PlanPlus Global Inc. (referred to as “PlanPlus”, “we”, “us” or “our”), is a company registered in Ontario Canada with registered office at 55 Mary St., Suite 200, Lindsay, Ontario K9V 5Z6. PlanPlus Global Inc. owns several subsidiaries, including FinaMetrica Pty Ltd. (Australia). PlanPlus is the company responsible for the processing of your Personal Data.
If you are an advisory client and your advisor has registered you to use the Client Portal, your use of the Website and any material contained therein is also governed by our Client Terms and Conditions of Use.
THE SCOPE AND NATURE OF THE SERVICE THAT PLANPLUS PROVIDES
PlanPlus Global Inc. designs software for use by financial services providers’ (the “Subscriber”) financial planners, wealth managers, brokers or other financial advisors (“Advisor”) to support the Advisor in exercising their professional judgement in providing financial guidance or advice to the Advisor’s clients (the “Clients”). PlanPlus’s software is available to Subscribers as an annual subscription service (paid monthly or annually) as presented and offered from-time-to-time at www.planplusglobal.com, which includes but is not limited to the SuitabilityPro: FinaMetrica Profiler (“Profiler”), SuitabilityPro: ProTracker and SuitabilityPro: ProPlanner, which may include a collaborative website portal from which Advisors can interact with their Clients (“Client Portal”), collectively referred to as the “SuitabilityPro Modules”. The SuitabilityPro Modules are delivered from the websites www.suitabilitypro.com, www.suitabilitypro.com/miplanplus/ and www.planplusglobal.com (“Websites”). Collectively, the SuitabilityPro Modules, the Client Portal, the Websites, and other services or products offered by PlanPlus on the Websites or elsewhere shall be referred to hereafter as the “PlanPlus Global Software”.
Depending on the context of the relationship above, we may process Personal Data as a processor, controller or joint controller for the purposes of providing our services.
INFORMATION WE COLLECT FROM YOU
We may collect and process the following information about you:
- Information you give us
You may give us information about you by filling in forms on our Website, by corresponding with us by phone, e-mail, LiveChat or otherwise. This includes information you provide when you register to use our Website, our services and when you report a problem with our Website and/or services.
- Information we receive from other sources
SUBMITTING PERSONAL DATA TO US ABOUT THIRD-PARTIES
If you provide us with information about another person, then you must:
- have a lawful basis to do so; or
- have their consent:
- that you are disclosing their Personal Data to us, and
LEGAL BASES FOR PROCESSING (FOR EEA USERS)
If you are an individual in the European Economic Area (EEA), we collect and process information about you only where we have legal bases for doing so under the EU General Data Protection Regulation (GDPR). The legal bases depend on the services you use and how you use them. This means we collect and use your information only where:
- we need it to provide you the services, including to operate the services, provide customer support and personalized features and to protect the safety and security of the services;
- it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development and to protect our legal rights and interests;
- you give us consent to do so for a specific purpose; or
- we need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect the lawfulness of the processing of your Personal Data that has already taken place. Where we are using your information because we or a third party (e.g. your financial advisor) have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the services.
Where we rely on contract, we will ask that you agree to the processing of Personal Data that is necessary for entering into or performance of your contract.
PLANPLUS’S DATA SECURITY COMMITMENT TO YOU
We will take all reasonable and appropriate security measures to protect your Personal Data from misuse, interference and loss, unauthorised access, modification or disclosure, unauthorised or unlawful processing and against accidental loss or destruction, or damage.
PlanPlus has implemented appropriate technical and organisational measures to protect your Personal Data consistent with standard industry practice. Such measures take into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, including where appropriate, the following measures:
- access right controls to systems;
- the pseudonymisation and encryption of Personal Data;
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
Unfortunately, the transmission of data via the internet, whether wired or wireless, is not completely secure. Although we will do our best to protect your Personal Data, internet data transmissions, cannot be guaranteed to be 100% secure, and as a result, we cannot ensure the security of data you transmit to us; accordingly, you acknowledge that you do so at your own risk. We recommend that you take the appropriate steps to secure all computing devices that you use in connection with our Website, software, system and services. Once we have received your information, we will take reasonable steps and security features to prevent unauthorized access.
