Planhat is modular so you can focus on what really helps you drive value and forget about the rest.
Segments, 360 Profiles, Overviews and User Insights
Forecasting, KPIs, Renewal Management and much more
No more surprises when you know where to focus
Beautiful Playbooks for structure and best practices
All your conversations in one place.
Collaboration and CS team overview
Stay on top of the latest news relateded to SaaS Churn, up-sell, renewals. Customer Success compensation, upcoming events, and a lot more.
This article will provide you with some of the key areas and aspects to help you prepare for the GDPR.
Planhat reached out to Customer Success professionals in the Nordic region and asked questions pertaining to job title and seniority level, compensation models, salary, maturity of the customer success team and so forth.
By Niklas Skog
We support the GDPR and have worked hard to ensure that you as a customer (and ourselves) are set up to meet the GDPR obligations.
Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens,
it also raises the bar for data protection, security and compliance in the industry.
Below is a brief summary of some of the main points.
For customers requiring GDPR compliance all servers are located within the EU on ISO-certified data centers, including logs, backups, disaster recovery etc.
Currently our main European data center is located in Germany with Disaster Recovery and backups in the Netherlands.
In a few cases we depend on sub-processors (e.g. Google Cloud Platform) or technical support and development located ouside of the EU.
In such cases we have a signed DPA with each sub-processor and they go through a selection process to ensure they have the required technical expertise
and can deliver the appropriate level of security and privacy.
Data is encrypted, both in transit and at rest and we’re continuously running third party scans to detect potential vulnerabilities and make sure we’re up to date with the latest encryption, settings and software.
We follow general industry best practices for all servers we manage such as restricting server access within the team as much as possible and manually verifying all server access over an independent channel where relevant.
Aggressive use of firewalls and separate customer databases are other examples of measures taken to reduce the attack surface on our systems.
On application level, 2-factor-auth is offered and encouraged for all users.
Planhat (as a service provider and Processor) holds “Personal Data” about your endusers , and (as a Controller) about our own endusers as a tenant on our own Platform.
Personal data about endusers may include basic profile information (name, email, phone number, job title, notes etc), conversations (email, support/chat, phone calls),
and product usage tracking.
Given the nature of Planhat (SaaS B2B), the data we process about our own endusers (Planhat users) only relates to their their professional use of and interactions with Planhat.
It does not relate to nor impact their ordinary life nor does anyone try to use the this data to offer them services based on their behaviour as a natural person.
Processing this professional data is considered necessary to meet our service commitments, and we cannot imagine any other way to properly support our customers without a disproportionate effort.
As a Planhat customer, it’s your responsibility to ensure that your own data is lawfully collected and used.
Removing data related to any of your end-users is easy from the Planhat app or over API - you don't even need to contact our support for it.
Correcting or amending data is also easily done from within the app or over API.
If you’re a Planhat user and want us to correct or remove data simply reach out to your CSM or our Data Protection Officer at email@example.com
Finding and removing customer (and end-user) profiles is easy using the built in filtering features of Planhat.
As the controller you can set the criteria yourself, for example removing all end-users that haven’t been active for a certain number of months.
As as customer of Planhat you can easily export your data in JSON format over the API. The most relevant data can also be exported in spreadsheet format from within the app.
Planhat team members will only have access to your Personal Data if needed for meeting the service requirement in accordance with the agreement.
We’ve appointed a Data Protection Officer to oversee our data management to ensure that our processes now and in the future are in compliance with GDPR.
Get in touch directly at firstname.lastname@example.org
We’re working with all relevant vendors and sub-processors to make sure they’re GDPR-ready and that we have signed DPAs.
A Customer Data Processing Agreement has also been included in our Terms of Service.
As a customer, it’s your own responsibility towards your endusers to have the proper privacy terms in place.
Each customer is responsible to keep at least one Planhat user flagged as point of contact for issues relating to data and Personal Information (“POC Data”).
Planhat will notify these users in case of any data breach, 24h maximum after knowing about it and fixing the flaw.
It is then the responsibility of these users to report this data-breach to their end-users in due time. In a similar way,
Planhat is responsible for informing all Planhat users as appropriate should our own data have been compromised.
Findings from the Nordic CS Survey
What to expect from the new EU regulations
Drop your email and let us show you how it works