Plume is committed to privacy and has implemented a GDPR compliance program. Here is an overview of the key steps Plume has taken to comply with the GDPR:
- Data processing agreements: When we act as a Data Processor, we ask our customers to sign our GDPR-compliant Customer Data Processing Addendum which contains provisions required by Article 28 of the GDPR. In addition, we ask vendors processing Personal Data on our behalf or on behalf of our customers to sign our GDPR-compliant Vendor Data Processing Addendum.
- Cross-border data transfers: We have certified our adherence to the EU-U.S. and Swiss-U.S. Privacy Shield frameworks to provide a legal ground for the transfer of Personal Data from the EU and Switzerland to the U.S. You can see our Privacy Shield certification here. To learn more about our commitment to comply with the Privacy Shield principles, please visit our Privacy Shield Privacy Policy.
- Privacy policy: We have updated our Privacy Policy to comply with the GDPR and provide enhanced transparency to our consumers, including their new GDPR rights. If you have any questions about our privacy practices, please write us an email at privacy@plume.com.
- Legal ground for the processing and consent: When we act as a Data Controller, we only process EU Personal Data based on a valid legal ground. For that purpose, we have updated our consent flow and offer EU individuals the opportunity to withdraw their consent. To learn more about the legal grounds on the basis of which we process EU Personal Data, please visit our Privacy Policy.
- Cookies and similar technologies: We have implemented banners on our websites and apps to obtain consent for the use of cookies and similar technologies.
- Data security: We have implemented appropriate technical and organizational measures to protect the security of EU Personal Data.
This page is not intended to describe Plume’s processing of non-EU Personal Data. It is also not intended to provide legal advice. Please seek appropriate legal advice to ensure that your company complies with the requirements of the GDPR.