General Data Protection Regulation (GDPR)
Last Updated October 2020
- General Data Protection regulation (GDPR)
- Data Processing Agreement
- EU Standard Contractual Clauses
- Technical and Organizational Measures
- Data Processing Details
- Sub-Processor List
Plannuh delivers a marketing leadership platform as a cloud-based SaaS product. Our clients rely on our services as a data processor. We recognize the importance of delivering products that support compliance efforts consistent with applicable privacy and data protection laws.
Plannuh has and will maintain standard contractual clauses. Following the guidance of the European Data Protection Board, Plannuh has implemented the process necessary to verify the conditions of transfers made pursuant to these standard contractual clauses which offer appropriate safeguards for the data processing required by our customer contracts. Plannuh is confident its process aligns with that outlined by the Board.
We remain committed to helping our clients meet current and evolving privacy and data protection regulations and will continue to monitor and adapt our systems, as necessary.
To support GDPR compliance efforts, Plannuh:
- Regularly reviews existing policies, procedures, and systems to validate alignment with principles for data processing.
- Offers clients location options for data processing and storage.
- Demonstrates a clear understanding of client data, where it flows within our systems, and who has access.
- Facilitates compliance with data subject requests.
- Conducts Privacy Impact Assessments for new products, systems, and geographies.
- Applies appropriate retention periods.
- Encrypts data at rest and provides secure data transmission between Plannuh and client systems.
- Applies security protocols and access controls
- Ensures sub-processors and contracts are properly vetted according to GDPR requirements.
Responsibility with respect to data protection is shared. Our clients are responsible for using Plannuh products in a GDPR-compliant manner and for enforcing applicable policies in their organizations in accordance with GDPR requirements.