Policies and Procedures

Here, you can find more information about Planday’s policies and procedures as they relate to GDPR. 

General Data Protection Regulation (GDPR) is a standardised regulatory framework that gives individuals the right:

• To be Informed
• To Rectification
• To Restrict Processing
• To Object
• To Erasure (“to be forgotten”)
• Of Data Portability
• Of Access
• To understand automated decision making and profiling

GDPR also ensures that personal information is obtained, handled and disposed of properly.

GDPR ensures that personal information shall be:

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

As a data controller and data processor, Planday is fully committed to comply to GDPR principles. Planday have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with data protection laws and regulations.

All of our policies are explained in this part of the website.

How do I file a complaint about Planday’s subject access request policy or process?

Please refer to our Complaints process

Planday’s voluntary registration with supervisory authorities

Planday is registered with these supervisory authorities:

1. UK-based Information Commissioner’s Office and our registration number is ZA259339
2. Denmark-based Datatilsynets, and our registration number is 35107207

Planday is also a certified holder of CyberEssentials, a UK Government-backed cyber protection scheme.

Details about Planday’s Data Protection Officer

Planday has currently appointed its Chief Technology Officer (CTO) to fulfil the role and responsibilities of our Data Protection Officer (DPO).

Name: Stephen Lucas 

Position: Chief Financial Officer

Address: Planday A/S, registered address in Copenhagen

Email: support@planday.com, for the attention of Planday’s DPO

Planday’s complaint handling policy and procedure has been created to address any complaints from admins or end users of Planday accounts, and complies with Data Privacy regulations.

Planday is committed to delivering a fair, open and clear process for complaints and ensure a satisfactory outcome for all admins and end users of Planday portals who raise a complaint.

We provide thorough staff training in our complaint handling procedures and support our staff in how to handle complaint situations in a face-to-face, written, or via phone.  

Planday considers and responds to all complaints and issues, no matter how they are raised or what they refer to. Some issues and complaints our Support Team can resolve immediately, but some issues have to be escalated to our Management Team. Any data processing related complaints, data protection infringes or data breaches are immediately escalated to our Data Protection Officer.

How do I file a complaint?

If you have a complaint about Planday’s product or service, please email us at support@planday.com.

If the complaint is related to data processing, data protection infringes, or data breaches, please address the email to Planday’s DPO, and clearly state that your complaint is about data.

After you go through this process, we will create a customer support case, and will send through an acknowledgement of your complaint, as well as a timeline within which it will be addressed.

Planday will then internally investigate the issue, and work with you to resolve it.

If you are unhappy with our process or the outcome of the investigation related to data processing, data protection infringes or data breaches, then you can contact the relevant supervisory authority:

1. UK-based Information Commissioner’s Office via their Contact Us page 
2. Denmark-based Datatilsynets via their Contact Us page 

Your right to file a complaint against Planday with supervisory authorities

You have the right to file a complaint with the supervisory authority if you think we have infringed on your rights as covered by the General Data Protection Regulation (GDPR), or where Planday has breached data protection law.

The supervisory authority with which the complaint has been lodged, is responsible for informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.

Planday sends the following notifications and communications:

• Product and service notifications, (e.g. notifications about product updates and new features, product webinars)
• Incident and data breach notifications
• Marketing communications (e.g. notifications about events, news about the industry, blogs and newsletters)

How can I manage my preferences for product and service notifications from Planday?

Product and service notifications are communications from Planday’s Product Team. These are sent to admins of Planday accounts via email and push notifications in the Planday product, in order to alert admins of any changes to features, functionality, or service that may impact their use of Planday.

At least one admin of a Planday account is required to receive all product and service notifications. If an admin would like to opt out from receiving these notifications, we encourage them to ensure there is another admin on their Planday account who will receive them and address any actions required on behalf of their company.

We highly recommend that admins do not unsubscribe from receiving these notifications.

Restricted admin users and end users without admin permissions cannot opt in to product and service notifications.

How do I manage my preferences for incident and data breach notifications?

Planday reports on all types of incidents on the Planday Status page. Examples of incidents reported are: if a feature is temporarily unavailable or there are performance issues in some parts of the product,.

These types of security notices are not sent out to admins and end-users automatically; you need to opt in to receive these notices.

