Follow

GDPR FAQ

Zen Planner has updated, and anticipates updating prior to May 25 2018, our Privacy Policy and Terms of Use to comply with the guidelines set forth by GDPR that are applicable to Zen Planner (either as a data controller or as a data processor).  As a Customer of Zen Planner, we have made preparations to ensure that your rights under the GDPR to data portability, access to information, correction/rectification, right to erasure, and consent (when required to be obtained directly by Zen Planner) are available to you with respect to your data if controlled and processed by Zen Planner.

As a Customer of our online business management software, you are a data controller, and are independently responsible for meeting GDPR requirements. You should be aware that Zen Planner software is not intended to, nor does it, guarantee compliance by your business with the GDPR. Use of Zen Planner software alone will not render you or your business GDPR complaint. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant. 

This frequently asked questions section (“FAQ”) does not constitute legal advice, and Zen Planner declines all responsibility as to its content. 

What is the GDPR?

The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law designed to strengthen and unify data protection for individuals within the EU, essentially giving EU residents and citizens more control of their personal data. The GDPR takes effect on May 25, 2018.

 

Does the GDPR affect my business?

Generally, any organization with a presence in an EU country or any company that processes personal data of EU residents or citizens may be impacted by this regulation. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant.

 

Where is Zen Planner’s consumer data stored? Where are Zen Planner’s backup servers located?

Zen Planner stores all data in servers and backup servers located in the United States and in the AWS cloud. Please review our Privacy Policy and Terms of Use for complete details on how our data is stored and processed.

Does Zen Planner have a documented Data Incident Response Policy?

Yes, we have an internal, documented Data Incident Response Policy and process that is in compliance with GDPR. Zen Planner has a legal obligation to report any data breaches to the Incident Response Team within 72 hours.

 
What are Zen Planners responsibilities as it relates to GDPR?

Zen Planner is considered a data processor as it relates to the collection, storage and use of your member’s data that is input by you or your members. Zen Planner is considered the data controller only as it relates to information it collects on you as our customer which occurs in order to provide you a service and communicate with you as outlined in our Privacy Policy and Terms of Use.

 

What are my responsibilities as it relates to GDPR?

As a customer and the ‘data controller,’ you are responsible for ensuring compliance with the key requirements of the GDPR.

Zen Planner will provide you with assistance in meeting those requirements where possible and appropriate. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant.


Is Zen Planner planning to release new features or functionality to support GDPR?

Zen Planner has updated our internal processes to assist you, our customer, in responding to requests for deletion, data portability, access and rectification.

We are not adding any additional functionality to our software to embed privacy notices or track consent to communication or data processing on widgets or forms. Please note that you remain ultimately responsible for compliance with GDPR requirements.

 

Where can I post my privacy notices, consent requests or other similar elements within the Zen Planner product to help me prepare for GDPR?

You will need to post and host your privacy notices outside of Zen Planner on your website or another content management platform. From there, you can manually link to those documents in Zen Planner’s document and communication templates. Zen Planner is not responsible for tracking consent and opt in from your members as it relates to your updated privacy notices in accordance to GDPR.

Currently, Zen Planner does not have the ability to link to privacy notices in our widgets or embeds including forms.


Will EU citizens have “the right to be forgotten” (have their data removed from Zen Planner upon request)?

Yes. You, as a Zen Planner customer and EU citizen, will have the right to be forgotten by emailing help@zenplanner.com with your request. However, this right is not absolute. Please see our Privacy Policy for further details. You can also manage this request for your members by deleting them from your Zen Planner database (Navigate to People > Selecting the Contact to be removed > Profile Details > Delete Person > type ‘DELETE’ click Delete Person) and then emailing help@zenplanner.com with the request and the person’s information so that we can finalize the deletion process.

 

Can I review data erasure requests before they are processed by Zen Planner (in case a member of mine is trying to get out of paying a debt)?

As the data controller, it is ultimately your responsibility to determine whether to honor a request to be forgotten. Any requests that come to Zen Planner directly will be passed to you as the data controller to approve. You will be responsible for approving or denying every erasure request submitted for your business.

Zen Planner is not responsible for ensuring data deletion in any of your own documents or data storage locations outside of the Zen Planner system.

 

Will my financial data be affected if a client requests to be forgotten?

Yes. Right now, in Zen Planner, when you delete a person completely it will also delete any bills and payments associated to that person.

 

How can my members unsubscribe from emails, text messages or other communication sent from my Zen Planner database?

Your members can opt out of emails by clicking the unsubscribe link in the email footer. Unsubscribing from text messages or other communication needs to be handled manually as there is no automated process for this in Zen Planner. If a member unsubscribes accidentally, your member is required to email help@zenplanner.com and request to be opted back into Zen Planner emails.


Will any of Zen Planner’s auto emails continue to be sent even after a member opts out of communication?

No. Zen Planner does not have the functionality to differentiate or manage opt in preferences to different types of communication. If your member opts out of communication they will be opted out of all of the communication. If a member unsubscribes accidentally your member is required to email help@zenplanner.com and request to be opted back into Zen Planner emails.

Is there a way I can mass opt out all of my clients so they can opt-in individually after May 25?

We do not offer an automated way for our customers to mass opt-out their members. You should check your processes and records to be sure existing consents meet the GDPR standard. You will also have to create your own solution for tracking consent and it is on you as the controller to ensure this process is GDPR compliant.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.
Powered by Zendesk