Welcome to the PeakAvenue GmbH website. Data protection and protecting your personal rights are of great importance to us. On this page we would like to inform you about what data PeakAvenue processes and for what purposes. If you have any questions or suggestions about the privacy policy, please feel free to contact us.

1. Preface

Plato provides Software Solutions for engineering, risk and quality management purposes. The Software is offered as an on premises solution as well as Software as a Service Suite. When using the Software as a Service Suite, the Hosting Region is located in the European Union by default. The Plato NA Inc. acts as a subsidiary on behalf the Plato GmbH within the Peakavenue GmbH Group.

Data processed within the use of our products is explicitly based on the instructions of our customers. Within the provisioning of these purposes, Plato may access the data for maintenance, to resolve and address technical or service problems, to support customers within service requests, within other instructions of our customers who submitted the data and within the obligations based on contractual requirements.

2. Definitions

“Data Subject” means the individual to whom any given Personal Data covered by this Data Privacy Framework (DPF) Policy refers.

“Personal Data” means any information relating to an individual that can be used to identify that individual either on its own or in combination with other readily available data.

“PII Data” is a short term for Personal Identifiable Information or Personal Data.

“Processing of Personal Data” includes all processes, such as the collection, storage, transmission, archiving or deletion of personal data.

“GDPR” is a short term for the European General Data Protection Regulation.

“UK GDPR” is a short term for the UK General Data Protection Regulation.

“DSG” is short term for the Swiss national Data Protection Law.

“DPO” is the short term for Data Protection Officer.

3. Scope and Responsibility

Our Data Privacy Framework (DPF) Policy applies to Personal Data transferred from European Union member countries, the UK and Switzerland to Plato Inc. in the U.S. in reliance on the respective Data Privacy Framework (DPF).

4. Data Confidentiality, Integrity and Availability

Plato Inc. maintains efforts to ensure the Confidentiality, Integrity and Availability of PII Data. This includes reasonable precautions to ensure accuracy and to protect personal information from loss, misuse, or unauthorized access or disclosure.

5. Data Privacy Compliance

Plato Inc. has initiated reasonable measures to comply with the US, the UK, the EU and the Swiss Data Protection Laws. We cooperate with our German Headquarters and follow the practices to maintain data privacy compliance with the European Data Protection Laws and Regulations.

6. Responsible for the processing of PII data

PLATO North America Inc. - Head Office
3200 Greenfield Road, Suite 300
Dearborn MI. 48120
USA
Tel.: +1 313 486-4865
E-Mail: backoffice@plato.de

PLATO North America Inc. is part of the Peakavenue Group and subsidiary of the Plato GmbH, Lübeck, Germany.

7. Data Protection Officer

For any data privacy related issues and the request of the execution of data subjects rights, please contact our DPO privacy@peakavenue.com.

8. Legal Basis for Processing Personal Data

The legal bases for the processing of personal data are exceptional circumstances that allow the processing of personal data based on the European Data Protection laws.

Data Subjects Consent

Consent is one of these legal bases and requires that the person giving consent gives it in an informed manner and on a voluntary basis. Consent given can generally be revoked at any time without giving reasons.

Data Processing for contractual purposes

The European Data Protection laws allow the processing of personal data to initiate or implement contracts, as long as this is necessary for the specific purpose.

Legal Obligations

Like other companies, we do also have obligations, like for an example the keeping of retention periods. If we have legal obligation stated by law, the data processing is allowed within this scope.

Legitimate Interests

The processing of personal data based on a balancing of interests allows processing of personal data after careful weighing of financial or legal interests against the legitimate interests of the data subject. The processing based on legitimate interests always covers the data subjects right to object.

9. Data Subjects Rights

Every natural person is entitled to certain rights, which are defined in the EU as well in the UK GDPR. In principle, you have the following rights, which you can demand from us.

Right to revoke your consent

You can revoke your consent to us at any time without giving reasons with effect for the future.