We highly recommend that admins and end users subscribe to receive these security notifications. You can do so by opting in on the Status page, by clicking the Subscribe to updates button.

Please note that these preferences will be stored for your contact record and will not save your preferences for other users of your Planday account.

Where can I manage my preferences for marketing communications from Planday?

You may submit your email address to opt-out of marketing communications from Planday by emailing support@planday.com

As an admin, can I assign preferences for other admins of my Planday account?

Admins only have control of their own individual settings. Preference updates for other admins are managed individually.

As an admin, can I assign preferences for other end users of my Planday account?

No, preference updates related to notifications and communications to end-users are managed individually.

You can request a copy of the data that Planday holds about you.

Please complete a Data Request webform. This form will be electronically sent to our Support Desk at support@planday.com.

If you want to request your data verbally, please phone our Support line, and we will then open a case. The Support Team will then ask for you to complete the Subject Access request form.

We have the right to establish your identity when making a request, and may ask for additional proof of identification.

Planday collects and processes personal data, as described in Planday’s privacy policy.

Under GDPR, an individual has the right to be informed about:

• What data are we collecting
• Why we are processing individual’s personal data
• Our legal basis for processing
• Our retention periods
• Our complaints process
• Who it will be shared with, transfers, storage etc.

You also have the right to be informed if we sourced your data from third parties.

Planday has ensured that whenever we collect personal data from you, you are made aware of our Privacy Policy and any other related terms. We also ensure that you consent to processing of your personal data.

We are transparent about the data we collect, and more detailed information can be accessed in the Planday product via the Help section.

This policy explains how you can exercise the Right to be Informed.

What is Planday’s legal basis for processing?

Planday processes data based on the legal basis of: performance of contract, consent, compliance, and legitimate interest.

What are Planday’s retention periods?

Please contact support@planday for details on our data retention periods.

I use a Planday account, how do I request to be informed?

As an individual, you can request more information about your data, as described in the policy overview. You can also consult our Privacy Policy for more details, as well as this section of our website.

To get more details, please contact support@planday.com and clearly state that you are seeking more details on data processing.

How do I file a complaint about Planday’s Right to be Informed policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to request a restriction of processing under certain circumstances:

• you contest the accuracy of your personal data processed by Planday, and you are verifying the accuracy of the data;
• the data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
• Planday does not need the personal data any longer but you need us to keep it in order to establish, exercise or defend a legal claim; or
• you have objected to Planday’s processing of your data , as per your right to object to processing.

Please note that this right is not absolute, and Planday will investigate your request and respond accordingly.

I use a Planday account, how do I request to restrict processing?

If any of the following apply to you, please contact support@planday.com with details about your request:

• If you contest the accuracy of your personal data and want to rectify it
• If you think your data has been unlawfully processed
• If you need us to keep your data

If you are objecting to us processing your data, specifically for marketing communication, please contact support@planday.com as well.

When will Planday process my request?

Planday has one month to reply to your request.

How do I file a complaint about Planday’s Right to Restrict Processing policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

When you consent to process your personal data for marketing purposes, we process your personal data for the following:

• Sharing product releases and new features
• Sending tips on how to improve your business, and how you can get involved in the Planday community to hear more from other customers
• Sending tips on how to use the product more effectively
• Sharing market research and inviting you to participate in market research, including seeing new features we are working on
• Sharing details of Planday’s Ambassador’s programme and how you can get involved
• Being invited to our webinars and events

You have the right to object to marketing from Planday.

This removes your consent to receive any type of marketing information from Planday, and you will need to actively opt in again.

How do I remove consent for marketing?

To remove your consent for marketing, please contact support@planday.com

When you sign up for a trial or download any marketing content from our website, you also have the option to opt into marketing from Planday.

What about other types of communications and notifications? How do I manage my preferences for these?

Please see our policy here about how to manage your preferences.

When will Planday process my request?

Planday will process your request within one working day.

How do I file a complaint about Planday’s Right to Object policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to rectify any personal data that Planday holds by:

• correcting inaccurate data
• completing incomplete data

This policy explains how you can exercise this right.

I use a Planday account, how do I request data to be rectified?

You can request that personal data be rectified verbally or in writing. If your request is made verbally, our Support Team will ask you to confirm this in writing.

Any requests should be sent to support@planday.com, with details of what data needs to be corrected.

