1. FORMATION OF CONTRACT
1.1. This website is owned and operated by Visma Plandisc A/S, Søren Frichs Vej 44D, DK-8230 Åbyhøj, Denmark, CVR No. 37204854 (“Plandisc”).
1.2. These Terms and Conditions of Use (the “Terms”) are accepted by ticking “I have read and accept the Terms and Conditions of Use” on the order form, by using the application or the services or in any other way by expressing your consent thereof, and applies between Plandisc and the customer (the “Customer”). If the Customer is a legal person, these Terms are accepted on behalf of the Customer.
2. OPERATIONAL STABILITY
2.1. Plandisc aims to ensure the highest possible operational stability, but is not liable for breakdown or interruptions of operation, including interruptions caused by matters outside Plandisc’s control. This includes, among others, power failure, equipment failure, internet connections, telecommunication connections or the like. Plandisc is delivered as is, and Plandisc waives any warranty, guarantee, undertaking, claim or other terms, whether directly or indirectly.
2.2. In case of breakdowns or interruptions, Plandisc aims to restore normal operation as soon as possible.
2.3. Planned interruptions will essentially be placed in the period between 9:00 P.M. and 06:00 A.M. CET. If it becomes necessary to cut off access to Plandisc outside the specified time period, this will be duly notified in advance to the extent possible.
3. INTELLECTUAL PROPERTY RIGHTS
3.1. The program and information provided by Plandisc, apart from the Customer’s data, is protected by copyright and other intellectual property rights and belongs to or is licenced to Visma Plandisc A/S.
3.2. No intellectual property rights are transferred to the Customer.
4. PLANDISC’S LIABILITY
4.1. Plandisc waives any liability in relation to the Terms, services or use of the program, regardless whether this is contractual or non-contractual liability, including for operational loss, consequential loss or other indirect loss, loss of data, loss based on product liability or loss caused as a result of ordinary negligence.
4.2. Regardless of the type of loss or the basis of liability, Plandisc’s total liability in terms of value is limited to the Customer’s payment during the period of twelve (12) months before the actionable event occurred.
4.3. The Customer accepts to indemnify Plandisc ApS for any claim or loss caused by product liability, loss suffered by third parties or liability for third parties, to the extent such claim or loss results from the Customer’s use of the program.
5. CUSTOMER’S USE AND OBLIGATIONS
5.1. The Customer obtains access to Plandisc pursuant to the extent of the subscription chosen.
5.2. Access to Plandisc is limited only to customers of Plandisc. The Program may only be accessed by customers. Any user of Plandisc must have a plandisc account.
5.3. The Customer must ensure that the program is not used in any way that may impair Plandisc’s name, reputation or goodwill or that is contrary to relevant legislation or other regulation.
5.4. If the Customer enters personal data (e.g. names, contact information) in the Plandisc program, the Customer is fully responsible that he or she may lawfully do so. Plandisc recommends that the special categories of personal data (sensitive personal data) are not used or are limited to the widest possible extent.
DATA PROCESSING AGREEMENT
1.0 Introduction and background
1.1 In order to ensure that Plandisc and the Customer (hereinafter jointly referred to as the “Parties”) meet their obligations pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council (the “GDPR”) and the national data protection rules under the GDPR, the Parties have entered into this Data Processing Agreement. This Data Processing Agreement shall apply when the Customer adds personal data in the planning tool that is made available by Plandisc and whereby Plandisc processes personal data on behalf of the Customer.
1.2 This Data Processing Agreement shall not apply when
(1) the Customer is a natural person who uses the planning toll for strictly personal or household activities or
(2) no personal data is added in the planning tool by the Customer
2.1 Plandisc can only process personal data for the purposes necessary to provide its service to the customer.
3.0 Plandisc’s obligations
3.1 Plandisc will meet its obligations pursuant to applicable legislation on data protection in respect of the personal data covered by this Data Protection Agreement.
3.2 Plandisc may only process personal data according to documented instructions from the Customer, including as regards transfer of personal data to a third party, unless this is required to ensure compliance with EU legislation or national legislation of the member states. In such case, Plandisc must notify the Customer of that legal requirement before the processing is commenced, unless that law prohibits such notification on important grounds of public interest.
