The Plum Group, Inc. and subsidiaries and affiliates (“Plum”) respects your preferences concerning the collection and use of your personal and sensitive data (“data”). This policy will provide information about how Plum collects data, why we collect it, and what choices you have concerning its use.
Please note that Plum maintains the same privacy practices described in this policy for data we collect offline; accordingly, references below to website “users” also apply to individuals from whom we collect data offline.
The purpose of this policy is to ensure that Plum has standard procedures in place for protecting the information of all data.
What Information We Collect
The types of data that Plum collects includes the following:
How We Collect That Information
How We Use The Data We Collect
To engage in transactions or communications.
Name, address, email, purchase details, and credit card/payment information may be collected and stored as part of the transaction history. The majority of the data collected under this category is business contact information. Plum may need to share some of this data (address, payment) with delivery services, credit card clearing houses and other similarly situated third parties that are required to complete the transaction.
To provide future service and support.
The information collected for this purpose is both contact data and information related to the products and service/support requested. The data is used to provide services, updates, and similar notices. Users who download products under trial licenses and purchasers of products may also be contacted to confirm certain information about their orders, for example, to determine they did not experience problems in the download process.
To respond to user inquiries and requests for information.
The data collected includes registrations for newsletters and specific requests for further information.
To provide various Plum communities, such as partners, with relevant product alerts and updates.
These updates are related to product releases, prices, terms, special offers, and associated campaigns. This data is sent out as part of the program member signing up for the relevant program or online account.
To better tailor marketing, the website, and our services to user needs.
We may use information from purchases and requirements to provide you with timely and pertinent notices of product releases and service developments that address your needs and requirements. We may share your information, with third party service providers that help to optimize our website and our services. Finally, we may also use this information to offer location customization, and other efforts to personalize your experiences on Plum Voice’s website.
To better respond to requests for service or quotes for product and equipment purchase.
To provide information on educational events or relevant partner products.
We occasionally co-sponsor events with partners or present at partner events that provide services of potential benefit to Plum users. Plum or our event partners may provide information on such events and services and/or relevant partner products. Plum respects your information and maintains control of the data we collect and limit the use by these partners of the data we collect.
As a result of your use of Outsourcing, Support or Consulting Services “Hosted Services”.
Plum customers may provide Plum incidental access to data about their employees, vendors, partners or customers in connection with Plum’s Hosted Services, including Plum Voice Centers. As a result of this Hosted Services relationship, Plum may access or process some of this information, but does not control the data collection or use practices related to this information. Plum merely provides the relevant hosting or application management and support services required by the engagement. Plum makes no independent use of the data outside of what is needed to provide the hosting service, applications management, and support to complete specific actions requested by the customer.
To address performance and fix issues.
Occasionally, patches and other software fixes, such as security patches addressing newly discovered vulnerabilities, are developed by Plum. We may communicate the availability of these patches or fixes to registered owners of software and parties who have identified themselves to us as users or developers. As a result of legal requirements. Plum may be required to provide data to comply with legally mandated reporting, disclosure, or other legal process requirements.
Plum is aware of the new General Data Protection Regulations (GDPR) that are effective as of May 24, 2018. To achieve GDPR compliance, Plum implements data minimization rules and processes at every step in the data lifecycle. Plum ensures that personal data usage is always relevant, adequate and absolutely necessary for carrying out the purpose for which the data is processed. Plum also ensures that any vendors we work with for data processing purposes, as defined in the GDPR, exhibit adequate efforts to ensure GDPR compliance.
How Data is Secured
We are committed to keeping your data secure and have implemented appropriate safeguards to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. These safeguards include the following:
Using Trusted Vendors that are GDPR Ready
To collect data, Plum Voice utilizes services from the following providers: Act-On, Evergage, Bizable, and Salesforce.
Plum Voice has received assurance from Act-On that it is currently GDPR compliant. For more information on Act-On’s compliance please visit it’s GDPR webpage.
Plum Voice has confirmed that Evergage has GDPR-ready procedures in place. For more information on Evergage’s compliance status, please visit it’s GDPR webpage.
Plum Voice has received assurance from Bizable that it will be compliant with GDPR on its implementation deadline. For more information on Bizable’s compliance status please visit it’s GDPR information webpage.
Plum Voice has confirmed that Salesforce has an active ISO 27001 certification, and that it has a current certificate of compliance from UK Cyber essentials. To view these certifications please visit Salesforce’s compliance webpage.
Plum Voice transmits sensitive cardholder data for a portion of its customers. To ensure the safety of this data, security measures include, but are not limited to keeping servers in locked cabinets at data centers that require passcard and ID recognition for entry, and supports strong TLS encryption of survey data transmissions.
Rights of the Data Subject
The GDPR outlines rights that all individuals have to their data. Plum strives to ensure that it is well-informed of these individual rights, and ensures that its policies and procedures are constantly updated to reflect new changes and additions to the relevant sections of the GDPR that reference individual rights.
These rights include, but are not limited to the following:
New Choices for Users to Manage the Privacy and Accuracy of Their Data
All individuals of whom Plum collects personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. Plum wants all users to be aware of the following choices regarding the vendors Plum uses for data collection purposes.
As Related to Act-On
All emails that Plum Voice sends through Act-On have an “Unsubscribe” Option. Any user that wishes to stop receiving emails will no longer receive emails by enabling this option.
As Related to Evergage
As Related to Salesforce
Please see below for options on making requests to delete or modify data held in Salesforce.
In the event that individual personal data is acquired, or is reasonably believed to have been acquired, by an unauthorized person, and applicable laws including the GDPR requires notification, Plum will notify the affected individual of the breach. Plum recognizes that the GDPR includes strict notification guidelines, which includes the notification of a personal data breach to relevant supervisory authority within 72 hours after having become aware of the breach, unless the breach is unlikely to result in the rights and freedoms of natural persons. Unless otherwise required by law, Plum will first notify the affected individual via email or fax. If Plum is unable to contact the individual by email or fax, a notice will be sent by U.S. mail. Notice will be given promptly, consistent with the legitimate needs of law enforcement and any measures necessary for Plum or law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system. Plum may delay notification if Plum, a law enforcement agency, or supervisory authority, determines that the notification will impede a criminal investigation, unless Plum or the relevant agency determines that notification will not compromise the investigation.
Requests to Make Changes to Data
As mandated by the GDPR, if a data subject requests to change incorrect data, or requests to delete data, Plum must review that request and respond as required by the GDPR and other applicable US laws. The request must be made as soon as possible, and must detail specific information as to what must be modified or deleted.
Plum’s systems are not intended for children under the age of 16. We do not knowingly collect personal data from, market to, or request information from individuals under the age of 16.
Plum provides a separate and more detailed policy about how we manage the data we may access as part of our network-based outsourcing, support and consulting services (“Hosted Services”). Hosted Services data does not include our direct customer information, but rather the data that we may access related to our customers’ customers, employees, and partners as part of our Hosted Services.
If we are going to use your data in a manner different from that stated at the time of collection, we will notify you via email. You will have a choice as to whether or not we use your data in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user data already stored in our database, we will notify you by email or post a prominent notice on this website notifying users of the change. In some cases where we post the notice we will also email users who have opted to receive communications from us, notifying them of the changes in our privacy practices.
We may update this policy from time to time to describe how new site features affect our use of your data and to let you know of new control and preference features we provide you. For example, if significant changes are made to Plum’s business objectives or to our secure environment, we will make updates to this policy to reflect those changes.
We appreciate your comments on Plum’s privacy practices:
131 Varick Street, 9th floor
New York, NY 10013