The Support Team will ask you to verify your identification, and confirm any changes in writing.

When will Planday correct my data?

Planday has one month to correct any personal data.

Can I update my own data in my account?

Yes. If you are an employee, good practice is to let your admin know that data has been updated.

Data updated by yourself or by your admin, on your behalf, is controlled and processed by you and your admin, and Planday has no responsibility for this.

How do I file a complaint about Planday’s right to rectification policy or process?

Please refer to our Complaints process.

Under GDPR, data that Planday has on you will be made available if you request it.

If you are an employee, you should ask your employer for the data first. Then, you can email support@planday.com, and we’ll be happy to assist you. If you’re an admin of your Planday account, please contact support@planday.com.

If you have a complaint about how Planday handles data portability, please refer to our Complaints process.

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to request that any personal data is deleted.

This right is not absolute, which means that we need to investigate your request, review our data retention schedule, work with your account’s admin, then determine whether this is request can be complied with.

If we cannot fulfil this request, we will explain why.

How do I request for my data to be deleted?

As an individual, you can request that your data is deleted.

You need to speak to the admin of your Planday account first to fulfil this right.

You can also contact us at support@planday.com and we will help out by working with the admin of your account.

How long does it take to process this request?

Planday will work with the admin of your account to review this request.

You will receive a response within one month (calendar days) of receipt of request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.

How do I file a complaint about Planday’s Right of Erasure policy or process?

Please refer to our Complaints process.

Planday collects and processes personal data, as described in Planday’s Privacy Policy. We do not use personal data to automatically profile admins or end-users.

If you have any questions about this, please contact us as support@planday.com.

If you have a complaint about our policy, please refer to our Complaints process

Purpose

This is the Data Privacy Notice (“Data Notice”) that applies to all job applicants for any of the
Planday group of companies. All applicants should read and ensure they understand this
Notice. This Notice is publicly available on Planday’s website.

Who we are

Planday and its subsidiaries (“Company” or “We” or “Our” or “Us”) operate in many different
countries. Our head office is in Denmark at Kuglegårdsvej 7-9-11, building 181, 1434
København, Denmark VAT number DK-27666248. We also have subsidiary companies in the
UK (Planday Limited), Norway (Planday Norway AS), Germany (Planday GmbH) and the US
(Planday Inc.)

You can contact Planday Recruitment by emailing peopleandculture @planday.com.

Data Protection Officer (DPO): Our DPO can be contacted via emailing support @planday.com. Please address any questions for the attention of Our DPO.

Statement of Data Notice, and Acceptance of the Data Notice

Planday is committed to protecting your privacy and developing technology that gives you the
most powerful and safe online experience.

This is Our Applicant Data Notice (the “Data Notice”) and it applies when you apply to any job
opening We advertise.

For the purpose of the General Data Protection Regulation (“GDPR”), Planday is the data
controller of your personal data submitted for any job application and is responsible for how your
personal data is processed.

We use Workable, an online application provided by Workable Software Limited, to facilitate Our
recruitment processes. We use Workable to process personal data as a data processor on Our
behalf. Workable is only entitled to process your personal data in accordance with Our
instructions or instructions and permission you may give as an applicant, which you may revoke
at any time.

When you apply for a job opening posted by Us, these Privacy Notice provisions will apply to
Our processing of your personal data in addition to Our other Privacy Notice which has been
provided to you separately or is available on Our Website.

When you apply for a job opening via the application function on a job site or similar online
service provider (“Partner”), you should note that the relevant Partner may retain your personal
data and may also collect data from Us in respect of the progress of your application. Any use
by the Partner of your personal data will be in accordance with the Partner’s Privacy Notice.

This Data Notice governs the collection, usage, and disclosure by Us of your “personal data”,
namely any information which personally identifies you, for example your e-mail address, name,
home address, work address or telephone number etc.) as well as your rights in respect of your
personal data.

It is important that you read the following carefully to understand Our views and practices
regarding your personal data and how We will treat it. If you do not agree to have your personal
data processed by Us in this way, you should not proceed with your application.

This Data Notice does not form part of your application or any future contract of employment
and may be updated by Us at any time.

What personal data does Planday collect?