3.3 Plandisc has no reason to believe that the applicable data protection legislation prevents Plandisc from complying with the instructions in this Data Processing Agreement. If Plandisc at a later time has reason to believe that the Customer’s instructions are contrary to applicable data protection legislation, Plandisc must immediately notify the Customer thereof.
3.4 Plandisc shall make the required technical and organisational safeguards, including such additional measures as may be required to prevent the processed data from being accidentally or illegally destroyed, lost or deteriorated and to prevent information from being disclosed to unauthorized persons, misused or otherwise processed contrary to the provisions of Danish legislation on data protection, cf. Article 32 of the GDPR.
3.5 Personal data are confidential and must remain confidential. Plandisc must ensure that any person processing personal data has received sufficient instruction and training in the processing of personal data and has undertaken to observe confidentiality.
3.6 Plandisc must assist the Customer in ensuring compliance with the obligations pursuant to Articles 32-36 of the GDPR, having regard to the nature of the processing and the information available to Plandisc.
3.7 Plandisc must notify the Customer without undue delay if Plandisc becomes aware of a security breach, and Plandisc must immediately notify the Customer of any request for disclosure of personal data from a law enforcement agency, unless this is prohibited according to applicable legislation.
3.8 Having regard to the nature of the processing, Plandisc will assist the Customer – as far as possible and by taking appropriate technical and organisational measures – in the fulfilment of the Customer’s obligations to reply to requests regarding exercise of the rights of the data subjects as laid down in Chapter 3 of the GDPR.
3.9 If the Customer requests information or assistance regarding security measures and documentation or information on how Plandisc processes personal data, and such request includes information that exceeds what is considered reasonable and necessary according to applicable data protection legislation, Plandisc may request payment for such additional services.
4.0 Customer’s obligations
4.1 The Customer guarantees to meet its obligations pursuant to the applicable data protection legislation. In this connection, the Customer undertakes the following:
o When using the planning tool that is made available by Plandisc, the Customer will only process personal data in accordance with applicable data protection legislation;
o The Customer has a legal basis for processing personal data;
o The Customer ensures the accuracy, the integrity, the contents, the reliability and the lawfulness of the personal data processed by Plandisc;
o The Customer has complied with its duty as a Data controller, e.g. its duty to provide information to the data subjects regarding the processing of personal data in accordance with applicable data protection legislation.
5.0 Use of sub-processors and disclosure of data
5.1 This Data Processing Agreement represents the Customer’s prior general and specific written approval of Plandisc’s use of other data processors (“Sub-processors”). The Customer accepts Plandisc’s use of the Sub-processors specified in Appendix 1.
5.2 The Data Processor’s Sub-processors are listed in the list of Sub-processors updated from time to time and available here. The Customer must be informed before Plandisc replaces or adds new Sub-processors. However, the Customer is only entitled to object against a new Sub-processor if this Sub-processor, in the Customer’s opinion, does not process data in accordance with applicable data protection legislation. In such a situation, Plandisc must document compliance by giving the Customer access to Plandisc’s data protection evaluation of the said Sub-processor. In case of continued disagreement regarding use of the Sub-processor, the Customer may terminate its subscription for the planning tool so that the Customer’s personal data cannot be processed by the said Sub-processor.
5.3 Before transferring personal data to a Sub-processor, Plandisc must ensure that (1) the Customer has not objected against the use of this Sub-processor; (2) Plandisc and the Sub-processor have entered into an agreement (“Sub-processor Agreement”) corresponding to the content of this Data processing Agreement, especially as regards a guarantee for implementation of appropriate technical and organizational measures; (3) the Sub-processor Agreement regarding the Customer’s personal data will terminate automatically in case of termination of this Data Processing Agreement.
5.4 If a Sub-processor is established outside, or if personal data are stored outside, the EU/EEA, the Customer authorises Plandisc to ensure a legal basis for transferring personal data to a third country on behalf of the Customer, including by using the EU Commission’s standard contractual clauses.
5.5 Plandisc is fully liable towards the Customer if the Sub-processor does not meet its obligations pursuant to this Data Processing Agreement.
