FAQ Q311: Can we use Planyo and be GDPR compliant?

Yes, Planyo as a data processor allows you to be GDPR compliant although you need to perform actions on your end as a data controller to make sure you're GDPR compliant. Below is more detailed information regarding GDPR compliance and how the customers' private data is processed by us.

Which organizations have access to the customers' private data?

How are the end customers' rights ensured?

Planyo provides a way for end customers to request information about the data kept and to request removal of their personal data. This can be done at https://www.planyo.com/login/delete-info.php. The customer can enter their email address and will receive by email detailed information about the information we keep on our servers. They can also click on a link in this email in order to automatically have all their personal data deleted from our system BUT ONLY if the customer has no valid reservations which have ended 60 days ago or less and if there are no valid future reservations. The customer is also informed that if they wait at least 60 days after the end of the last valid rental, they can once again request the information email with the deletion link which will work under these circumstances. This also means that the site administrators should do all their necessary processing (report generation etc.) within 60 days of the rental end time. After this time, if given customer requests deletion of their data, planyo will only provide information about the reservation itself (reservation IDs will still exist) but no info about the customer. Please also see Q291 for information about how long the data is stored in case the customer does not request deletion of their personal info.

Automatic deletion of personal information

By default, for active planyo sites, personal information is not deleted automatically (it can be deleted manually by the administrators or upon request from the customer). If you'd like Planyo to assist you in fulfilling your GDPR obligations and automatically delete personal information from past reservations, you can configure automatic deletion of data in Settings / Active features. Here you'll find an option which will automatically delete all reservation data or only personal user information for reservations which ended more than X months ago.

Please note that you will also find another option on that page called Store customer's IP address. You can switch off the storage of the IP address from which the reservations of your customers are made. If, for security reasons, you leave this option selected, the IP address will be stored along with other personal data until automatic deletion (see above and also Q291 for more info about automatic deletion of personal data).

Cookie policy

See Q354 for a detailed listing of cookies stored in the frondend and in the backend.