We collect and process information about job applicants before, during and after their application to Planday, including time spent on the Careers section of Planday’s website (the “Careers website”) or any applications to Planday from other sites. Planday processes the following types of personal data:

• Personal details: title, name, email, phone numbers, physical address, gender, date of
  birth, nationality;
• Documentation required under immigration laws: citizenship and passport data, details
  of residency or work permit;
• Talent acquisition data: details in application/cover letter and resume/CV (previous
  employment background, education history, professional qualifications and
  memberships, language and other relevant skills, certification, certification expiration
  dates), assessment results, personality profiling results, information necessary to
  complete a background check, information relating to references such as referees’
  names and contact details;
• Compensation and payroll: current salary, desired salary, benefits bonus awards, pay
  level, contractual benefits, currency, pay frequency, effective date of current
  compensation, banking details;
• Any other information you provide to Us
• Sensitive Information (where requested by Us): e.g. health/medical information, equal
  opportunities information, and criminal convictions data
• If you contact Us, We may keep a record of that correspondence.
• A record of your progress through any hiring process that We may conduct.
• Details of your visits to Workable’s website including, but not limited to, traffic data,
  location data, weblogs and other communication data, the site that referred you to
  Workable’s website and the resources that you access.

Throughout the application process, you should not submit sensitive personal data (“Sensitive
Information”), unless such information is legally required and/or Planday specifically requests
you to submit such information. Sensitive Information includes information relating to racial or
ethnic origin, political opinions, religious or philosophical beliefs, trade union membership,
genetic or biometric data, health data and data related to sexual orientation.

Any information you submit through the careers website must be true, accurate, complete, and
not misleading. It is your responsibility to ensure that the information you submit does not violate
any third party’s rights.

In the event that you submit personal referee information, it is your responsibility to obtain from
any referees their prior consent that Planday may contact them.

From where does Planday collect personal data about job applicants?

Planday may collect personal data from the following sources:

• Job applicants: in person, online, by telephone, or in written correspondence and forms
• Third-party websites: LinkedIn and other CV databases such as Indeed, Glassdoor etc.;
  Planday’s careers website; any personality or workplace profiling assessments
• Previous employers and other referees: in the form of employment references
• Background and credit check vendors: as part of the recruitment process; and
• Employment agencies and recruiters

What will Planday do with my Personal Data?

Planday will only use your personal data for the following purposes, unless We reasonably
consider that We need to use it for another reason and that reason is compatible with the
original purpose.

Planday uses your personal data for its workforce management, applicant communications, and
compliance processes.

Planday limits the personal data collected and processed for the following purposes, namely to:

• process and assess your application for a role for which you have applied
• consider your application in respect of other roles.
• conduct reference checks
• communicate with you on your application
• conduct background checks, including credit-checks, anti-fraud tests and any other tests
  as required for the position applied for
• where it is necessary to comply with a legal obligation on Us; and
• where it is necessary for Our legitimate interests (or those of a third party) and your
  interests and fundamental rights do not override those interests
• enhance any information that We receive from you with information obtained from third
  party data providers.
• find appropriate candidates to fill Our job openings.
• help Our service providers (such as Workable and its processors and data providers)
  and Partners (such as the job sites through which you may have applied) improve their
  services.

Planday may also process your personal data in the following rare situations:

• where it is necessary to protect your (or someone else’s) vital interests;
• where it is necessary for Us to defend, prosecute or make a claim against you, Us or a
  third party; and
• in the case of Sensitive Information, where you have made the information public.

In particular, We may use any of your submitted Sensitive Information to comply with legal
obligations relating to diversity and anti-discrimination, and your criminal conviction data only
where it is appropriate (given your role) and We are legally able to do so.

As an applicant, if you do not provide personal data when requested, Planday may not be able
to review your application, or We may be prevented from complying with Our legal obligations.
Permission to process your personal data may be revoked by you, as the applicant, at any time.

Lawful basis for processing

We rely on legitimate interest as the lawful basis on which We collect and use your personal
data. Our legitimate interests are the recruitment of staff for Our business.

Where you apply for a job opening through the Apply functionality provided by any external
advertisers, including LinkedIn, Indeed, Facebook, etc. We rely on your consent, which is freely
given by you during the application process, to disclose your personal data to the provider(s) on
the basis described below.

Does Planday disclose my personal data to third parties?

