EPLAN Cloud GDPR

GDPR

Compliance with legal requirements of the EU General Data Protection Regulation (GDPR)

What is the GDPR?

The GDPR (General Data Protection Regulation) is a regulation of the EU that aims to strengthen and unify the protection of personal data of EU residents.

The GDPR defines personal data as any information that can lead to the identification of an individual. This includes, for example, data such as the name, address or e-mail address. Eplan collects and operates this type of data as part of the registration and the use of the cloud services offered. Eplan decides on the intended purpose of processing the personal data and thus usually acts as the "controller" within the meaning of the GDPR.

How does Eplan deal with the requirements of the GDPR?

Protecting customer data and using it only in the way our customers expect us to do and as required by the applicable GDPR is our top priority. In its privacy policy, Eplan has described how it handles personal data. The link below to the Privacy Policy gives you detailed information about how we process your personal data when you use our websites and services, as well as your rights with regard to processing in accordance with the GDPR.

You can find the Eplan Privacy Policy here.

How can you as a customer work with the Eplan Cloud in a GDPR-compliant manner?

We guarantee that the personal data of your employees or your customers is handled in accordance with the GDPR. This enables you to exercise and implement all rights in accordance with the requirements of the GDPR within the Eplan Cloud (e.g. data deletion, rectification rights, etc.). For example, if you want to delete a user's account, contact digital-platform@eplan.de to do this. Eplan will then completely delete the user's account within a reasonable period. The correction of personal information such as the first and last name can be done within the user profile.


Special case when Eplan acts as data processor (dpa)

According to the EU General Data Protection Regulation (GDPR), there may exist use cases where an Eplan customer takes the role of the controller according to Art. 28 of the GDPR, and Eplan itself takes the part of the processor. This is for example the case, if the Eplan customer processes personal data entrusted to him by his own customers or business partners within the Eplan Cloud. Therefore, the Eplan customer instructs Eplan to process the personal data of its customers.

Art. 28 of the GDPR requires the conclusion of a data processing agreement (dpa) for this case. Eplan provides you with a document under the following link, valid as a data processing agreement between the Eplan customer as the responsible controller and Eplan as the processor.

Storage location of data in the cloud inside and outside the EU

As a matter of principle, the personal data that we collect when you use the Eplan Cloud is stored and processed on servers within the EU economic area in compliance with the GDPR.

Your personal data is processed within the EU or the European Economic Area. In the context of using web analysis or e-mail dispatch services, for example, information may be transmitted to so-called "third countries" such as the USA. We transfer your personal data to contractual and business partners located in other third countries only if a corresponding arrangement of the European Commission exists for them or standard contractual clauses have been agreed. To transfer personal data to third countries, we obtain your consent in accordance with Article 6 (1) clause 1 lit. a) of the GDPR. For detailed information, see our Privacy Policy.