Plai

GDPR Policy

Effective: September 03, 2019
Updated: February 07, 2020



Overview
The General Data Protection Regulation (GDPR) provides new, consistent standards across the EU to protect the rights of EU citizens regarding how their personal data is being used. It went into effect on May 25, 2018, and applies to any company that uses personal data from EU citizens.

We at Plai are committed to privacy and security and are ready for the GDPR. Here we'll provide a quick overview of the GDPR and share what we did to comply.



GDPR Basics
Replacing the existing EU privacy directive 95/46/EC, which has been in place for over 20 years, GDPR strengthens and expands the privacy rights of individuals in an era in which much of life takes place online.

The GDPR is extensive, affecting not just businesses based in the EU but also any company that processes the personal data of EU citizens.

The Data Protection Principles set forth in the GDPR include requirements like the following:

• Personal data collected must be processed in a fair, legal, and transparent way and should only be used in a way that a person would reasonably expect.
• Personal data should only be collected to fulfill a specific purpose, and it should only be used for that purpose. Organizations must specify why they need personal data when they collect it.
• Personal data should be held no longer than necessary to fulfill its purpose.
• People covered by the GDPR have the right to access their own personal data. They can also request a copy of their data, and that their data be updated, deleted, restricted, or moved to another organization.

We'd encourage you to read the text in full as well as to consult with your legal counsel for a complete understanding of the GDPR.



What did Plai do to prepare for GDPR?
We at Plai are Data Controller in supplying services to you and making decisions about your personal data.
We got ready for GDPR by preparing for our own compliance. Here is an overview of what we've done so far:


Data Processing Agreement
We reviewed all our legal agreements and made any required changes to be GDPR compliant. We updated our Terms of Service and Privacy Policy. We also made sure that any vendors we use as subprocessors are GDPR compliant, and that we comply with the EU-U.S./Swiss-U.S. Privacy Shield Policies when transferring data to the subprocessors. You can find a complete list of our subprocessors here: https://plai.team/legal/subprocessors, our Privacy Shield Policy here: https://plai.team/legal/privacy-shield.


Security and Data Management
Plai employs strict policies and procedures around security and data management. Additionally, we designated an internal team and engaged outside expertise to enhance security standards that protect our customers' data and follow GDPR requirements.

• We appointed a Data Protection Officer to ensure ongoing GDPR compliance. You can contact them at dpo@plai.team.
• We instituted processes that ensure prompt notifications to customers and GDPR authorities as required in the unlikely event of a data breach.
• We formalized and documented our internal policies related to data security.
• We put safeguards in place to ensure secure and proper handling of data stored outside of the EU as required.
• We will continue, as has been our practice, to only process personal data according to our customer's instructions.


Implemented Product Capabilities
Plai enables compliance with the requirements, such as the right of data rectification or the right to be forgotten:

Informed consent: Whenever we request personal data from our users, we explain why we require that data. Our Privacy Policy outlines how we use data.
• Erasure: When a customer requests to delete all the data provided to us, we delete all the data sources they have provided us.
• Restriction of Processing: Any user may request to restrict the processing of their data at any time.
• Data portability: Any customer organization may request to export their data at any time.
• Rectification: Any person may request to alter the data about themselves in Plai as long as they verify their identity.
• Access: Users may request an export of all the personal information we have about them. This will be provided within 28 days of receipt of the request.


If you would like to exercise any of those rights, please:
1. Contact us by emailing support@plai.team.
2. Provide enough information to identify you.
3. Let us know the information to which your request relates.


We fully support the GDPR and think it's a good thing to treat customers and their data with care and respect. Our mission is to help companies like yours perform better in an engaged team, and that requires the fair and secure use of personal data that was given with full consent and transparency.


If you have any questions or concerns regarding GDPR and Plai, please send us a detailed message to support@plai.team.
Have any questions?