Planday may share personal data with the following unaffiliated third parties:

• Service Providers:Third parties that provide products and services to Planday in
  connection with its recruitment processes such as human resources services, IT
  systems suppliers and support and background check providers, recruiters and
  headhunters, and hosting service providers; recruitment advertising service providers
  (job boards and portals) and
• Public and Governmental Authorities:Entities that regulate or have jurisdiction over
  Planday, such as regulatory authorities, public bodies, and judicial bodies, including to
  meet national security or law enforcement requirements.

How does Planday protect my personal data?

Planday takes security of personal data very seriously. Our risk management and security
controls comply with applicable data privacy regulations. Details can be found in the legal
section of Planday’s website.

We take appropriate measures to ensure that all personal data is kept secure including security
measures to prevent personal data from being accidentally lost, or used or accessed in an
unauthorised way. We limit access to your personal data to those who have a genuine business
need to know for the purposes described above, and may include personnel in Recruitment,
HR, IT, Compliance, Finance and Accounting, as well as relevant staff of departments hiring
new personnel. Those processing your information will do so only in an authorised manner and
are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will
notify you and any applicable regulator of a suspected data security breach where We are
legally required to do so.

Unfortunately, the transmission of information via the internet is not completely secure. Although
We will do Our best to protect your personal data, We cannot guarantee the security of your
personal data transmitted through any online means.

Where does Planday transfer, store and/or process my personal data?

The data that We collect from you may be transferred to, and stored at, a destination outside the
European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA
who work for Us or for one of Our suppliers. The third-party suppliers may be engaged in,
among other things, any recruitment processes or third-party checks.

We will only transfer, store or process your data with such third-party suppliers who have
agreed to comply with and have put adequate security measures in place. By ticking the “I
agree” button when submitting your application, you consent to this transfer, storing or
processing of your personal data with Our sister companies and business partners located
outside of the EEA.

These transfers are subject to special rules under European and UK data protection law
because non-EEA countries don’t necessarily have the same data protection laws. Where We
need to make an international transfer of information, We will use the required standard data
protection contract clauses which have been approved by the European Commission. These
are designed to re-create protections equivalent to those We enjoy in the EEA. If you’d like a
copy of these clauses, please email support@planday.com.We also require of Our partners appropriate and adequate security standards, policies and procedures.

For how long is my data retained?

Planday’s retention periods for personal data are based on regulatory periods, business and legal requirements.

We retain personal applicant data for the shorter of: 6 months, as long as is necessary for the
processing purpose(s) for which the information was collected, as set out in this Data Notice,
and any other permissible, related purposes or one of the following occurrences which will result
in your data being deleted:

• the retention period has passed without an update of your consent;
• deletion of your personal data by you or
• receipt of a written request by you to Us.

Are there any automated decisions in Planday’s recruitment process?

Planday does not use automated decision making in the recruitment process. We may use
Workable’s technology to recommend appropriate candidates for Us to consider from publicly
available platforms like Linkledin, based on criteria and keywords expressly identified by Us, or
typical in relation to the role for which you have applied. The process of finding suitable
candidates may be automated in this way, however, any decision as to who We will engage to
fill the job opening will be made by Our staff.

What are my rights?

You have the right, in certain circumstances, to:

• object to the processing of your personal data
• access your personal data
• correct inaccurate personal data
• have your personal data deleted, subject to any regulatory retention periods
• restrict the processing of your personal data
• receive the personal data you have provided to Planday in a structured, commonly used
  and machine-readable format for onward transmission
• object to automated decision-making

If you wish to exercise any of these rights, please contact peopleandculture@planday.com.

What are my obligations?

You should keep your personal data up to date and inform Us of any significant changes to your
personal data.

Changes to our Data Notice

Any changes we make to our Applicant Data Notice will be updated on our website.

Questions or Complaints

In the event that you wish to make a complaint about how We process your personal data,
please contact Us in the first instance at support@planday.com and We will try to resolve your
query as soon as possible. If you consider that Our processing of your personal data infringes
data protection laws, you have a legal right to complain to your national supervisory authority.

Our UK ICO registration no. is ZA259339. Our Datatilsynets registration no. is 35107207.

You can also contact peopleandculture@planday.com for any issues regarding this Applicant
Data Notice.

We last reviewed this Applicant Privacy Notice in October 2020.