Plex Manufacturing Cloud Service Privacy Policy

This Plex Systems, Inc. (“Plex”) Manufacturing Cloud Privacy Policy (“Privacy Policy”) governs Plex’s privacy policies and practices applicable to any customer, partner and third-party (each, an “Entity User”) granted access to and use of Plex’s proprietary cloud-based platform and associated modules and components (the “Plex Manufacturing Cloud” or “Service”) and any authorized employee, consultant, contractor, customer, supplier or agent of such Entity User who accesses or uses the Services (each, an “End User” and collectively, the “End Users”).

This Privacy Policy only applies to Plex’s use of data in connection with the Services. It does not cover or apply to data or information collected by Plex for other purposes, such as information collected from visitors to the Plex website located at https://www.plex.com which may be used for sales and marketing purposes. This Privacy Policy describes how Plex collects, uses, shares and secures the personal information you provide regarding the End Users of the Service. It also describes your choices regarding use, access and correction of your personal information. For information about Plex’s website privacy policy and practices, please refer to the Plex Privacy Policy located at https://www.plex.com/privacy-policy.

Personal Information Plex Processes

In the normal course of using the Service, End Users will input electronic data into the Plex Manufacturing Cloud (“User Data”). The use of information collected through the Service shall be limited to the purpose of providing the Service for which the Entity User has engaged Plex. Plex may access User Data for the purposes of providing the Service, preventing or addressing service or technical problems, responding to support issues, responding to Entity User’s or End User’s instructions or as may be required by law, in accordance with the relevant agreement between the Entity User and Plex.

Plex processes User Data under the direction of its Entity Users and has no direct control or ownership of the personal data it processes. Entity Users are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Plex for processing purposes.

An End User who seeks access to, or who seeks to correct, amend, or delete such End User’s User Data should direct his or her query to the Entity User (i.e., the Plex customer) that controls such data’s use by the Services (the data controller). If the Entity User or an End User requests Plex to remove User Data that is personal data to comply with data protection regulations, Plex will respond to their request within 30 business days or, if such data cannot be accessed or retrieved using commercially reasonable efforts during such 30 business day period, then such other reasonable period of time under the circumstances. If Plex is unable to fulfill an Entity User’s customer request to delete data, Plex will provide the Entity User with a written response as to the reasons within 30 business days of the request.

Plex will refer any request for disclosure of an End User’s personal data by a law enforcement authority to the Entity User associated with such End User. Plex may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Plex will notify the Entity User of such request unless prohibited by law.

Accessing the Service

Entity Users and their authorized End Users may access the Service directly through a sign-on page or may elect to use internal launch pages for single sign on or other purposes. Entity Users input information for processing and storage as they use the Service. Entity Users may also configure the Service to allow End Users to input information directly into the Service.

Data Retention

Plex retains User Data according to the timeframes set forth in the relevant agreement with its Entity Users.  We may retain your User Data for as long as your account is active or as needed to provide you the Service, comply with our legal obligations, resolve disputes and enforce our agreements.  

Security

The security of User Data, including personal data, is very important to Plex. Plex maintains a comprehensive, written information security policies and procedures that contain industry standard safeguards designed to prevent unauthorized access to User Data. Plex designs its applications to allow Entity Users to achieve differentiated configurations, enforce End User access controls, and manage data as desired by management of the Entity User. Configuring these settings appropriately is the Entity User’s responsibility. Additional information about the security settings and configurations can be found in the Plex Manufacturing Cloud documentation made available to Entity Users.

EU – U.S. Privacy Shield

Plex complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Economic Area ("EEA") to the United States. Plex has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

We are responsible for the processing of personal data we receive under the Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EEA, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

You may direct any inquiries or complaints related to our Privacy Shield compliance to privacy@plex.com.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Types of personal data collected and purposes of collection and use

Plex collects personal data about EEA End Users that Entity Users or their authorized End Users either enter into the Service or provide to Plex under a professional services engagement to be input into or accessed within the Service (collectively, “Services Personal Data”).

Plex acts as a data processor with respect to this Services Personal Data. Plex processes Services Personal Data to provide and support the Service purchased by the Entity User and for such other services purchased by the Entity User and performed by Plex. Plex processes Services Personal Data as instructed by its Entity Users and does not control or own the Services Personal Data it processes.

Commitment subject to the Privacy Shield Principles

Plex processes all Services Personal Data received from the EEA subject to and in reliance on the Privacy Shield Principles.

Type of third parties to which we disclose personal data and purposes

As a data processor, Plex will disclose Services Personal Data only as instructed by the data controller (i.e., the Entity User). In some cases we may share Services Personal Data with our subcontractors to provide the Service to Entity Users. If Plex goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the relevant agreement covering the Services between the Entity User and Plex.

Requirement to disclose

Plex may be required to disclose Services Personal Data in special cases when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Plex will notify the Entity User of such request unless prohibited by law.

Right to access

If Plex is the data processor, an End User who seeks access to, or who seeks to correct, amend, or delete such End User’s User Data should direct his or her query to the Entity User (i.e., the Plex customer) that controls such data’s use by the Services (the data controller). In some instances, the Entity User may have enabled the End User to perform these updates themselves through the Service. If the Entity User or an End User requests Plex to remove User Data that is personal data to comply with data protection regulations, Plex will respond to their request within 30 business days or, if such data cannot be accessed or retrieved using commercially reasonable efforts during such 30 business day period, then such other reasonable period of time under the circumstances. If Plex is unable to fulfill an Entity User’s customer request to delete data, Plex will provide the Entity User with a written response as to the reasons within 30 business days of the request.

Choices and means

Plex retains Services Personal Data according to the timeframes set forth in the relevant agreement between Plex and the Entity User. End Users who would like to request that their personal data not be used for specific purposes or disclosed should contact the Entity User (the data controller).

Independent dispute resolution body

If you are located in the EEA and Plex has not been able to satisfactorily resolve your question or complaint regarding our privacy practices, you may raise your concern to the attention of your data protection authorities (“DPAs”), as applicable. The DPAs will establish a panel to investigate and resolve complaints brought under the Privacy Shield and Plex will comply with the advice of this panel or Commissioner, as applicable with regard to data transferred from the EEA, as applicable. Furthermore, Plex will comply with the advice given by DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.

Investigatory and enforcement powers of the FTC

Plex is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Plex also is committed to cooperating with the DPAs located in the EEA.

Arbitration

If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Plex’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please see Annex I of the Privacy Shield: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Liability

If a third-party service provider providing services on Plex’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Plex will be liable unless we can prove that we are not responsible for the event giving rise to the damages.

Inquiries or Complaints

Please refer any inquiries or complaints regarding Plex’s Privacy Practices to privacy@plex.com or by regular mail addressed to:

Plex Systems, Inc.
Attn: Privacy
900 Tower Drive
Suite 1500
Troy, MI 48098
United States

Changes to this Privacy Policy

Plex reserves the right to change or update this Privacy Policy at any time. Changes to this Privacy Policy will be posted on this website and links to the Privacy Policy will indicate that this Privacy Policy has been changed or updated. If we make any material changes we will notify End Users by means of a notice within the Service when the change becomes effective. We encourage you to periodically review this Privacy Policy for any changes.

Compliance

Plex has appointed personnel responsible for overseeing the implementation of the privacy program in the organization. If you have further questions related to this policy, please ask your Plex customer care contact to log a customer care case with the privacy question.

If you have an unresolved EEA privacy or data use concern that we have not addressed satisfactorily, please contact the relevant EU DPA, as applicable.