How does EPLAN deal with the requirements of the GDPR?
How can you as a customer work with the EPLAN Cloud in a GDPR-compliant manner?
We guarantee that the personal data of your employees or your customers is handled in accordance with the GDPR. This enables you to exercise and implement all rights in accordance with the requirements of the GDPR within the EPLAN Cloud (e.g. data deletion, rectification rights, etc.). For example, if you want to delete a user's account, contact firstname.lastname@example.org to do this. EPLAN will then completely delete the user's account within a reasonable period. The correction of personal information such as the first and last name can be done within the user profile.
Special case when EPLAN acts as data processor (dpa)
According to the EU General Data Protection Regulation (GDPR), there may exist use cases where an EPLAN customer takes the role of the controller according to Art. 28 of the GDPR, and EPLAN itself takes the part of the processor. This is for example the case, if the EPLAN customer processes personal data entrusted to him by his own customers or business partners within the EPLAN Cloud. Therefore, the EPLAN customer instructs EPLAN to process the personal data of its customers.
Art. 28 of the GDPR requires the conclusion of a data processing agreement (dpa) for this case. EPLAN provides you with a document under the following link, valid as a data processing agreement between the EPLAN customer as the responsible controller and EPLAN as the processor.
Storage location of data in the cloud inside and outside the EU
As a matter of principle, the personal data that we collect when you use the EPLAN Cloud is stored and processed on servers within the EU economic area in compliance with the GDPR.