Our role, responsibility and commitment regarding data protection
In accordance with the General Data Protection Regulation, GDPR, our customer is the Controller for all personal data processed by the Controller by using Planacy (“the Software”). The customer shall ensure that all processing of personal data done by the Controller in the Software complies with The General Data Protection Regulation and other applicable legislation. The customer is aware of the fact that the Software collects information about the users of the Software, e.g. e-mail address, AD accounts, IP addresses and other information, such as salaries and benefits for employees to the customer, as the customer wants to be processed in the Software in accordance with their purposes using the Software.
Planacy is a data processor towards its customers
When storing our customers data within our service in the cloud (Planacy Cloud), we are processing personal data on behalf of our customers as a processor. The customer acknowledges that the customer is the Personal Data Controller (“Controller”) for all personal information processed by Planacy (“Data Processor”) on behalf of the Controller and that the Controller is responsible for the type of personal data in addition to usernames, e-mail addresses, AD-accounts and IP addresses to be handled in the Software. As Data Processor Planacy undertakes to process personal data only in accordance with the Controller's instructions, to follow applicable data protection law and relevant regulatory authorities' advice and directives, to ensure technical and organizational security to protect Data from intrusion, loss and unauthorized processing, and to notify the Controller, without undue delay, data intrusion, loss of data or other unauthorized processing of personal data.
The processing hereof shall be governed by a data processing agreement. As data controllers, our customers have the legal obligation of informing the data subjects about the purposes and legal basis for the processing of their personal data, and how they can exercise their rights, if this type of personal data is processed in the Software.
Planacy is a sub-processor towards its partners
When the Software is provided through our Partners the Partner is a Data Processor in relation to the Customer. The Data Processor may only process personal data in accordance with the Personal Data Processor Agreement and other instructions given by the Customer. The Data Processor is also obliged to take such security measures which Customer is obliged to take according to legislations.
When providing our service through and on behalf of our partners, we are processing personal data as a sub-processor of our partners in order to provide our service, data storage and second line support and on such occasions as Sub-Processor to the Data Processor and Controller is obliged to follow the instructions and agreements stated in the Personal Data Processor Agreement between the partner and the customer. The processing hereof shall be governed by a data processing agreement between us and our partner, with the same level of obligations regarding data protection as of such agreement between our partner and its customer. The partner and the customer are responsible for that a Data Sub-Processor Agreement are being entered into between partner and Planacy when there is a need for such Sub-Processor Agreement.
As data controllers, the customers of our partners have the legal obligation of informing the data subjects about the purposes and legal basis for the processing of their personal data, and how they can exercise their rights, if this type of personal data is processed in the Software.
Planacy is also a data controller towards its partners and customers