Policies and Procedures
You can find Planday's specific policies below
Here, you can find more information about Planday’s policies and procedures as they relate to GDPR.
General Data Protection Regulation (GDPR) is a standardised regulatory framework that gives individuals the right:
- To be Informed
- To Rectification
- To Restrict Processing
- To Object
- To Erasure (“to be forgotten”)
- Of Data Portability
- Of Access
- To understand automated decision making and profiling
GDPR also ensures that personal information is obtained, handled and disposed of properly.
GDPR ensures that personal information shall be:
- processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)
As a data controller and data processor, Planday is fully committed to comply to GDPR principles. Planday have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with data protection laws and regulations.
All of our policies are explained in this part of the website.
How do I file a complaint about Planday’s subject access request policy or process?
Please refer to our Complaints process
Planday’s voluntary registration with supervisory authorities
Planday is registered with these supervisory authorities:
- UK-based Information Commissioner’s Office and our registration number is ZA259339
- Denmark-based Datatilsynets, and our registration number is 35107207
Planday is also a certified holder of CyberEssentials, a UK Government-backed cyber protection scheme.
Details about Planday’s Data Protection Officer
Planday has currently appointed its Chief Technology Officer (CTO) to fulfil the role and responsibilities of our Data Protection Officer (DPO).
Name: Peter Marshall
Position: Chief Technology Officer
Address: Planday A/S, registered address in Copenhagen
Email: email@example.com, for the attention of Planday’s DPO
Planday’s complaint handling policy and procedure has been created to address any complaints from admins or end users of Planday accounts, and complies with Data Privacy regulations.
Planday is committed to delivering a fair, open and clear process for complaints and ensure a satisfactory outcome for all admins and end users of Planday portals who raise a complaint.
We provide thorough staff training in our complaint handling procedures and support our staff in how to handle complaint situations in a face-to-face, written, or via phone.
Planday considers and responds to all complaints and issues, no matter how they are raised or what they refer to. Some issues and complaints our Support Team can resolve immediately, but some issues have to be escalated to our Management Team. Any data processing related complaints, data protection infringes or data breaches are immediately escalated to our Data Protection Officer.
How do I file a complaint?
If you have a complaint about Planday’s product or service, please email us at firstname.lastname@example.org.
If the complaint is related to data processing, data protection infringes, or data breaches, please address the email to Planday’s DPO (Pete Marshall), and clearly state that your complaint is about data.
After you go through this process, we will create a customer support case, and will send through an acknowledgement of your complaint, as well as a timeline within which it will be addressed.
Planday will then internally investigate the issue, and work with you to resolve it.
If you are unhappy with our process or the outcome of the investigation related to data processing, data protection infringes or data breaches, then you can contact the relevant supervisory authority:
- UK-based Information Commissioner’s Office via their Contact Us page
- Denmark-based Datatilsynets via their Contact Us page
Your right to file a complaint against Planday with supervisory authorities
You have the right to file a complaint with the supervisory authority if you think we have infringed on your rights as covered by the General Data Protection Regulation (GDPR), or where Planday has breached data protection law.
The supervisory authority with which the complaint has been lodged, is responsible for informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.
Planday sends the following notifications and communications:
- Product and service notifications, (e.g. notifications about product updates and new features, product webinars)
- Incident and data breach notifications
- Marketing communications (e.g. notifications about events, news about the industry, blogs and newsletters)
How can I manage my preferences for product and service notifications from Planday?
Product and service notifications are communications from Planday’s Product Team. These are sent to admins of Planday accounts via email and push notifications in the Planday product, in order to alert admins of any changes to features, functionality, or service that may impact their use of Planday.
At least one admin of a Planday account is required to receive all product and service notifications. If an admin would like to opt out from receiving these notifications, we encourage them to ensure there is another admin on their Planday account who will receive them and address any actions required on behalf of their company.
We highly recommend that admins do not unsubscribe from receiving these notifications.
Restricted admin users and end users without admin permissions cannot opt in to product and service notifications.
How do I manage my preferences for incident and data breach notifications?
Planday reports on all types of incidents on the Planday Status page. Examples of incidents reported are: if a feature is temporarily unavailable or there are performance issues in some parts of the product,.
