Data Processing Statement

Last Updated: 12/7/2025

THIS NEEDS UPDATING - ROB TO ACTION

1. Introduction

This Data Processing Agreement ("DPA") is an addendum to the Terms of Service between EasiPlan ("Processor") and you ("Controller"). This DPA reflects the parties’ agreement with regard to the processing of Personal Data.

2. Definitions

  • "Controller" means the entity which determines the purposes and means of the Processing of Personal Data. In the context of this Service, you, the customer organisation, are the Controller.
  • "Processor" means the entity which Processes Personal Data on behalf of the Controller. In the context of this Service, EasiPlan is the Processor.
  • "Personal Data" means any information relating to an identified or identifiable natural person.
  • "Processing" means any operation or set of operations which is performed on Personal Data.

3. Our Role

We act as a Data Processor for the data you provide and input into the EasiPlan platform. This includes user account information (names, email addresses) and all data entered as part of the audit process. You, the customer, act as the Data Controller, as you determine what data is entered into the system and for what purpose.

4. Details of Data Processing

  • Subject-matter: The provision of a digital audit and IT strategy platform.
  • Duration: For the duration of the service agreement.
  • Purpose: To enable the Controller to conduct digital audits, analyze results, and generate strategic reports.
  • Nature of Processing: Collection, storage, analysis, and generation of reports from data provided by the Controller.
  • Type of Personal Data: User names, work email addresses, job titles, and any personal data incidentally included in audit responses.
  • Categories of Data Subjects: Employees and staff of the Controller.

5. Data Security Measures

We implement and maintain appropriate technical and organisational security measures to protect Personal Data from security incidents and to preserve the security and confidentiality of the Personal Data, including but not limited to:

  • Encryption of data in transit and at rest.
  • Access controls to ensure only authorized personnel can access Personal Data.
  • Regular security assessments and staff training.

6. Sub-processors

We use third-party sub-processors, such as cloud infrastructure providers (e.g., Google Cloud), to provide the Service. We maintain a list of our sub-processors and will inform you of any intended changes concerning the addition or replacement of other sub-processors.

7. Contact Information

If you have any questions about this Data Processing Statement, please contact our Data Protection Officer at: [Your DPO/Contact Email]

Return to Homepage