Logo
Sign in
Book Demo
Logo
Sign in
Book Demo

Privacy Policy


Terms we use in this policy

When we say “Pleaz”, “we”, “our”, or “us”, we mean Pleaz ApS, Fruebjergvej 3, 2100 Copenhagen East, which is the entity responsible for processing your personal data. When we say “app”, “website”, "Services" or “products”, we refer to Pleaz – a Software as a Service company – offering products in the form of two web applications, a mobile application, and a Microsoft Teams application.



A. Website Privacy Policy (Controller Role)


1. Intro

Ensuring the privacy of all Pleaz users are of the highest priority. Therefore, Pleaz are serious about your security. This document explains how Pleaz handle your personal information. We use personal data to understand how and help our users and buyers with getting the maximum amount of value out of our products.
For personal data collected via the website where no customer relationship exists, Pleaz acts as the Data Controller.

 

2. Collection of personal information

The following types of personal information are collected, stored, and used:

Information about your computer, including your IP address, geographic location, browser type and version, and operating system.

Information about your visits and use of service, including (but not limited to) the referral source, visit length, page views and navigation paths on the services.

Information that you give us when we sign you up for our services such as email address and name. As a user, your e-mail is collected automatically, but your name is optional. You may give us your name through other sign-up forms, contact forms, etc.

Information that you enter when using the services on our services. Information gathered while using our services includes when and how often you use our services.

Information contained in any communication sent to us via email, including their communication content and metadata.

Any other personal information that you submit to us.

 

3. Source of the data collection

Pleaz collects data about you through three sources: 1) when you provide it to us (e.g. by contacting us through our Contact form, Get a Demo, Partner forms or by signing up for newsletter, 2) from your use of our website, using cookies, and, 3) occasionally, from third parties.

 

3A. Non-Customer Data Processing

Pleaz processes personal data from individuals who are not customers and where no Data Processing Agreement (DPA) is in place.

This includes individuals who:

In such cases, individuals voluntarily provide personal data such as name and email address for the purpose of being contacted by Pleaz and setting up meetings or receiving requested information.

By submitting personal data through these forms, individuals acknowledge and accept this Privacy Policy.

This data processing is limited to:

    • Responding to requests
    • Providing information about services
    • Scheduling and conducting meetings
    • Follow-up communication

Pleaz acts as the Data Controller for this processing.

 

4. Purpose of collecting the data

Personal information submitted to us through our website will be used solely for the purpose specified in this policy. We may use your personal information for the following:

We use personal data to understand how and help our users and buyers with getting the maximum amount of value out of our products.
Activating your use of the services available on our website.
Sending messages, invoices, and payment reminders to you and collecting payments from you.
Sending you email messages to remind you of relevant content on the platform or if specifically requested.
Handling inquiries and complaints from or about you regarding our website.
Keeping our website secure and preventing fraud.
Verification of compliance with the terms and conditions of use of our website.
Other relevant use.

 

5. Disclosure of personal information

We will not disclose your personal information to any third party for their or any other third party’s direct marketing without your explicit consent.

We may disclose your personal information to our employees, customers, or suppliers as reasonably necessary for the purposes described in this policy:

  • To the extent that we are required to do so by law.
  • In connection with ongoing or future litigation.
  • To establish, exercise, or defend our legal rights (including providing information to others for fraud prevention or credit risk mitigation).
  • To any person whom we responsibly believe may request a court or other competent authority the disclosure of this personal information where, in our responsible opinion, such court or authority is likely to order disclosure of such personal information.

Pleaz may also use your data in an anonymous or aggregated form for internal or external use (such as computing industry trends, statistics, etc).

Except in the circumstances set out in this policy, we will not disclose your personal information to any third party under any circumstances.

 

 

6. Security of your personal information

Pleaz focuses on being a low-risk company, where the collection of personal data is minimal. The only personal data which will be used are the data described in this policy.

Pleaz uses HTTPS to ensure secure encryption of your data.

Pleaz also implements appropriate technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data.

 

7. Storage of personal information

Pleaz is storing your personal data in a secured system following the current security requirements to the storage of personal data in accordance with the EU General Data Protection Regulation (GDPR).

 

8. Data processing

Pleaz is processing your personal data only in a safe and confidential manner in compliance with current legislation, including the EU General Data Protection Regulation (GDPR).

Pleaz uses a number of data processors for the above-mentioned processing of your personal information. To this end, Pleaz has entered into data processing agreements with said data processors, which guarantee that the data processors comply with applicable legislation regarding data protection, including the GDPR.

Pleaz only uses data processors placed in third countries after having ensured that the data processors have made binding and enforceable commitments to comply with European legislation on data protection, i.e. the GDPR, and thus ensured an adequate level of protection.

Consequently, personal data will only be transferred to data processors based in the US if said data processors have access to the EU US Privacy Shield.

 

9. International Transfers

Information we collect may be stored, processed, and transmitted between any of the countries in which we operate, or our Sub-processors maintain data processing operations, to enable us to use the information in accordance with this policy. We shall at all times provide an adequate level of protection for the Customer Data processed, in accordance with the requirements of Data Protection Laws.

For further information please see the list of all our sub-processors.

 

10. Requests regarding your personal data

If you find that the personal data Pleaz is processing about you is false or inadequate, please let us know and Pleaz will rectify the information (your right to rectification). Further, please let us know if you wish to receive the personal data Pleaz store about you in a machine-readable format (exercise your right to data portability).

You can contact us via the email: hello@pleaz.io if you want to exercise these rights, the right to restriction of processing, or the right to erasure.

 

11. Sensitive Personal Information

‘Sensitive personal information’ is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.

