Policies and Procedures

Here, you can find more information about Planday’s policies and procedures as they relate to GDPR. 

General Data Protection Regulation (GDPR) is a standardised regulatory framework that gives individuals the right:

• To be Informed
• To Rectification
• To Restrict Processing
• To Object
• To Erasure (“to be forgotten”)
• Of Data Portability
• Of Access
• To understand automated decision making and profiling

GDPR also ensures that personal information is obtained, handled and disposed of properly.

GDPR ensures that personal information shall be:

1. processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)
2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)
3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)
4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)
5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)
6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

As a data controller and data processor, Planday is fully committed to comply to GDPR principles. Planday have adequate and effective measures, controls and procedures in place, that protect and secure your personal information and guarantee that it is only ever obtained, processed and disclosed in accordance with data protection laws and regulations.

All of our policies are explained in this part of the website.

How do I file a complaint about Planday’s subject access request policy or process?

Please refer to our Complaints process

Planday’s voluntary registration with supervisory authorities

Planday is registered with these supervisory authorities:

1. UK-based Information Commissioner’s Office and our registration number is ZA259339
2. Denmark-based Datatilsynets, and our registration number is 35107207

Planday is also a certified holder of CyberEssentials, a UK Government-backed cyber protection scheme.

Details about Planday’s Data Protection Officer

Planday has currently appointed its Chief Technology Officer (CTO) to fulfil the role and responsibilities of our Data Protection Officer (DPO).

Name: Peter Marshall

Position: Chief Technology Officer

Address: Planday A/S, registered address in Copenhagen

Email: support@planday.com, for the attention of Planday’s DPO

Planday’s complaint handling policy and procedure has been created to address any complaints from admins or end users of Planday accounts, and complies with Data Privacy regulations.

Planday is committed to delivering a fair, open and clear process for complaints and ensure a satisfactory outcome for all admins and end users of Planday portals who raise a complaint.

We provide thorough staff training in our complaint handling procedures and support our staff in how to handle complaint situations in a face-to-face, written, or via phone.  

Planday considers and responds to all complaints and issues, no matter how they are raised or what they refer to. Some issues and complaints our Support Team can resolve immediately, but some issues have to be escalated to our Management Team. Any data processing related complaints, data protection infringes or data breaches are immediately escalated to our Data Protection Officer.

How do I file a complaint?

If you have a complaint about Planday’s product or service, please email us at support@planday.com.

If the complaint is related to data processing, data protection infringes, or data breaches, please address the email to Planday’s DPO (Pete Marshall), and clearly state that your complaint is about data.

After you go through this process, we will create a customer support case, and will send through an acknowledgement of your complaint, as well as a timeline within which it will be addressed.

Planday will then internally investigate the issue, and work with you to resolve it.

If you are unhappy with our process or the outcome of the investigation related to data processing, data protection infringes or data breaches, then you can contact the relevant supervisory authority:

1. UK-based Information Commissioner’s Office via their Contact Us page 
2. Denmark-based Datatilsynets via their Contact Us page 

Your right to file a complaint against Planday with supervisory authorities

You have the right to file a complaint with the supervisory authority if you think we have infringed on your rights as covered by the General Data Protection Regulation (GDPR), or where Planday has breached data protection law.

The supervisory authority with which the complaint has been lodged, is responsible for informing you on the progress and the outcome of the complaint, including the possibility of a judicial remedy where the supervisory authority does not handle a complaint or does not inform the data subject within three months on the progress or outcome of the complaint lodged.

Planday sends the following notifications and communications:

• Product and service notifications, (e.g. notifications about product updates and new features, product webinars)
• Incident and data breach notifications
• Marketing communications (e.g. notifications about events, news about the industry, blogs and newsletters)

Planday, GDPR and Article 21

Planday enables admins and end-users to manage notifications and communications.

Article 21 of the GDPR gives you the right to object to the processing of your personal data for notifications and communications. Planday is fully committed to ensuring this.

How can I manage my preferences for product and service notifications from Planday?

Product and service notifications are communications from Planday’s Product Team. These are sent to admins of Planday accounts via email and push notifications in the Planday product, in order to alert admins of any changes to features, functionality, or service that may impact their use of Planday.

