GDPR
Data protection
at Plandisc
On this page, you can learn how Plandisc works with data security and ensures that your information is handled responsibly and by current legislation.
Audit opinion
We obtain an ISAE 3000 statement annually.
An independent third party prepares the statement and covers our compliance with the General Data Protection Regulation, data protection provisions in other EU laws or the national law of Member States, and the content of the data processing agreement.
See or download the latest auditor's statement from 2025 below.
Data processingagreement
When you use Plandisc, we process personal data on behalf of our customers. Our customers are data controllers, and we act as data processors. To ensure compliance with the GDPR, we enter into a data processing agreement with our customers, which sets out the legal framework for data processing.
We use the Danish Data Protection Agency's standard contract terms as the basis for our data processing agreement. This ensures that the agreement complies with applicable legal requirements and lets you know that your data is handled correctly and securely.
Security is important to us
We have chosen Microsoft Azure as the standard hosting provider for Plandisc. Microsoft has decades of experience developing and operating business-critical systems, and we build on this infrastructure to ensure high operational reliability and data protection. Security is part of the entire process – from software development to ongoing operational management and threat prevention. Regular penetration tests are carried out to strengthen security controls in the hosting.
For customers with special requirements for data storage, we also offer an alternative solution: Plandisc in Visma Private Cloud. Here, the solution is hosted on VMware Cloud Director technology in Sweden, in a European-owned data centre. No data is transferred to third countries or non-European-owned companies.
Software hosting at Microsoft
We have chosen Microsoft to host our software. Microsoft has decades of experience building business software and operating some of the most extensive services in the world. We have leveraged this experience to implement and constantly improve security awareness in software development, operational management, and threat mitigation methods, all essential for strong data protection in the cloud. Microsoft regularly conducts penetration testing to improve security controls and hosting processes.
TLS encryption
To secure data transfer, we have chosen to use TLS encryption. We have selected one of the largest providers on the market, namely a Comodo Premium SSL certificate. Comodo Premium SSL is a domain-validated certificate. This means that when the certificate is issued, it is validated that we have control over the domain.
Visma's security program
We are part of Visma's security program, which ensures annual reviews of our security, automatic security analysis of our code, and manual security tests.
ISAE 3000 security certification
We have ISAE 3000 standard certification, which has been obtained through an assessment by an external auditor.
Private Cloud: A secure solution
for sensetive planning
With Private Cloud, you get a solution where data is stored and processed exclusively within the EU, and where no information is transferred to third countries or non-European companies. The user does not select the location themselves, but is guaranteed that everything is hosted on European soil in full compliance with the GDPR.
The solution is built on Cloud Director, VMware's technology for private hosting, providing high stability and modern security standards combined with local data storage. This means encrypted data traffic, daily backups, access based on the Least Privilege principle, and a security setup assessed annually through the Visma Application Security Program. Private Cloud is particularly relevant for public organisations, NGOs, and companies that require full visibility into where and how data is processed — without compromising on functionality or Microsoft 365 integrations.
If data security and oversight are important parameters for your organisation, Private Cloud is a safe choice.
Sub-processors
at Plandisc
At Plandisc, we are comitted to protect your data- both as a data controller and data processor. To provide our services, we use several subprocessors who assist us with specific technical functions. We always enter into written data processing agreement with these suppliers by GDPR requirements and continuously monitor their security measures.
Our sub-processors
Below, you will find an overview of our current sub-processors, their purposes, and where data is processed:
We only use sub-processors that meet high data security and protection standards. Data processing occurs within the EU/EEA, and no personal data is transferred to third countries.
Amazon.com Inc.
Amazon Web Services (AWS) securely stores customer data via S3 Cloud Storage. This data processing happens according to their standard sub-processor data agreement.
WebHosting A/S
WebHosting A/S sends and receives emails from our solutions via SMTP service. Data processing happens by their standard sub-processor agreement.
Ipregistry
Ipregistry is used to look up users' geographical locations (IP geolocation service). We primarily use this function to block access to our service from sanctioned countries subject to international embargoes. This use happens according to their standard sub-processor agreement.
Orca Security Ltd.
Orca Security Ltd. is used to ensure the security of our cloud infrastructure by analyzing network, service, and storage configurations, malware scanning, and updating operating systems used by virtual machines, privileges, and MFA setup for users with access to the infrastructure, etc. Data processing is carried out by Visma's sub-processor agreement with Orca Security, which ensures, among other things, that all data is processed within the EU/EEA.
Transparency and updates
We update this overview if we change or add sub-processors and always inform our customers of any significant changes in our data processing chain by our data processing agreement. You are always welcome to contact us if you have any questions about our data processing or want insight into our contractual basis.
Questions?
Want to learn more about how to use Plandisc in your organization? Talk to one of our experts to explore the possibilities.
No, that's not neccesary. If updates are applied to the sub-processors they will be updated on this page.
This page always has the list of subprocessors up to date. If it changes, our customers will be notified in a timely manner.