As a Customer of our online business management software, you are a data controller, and are independently responsible for meeting GDPR requirements. You should be aware that Zen Planner software is not intended to, nor does it, guarantee compliance by your business with the GDPR. Use of Zen Planner software alone will not render you or your business GDPR complaint. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant.
This frequently asked questions section (“FAQ”) does not constitute legal advice, and Zen Planner declines all responsibility as to its content.
What is the GDPR?
The EU General Data Protection Regulation (GDPR) is a new comprehensive data protection law designed to strengthen and unify data protection for individuals within the EU, essentially giving EU residents and citizens more control of their personal data. The GDPR takes effect on May 25, 2018.
Does the GDPR affect my business?
Generally, any organization with a presence in an EU country or any company that processes personal data of EU residents or citizens may be impacted by this regulation. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant.
Where is Zen Planner’s consumer data stored? Where are Zen Planner’s backup servers located?
Does Zen Planner have a documented Data Incident Response Policy?
Yes, we have an internal, documented Data Incident Response Policy and process that is in compliance with GDPR. Zen Planner has a legal obligation to report any data breaches to the Incident Response Team within 72 hours.
What are Zen Planners responsibilities as it relates to GDPR?
What are my responsibilities as it relates to GDPR?
As a customer and the ‘data controller,’ you are responsible for ensuring compliance with the key requirements of the GDPR.
Zen Planner will provide you with assistance in meeting those requirements where possible and appropriate. We strongly recommend you seek your own legal counsel to review your practices, processes and documentation, including the way in which you use the Zen Planner software, to ensure your business is GDPR compliant.
Is Zen Planner planning to release new features or functionality to support GDPR?
Zen Planner has updated our internal processes to assist you, our customer, in responding to requests for deletion, data portability, access and rectification.
We are not adding any additional functionality to our software to embed privacy notices or track consent to communication or data processing on widgets or forms. Please note that you remain ultimately responsible for compliance with GDPR requirements.
Where can I post my privacy notices, consent requests or other similar elements within the Zen Planner product to help me prepare for GDPR?
You will need to post and host your privacy notices outside of Zen Planner on your website or another content management platform. From there, you can manually link to those documents in Zen Planner’s document and communication templates. Zen Planner is not responsible for tracking consent and opt in from your members as it relates to your updated privacy notices in accordance to GDPR.
Currently, Zen Planner does not have the ability to link to privacy notices in our widgets or embeds including forms.
Will EU citizens have “the right to be forgotten” (have their data removed from Zen Planner upon request)?
Can I review data erasure requests before they are processed by Zen Planner (in case a member of mine is trying to get out of paying a debt)?
As the data controller, it is ultimately your responsibility to determine whether to honor a request to be forgotten. Any requests that come to Zen Planner directly will be passed to you as the data controller to approve. You will be responsible for approving or denying every erasure request submitted for your business.
Zen Planner is not responsible for ensuring data deletion in any of your own documents or data storage locations outside of the Zen Planner system.
Will my financial data be affected if a client requests to be forgotten?
Yes. Right now, in Zen Planner, when you delete a person completely it will also delete any bills and payments associated to that person.
How can my members unsubscribe from emails, text messages or other communication sent from my Zen Planner database?
Your members can opt out of emails by clicking the unsubscribe link in the email footer. Unsubscribing from text messages or other communication needs to be handled manually as there is no automated process for this in Zen Planner. If a member unsubscribes accidentally, your member is required to email firstname.lastname@example.org and request to be opted back into Zen Planner emails.
Will any of Zen Planner’s auto emails continue to be sent even after a member opts out of communication?
No. Zen Planner does not have the functionality to differentiate or manage opt in preferences to different types of communication. If your member opts out of communication they will be opted out of all of the communication. If a member unsubscribes accidentally your member is required to email email@example.com and request to be opted back into Zen Planner emails.
Is there a way I can mass opt out all of my clients so they can opt-in individually after May 25?
We do not offer an automated way for our customers to mass opt-out their members. You should check your processes and records to be sure existing consents meet the GDPR standard. You will also have to create your own solution for tracking consent and it is on you as the controller to ensure this process is GDPR compliant.