At least one admin of a Planday account is required to receive all product and service notifications. If an admin would like to opt out from receiving these notifications, we encourage them to ensure there is another admin on their Planday account who will receive them and address any actions required on behalf of their company.

We highly recommend that admins do not unsubscribe from receiving these notifications.

Restricted admin users and end users without admin permissions cannot opt in to product and service notifications.

How do I manage my preferences for incident and data breach notifications?

Planday reports on all types of incidents on the Planday Status page. Examples of incidents reported are: if a feature is temporarily unavailable or there are performance issues in some parts of the product,.

These types of security notices are not sent out to admins and end-users automatically; you need to opt in to receive these notices.

We highly recommend that admins and end users subscribe to receive these security notifications. You can do so by opting in on the Status page, by clicking the Subscribe to updates button.

Please note that these preferences will be stored for your contact record and will not save your preferences for other users of your Planday account.

Where can I manage my preferences for marketing communications from Planday?

You may submit your email address to opt-out of marketing communications from Planday by emailing support@planday.com

As an admin, can I assign preferences for other admins of my Planday account?

Admins only have control of their own individual settings. Preference updates for other admins are managed individually.

As an admin, can I assign preferences for other end users of my Planday account?

No, preference updates related to notifications and communications to end-users are managed individually.

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, data that Planday holds on an individual is made available to the individual.

I use a Planday account, can I request data?

As an individual, you can request a copy of the data that Planday holds on you.

Planday highly recommends that you also contact the admin of your account and ask for a copy of your data.

To request data, please see the section “How do I make a subject access request?”

I am an admin of a Planday account, can I request data?

If you are an admin, and you want a full copy of data on the account, please contact support@planday.com.

You can request data on behalf of an employee, as a representative of the employee. This has to be clearly stated, and you must provide confirmation that you have the employee’s permission to request data.

To request data on behalf of an employee, please see the section “How do I make a subject access request?”

How current is the available data?

Any data requested is the data that Planday holds as at that point in time.

If an employee has requested that their data is deleted, and Planday has (after internal consultation and investigation) deleted this data, then that data may not be available.

If an admin has deleted data in the account, this data will also not be available to the employee.

How do I make a subject access request?

You can request a copy of the data that Planday holds about you.

Please complete our Subject Access request form. This form will be electronically sent to our Support Desk at support@planday.com.

If you want to request your data verbally, please phone our Support line, and we will then open a case. The Support Team will then ask for you to complete the Subject Access request form.

We have the right to establish your identity when making a request, and may ask for additional proof of identification.

When will I receive the data Planday has on me?

Planday will give you a copy of the data held on you at within one month (calendar days) of the request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.

How do I file a complaint about Planday’s subject access request policy or process?

Please refer to our Complaints Policy

Under the General Data Protection Regulation, you are entitled as a data subject to obtain a copy of the data that Planday holds on you.

We have the right to establish your identity when making a request, and may ask for additional identification proof, such as your Social Security Number, National Insurance Number, Payroll ID.

The submitted form will be sent to support@planday.com, then a support case with a reference number will be opened, and our Support team will acknowledge receipt. The timeline your admin has to respond to these queries is 30 calendar days.

Please note that once this form is submitted electronically, this is equivalent to signing a paper copy of the form.

Planday collects and processes personal data, as described in Planday’s privacy policy.

Under GDPR, an individual has the right to be informed about:

• What data are we collecting
• Why we are processing individual’s personal data
• Our legal basis for processing
• Our retention periods
• Our complaints process
• Who it will be shared with, transfers, storage etc.

You also have the right to be informed if we sourced your data from third parties.

Planday has ensured that whenever we collect personal data from you, you are made aware of our Privacy Policy and any other related terms. We also ensure that you consent to processing of your personal data.

We are transparent about the data we collect, and more detailed information can be accessed in the Planday product via the Help section.

This policy explains how you can exercise the Right to be Informed.

What is Planday’s legal basis for processing?

Planday processes data based on the legal basis of: performance of contract, consent, compliance, and legitimate interest.

What are Planday’s retention periods?

Please contact support@planday for details on our data retention periods.

I use a Planday account, how do I request to be informed?

As an individual, you can request more information about your data, as described in the policy overview. You can also consult our Privacy Policy for more details, as well as this section of our website.

