Privacy Notice
Privacy Notice on the Processing of Personal Data
pursuant to Articles 13 and 14 of EU Regulation 2016/679 (GDPR)
Last updated: January 2025
Dear User, this notice describes how personal data collected by Plank Italy Spa Società Benefit and Plank Platform Inc. (hereinafter “Plank”) through the website plank.global and related platforms is processed.
1. Data Controller
Plank Italy Spa Società Benefit
Registered office: Via Privata della Passarella 4, 20122 Milan (MI), Italy
Operational office: Sestiere Santa Croce 466/B, 30135 Venice (VE), Italy
Phone: +39 02 30559964
E-mail: privacy@plank.global
Plank Platform Inc.
170 N Brandon Drive, Glendale Heights, IL 60139, USA
Phone: +1 (773) 2321791
2. Types of Data Collected
2.1 Browsing data
The IT systems and software procedures used to operate the website automatically acquire certain personal data during normal operation, the transmission of which is implicit in the use of Internet communication protocols (e.g., IP addresses, domain names, browser type, operating system parameters, URIs of requested resources, time of request).
2.2 Voluntarily provided data
The optional sending of messages via contact forms, demo requests, subscription to our services, or communication via e-mail involves the acquisition of personal data provided by the user (name, surname, e-mail, phone, company, job title, and any additional information communicated).
2.3 Cookies and tracking technologies
The website uses technical cookies and, with prior consent, analytical and profiling cookies. For more information, please refer to our Cookie Policy.
3. Purposes and Legal Basis for Processing
| Purpose | Legal basis |
|---|---|
| Website operation and provision of requested services | Performance of a contract (Art. 6.1.b GDPR) |
| Responding to contact and information requests | Pre-contractual measures (Art. 6.1.b GDPR) |
| Compliance with legal, tax, and accounting obligations | Legal obligation (Art. 6.1.c GDPR) |
| IT security and fraud prevention | Legitimate interest (Art. 6.1.f GDPR) |
| Sending commercial communications and newsletters | Consent (Art. 6.1.a GDPR) |
| Statistical analysis and service improvement | Legitimate interest (Art. 6.1.f GDPR) |
4. Processing Methods
Personal data is processed using electronic and digital tools, with logic strictly related to the purposes indicated above and, in any case, in a manner that ensures security and confidentiality. Appropriate technical and organizational security measures are adopted, in line with ISO 27001 standards, to prevent loss, unlawful or improper use, and unauthorized access to data.
5. Data Communication and Disclosure
Personal data may be disclosed to:
- Plank employees and collaborators, duly authorized for processing.
- Plank group companies (Plank Platform Inc. and Plank Italy Spa).
- Technical and IT service providers acting as Data Processors pursuant to Art. 28 GDPR.
- Professional consultants (legal, tax, accounting) within the scope of their mandate.
- Public authorities and supervisory bodies, where required by law.
Personal data will under no circumstances be disclosed indiscriminately.
6. Extra-EU Data Transfers
Due to the presence of Plank Platform Inc. in the United States of America, some data may be transferred outside the European Union. The transfer is carried out in compliance with Chapter V of the GDPR, through the adoption of Standard Contractual Clauses (SCCs) approved by the European Commission or, where applicable, based on the EU-US Data Privacy Framework.
7. Data Retention
Personal data is retained for the time strictly necessary for the purposes of processing:
- Browsing data: maximum 12 months (unless required by law).
- Contractual data: for the entire duration of the contractual relationship and for 10 years following termination, in compliance with tax and accounting obligations.
- Contact data (information requests): maximum 24 months from last interaction.
- Direct marketing data: until consent is withdrawn.
8. Data Subject Rights
Pursuant to Articles 15-22 of the GDPR, data subjects have the right to:
- Obtain confirmation of the existence of data concerning them and access their data (Art. 15).
- Obtain rectification of inaccurate data or completion of incomplete data (Art. 16).
- Obtain erasure of data (“right to be forgotten”), in applicable cases (Art. 17).
- Obtain restriction of processing (Art. 18).
- Receive data in a structured format and transfer it (portability, Art. 20).
- Object to processing (Art. 21).
- Not be subject to automated decisions, including profiling (Art. 22).
- Withdraw consent at any time.
Requests may be sent to: privacy@plank.global.
9. Right to Lodge a Complaint
Data subjects who believe that the processing of their personal data violates the GDPR have the right to lodge a complaint with the competent supervisory authority. In Italy: Garante per la Protezione dei Dati Personali – www.garanteprivacy.it.
10. Changes to this Notice
Plank reserves the right to update this notice at any time. The updated version will be published on this page with the date of last update indicated.