We will treat all Personal Data as confidential and we will inform all our employees, representatives and/or approved processors and sub-processors engaged in processing the Personal Data of the confidential nature of the Personal Data. We will ensure that all such persons or parties have signed an appropriate confidentiality agreement, are otherwise bound to a duty of confidentiality, or are under an appropriate statutory obligation of confidentiality.
PART 1: Privacy Statement for those registered to use the Client Portal.
Please see below for the Privacy Statement for those registered to use the Client Portal or complete the Test.
PART 2: Privacy Statement for Subscribers using the PlanPlus Global Software.
Please see below for the Privacy Statement for Subscribers using The PlanPlus Global Software.
DATA SUBJECT RIGHTS AND HOW TO EXERCISE THEM
If you are an individual in the EEA, you have certain rights in respect to your Personal Data. Where we decide how and why Personal Data is processed, we are a data controller and we include further information about the rights that individuals have and how to exercise them below. These rights include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you wish to exercise any of these rights, please send an email to firstname.lastname@example.org. We will aim to respond to any requests for information promptly, and in any event within one month of the request.
WITHDRAWAL OF CONSENT
Where we process Personal Data based on consent, individuals have a right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before your withdrawal. To withdraw consent to our processing of your Personal Data please email us at email@example.com, or, to stop receiving an email from us e.g. marketing list, please click on the unsubscribe link in the relevant email received from us.
WHEN AND HOW WE SHARE PERSONAL DATA AND LOCATIONS OF PROCESSING
We will only share Personal Data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards. To facilitate our global operations, we may process, transfer, store and access Personal Data from around the world, including Canada, the United States, the United Kingdom and Australia.
Service Providers/Processors: We work with third-party service providers/processors to provide website and application development, hosting, maintenance, backup, storage, virtual infrastructure, payment processing, analysis and other services for us, which may require them to access or use information about you. If a third-party service provider/processor needs to access information about you to perform services on our behalf, they do so under close instruction from us, including policies and procedures designed to protect your information.
Personal Data will be transferred outside the countries where we and our customers are located. This includes countries outside the EEA, Canada and Australia. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for Personal Data, we have taken steps to ensure all Personal Data is provided with adequate protection and that all transfers of Personal Data outside the EEA, Canada and Australia are done lawfully.
You acknowledge and agree that, in connection with the performance of our services, Personal Data will be transferred to our relevant third party service provider/ processor to perform services on our behalf listed at www.planplusglobal.com/gdpr/serviceprovider for the purposes and at the location stipulated. Our providers Google LLC, Amazon Web Services Inc., HubSpot Inc., LiveChat Inc., Atlassian Pty Ltd based in the United States have been certified to the EU-U.S. Privacy Shield Frameworks as administered by the U.S. Department of Commerce, in order to implement appropriate safeguards for such transfers pursuant to Article 46 of the GDPR.
Our Subscription Service including our Website is hosted by Amazon Web Services in Canada given PlanPlus provides its services from Canada. The information provided by you or about you by a third party such as your financial advisor will be processed and stored on AWS’ secure server(s) located in Canada.
If you are from a country outside Canada, the various electronic communications will necessarily result in the transfer of information across national boundaries. We rely on Article 49(1)(b) for the transfer of Personal Data outside of the EEA to Canada. If you are based in the EEA, the transfer is necessary for the performance of a contract between you and PlanPlus, the performance of a contract between you and your financial adviser to have access to the Client Portal or Test or the implementation of pre-contractual measures taken at your request.
Personal data held by us may also be shared and transferred to:
Our Partners: We work with third parties including our Regional Partners in the UK, Germany, India and South Africa and who provide consulting, sales, and technical services to deliver and implement customer solutions around the services in their specified country or territory. We will share your information with these third parties in connection with their services, such as to assist with billing and collections, to provide localized support, and to provide customizations. We may also share information with other third parties including our Alliance Partners that you have selected to receive an associated subscription discount.
With your consent: We share information about you with third parties when you give us consent to do so. For example, we often display personal testimonials of satisfied customers on our public websites. With your consent, we may post your name alongside the testimonial.