Right to information and access to PII data

You have the right at any time to request information about the data you process and the purposes of the processing.

Right to rectification of PII data

If you discover that we are processing incorrect or incomplete data about you, you have the right to rectification.

Right to deletion of PII data

You have the right at any time to request the deletion of your personal data that we process about you. If complete deletion is not possible, for example because we have to fulfill legal retention obligations or we can assert legitimate interests for other reasons, we will restrict your data until these reasons no longer apply.

Right to restriction of processing of PII data

You have the right to request the restriction of the processing of your personal data. You can contact us at any time at the address given in the legal notice. The right to restriction of processing exists in the following cases:

  • If you dispute the accuracy of the personal data we hold about you, we will generally need time to verify this. For the duration of the review, you have the right to request that the processing of your personal data be restricted.
  • If the processing of your personal data was/is occurring unlawfully, you can request that data processing be restricted instead of deletion.
  • If we no longer need your personal data, but you need it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of deletion.
  • If you have lodged an objection, a balance must be made between your interests and ours. As long as it is not yet clear whose interests prevail, you have the right to request that the processing of your personal data be restricted.

If you have restricted the processing of your personal data, this data - apart from its storage - may only be used with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural or legal person or for reasons of important public interest.

Right to data portability of PII Data

You have the right to have data that we process automatically based on your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the data to be transferred directly to another person responsible, this will only be done if it is technically feasible.

Right to object to certain processing operations and direct advertising

If the data processing is carried out on the basis of legitimate interests, you have the right at any time, for reasons arising from your particular situation, to object to the processing of your personal data; This also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this data protection declaration. If you object, we will no longer process your affected personal data unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.

If your personal data is processed for the purpose of direct advertising, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising; This also applies to profiling insofar as it is connected to such direct advertising. If you object, your personal data will no longer be used for direct advertising purposes.

Right to lodge a complaint with a supervisory

In the event of violations of the Data Protections Regulations, those affected have the right to lodge a complaint with a supervisory authority, in particular in the member state of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedies.

10. Data Minimization, Purpose and Storage Period Limitation

Plato Inc. limits the collection of Personal Data to information that is relevant for the purposes of processing. We do not process such Personal Data in a way incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

Plato Inc. takes reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. We take reasonable and appropriate measures to comply with the requirement to retain Personal Data in identifiable form only for as long as it serves a purpose of processing, which includes our obligations to comply with professional standards, our business purposes and unless a longer retention period is permitted by law.

11. Data Processing within the initiation of contractual relationships and the provisioning of our Services

What Data we collect from our Business Partners

To initiate and maintain a viable business relationship it is necessary to collect PII Data for various purposes.

Data we collect from our business partners is:

  • Name
  • Contact Data
  • Company
  • Company Address
  • Professional Function
  • Industry
  • Specific Interests in our products
  • Billing Information

Purposes of Processing:

  • Initiate Business
  • Regular Communication
  • Support
  • Billing
  • Keep to legal retention Periods
  • Information about upcoming innovations and services

Data Processing within our Software as Service Products

Data we process on behalf our customers when using or Software:

  • Name
  • E-Mail-Address
  • (optional) Contact Data
  • Company
  • (optional) Professional Function
  • Usage Data

When using our SaaS Services, PII data is necessary to process for:

  • The Setup and maintaining of User Accounts
  • Using the Software
  • Maintaining Logs
  • Maintaining Security

12. Onward Transfers

In case of onward transfers, Plato shall remain liable under the DPF Principles if its agent or affiliate companies processes personal information in a manner inconsistent with the DPF Principles. Plato however will not remain liable if we can prove that we are not responsible for the event giving rise to the damage.