To get more details, please contact support@planday.com and clearly state that you are seeking more details on data processing.

How do I file a complaint about Planday’s Right to be Informed policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to request a restriction of processing under certain circumstances:

• you contest the accuracy of your personal data processed by Planday, and you are verifying the accuracy of the data;
• the data has been unlawfully processed and the individual opposes erasure and requests restriction instead;
• Planday does not need the personal data any longer but you need us to keep it in order to establish, exercise or defend a legal claim; or
• you have objected to Planday’s processing of your data , as per your right to object to processing.

Please note that this right is not absolute, and Planday will investigate your request and respond accordingly.

I use a Planday account, how do I request to restrict processing?

If any of the following apply to you, please contact support@planday.com with details about your request:

• If you contest the accuracy of your personal data and want to rectify it
• If you think your data has been unlawfully processed
• If you need us to keep your data

If you are objecting to us processing your data, specifically for marketing communication, please contact support@planday.com as well.

When will Planday process my request?

Planday has one month to reply to your request.

How do I file a complaint about Planday’s Right to Restrict Processing policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

When you consent to process your personal data for marketing purposes, we process your personal data for the following:

• Sharing product releases and new features
• Sending tips on how to improve your business, and how you can get involved in the Planday community to hear more from other customers
• Sending tips on how to use the product more effectively
• Sharing market research and inviting you to participate in market research, including seeing new features we are working on
• Sharing details of Planday’s Ambassador’s programme and how you can get involved
• Being invited to our webinars and events

You have the right to object to marketing from Planday.

This removes your consent to receive any type of marketing information from Planday, and you will need to actively opt in again.

How do I remove consent for marketing?

To remove your consent for marketing, please contact support@planday.com

When you sign up for a trial or download any marketing content from our website, you also have the option to opt into marketing from Planday.

What about other types of communications and notifications? How do I manage my preferences for these?

Please see our policy here about how to manage your preferences.

When will Planday process my request?

Planday will process your request within one working day.

How do I file a complaint about Planday’s Right to Object policy or process?

Please refer to our Complaints process

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to rectify any personal data that Planday holds by:

• correcting inaccurate data
• completing incomplete data

This policy explains how you can exercise this right.

I use a Planday account, how do I request data to be rectified?

You can request that personal data be rectified verbally or in writing. If your request is made verbally, our Support Team will ask you to confirm this in writing.

Any requests should be sent to support@planday.com, with details of what data needs to be corrected.

The Support Team will ask you to verify your identification, and confirm any changes in writing.

When will Planday correct my data?

Planday has one month to correct any personal data.

Can I update my own data in my account?

Yes. If you are an employee, good practice is to let your admin know that data has been updated.

Data updated by yourself or by your admin, on your behalf, is controlled and processed by you and your admin, and Planday has no responsibility for this.

How do I file a complaint about Planday’s right to rectification policy or process?

Please refer to our Complaints process.

Under GDPR, data that Planday has on you will be made available if you request it.

If you are an employee, you should ask your employer for the data first. Then, you can email support@planday.com, and we’ll be happy to assist you. If you’re an admin of your Planday account, please contact support@planday.com.

If you have a complaint about how Planday handles data portability, please refer to our Complaints process.

Planday collects and processes personal data, as described in Planday’s Privacy Policy.

Under GDPR, an individual has the right to request that any personal data is deleted.

This right is not absolute, which means that we need to investigate your request, review our data retention schedule, work with your account’s admin, then determine whether this is request can be complied with.

If we cannot fulfil this request, we will explain why.

How do I request for my data to be deleted?

As an individual, you can request that your data is deleted.

You need to speak to the admin of your Planday account first to fulfil this right.

You can also contact us at support@planday.com and we will help out by working with the admin of your account.

How long does it take to process this request?

Planday will work with the admin of your account to review this request.

You will receive a response within one month (calendar days) of receipt of request. This timeline starts the day after the request was made until the corresponding calendar date in the next month.

How do I file a complaint about Planday’s Right of Erasure policy or process?

Please refer to our Complaints process.

Planday collects and processes personal data, as described in Planday’s Privacy Policy. We do not use personal data to automatically profile admins or end-users.

If you have any questions about this, please contact us as support@planday.com.

If you have a complaint about our policy, please refer to our Complaints process