To achieve that goal, we have been working on building a GDPR compliance program designed to strengthen the protection of EU Personal Data we process. This page explains how the GDPR impacts Plume and what steps we’ve taken to comply with applicable legal requirements.
As of May 25, 2018, the General Data Protection Regulation (“GDPR”) has replaced the Data Protection Directive 95/46/EC and applies directly in all countries of the European Union (“EU”). The GDPR is the most important EU data protection legislation to be enacted in decades and Plume has made its GDPR compliance efforts a priority.
The GDPR applies to companies processing Personal Data in the context of the activities of an EU entity or to companies offering of goods or services to individuals located in the EU.
Our parent company, Plume Design, Inc. is established in Palo Alto, California, U.S., but it may collect Personal Data of EU individuals when offering goods and services to individuals located in the EU. We also have subsidiaries in Slovenia, Poland and Switzerland, in the context of which we may process EU Personal Data. In addition, the GDPR may apply to Plume when processing personal data on behalf of our customers established in the EU.
To learn more about the steps we’ve taken to comply with the GDPR, please see below under “How does Plume comply with the GDPR?”.
A “Data Controller” is the entity that determines the purposes (i.e., why) and means (i.e., how) of the data processing, whereas a “Data Processor” is the entity that acts on behalf and under the instructions of the Data Controller. Plume can act both as a Data Controller or a Data Processor depending on the case:
Plume is committed to privacy and has implemented a GDPR compliance program. Here is an overview of the key steps Plume has taken to comply with the GDPR:
This page is not intended to describe Plume’s processing of non-EU Personal Data. It is also not intended to provide legal advice. Please seek appropriate legal advice to ensure that your company complies with the requirements of the GDPR.