GDPR

LiquidPlanner’s GDPR Commitment

Last Updated: May 25, 2018

OVERVIEW

The General Data Protection Regulation (GDPR) became enforceable on May 25, 2018.

GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU) and Switzerland. It also addresses the export of personal data outside the EU. LiquidPlanner is committed to keeping customer data private and safe. This commitment includes helping our customers understand and prepare for the GDPR.

COMMITMENT TO DATA PROTECTION & GDPR COMPLIANCE

LiquidPlanner is based in the U.S., however we serve many users in the EU and are committed to being GDPR compliant.

Requirements are significant and our team has worked diligently to be compliant with the GDPR. Preparing for GDPR has deepened our commitment to data protection and minimizing risk. We’ve assessed processes, features and systems and implemented necessary changes along the way.

LiquidPlanner will:

  • Collect only the minimum amount of data required to provide our hosted services.
  • Process customer data only as needed for the purposes laid out in our publicly-facing Terms of Service and Privacy Policy.
  • Delete customer data after the termination of the trial or paid subscription.
  • Implement and maintain appropriate technical and organizational measures to keep customer data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage.
  • Provide ongoing staff training, for new and existing employees, with regard to security and best practices, and require them to safeguard customer data.
  • Promptly notify customers and take reasonable steps to minimize harm if we become aware of a security incident. Additionally, we will provide details (to the extent possible) of the incident, including steps we have taken to mitigate the potential risk.

PRIVACY SHIELD & DATA TRANSFER

To comply with EU data protection laws around international data transfer mechanisms, we have self-certified under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. As part of the certification process, our Privacy Policy was updated to include concise and easy-to-understand language about the information we collect and use, which complies with the Privacy Shield Principles.

DATA STORAGE

LiquidPlanner uses AWS (Amazon Web Services) for hosting our application, and service is delivered from SSAE16 audited data centers located in the U.S. Please read both our Security Policy and Privacy Policy for additional details.

DATA PROCESSING AGREEMENT

LiquidPlanner has a Data Processing Agreement (DPA) available. You may request to execute a DPA with us by sending an email to: privacy@liquidplanner.com. Please include your company name and Workspace ID number in the request.

STAY UPDATED

Transparency is important to us. We will keep you updated as we continue to fulfill our privacy and security commitments. This page will be revised to include any new GDPR-related information as it becomes available. If you have any questions about how LiquidPlanner complies with the GDPR, please send your inquiry to: privacy@liquidplanner.com – we’re happy to help.

RESOURCES

GDPR was last modified: June 19th, 2018 by Dana Silverman