These types of security notices are not sent out to admins and end-users automatically; you need to opt in to receive these notices.
We highly recommend that admins and end users subscribe to receive these security notifications. You can do so by opting in on the Status page, by clicking the Subscribe to updates button.
Please note that these preferences will be stored for your contact record and will not save your preferences for other users of your Planday account.
Where can I manage my preferences for marketing communications from Planday?
You may submit your email address to opt-out of marketing communications from Planday by emailing email@example.com
As an admin, can I assign preferences for other admins of my Planday account?
Admins only have control of their own individual settings. Preference updates for other admins are managed individually.
As an admin, can I assign preferences for other end users of my Planday account?
No, preference updates related to notifications and communications to end-users are managed individually.
You can request a copy of the data that Planday holds about you.
If you want to request your data verbally, please phone our Support line, and we will then open a case. The Support Team will then ask for you to complete the Subject Access request form.
We have the right to establish your identity when making a request, and may ask for additional proof of identification.
Under GDPR, an individual has the right to be informed about:
- What data are we collecting
- Why we are processing individual’s personal data
- Our legal basis for processing
- Our retention periods
- Our complaints process
- Who it will be shared with, transfers, storage etc.
You also have the right to be informed if we sourced your data from third parties.
We are transparent about the data we collect, and more detailed information can be accessed in the Planday product via the Help section.
This policy explains how you can exercise the Right to be Informed.
What is Planday’s legal basis for processing?
Planday processes data based on the legal basis of: performance of contract, consent, compliance, and legitimate interest.
What are Planday’s retention periods?
Please contact support@planday for details on our data retention periods.
I use a Planday account, how do I request to be informed?
To get more details, please contact firstname.lastname@example.org and clearly state that you are seeking more details on data processing.
How do I file a complaint about Planday’s Right to be Informed policy or process?
Please refer to our Complaints process
Under GDPR, an individual has the right to request a restriction of processing under certain circumstances:
- you contest the accuracy of your personal data processed by Planday, and you are verifying the accuracy of the data;
- the data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
- Planday does not need the personal data any longer but you need us to keep it in order to establish, exercise or defend a legal claim; or
- you have objected to Planday’s processing of your data , as per your right to object to processing.
Please note that this right is not absolute, and Planday will investigate your request and respond accordingly.
I use a Planday account, how do I request to restrict processing?
If any of the following apply to you, please contact email@example.com with details about your request:
- If you contest the accuracy of your personal data and want to rectify it
- If you think your data has been unlawfully processed
- If you need us to keep your data
If you are objecting to us processing your data, specifically for marketing communication, please contact firstname.lastname@example.org as well.
When will Planday process my request?
Planday has one month to reply to your request.
How do I file a complaint about Planday’s Right to Restrict Processing policy or process?
Please refer to our Complaints process
When you consent to process your personal data for marketing purposes, we process your personal data for the following:
- Sharing product releases and new features
- Sending tips on how to improve your business, and how you can get involved in the Planday community to hear more from other customers
- Sending tips on how to use the product more effectively
- Sharing market research and inviting you to participate in market research, including seeing new features we are working on
- Sharing details of Planday’s Ambassador’s programme and how you can get involved
- Being invited to our webinars and events
You have the right to object to marketing from Planday.
This removes your consent to receive any type of marketing information from Planday, and you will need to actively opt in again.
How do I remove consent for marketing?
To remove your consent for marketing, please contact email@example.com
When you sign up for a trial or download any marketing content from our website, you also have the option to opt into marketing from Planday.
What about other types of communications and notifications? How do I manage my preferences for these?
Please see our policy here about how to manage your preferences.
When will Planday process my request?
Planday will process your request within one working day.
How do I file a complaint about Planday’s Right to Object policy or process?
Please refer to our Complaints process
Under GDPR, an individual has the right to rectify any personal data that Planday holds by:
- correcting inaccurate data
- completing incomplete data
This policy explains how you can exercise this right.
I use a Planday account, how do I request data to be rectified?
You can request that personal data be rectified verbally or in writing. If your request is made verbally, our Support Team will ask you to confirm this in writing.
Any requests should be sent to firstname.lastname@example.org, with details of what data needs to be corrected.
