Personal Information Plex Processes
In the normal course of using the Service, End Users will input electronic data into the Plex Manufacturing Cloud (“User Data”). The use of information collected through the Service shall be limited to the purpose of providing the Service for which the Entity User has engaged Plex. Plex may access User Data for the purposes of providing the Service, preventing or addressing service or technical problems, responding to support issues, responding to Entity User’s or End User’s instructions or as may be required by law, in accordance with the relevant agreement between the Entity User and Plex.
Plex processes User Data under the direction of its Entity Users and has no direct control or ownership of the personal data it processes. Entity Users are responsible for complying with any regulations or laws that require providing notice, disclosure and/or obtaining consent prior to transferring the data to Plex for processing purposes.
An End User who seeks access to, or who seeks to correct, amend, or delete such End User’s User Data should direct his or her query to the Entity User (i.e., the Plex customer) that controls such data’s use by the Services (the data controller). If the Entity User or an End User requests Plex to remove User Data that is personal data to comply with data protection regulations, Plex will respond to their request within 30 business days or, if such data cannot be accessed or retrieved using commercially reasonable efforts during such 30 business day period, then such other reasonable period of time under the circumstances. If Plex is unable to fulfill an Entity User’s customer request to delete data, Plex will provide the Entity User with a written response as to the reasons within 30 business days of the request.
Plex will refer any request for disclosure of an End User’s personal data by a law enforcement authority to the Entity User associated with such End User. Plex may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Plex will notify the Entity User of such request unless prohibited by law.
Accessing the Service
Entity Users and their authorized End Users may access the Service directly through a sign-on page or may elect to use internal launch pages for single sign on or other purposes. Entity Users input information for processing and storage as they use the Service. Entity Users may also configure the Service to allow End Users to input information directly into the Service.
Plex retains User Data according to the timeframes set forth in the relevant agreement with its Entity Users. We may retain your User Data for as long as your account is active or as needed to provide you the Service, comply with our legal obligations, resolve disputes and enforce our agreements.
The security of User Data, including personal data, is very important to Plex. Plex maintains a comprehensive, written information security policies and procedures that contain industry standard safeguards designed to prevent unauthorized access to User Data. Plex designs its applications to allow Entity Users to achieve differentiated configurations, enforce End User access controls, and manage data as desired by management of the Entity User. Configuring these settings appropriately is the Entity User’s responsibility. Additional information about the security settings and configurations can be found in the Plex Manufacturing Cloud documentation made available to Entity Users.
EU – U.S. Privacy Shield
We are responsible for the processing of personal data we receive under the Privacy Shield Framework and subsequently transfer to a third party acting as an agent on our behalf. We comply with the Privacy Shield Principles for all onward transfers of personal data from the EEA, including the onward transfer liability provisions.
With respect to personal data received or transferred pursuant to the Privacy Shield Framework, we are subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
You may direct any inquiries or complaints related to our Privacy Shield compliance to email@example.com. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.
Types of personal data collected and purposes of collection and use
Plex collects personal data about EEA End Users that Entity Users or their authorized End Users either enter into the Service or provide to Plex under a professional services engagement to be input into or accessed within the Service (collectively, “Services Personal Data”).
Plex acts as a data processor with respect to this Services Personal Data. Plex processes Services Personal Data to provide and support the Service purchased by the Entity User and for such other services purchased by the Entity User and performed by Plex. Plex processes Services Personal Data as instructed by its Entity Users and does not control or own the Services Personal Data it processes.
Commitment subject to the Privacy Shield Principles
Plex processes all Services Personal Data received from the EEA subject to and in reliance on the Privacy Shield Principles.
Type of third parties to which we disclose personal data and purposes
As a data processor, Plex will disclose Services Personal Data only as instructed by the data controller (i.e., the Entity User). In some cases we may share Services Personal Data with our subcontractors to provide the Service to Entity Users. If Plex goes through a business transition, such as a merger, acquisition by another company or sale of all or a portion of its assets. In all cases, Services Personal Data may only be transferred in accordance with the relevant agreement covering the Services between the Entity User and Plex.
Requirement to disclose
Plex may be required to disclose Services Personal Data in special cases when we have a good faith belief that such action is necessary to conform to legal requirements or to respond to lawful requests by public authorities, including to meet national security or law enforcement requirements. Plex will notify the Entity User of such request unless prohibited by law.
Right to access
If Plex is the data processor, an End User who seeks access to, or who seeks to correct, amend, or delete such End User’s User Data should direct his or her query to the Entity User (i.e., the Plex customer) that controls such data’s use by the Services (the data controller). In some instances, the Entity User may have enabled the End User to perform these updates themselves through the Service. If the Entity User or an End User requests Plex to remove User Data that is personal data to comply with data protection regulations, Plex will respond to their request within 30 business days or, if such data cannot be accessed or retrieved using commercially reasonable efforts during such 30 business day period, then such other reasonable period of time under the circumstances. If Plex is unable to fulfill an Entity User’s customer request to delete data, Plex will provide the Entity User with a written response as to the reasons within 30 business days of the request.
Choices and means
Plex retains Services Personal Data according to the timeframes set forth in the relevant agreement between Plex and the Entity User. End Users who would like to request that their personal data not be used for specific purposes or disclosed should contact the Entity User (the data controller).
Independent dispute resolution body
If you are located in the EEA and Plex has not been able to satisfactorily resolve your question or complaint regarding our privacy practices, you may raise your concern to the attention of your data protection authorities (“DPAs”), as applicable. The DPAs will establish a panel to investigate and resolve complaints brought under the Privacy Shield and Plex will comply with the advice of this panel or Commissioner, as applicable with regard to data transferred from the EEA, as applicable. Furthermore, Plex will comply with the advice given by DPAs and take necessary steps to remediate any non-compliance with the Privacy Shield Principles.
Investigatory and enforcement powers of the FTC
Plex is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. Plex also is committed to cooperating with the DPAs located in the EEA.
If you are located in the EEA and have exhausted all other means to resolve your concern regarding a potential violation of Plex’s obligations under the Privacy Shield Principles, you may seek resolution via binding arbitration. For additional information about the arbitration process please see Annex I of the Privacy Shield:https://www.privacyshield.gov/article?id=ANNEX-I-introduction.
If a third-party service provider providing services on Plex’s behalf processes personal data from the EEA in a manner inconsistent with the Privacy Shield Principles, Plex will be liable unless we can prove that we are not responsible for the event giving rise to the damages.
Inquiries or Complaints
Please refer any inquiries or complaints regarding Plex’s Privacy Practices to firstname.lastname@example.org or by regular mail addressed to:
Plex Systems, Inc.
900 Tower Drive
Troy, MI 48098
Plex has appointed personnel responsible for overseeing the implementation of the privacy program in the organization. If you have further questions related to this policy, please ask your Plex customer care contact to log a customer care case with the privacy question.
If you have an unresolved EEA privacy or data use concern that we have not addressed satisfactorily, please contact the relevant EU DPA, as applicable.