GDPR Commitment

Last Updated: February 14, 2023

OVERVIEW

The General Data Protection Regulation (GDPR) became enforceable on May 25, 2018.

GDPR is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU) and Switzerland. It also addresses the export of personal data outside the EU. LiquidPlanner is committed to keeping customer data private and safe. This commitment includes helping our customers understand and comply with the GDPR.

COMMITMENT TO DATA PROTECTION & GDPR COMPLIANCE

LiquidPlanner is based in the United States; however, we serve many users in the EU and are committed to ongoing GDPR compliance. Requirements to become GDPR compliant were significant and our team worked diligently to do so. Preparing for GDPR deepened our commitment to data protection and minimizing risk. We assessed processes, features, and systems and implemented necessary changes. We review these processes, features, and systems at least annually and implement changes as necessary. LiquidPlanner will do the following:
  1. Collect only the minimum amount of data required to provide our hosted services.
  2. Process customer data only as needed for the purposes laid out in our publicly-facing Terms of Service and Privacy Policy.
  3. Delete customer data after the termination of the trial or paid subscription.
  4. Implement and maintain appropriate technical and organizational measures to keep customer data secure and protect it against unauthorized or unlawful processing and accidental loss, destruction or damage.
  5. Provide ongoing staff training, for new and existing employees, with regard to security and best practices, and require them to safeguard customer data.
  6. Promptly notify customers and take reasonable steps to minimize harm if we become aware of a security incident. Additionally, we will provide details (to the extent possible) of the incident, including steps we have taken to mitigate the potential risk.

PRIVACY SHIELD, STANDARD CONTRACTUAL CLAUSES & DATA TRANSFER

To comply with EU data protection laws around international data transfer mechanisms, we self-certified under the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield. These frameworks were developed to establish a way for companies to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. As part of the certification process, our Privacy Policy was updated to include concise and easy-to-understand language about the information we collect and use, which complies with the Privacy Shield Principles. LiquidPlanner remains committed to the Privacy Shield Principles.

To comply with EU data protection laws around international data transfer mechanisms after July 16, 2020, LiquidPlanner enters Standard Contractual Clauses, as amended or updated, with companies to comply with data protection requirements when transferring personal data from the European Economic Area, Switzerland, or the United Kingdom.

DATA STORAGE

LiquidPlanner uses AWS (Amazon Web Services) for hosting our application, and service is delivered from SSAE16 audited data centers located in the United States. Please read both our Security Statement and Privacy Policy for additional details.

DATA PROCESSING AGREEMENT

LiquidPlanner has a Data Processing Agreement (DPA) available. You may request to execute a DPA with us by sending an email to privacy@liquidplanner.com. Please include your company name and Workspace ID number in the request.

STAY UPDATED

Transparency is important to us. We will keep you updated as we continue to fulfill our privacy and security commitments. This page will be revised to include any new GDPR-related information as it becomes available. If you have any questions about how LiquidPlanner complies with the GDPR, please send your inquiry to privacy@liquidplanner.com—we’re happy to help.

TERMS OF SERVICE

Please refer to our Terms of Service for information on how the LiquidPlanner service is delivered. 

RESOURCES