6.0 Access to audit
6.1 Plandisc makes any information available to the Customer that is required to demonstrate compliance with the requirements of Article 28 of the GDPR.
6.2 The Customer is entitled to commence an audit of Plandisc’s obligations pursuant to the Data Processing Agreement once every year. If the Customer is obliged pursuant to applicable legislation, an audit may be made more than once every year. In connection with a request for an audit, the customer must send a detailed audit plan, including a description of the extent, duration and commencement date, at least four (4) weeks before the suggested commencement date. It must be agreed jointly between Plandisc and the Customer if a third party is to do the audit. However, the Customer may let Plandisc determine that the audit, for security reasons, must be performed by a neutral third party at Plandisc’s option, if the processing environment includes data from several data subjects.
6.3 Under all circumstances, the audit must take place during normal office hours at the relevant facility in accordance with Plandisc’s policies and cannot unfairly interfere with Plandisc’s general commercial activities.
6.4 All costs related to the audit are to be covered by the Customer. Any assistance from the data processor in this regard, which exceeds the general service that Plandisc must provide as a result of the applicable data protection legislation, will be invoiced separately.
7.0 Duration and termination
7.1 The Data Processing Agreement comes into force by the Customer’s electronic box ticking or another acceptance of the agreement.
7.2 The Data Processing Agreement applies as long as Plandisc processes personal data on behalf of the Customer in connection with the Customer’s use of the planning tool.
7.3 This Data Processing Agreement will automatically expire upon termination of the Customer’s subscription to the planning tool. By termination of the subscription, Plandisc will delete or return all personal data in the relevant format, which Plandisc has processed on behalf of the Customer. If the Customer requires assistance in relation to the return of data, costs related thereto will be fixed jointly between the Parties and must be based on i) hourly rates for Plandisc’s time spent, ii) the complexity of the requested process and iii) the format chosen.
8.0 Amendment of terms
8.1 This Data Processing Agreement is binding upon the Parties and may only be amended by entering into a new data Processing Agreement.
8.2 Regardless of the provision in clause 8.1, Plandisc may amend the Data Processing Agreement in order to ensure compliance with the applicable data protection regulation in force from time to time. In such case, Plandisc will notify the Customer of any amendments of the Data Processing Agreement.
9.1 Plandisc is not liable towards the Customer for any accrued loss as far as such loss has been caused by circumstances outside Plandisc’s control.
9.2 Plandisc is under no circumstances liable in damages towards the Customer for any indirect loss of the Customer, including, but not limited to, loss of turnover and loss of reputation. In addition, Plandisc’s total liability in damages towards the Customer is limited to an amount corresponding to the subscription payments paid by the Customer during the most recent twelve (12) months.
10.0 Governing law and venue
10.1 This Data Processing Agreement shall be governed by Danish law.
10.2 Any claim and dispute arising out of or in any other way related to this Data Processing Agreement shall be settled by the Aarhus City Court.
This Appendix is an integral part of the Data Processing Agreement and represents the Customer’s instructions to Plandisc in connection with Plandisc’s processing of personal data on behalf of the Customer.
Processing of personal data
1. Purpose of the processing:
Plandisc processes the Customer’s personal data to the extent the Customer add such personal data in the planning tool that is made available and hosted by Plandisc. The processing of personal data is necessary in order for Plandisc to comply with its obligations pursuant to the subscription agreement.
2. Categories of data subjects:
Plandisc processes personal information about the categories of data subjects which the Customer adds to the planning tool, including the Customer’s employees, customers, clients, cooperation partners, service recipients (e.g. pupils in a school and their parents).
3. Categories of personal data:
As the planning tool includes free-text fields and the possibility of uploading
documents, Plandisc processes the personal data which added to the planning tool by the Customer, including name, title, contact information, civil reg. no. (CPR) as well as information about illness, holiday and non-working days.
The Customer is encouraged to limit the entry of sensitive personal data.
4. Sub-processors and the physical location of the processing
Plandisc uses Microsoft as a sub-processor as the Plandisc software is hosted in Microsoft’s data centre in Dublin, Ireland.