We do not knowingly or intentionally collect sensitive personal information from individuals, and you must not submit sensitive personal information to us.

If, however, you inadvertently or intentionally transmit sensitive personal information to us, you will be considered to have explicitly consented to us processing that sensitive personal information under Article 9(2)(a) of the General Data Protection Regulation. We will use and process your sensitive personal information for the purposes of deleting it.

 

12. Retention period

Pleaz will save your personal data for no longer than necessary, taking into account any legal obligations we have (e.g. to maintain records for tax purposes), any other legal basis we have for using your information (e.g. your consent, performance of a contract with you or our legitimate interests as a business).

 

13. Amendments

We may update this policy from time to time. We may notify you of changes to this policy via email.

 

14. Last updated

Pleaz’s Privacy Policy is reviewed and updated regularly.

 

15. List of all sub-processors

See Pleaz' subprocessors in Pleaz' Trust Center.





B. Platform Privacy Policy (Processor Role – Users)


1. Who We Are

Pleaz ApS provides a Software-as-a-Service (SaaS) platform offering digital well-being services, including online instructor-led activities and a voluntary employee step challenge feature.

For users of the platform:

  • Your employer acts as the Data Controller.
  • Pleaz ApS acts as the Data Processor, processing personal data on behalf of your employer in accordance with Article 28 GDPR.

If you have questions regarding your personal data, you may contact your employer (Data Controller) or contact us at: hello@pleaz.io

 

2. Purpose of Processing

We process personal data solely to provide the SaaS platform to your employer, including:

  • Granting employees access to the digital well-being platform
  • Providing instructor-led video well-being activities
  • Administering a voluntary employee step challenge feature
  • Measuring platform usage and engagement
  • Providing aggregated reporting to your employer
  • Maintaining platform functionality and technical performance
  • Handling user inquiries and support requests

 

3. Categories of Personal Data Processed

We process the following personal data:

Identification Data

  • First name
  • Email address (primary identifier)
  • IP address
  • Device/computer information
  • Technical logs
  • Geographic location

Contact Data

Technical Data

Usage Data

  • Platform activity data
  • Participation metrics
  • Frequency and duration of use

Step Challenge Data (Voluntary Feature)

  • Step count data
  • Activity metrics
  • Participation statistics

Step challenge data is processed for engagement, participation tracking, and aggregated reporting purposes.

4. Categories of Data Subjects

Personal data is processed for:

  • Employees of the Data Controller (your employer)
  • Article 6(1)(b) GDPR – Performance of a contract
  • Article 6(1)(f) GDPR – Legitimate interests
  • Article 6(1)(a) GDPR – Consent (where applicable, including voluntary participation in step challenges)

 

5. Legal Basis for Processing

The legal basis for processing is determined by your employer (Data Controller), typically under:

Pleaz ApS processes personal data strictly in accordance with documented instructions from the Data Controller.

We do not process special categories of personal data under Article 9 GDPR.

 

6. Nature of Processing

Processing activities include:

  • Collection
  • Hosting
  • Storage
  • Use
  • Analysis
  • Aggregated reporting
  • Deletion upon termination

All processing is limited to what is necessary to provide the platform.

 

7. Retention Period

Personal data is processed for as long as necessary to provide the services under the Main Agreement between Pleaz ApS and your employer.

Upon termination of the agreement:

  • Personal data will be deleted within 30 days, unless Union or Member State law requires continued storage.
  • Based on documented instructions from the Data Controller, and
  • In compliance with Chapter V GDPR.
  • Sub-processors are listed on our website.
  • Sub-processors are contractually bound to GDPR-compliant obligations.
  • All cloud solution providers process and store user data within the EU.
  • Data Controllers are notified at least 30 days in advance of any changes to sub-processors.

 

8. International Transfers

Personal data is processed within the European Union.

Transfers to third countries may only occur:

Pleaz ApS does not transfer personal data outside the EU without lawful safeguards.

 

9. Sub-Processors

We may use authorized sub-processors to provide hosting, infrastructure, or related services.

 

10. Security of Processing

In accordance with Article 32 GDPR, we implement appropriate technical and organizational measures, including:

  • Encryption and pseudonymisation where appropriate
  • Ensuring confidentiality, integrity, and availability
  • Ability to restore access in case of incidents
  • Regular security testing and evaluation

Security measures are proportionate to the risks to the rights and freedoms of natural persons.

 

11. Personal Data Breaches

In the event of a personal data breach:

  • We notify the Data Controller without undue delay (within 24 hours of awareness where possible).
  • We assist the Data Controller in notifying the supervisory authority (if required).
  • We assist in communicating breaches to affected data subjects where required by law.

 

12. Your Rights Under GDPR

Under Chapter III GDPR, you have the following rights:

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure ("right to be forgotten")
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right not to be subject to a decision based solely on automated processing, including profiling

As Pleaz ApS acts as Data Processor, requests should primarily be directed to your employer (Data Controller).

We assist the Data Controller in fulfilling these rights.

 

13. Automated Decision-Making

The platform does not carry out decisions based solely on automated processing that produce legal or similarly significant effects.

Step challenge participation metrics are used for engagement tracking and aggregated reporting only.

 

14. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with:

The Danish Data Protection Agency (Datatilsynet)
www.datatilsynet.dk

You may also contact your local supervisory authority in the EU.

 

15. Deletion of Data

Upon termination of services:

  • All personal data will be deleted within 30 days
  • Or returned to the Data Controller if required
  • Except where legal retention obligations apply

Deletion is certified upon request.

 

16. Updates to This Policy

This Privacy Policy may be updated to reflect legal or operational changes. Updated versions will be made available via the platform.