With whom we share your data?

a) Affiliate Companies
We share information with our German Headquarters, Peakavenue GmbH (Location Lübeck) and joint companies with the Peakavenue Group, as far as it is necessary or otherwise allowed by a legal basis. We have concluded a contractual framework for the joint responsibility according to Art. 26 EU GDPR. Our Affiliate Companies are located within the European Union, the United Kingdom and the USA.

b) Service Providers
Service providers help us to provide our Services and act on behalf instructions of the Peakavenue Group. Plato and the affiliate companies within the Joint Responsibility Framework act as the data controller, the service providers as data processors. The Data Processors may only process personal data limited to the specific purpose and may not process personal data for their own purposes. Regularly Service Providers are directly contracted by the German Peakavenue Headquarters.

Towards data subjects who have a direct contractual relationship, or their data is processed under the controllership of Plato, we shall remain liable under the Data Privacy Framework Principles and within the Joint Responsibility Framework based on EU GDPR principles of the Peak Avenue Group, if service providers we engage to process personal data on our behalf do so in a manner inconsistent with the Principles, unless we can proof that we are not responsible for the event giving rise to the damage.

We have implemented contracts for data processing on behalf our instructions including the provisioning of appropriate technical and organizational measures to ensure confidentiality, integrity and availability as well as compliance with legal frameworks. Further, Data Processors must comply with the DPF principles if located within the USA or the EU/UK GDPR or the Swiss Data Protection Law.

Or Main Service Providers are:

  • Hosting Provider for the Peakavenue Website
  • Microsoft Azure Hosting for our SaaS Software
  • Microsoft Teams for virtual collaboration
  • Microsoft Exchange for E-Mail-Communication
  • Zoho CRM for customer relation management
  • Atlassian Jira Ticket System

We do not share any PII Data or other professional information with any Third parties in terms of selling information.

Which whom we do not share PII data

Plato will not voluntarily share your PII Data with Public databases​, Insurance companies or ​employer​s.

Plato will not​ provide information to ​law enforcement​​ unless required by law to comply with a valid court order, subpoena, or search warrant. We require all law enforcement inquiries to follow a valid legal process, such as a court order or search warrant, and are prepared to exhaust available legal remedies to protect customer privacy. If we are obliged to disclose Personal Data to law enforcement, we will try to provide you with prior notice, unless we are prohibited from noticing you under the law. Plato will preserve and disclose any and all information if required to do so by law or in the good faith belief that such preservation or disclosure is reasonably necessary to:

  • comply with legal or regulatory process (such as a judicial proceeding, court order, or government inquiry) or obligations that Plato may owe pursuant to ethical and other professional rules, laws, and regulations;
  • enforce our Terms of Service;
  • respond to claims that any content violates the rights of third parties; or
  • protect the rights, property, or personal safety of Plato, its employees, officers, directors, contractors or other personnel, its users, and the public. Nothing in this Privacy Statement is intended to limit any legal defenses or objections that you may have to a third party’s, including a government’s, request to disclose your Personal Information.

13. Data Privacy Framework Participation

Plato NA Inc. complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

Plato Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF.

Plato NA Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF.  If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.  To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit Data privacy framework website.

14. Complaints and Recourse Mechanism

Palto NA Inc. is subject to the investigative and enforcement authority of the U.S. Federal Trade Commission (FTC). In compliance with the U-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Plato NA Inc. Inc. commits to resolve complaints about your privacy. Persons from the European Union, The UK or Switzerland who have inquiries or complaints regarding this privacy policy should first contact us here:

Peakavenue Group Global Data Protection Officer
privacy@peakavenue.com

Please note that the Global Data Protection Officer is an external consultant. Your E-Mail-Message will be forwarded. We will respond within 45 days.

Recourse Mechanism

In addition, you also have the option to file a complaint at the official institutions, e.g. if you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, the official data protection authorities can be addressed.

Please note that if your complaint is not resolved through these channels, under limited circumstances, a binding arbitration option may be available before a Privacy Framework Panel.

Appropriate statutory body with jurisdiction to investigate any claims against Plato NA Inc. regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission.

 

x