existing information on the “Plan a Day” website user account area or by submitting a request to our Data Protection Officer.
[GDPR and PIPEDA]Right to erasure - The right to have your Personal Data that is processed by “Plan a Day” erased and, therefore, to have processing stopped, unless a legal duty or have a legitimate ground to retain certain data prevents “Plan a Day” from observing such right, in which case the data subject shall be duly informed. This right may be exercised by submitting a request to our Data Protection Officer.
[CCPA/CPRA] Right to deletion – California residents may, in some circumstances, ask us to delete their Personal Data. We may refuse the exercise of such right if it prevents us from exercising legal defense, if we cannot do so because of a legal obligation or there is the risk that by doing so, we cannot fulfill any current contractual obligations.
[GDPR] The right to restrict processing - This is the right to request and impose processing restrictions (in scope and purpose) for your Personal Data. This right may be exercised by submitting a request to our Data Protection Officer.
[CCPA/CPRA] Right to opt out of sales – We do not sell your data, under any circumstances.
[GDPR and PIPEDA] Right to data portability - The right to receive your Personal Data in a structured, commonly-used and machine-readable format as well as the right to transmit them to another controller without obstacle. This right may be exercised by submitting a request to our Data Protection Officer
[GDPR] Right to be informed about a Personal Data Breach - You have the right, and it is our obligation to ensure it, to be informed of any unauthorized disclosure or potential disclosure of your Personal Data to unauthorized third parties within 72 hours of the occurrence of such disclosure or knowledge by “Plan a Day” of potential disclosure, as the case may be.
[GDPR and PIPEDA] Right to lodge a complaint with a supervisory authority - The right to lodge a complaint regarding “Plan a Day” processing activities in relation to Personal Data with any of the European Union Member States’ data protection Supervisory Authorities as well as your local Supervisory Authority if you are located outside of the European Union. You can find a list of the European Union Member States; data protection Supervisory Authorities here Our Members | European Data Protection Board (europa.eu).
[CCPA/CPRA] Right to be free from discrimination – You may exercise any of the above rights without fear of being discriminated against. For any of the above-mentioned CCPA related rights, you may designate an authorized agent to make a request on your behalf.
[CCPA/CPRA] Right to not have Personal Data shared or sold – You may exercise this right either by submitting a request by email to the Data Protection Officer or via the Form on our website.
You may exercise your rights under GDPR by contacting “Plan a Day” Data Protection Officer through the e-mail address email@example.com or, while logged in to the platform via the “Exercise of Rights” form.
13. Are there any costs to you for exercising your Rights under the law?
We will not charge any costs for you to exercise your Rights as determined by applicable Legislation.