GDPR Commitment

Overview

We support the GDPR and have worked hard to ensure that you as a customer (and ourselves) are set up to meet the GDPR obligations. Not only is the GDPR an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security and compliance in the industry. Below is a brief summary of some of the main points.

Servers & Security

Servers

For customers requiring GDPR compliance all servers are located within the EU on ISO-certified data centers, including logs, backups, disaster recovery etc. Currently our main European data center is located in Germany with Disaster Recovery and backups in the Netherlands.

In a few cases we depend on sub-processors (e.g. Google Cloud Platform) or technical support and development located ouside of the EU. In such cases we have a signed DPA with each sub-processor and they go through a selection process to ensure they have the required technical expertise and can deliver the appropriate level of security and privacy.

Security

Data is encrypted, both in transit and at rest and we’re continuously running third party scans to detect potential vulnerabilities and make sure we’re up to date with the latest encryption, settings and software. We follow general industry best practices for all servers we manage such as restricting server access within the team as much as possible and manually verifying all server access over an independent channel where relevant. Aggressive use of firewalls and separate customer databases are other examples of measures taken to reduce the attack surface on our systems. On application level, 2-factor-auth is offered and encouraged for all users.

Product & Data

Personal Data

Planhat (as a service provider and Processor) holds “Personal Data” about your endusers , and (as a Controller) about our own endusers as a tenant on our own Platform. Personal data about endusers may include basic profile information (name, email, phone number, job title, notes etc), conversations (email, support/chat, phone calls), and product usage tracking.

Given the nature of Planhat (SaaS B2B), the data we process about our own endusers (Planhat users) only relates to their their professional use of and interactions with Planhat. It does not relate to nor impact their ordinary life nor does anyone try to use the this data to offer them services based on their behaviour as a natural person. Processing this professional data is considered necessary to meet our service commitments, and we cannot imagine any other way to properly support our customers without a disproportionate effort. As a Planhat customer, it’s your responsibility to ensure that your own data is lawfully collected and used.

Right to correct, amend or delete personal data

Removing data related to any of your end-users is easy from the Planhat app or over API - you don't even need to contact our support for it. Correcting or amending data is also easily done from within the app or over API. If you’re a Planhat user and want us to correct or remove data simply reach out to your CSM or our Data Protection Officer at compliance@planhat.com.

Removal of old or unused data

Finding and removing customer (and end-user) profiles is easy using the built in filtering features of Planhat. As the controller you can set the criteria yourself, for example removing all end-users that haven’t been active for a certain number of months.

Data portability

As as customer of Planhat you can easily export your data in JSON format over the API. The most relevant data can also be exported in spreadsheet format from within the app.

Data Access

Planhat team members will only have access to your Personal Data if needed for meeting the service requirement in accordance with the agreement.

Policies & Communication

Data Protection Officer

We’ve appointed a Data Protection Officer to oversee our data management to ensure that our processes now and in the future are in compliance with GDPR. Get in touch directly at compliance@planhat.com.

Data Processing Agreements (DPAs)

We’re working with all relevant vendors and sub-processors to make sure they’re GDPR-ready and that we have signed DPAs. A Customer Data Processing Agreement has also been included in our Terms of Service.

Privacy Policy

We’ve updated our publicly available Privacy Policy. As a customer, it’s your own responsibility towards your endusers to have the proper privacy terms in place.

Information in case of data breach

Each customer is responsible to keep at least one Planhat user flagged as point of contact for issues relating to data and Personal Information (“POC Data”). Planhat will notify these users in case of any data breach, 24h maximum after knowing about it and fixing the flaw. It is then the responsibility of these users to report this data-breach to their end-users in due time. In a similar way, Planhat is responsible for informing all Planhat users as appropriate should our own data have been compromised.

Learn more about Planhat

We use cookies to ensure you get the best experience on our site. Learn more

Get a Demo

We look forward to showing you Planhat.
Tell us a bit about yourself.

Thank you! 🙌

Thank you for your interest in Planhat.
You will hear from us soon!

Error!

Sorry, an unexpected error occurred. Try again later!