COMPLIANCE WITH LAW AND SIMILAR OBLIGATIONS
In exceptional circumstances, we may also disclose your Personal Data as is necessary to: (a) respond to or comply with a subpoena or court order; (b) co-operate with law enforcement or other government agency; (c) establish or exercise our legal rights; (d) defend against legal claims; or (e) as otherwise required by law or permitted by law.
PlanPlus requires cookies to be activated in order for the Website to function efficiently. A cookie contains information that enables our servers (i.e. the computers that house this Website) to identify and interact efficiently with your device. The Website uses session cookies which exist only for the browser session and are deleted automatically once you close your browser.
You can configure your browser to either accept all cookies, reject all cookies or to notify you when a cookie is being sent to your device. The Help function on your browser will provide you with details on how to change your browser configurations. You will need to accept cookies in order to use some functionality on this Website.
BROWSING THE WEBSITE
When you visit and access the Website, we collect general information that enables us to continually evaluate and improve the performance of the Website. This general information includes:
- Device and connection information such as browser type and version, operating system and platform;
- The name and Internet Protocol (IP) address of the device accessing the Website;
- The number of users visiting the Website and the number of pages viewed;
- The date, time and duration of visits; and
- The path taken through the Website.
By using the above general information, PlanPlus can identify errors on the Website, such as defective hyperlinks or program defects, and thus continually improve the quality of the Website. By using the Website, you hereby consent to PlanPlus collecting and processing such information. PlanPlus reserves the right to review the IP address of a user where PlanPlus has reasonable cause to believe that the user is using the Website in breach of contractual agreements or the applicable legislation.
HOW LONG WE KEEP INFORMATION
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Subscription information: We retain your subscription information for as long as your account is active and a reasonable period thereafter in case you decide to re-activate the Subscription Service. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services. Where we retain information for service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our services, not to specifically analyze personal characteristics about you.
Information you share on the Client Portal: You may provide information for your Advisor on our Websites, including answers to questionnaires, financial data, etc. We retain the information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services. Where we retain information for service improvement and development, we only use the information to uncover collective insights about the use of our services, not to specifically analyze personal characteristics about you.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences for a reasonable period of time from the date you last expressed interest in our services. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
We hope that you won’t ever need to, but if you do want to complain about our use of Personal Data, please send an email with the details of your complaint to firstname.lastname@example.org. We will look into and respond to any complaints we receive within 10 business days from receipt.
If you are based in the EU you also have the right to lodge a complaint with the relevant local supervisory authority for data protection.
HOW TO CONTACT US
Phone: +1 705 324 8001
Post: PlanPlus Global Inc., Attn. Privacy Office, 55 Mary St., Suite 200, Lindsay, Ontario K9V 5Z6, CANADA.
PRIVACY STATEMENT FOR THOSE REGISTERED TO USE THE CLIENT PORTAL
WHAT PERSONAL INFORMATION DOES PLANPLUS COLLECT?
We collect and process the following information about you:
- Your name (which may be generic or fictitious) and, if you are registered to use the Client Portal, your email (which may be generic or fictitious) and, if you access the Website, your IP addresses;
- Your answers to questionnaires presented in the Client Portal as well as any financial data you may wish to share with your Advisor through the Client Portal;
- In some situations, you may have the option to enter optional demographic and research information for research purposes to understand the pattern of risk in the community.
WHEN IS THAT INFORMATION COLLECTED?
We collect the information in paragraphs (a), (b), and (c) (“Your Information”) from your financial advisor, from associated websites, or other third party who registered you to have access to the Client Portal (“Your Financial Advisor”) or through your use of the Website. You will have consented to Your Information being shared with us, where information is provided via a third party.
HOW IS YOUR INFORMATION USED AND PROCESSED?
Your email address is used to send an email to you notifying you of your username and password. Your name is used for the purpose of identifying you in the database at the Website – for example, if you lost your PlanPlus username and password, we would use your name to search for and retrieve them. Your name may be a generic or fictitious name.
Your IP address is used to assist us to establish where the Test was completed in the event of a legal dispute.
