Version 1.0, 1 mei 2025. This Data Processing Agreement applies when you have personal data processed through Planvyo and supplements our terms and conditions.
Data controller: the customer who signed up at https://planvyo.com for a Planvyo subscription (hereinafter: "Customer").
Data processor: UNSOLVE, owner of Planvyo, reachable at info@planvyo.com (hereinafter: "Planvyo").
Planvyo processes personal data on behalf of the Customer in the context of delivering the Planvyo SaaS scheduling and time-tracking service. The Customer is responsible for the lawfulness of processing under the GDPR.
Personal data is processed exclusively for: (a) creating and managing schedules, (b) leave and shift-swap management, (c) attendance registration (if QR check-in add-on active), (d) time reporting (if timesheet add-on active), (e) authentication and access control.
Employees and administrators of the Customer with access to the schedule.
Data is processed for as long as the Customer has an active Planvyo subscription. Upon termination, data is deleted within 30 days, unless the Customer requests earlier destruction or longer retention in writing.
Planvyo uses the following sub-processors:
Changes to sub-processors are announced at least 30 days in advance. The Customer has the right to object; upon justified objection the subscription can be terminated free of charge.
Planvyo notifies the Customer of a data breach within 48 hours of discovery via email to the contact address known to us. The notification includes: nature of the breach, categories and number of data subjects affected, possible consequences and measures taken or planned. The Customer is responsible for reporting the breach to the Dutch Data Protection Authority and, where applicable, to data subjects.
Requests from data subjects (access, rectification, erasure, portability) reach the Customer as data controller. Planvyo provides dashboard functionality to fulfil such requests (e.g. export employee data, delete accounts). For complex requests Planvyo offers support at hourly rate.
The Customer has the right, upon at least 30 days written notice and at most once per year, to conduct or have conducted by an independent third party, an audit. Audit costs are borne by the Customer, unless deficiencies come to light.
Upon termination of the subscription, the Customer has 30 days to download a full data export (CSV and JSON). After this period all customer data is destroyed from production systems. Backup copies are permanently destroyed after at most 90 days.
Planvyo's liability under this DPA is limited to direct damages and a maximum of the amount paid by the Customer to Planvyo in the 12 months preceding the event causing the damage.
Dutch law applies to this DPA. Disputes shall be submitted to the competent court in the Netherlands.
This DPA enters into force automatically upon having an active Planvyo subscription and is deemed signed through acceptance of the terms and conditions. For a signed paper copy, contact info@planvyo.com.