GDPR Compliance

Our Commitment

PlanItRight is committed to complying with the General Data Protection Regulation (GDPR). We respect your data rights and have implemented comprehensive measures to ensure that your personal data is processed lawfully, fairly, and transparently. This page outlines how we meet our obligations under GDPR.

Data We Process

We process personal data necessary to provide our project management services, including account information (name, email, company), usage data (feature interactions, login activity), billing information (processed through PCI-compliant payment processors), and content you create within the platform (project data, tasks, comments). We minimize data collection to only what is necessary for providing our services.

Legal Basis

We process your personal data under the following legal bases: contractual necessity for providing the services you have subscribed to; legitimate interest for improving our services, preventing fraud, and ensuring security; consent for marketing communications, which you can withdraw at any time; and legal obligation for compliance with applicable laws and regulations.

Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access — Request a copy of the personal data we hold about you.
• Right to Rectification — Request correction of inaccurate or incomplete personal data.
• Right to Erasure — Request deletion of your personal data when it is no longer necessary.
• Right to Restrict Processing — Request that we limit the processing of your personal data.
• Right to Data Portability — Receive your data in a structured, machine-readable format.
• Right to Object — Object to the processing of your personal data for certain purposes.
• Right to Withdraw Consent — Withdraw consent at any time where processing is based on consent.

Data Protection Officer

We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR requirements. You can contact our DPO at dpo@planitright.co for any data protection inquiries.

International Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission. Our primary data centers are located in the EU, and we offer data residency options for enterprise customers who require their data to remain within specific jurisdictions.

Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly without undue delay.

Sub-processors

We use a limited number of sub-processors to help deliver our services. Each sub-processor is carefully vetted for GDPR compliance, bound by data processing agreements, and subject to regular security assessments. We maintain an up-to-date list of sub-processors and will notify customers of any changes with reasonable advance notice.