The Support Team will ask you to verify your identification, and confirm any changes in writing.
When will Planday correct my data?
Planday has one month to correct any personal data.
Can I update my own data in my account?
Yes. If you are an employee, good practice is to let your admin know that data has been updated.
Data updated by yourself or by your admin, on your behalf, is controlled and processed by you and your admin, and Planday has no responsibility for this.
How do I file a complaint about Planday’s right to rectification policy or process?
Please refer to our Complaints process.
Under GDPR, data that Planday has on you will be made available if you request it.
If you are an employee, you should ask your employer for the data first. Then, you can email email@example.com, and we’ll be happy to assist you. If you’re an admin of your Planday account, please contact firstname.lastname@example.org.
If you have a complaint about how Planday handles data portability, please refer to our Complaints process.
Under GDPR, an individual has the right to request that any personal data is deleted.
This right is not absolute, which means that we need to investigate your request, review our data retention schedule, work with your account’s admin, then determine whether this is request can be complied with.
If we cannot fulfil this request, we will explain why.
How do I request for my data to be deleted?
As an individual, you can request that your data is deleted.
You need to speak to the admin of your Planday account first to fulfil this right.
You can also contact us at email@example.com and we will help out by working with the admin of your account.
How long does it take to process this request?
Planday will work with the admin of your account to review this request.
You will receive a response within one month (calendar days) of receipt of request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.
How do I file a complaint about Planday’s Right of Erasure policy or process?
Please refer to our Complaints process.
If you have any questions about this, please contact us as firstname.lastname@example.org.
If you have a complaint about our policy, please refer to our Complaints process
Who we are
We are Planday A/S. Our head office is in Denmark at Njalsgade 19D, 7th Floor, DK-2300 Copenhagen S. VAT number DK-27666248. We also have subsidiary companies in the UK (Planday Limited), Norway (Planday Norway AS), Germany (Planday GmbH) and the US (Planday Inc.)
Email Recruitment at Planday: email@example.com
Telephone customer service: (+45) 35 107 207
Data Protection Officer (DPO): Our CFO fulfils this role and can be contacted as above. Please
address any questions for the attention of our DPO.
Statement of Data Notice, and Acceptance of the Data Notice
Planday is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience.
This is our Applicant Data Notice (the “Data Notice”) and it applies when you apply to any job opening we advertise.
This Data Notice governs the collection, usage, and disclosure by us of your “personal data”, namely any information which personally identifies you e.g. your e-mail address, name, home address, work address or telephone number etc.) as well as your rights in respect of your personal information.
Planday is the data controller of your personal information submitted for any job application and is responsible for how your personal information is processed.
It is important that you read the following carefully to understand our views and practices regarding your personal data and how we will treat it. If you do not agree to have your personal data processed by us in this way, you should not proceed with your application.
This Data Notice does not form part of your application or any future contract of employment and may be updated by us at any time.
What personal data does Planday collect?
We collect and process information about job applicants before, during and after their application to Planday, including time spent on the Careers section of Planday’s website (the “Careers website”) or any applications to Planday from other sites. Planday processes the following types of personal data:
- Personal details: title, name, email, phone numbers, physical address, gender, date of birth, nationality;
- Documentation required under immigration laws: citizenship and passport data, details of residency or work permit;
- Talent acquisition data: details in application/cover letter and resume/CV (previous employment background, education history, professional qualifications and memberships, language and other relevant skills, certification, certification expiration dates), assessment results, personality profiling results, information necessary to complete a background check, information relating to references such as referees’ names and contact details;
- Compensation and payroll: current salary, desired salary, benefits bonus awards, pay level, contractual benefits, currency, pay frequency, effective date of current compensation, banking details;
- Any other information you provide to us
- Sensitive Information: e.g. health/medical information, equal opportunities information, and criminal convictions data.
Throughout the application process, you should not submit sensitive personal information (“Sensitive Information”), unless such information is legally required and/or Planday requests you to submit such information. Sensitive Information includes information relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data and data related to sexual orientation.
Any information you submit through the careers website must be true, accurate, complete, and not misleading. It is your responsibility to ensure that the information you submit does not violate any third party’s rights
In the event that you submit personal referee information, it is your responsibility to obtain from any referees their prior consent that Planday may contact them.