The answers to the risk profile questionnaire are used by PlanPlus for the primary purpose of producing your risk tolerance and suitability report, including information for your personal use in the management of your financial affairs or for use by Your Financial Advisor in advising you with regard to your financial affairs or for use by the third party through whom you were registered to do use the Client Portal.
Your information is necessary for the performance of a contract between you and PlanPlus, the performance of a contract between you and Your Financial Advisor in advising you with regard to your financial affairs, the performance of a contract between you and a third party through whom you were registered to use the Client Portal or the implementation of pre-contractual measures taken at your request.
PlanPlus will use a copy of the risk profile, financial data and optional demographic and research information (“Research Information”) you supply with all your personal identifiers removed for secondary purposes of researching risk tolerance and risk-taking behaviour and to further develop the Test.
ALL INFORMATION THAT COULD IDENTIFY YOU WILL BE REMOVED FROM THIS RESEARCH INFORMATION
The anonymous Research Information will be combined with similar information from other people who have completed a risk profile into an existing separate aggregated, anonymous database which may be supplied to third parties.
PROCESSING AND TRANSFER OF YOUR INFORMATION TO CANADA
Our Subscription Service including our Client Portal is hosted by our provider located in Montreal, Canada given PlanPlus provides its services from Canada. The information provided by you or about you by a third party such as Your Financial Advisor will be processed and stored on our secure Amazon Web Services server(s) located in Canada.
If you are from a country outside Canada, the various electronic communications will necessarily result in the transfer of information across national boundaries.
The GDPR sets out in detail the factors the EU Commission is to consider when deciding whether a third country or international organization ensures an adequate level of protection (Article 45). The European Commission has recognized Canada, through Canada’s Personal Information and Electronic Documents Act, as providing adequate protection, therefore we rely on this Article for the transfer of Personal Data outside of the EEA to Canada. If you are based in the EEA, the transfer is necessary for the performance of a contract between you and PlanPlus, the performance of a contract between you and Your Financial Advisor in advising you with regard to your financial affairs, the performance of a contract between you and a third party through whom you were registered to use the Client Portal or the implementation of pre-contractual measures taken at your request.
DISCLOSURE OF YOUR INFORMATION OUTSIDE OF CANADA
Your Financial Advisor may be located outside of Canada and/or may retrieve or download Your Information or may initiate an automatic transfer of Your Information on a regular basis to a computer or server located outside of Canada. Your Financial Advisor may not be a Canadian entity or may not be regulated by the Canadian Personal Information and Electronic Documents Act and the Canadian Privacy Principles (CPPs).
By using or participating in our services and/or providing us with Your Information, you consent to the disclosure of Your Information to Your Financial Advisor, on the basis that if Your Financial Advisor engages in any act or practice that contravenes the CPPs it may not be accountable under the Canadian Personal Information and Electronic Documents Act and you may not be able to seek redress under the Act.
PRIVACY STATEMENT FOR SUBSCRIBERS USING THE PLANPLUS GLOBAL SOFTWARE
WHAT INFORMATION DOES PLANPLUS HOLD?
If you have been registered to use the Website so as to be able to register other persons to use the Client Portal, our records hold the information mentioned in PART 1: Privacy Statement for those registered to use the Client Portal for each of the persons that you register, and for you:
- Personal information about you as required to effect the relationship you have with us. This information may include your name, current and previous addresses, telephone/mobile numbers, current and previous email addresses, and your organisation details.
- Your IP address used to connect your device to the Internet when you access the Website and/or the Client Portal.
- Communication history with you. This information may include file notes, emails, support request through our ticketing system JIRA, LiveChat Support and the outcomes of telephone calls.
- Usage and other information as required to effect a commercial relationship.
WHEN DO WE COLLECT THIS INFORMATION ABOUT YOU?
PlanPlus collects this information:
- Directly from you, including when you provide information by phone, e-mail, support request through our ticketing system JIRA, LiveChat Support or fax;
- From our own records of your use of the Website and the Client Portal;
- From publicly available sources of information (we do not collect personal data on EU data subjects from public sources); and
- From an associated website or other third party that registered your access to the Website.
HOW MAY THIS INFORMATION BE USED?
