Privacy Policy

Scope

This Privacy Policy describes how Planqestra handles information collected through our website and during professional engagements. It applies to business-related interactions and does not cover third-party websites or platforms we do not control.

1. Information we collect. We may collect business contact details such as name, role, company, and work email. We may also collect project-related information you choose to share for service delivery.
2. How information is collected. Information may be collected when you submit a form, request a proposal, or communicate with us. Information can also be collected during workshops, interviews, and project collaboration.
3. Purpose limitation. We use information to deliver services, respond to inquiries, and manage client relationships. We do not use client information for unrelated purposes without a lawful basis or permission.
4. Legal bases for processing. We process information to perform a contract, to take steps at your request prior to contract, or for legitimate business interests. Where required, we rely on consent for specific activities.
5. Client-provided data. Clients may provide operational, financial, or customer data to support analysis. We treat such data as confidential and use it only within the agreed scope.
6. Data minimization. We request only the information necessary to complete an engagement or respond effectively. If information is optional, we may note that clearly in intake steps.
7. Analytics and usage signals. We may use privacy-respecting analytics to understand website performance and improve experience. These signals are used in aggregate and are not intended to identify individuals.
8. Cookies and similar technologies. Our site may use essential and analytics cookies to operate and measure performance. You can adjust browser settings to limit cookies, which may impact functionality.
9. Data sharing. We share information only with service providers needed to run operations (such as hosting or collaboration tools). We do not sell personal information or share it for targeted advertising.
10. Service providers. Providers may process information on our behalf under contractual obligations. We require reasonable confidentiality and security commitments aligned to their role.
11. International transfers. Information may be processed in jurisdictions different from where it was collected. When transfers occur, we use safeguards appropriate to the situation and legal requirements.
12. Security measures. We use access controls, role-based permissions, and encryption where appropriate. Security is reviewed periodically and improved as risks and systems evolve.
13. Confidentiality practices. Engagement materials are handled under confidentiality principles and, where applicable, contractual clauses. We limit internal access to staff who need the information to perform their role.
14. Retention. We retain information for as long as needed to support services, comply with legal obligations, and resolve disputes. When information is no longer needed, we delete or anonymize it where feasible.
15. Accuracy. You are encouraged to keep business contact information current. Inaccurate data may reduce our ability to deliver services efficiently.
16. Your rights. Depending on your jurisdiction, you may have rights to access, correct, delete, or restrict processing. We respond to verified requests within a reasonable time frame.
17. Verification of requests. To protect confidentiality, we may request reasonable proof of authority before fulfilling a request. This helps prevent unauthorized disclosure or changes.
18. Marketing communications. If we send business updates, you can opt out at any time through standard unsubscribe controls. Opting out will not affect service communications related to an active engagement.
19. Do-not-track signals. Some browsers send do-not-track signals, but there is no universal standard for response. We focus on minimizing tracking and limiting data collection by design.
20. Children’s privacy. Our services are intended for business clients and are not directed to children. We do not knowingly collect data from minors.
21. Incident response. If a security incident affects information, we assess impact and take remedial actions. Where required, we provide notifications consistent with applicable law.
22. Policy updates. We may update this policy to reflect changes in practices or legal requirements. Updates will be posted on this page with a revised date.