1. Purpose and Scope
This Privacy Policy explains how Planally Sdn Bhd (“Planally”, “we”, “us”, or “our”) collects, uses, processes, and protects personal data in connection with:
- Planally-operated websites, including planally.com
- Planally-operated documentation, support, and authentication pages
- Business communications with customers, prospects, partners, and applicants
This Policy also explains how personal data is handled when Planally provides its software as a service to customers.
This Privacy Policy does not apply to personal data processed within customer-controlled deployments of the Planally platform, including deployments hosted in a customer’s own cloud or infrastructure environment. In those cases, the customer acts as the data controller, and Planally acts as a data processor, processing personal data solely on the customer’s documented instructions and subject to applicable contractual and data protection agreements.
This Policy is incorporated into and governed by Planally’s Terms of Service.
2. Roles and Responsibilities
Depending on the context, Planally acts in different roles under applicable data protection laws:
- As a data controller, Planally determines the purposes and means of processing personal data collected through its own websites, communications, marketing, recruitment, billing, and account administration activities.
- As a data processor, Planally processes personal data contained within the Planally platform on behalf of customers, where the platform is used to manage customer workflows and data. In this context, customers determine the purposes and means of processing, and Planally processes data only to provide and support the Services.
This distinction is fundamental to how personal data is handled and protected.
3. Types of Information We Collect
a. Personal Data
Personal data refers to information that can identify an individual directly or indirectly. Depending on context, this may include:
- Name, email address, phone number
- Company name, job title, department
- Account credentials and identifiers
- IP address and device identifiers
- Profile images or avatars (if provided)
- Business communications and correspondence
b. Technical and Usage Data
We may collect technical and usage information such as:
- Browser type, language, and settings
- Operating system and device type
- IP address, time zone, and approximate location
- Pages accessed, feature usage, session duration
- Error logs and performance metrics
Such information may constitute personal data under applicable laws, particularly when combined with other identifiers.
4. How We Collect Information
Planally collects information through:
- Direct interactions, such as account registration, contact forms, demo requests, support inquiries, and contractual engagement
- Use of Planally-operated websites and services
- System logs and diagnostic tools used to operate, secure, and support the Services
Planally does not engage in continuous monitoring or surveillance of customer environments. Access to customer data for support or troubleshooting purposes occurs only when necessary, is limited in scope, and is performed in accordance with contractual obligations and applicable law.
5. Legal Bases for Processing
Planally processes personal data only where permitted by applicable law, based on one or more of the following legal bases:
- Contractual necessity, where processing is required to provide the Services or perform contractual obligations
- Legitimate interests, such as improving service reliability, ensuring security, preventing fraud, and responding to customer requests, provided such interests are not overridden by individual rights
- Consent, where explicitly required by law
- Legal obligations, where processing is required to comply with applicable laws, regulations, or lawful requests
Planally does not rely on implied or blanket consent for processing personal data.
6. How We Use Personal Data
Personal data may be used for the following purposes:
- Providing, operating, and maintaining the Services
- Account administration, authentication, and billing
- Customer support, troubleshooting, and service communications
- Improving platform performance, reliability, and security
- Fulfilling legal, regulatory, and contractual obligations
Personal data is not used for advertising profiling or sold to third parties.
7. Sharing and Disclosure of Information
Planally may share personal data only in the following circumstances:
a. Service Providers
With trusted third-party service providers who perform services on our behalf, such as hosting, analytics, security, billing, payment processing, and professional services. These providers are contractually bound to process data only on Planally’s instructions and to apply appropriate security measures.
b. Legal and Regulatory Requirements
Where required to comply with applicable laws, regulations, court orders, or lawful requests from public authorities.
c. Corporate Transactions
In connection with a merger, acquisition, restructuring, or sale of assets, subject to appropriate confidentiality and data protection safeguards.
Planally does not share personal data with third parties for independent marketing or advertising purposes.
8. Data Security
Planally implements appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These measures include access controls, encryption, monitoring, and regular security reviews, aligned with industry-standard practices.
No system can guarantee absolute security, but Planally continuously works to maintain and improve its security posture.
9. Data Retention
Planally retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, contractual, accounting, and compliance obligations.
Retention periods may vary depending on data type, context, and applicable legal requirements. Once data is no longer required, it is securely deleted or anonymized in accordance with applicable laws.
10. International Data Transfers
Where personal data is transferred across borders, Planally ensures that appropriate safeguards are in place, consistent with applicable data protection laws, including contractual protections and recognized transfer mechanisms where required.
11. Your Rights
Subject to applicable law, individuals may have the right to:
- Access their personal data
- Request correction or update of inaccurate information
- Request deletion or restriction of processing
- Object to certain processing activities
- Withdraw consent where processing is based on consent
Requests may be subject to legal limitations and verification requirements. Planally will respond to valid requests within applicable legal timeframes.
12. Compliance with Data Protection Laws
Planally processes personal data in accordance with applicable data protection laws, including the Personal Data Protection Act 2010 (Malaysia), the General Data Protection Regulation (GDPR), and similar regulations where applicable.
13. Updates to This Policy
Planally may update this Privacy Policy from time to time to reflect changes in legal requirements, technology, or business practices. Updates will be published on this page with a revised effective date.
Continued use of Planally-operated websites or Services after the effective date constitutes acknowledgment of the updated Policy.
14. Contact Information
For questions, requests, or concerns regarding this Privacy Policy or personal data handling, please contact:
Email: support@planally.com
Attention: Data Protection Officer