This information is used to:
- Provide the services you require;
- Administer and manage your account and services, including your billing and subscription;
- Inform you of information relating to your use of the Website and the Client Portal, including our e-newsletter; and
- Research and develop the Website, the Client Portal and supporting services.
Your IP address is used to assist us to establish where the risk profile was completed in the event of a legal dispute.
This information will also be used to send you the communications identified below.
PLANPLUS’S MAILING LIST
Our mailing list contains your name, email address, country, phone and organisation.
Our mailing list is used to send out our news bulletin (news about risk, financial planning, risk profiling and suitability). From time to time you may receive special offers/promotions from third parties where we have your consent to send these to you. You may unsubscribe from our mailing list at any time.
TO UNSUBSCRIBE FROM OUR COMMUNICATIONS
You may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our emails; if you receive the news bulletin, you can opt out by changing the email preferences link found at the footer of the new bulletin; or by sending us an email at email@example.com. Customers cannot opt out of receiving transactional emails related to their account with us or the Subscription Service.
EU PROCESSOR OBLIGATIONS
Depending on the context of the relationship, we may process Personal Data as a processor, controller or joint controller for the purposes of providing our services.
If you are from the EEA and you are trialling, supplying or commercially using the PlanPlus Global Software so as to be able to register other persons to complete use the Client Portal, we:
- will process the Personal Data only in accordance with instructions within the scope of our Subscription Service from you. If we believe that an instruction from you infringes applicable data protection law, we shall inform you without delay. If we cannot process Personal Data in accordance with the instructions due to a legal requirement, we will (i) promptly notify you of that legal requirement before the relevant processing to the extent permitted by applicable data protection law; and (ii) cease all processing (other than merely storing and maintaining the security of the affected Personal Data) until such time as you issue new instructions with which we are able to comply. If this provision is invoked, we will not be liable to you for any failure to perform the applicable services until such time as you issue new instructions in regard to the processing.
- will assist you reasonably, taking into account the nature of the processing:
- by appropriate technical and organisational measures and where possible, in fulfilling your obligations to respond to requests from data subjects exercising their rights;
- in ensuring compliance with the obligations pursuant to Articles 32 to 36 of the EU General Data Protection Regulation, taking into account the information available to us; and
- by making available to you all information reasonably requested by you for the purpose of demonstrating that your obligations relating to the appointment of processors as set out in Article 28 of the EU General Data Protection Regulation have been met;
- shall be entitled to engage third-party service providers/ sub-processors to fulfil our obligations with your written consent. For these purposes, your consent to our appointment of the third-party service providers/ sub-processors listed at www.planplusglobal.com/gdpr/serviceprovider for the purposes and at the location stipulated. For the avoidance of doubt, the above authorization constitutes your prior written consent to the sub-processing by our third-party service providers / sub-processors. We will notify you of any changes to the list of approved third party service providers / sub-processors, by email (to your most recently provided email address) and/or post any revisions to www.planplusglobal.com/gdpr/serviceprovider. We will provide you with the opportunity to object to the engagement of the new sub-processors within 7 calendar days after being notified. The objection must be based on reasonable grounds (e.g. if you prove that significant risks for the protection of your Personal Data exist at the sub-processor). If we are unable to resolve such objection, either party may terminate the Subscription Service by providing written notice to the other party;
- will enter into a contract with a sub-processor where we engage a sub-processor, imposing on the sub-processor, the same data protection obligations that apply to us. Where the sub-processor fails to fulfil its data protection obligations, we will remain liable to you for the performance of such sub-processor’s obligations;
- will upon expiration, termination of your Subscription Service, whereby no further processing is required, upon your written request, at our discretion, either delete, destroy or return Personal Data to you, unless we require the retention of such Personal Data to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations, and to continue to develop and improve our services;
- will notify you without undue delay after we become aware of any Personal Data breach affecting you or the persons that you registered to complete the Test. At your request, we will promptly provide you with all reasonable assistance necessary to enable you to notify relevant Personal Data breaches to the relevant authorities and/or affected data subjects, if you are required to do so under relevant data protection law; and
- will make available to you all information necessary to demonstrate compliance with our data processor’s obligations and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by the you.