From where does Planday collect personal data about job applicants?
Planday may collect personal data from the following sources:
- Job applicants: in person, online, by telephone, or in written correspondence and forms
- Third-party websites: Planday’s careers website, any personality or workplace profiling assessments
- Previous employers and other referees: in the form of employment references
- Background and credit check vendors: as part of the recruitment process; and
- Employment agencies and recruiters
What will Planday do with my Personal Data?
Planday uses your personal data for its workforce management, applicant communications, and compliance processes.
Planday limits the personal data collected and processed for the following purposes:
- processing your application
- assessing your application
- conducting reference checks
- conducting background checks on offer of a position, including credit-checks, anti-fraud tests and any other tests as required for the position applied for
- communicating with you regarding your application
- where it is necessary to comply with a legal obligation on us; and
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests
Planday may also process your personal data in the following situations:
- where it is necessary to protect your (or someone else’s) vital interests;
- where it is necessary for us to defend, prosecute or make a claim against you, us or a third party; and
- in the case of Sensitive Information, where you have made the information public.
In particular, we may use any of your Sensitive Information, such as health/medical information, in order to accommodate a disability or illness, your diversity-related EU Personal Information (such as race or ethnicity) in order to comply with legal obligations relating to diversity and anti-discrimination, and your criminal conviction data only where it is appropriate (given your role) and we are legally able to do so.
Planday will only use your personal data for these purposes, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
As an applicant, if you do not provide personal data when requested, Planday may not be able to review your application, or we may be prevented from complying with our legal obligations.
Does Planday disclose my personal data to third parties?
Planday may share personal data with the following unaffiliated third parties:
- Service Providers: Third parties that provide products and services to Planday in connection with its recruitment processes such as human resources services, IT systems suppliers and support and background check providers, recruiters and headhunters, and hosting service providers; and
- Public and Governmental Authorities: Entities that regulate or have jurisdiction over Planday, such as regulatory authorities, public bodies, and judicial bodies, including to meet national security or law enforcement requirements.
How does Planday protect my personal data?
As you would expect, Planday takes security of personal data very seriously. Our risk management and security controls comply with applicable data privacy regulations. Details can be found in the legal section of Planday’s website.
Access to your personal data will be limited to those who have a need to know the information for the purposes described above, and may include personnel in Recruitment, HR, IT, Compliance, Finance and Accounting.
Where does Planday transfer, store and/or process my personal data?
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers.
We will only transfer, store or process your data with such third-party suppliers who have agreed to comply with the required data security standards, policies and procedures and have put adequate security measures in place.
All information you provide to us is stored on secure servers within a private network and is encrypted when in transit between those servers and any third-party supplier.
For how long is my data retained?
Planday’s retention periods for personal data are based on regulatory periods, business and legal requirements. We retain personal applicant data for two years, as long as is necessary for the processing purpose(s) for which the information was collected, as set out in this Data Notice, and any other permissible, related purposes.
Are there any automated decisions in Planday’s recruitment process?
Planday does not generally use automated decision making in the recruitment process, and accordingly, does not envisage that you will be subject to decisions that will have a significant impact on you based solely on automated decision making. Planday will notify you in writing if the position you are applying for involves profiling or other automated decision making.
What are my rights?
You have the right, in certain circumstances, to:
- object to the processing of your personal data
- access your personal data
- correct inaccurate personal data
- have your personal data deleted, subject to any regulatory retention periods
- restrict the processing of your personal data
- receive the personal data you have provided to Planday in a structured, commonly used and machine-readable format for onward transmission
- object to automated decision-making
If you wish to exercise any of these rights, please contact firstname.lastname@example.org.
Please note that certain EU Personal Information may be exempt from such access, correction, erasure, restriction and portability requests in accordance with applicable data protection laws or other laws and regulations.
You also can file a complaint with your local data protection supervisory authority. Our complaints process and policy, and all data supervisory authority details can be found in this section on our website.
What are my obligations?
You should keep your EU Personal Information up to date and inform us of any significant changes to your EU Personal Information.
Changes to our Data Notice
Any changes we make to our Applicant Data Notice will be updated on our website.
Questions or Complaints
Please contact email@example.com for any issues regarding this Data Notice.