Alpha This is a new service – your feedback will help us to improve it.

Menu Search

Pleo

The information on this page is from the privacy notice published by Pleo.

You can use this page to learn about how this organisation uses personal data and find out how to make a request related to the data they hold about you.

Make a request

  • See data they hold about you

    You can ask to see what data Pleo has about you. They usually can’t charge for this, and they must respond to your request within a month.

    Why you might make this request

    You might want a copy of the data about you to understand what data the organisation has collected about you.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Change data they hold about you

    You can ask Pleo to change inaccurate or incomplete data about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    If an organisation is using information about you which is incorrect, you can ask them to correct it.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Delete data they hold about you

    You can ask that Pleo delete information about you. They must respond to your request within a month. Sometimes your request can be refused.

    Why you might make this request

    You might want to delete data about you if, for example, you have stopped using an organisation’s services.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Limit how they use data about you

    You can ask that Pleo only store data about you and not use it. They must respond to your request within a month.

    Why you might make this request

    You might want the accuracy of the data to be verified or you might want the organisation to hold on to data so you can make a legal claim against them.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Stop their use of data about you

    You can ask Pleo to stop using your data for particular reasons. They must respond to your request within a month.

    Why you might make this request

    You might want to stop the organisation using your data to for direct marketing.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Export data they hold about you

    You can ask Pleo to move data about you to another service or provide it in a format that can be used by another service.

    Why you might make this request

    You might want to move your data to another organisation to get a better deal.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

  • Challenge an automated decision

    You can ask Pleo to give you information about how they use automated decision making, or ask for a person to review an automated decision.

    Why you might make this request

    You might want to find out about an automated decision if, for example, you were rejected for a bank loan or account.

    By email

    Email dpo@pleo.io using this template

    Copy template to clipboard

    By post

    Pleo Technologies ApS, Att: Privacy Function, Skelbækgade 2, 1717 Copenhagen V, Denmark

Organisation information

Description

Company expense management

Registration country

Denmark

Registration number

36538686

Data Protection Officer

Organisations that use special categories of data, are public bodies, or do large scale processing must appoint a Data Protection Officer.

Role

Data Protection Officer

Email address

dpo@pleo.io

Data categories collected

Organisations must give details about what categories of data are stored and processed.

  • Device information

  • Email address

  • Employment

  • Names

  • Postal address

  • Social security number

  • Telephone number

Observations

Pleo's privacy policy breaks down the categories of data they collect and displays which types of data may be collected for the different types of customer they serve.

Unusual processing purposes

Organisations must provide information about what they do with data. This section highlights less common uses of data.

This privacy notice does not appear to mention any unusual processing purposes.

Third parties

Organisations must give details about other parties that personal data is shared with.

List of third parties

  • Companies in the Pleo group

  • Third party service providers (such as other banks and secure identification solutions)

  • Third parties that are data processors (such as IT development and hosting)

  • Third parties that are data controllers (such as authorities, acquirers and other financial institutions)

  • IDT Financial Services Limited (who provide Pleo Account cards)

  • Relevant legal and regulatory authorities

How specific is this information?

Third parties are listed as groups

Retention rules

Organisations must give details about how long data is kept.

Summary

Pleo commit to storing data for no longer than is necessary to fulfil the purpose of processing it.

Once it is no longer required, personal data will be anonymised or deleted.

Pleo provide some examples of retention periods (below) though they note that this will differ between countries.

Data may be retained for 5 years after the termination of the connection between Pleo and the customer for money laundering and fraud detection purposes.

Data may be retained for 5 years for bookkeeping regulations.

Details on performance of a contract may be kept for up to 10 years after the relationship between Pleo and the customer ends, to defend against possible claims.

How specific is this information?

  • Retention rules are given without mentioning specific categories of data

  • Specific times are given for how long data is kept

Lawful bases

Organisations must justify collection and use of data under six lawful bases and provide information about their decisions

  • Consent

    - To confirm your identity and verify your personal and contact details.

  • Legal obligation

    - To provide our services and products.
    - To establish, exercise or defend a legal claim or collection procedures.
    - To provide our services and products.
    - To confirm your identity and verify your personal and contact details.
    - To establish, exercise or defend a legal claim or collection procedures.
    - To comply with internal procedures.
    - To prevent misuse of Pleo´s services as part of our efforts to keep our services safe and secure.
    - To carry out risk analysis, fraud prevention and risk management obligations, insurance risks and to comply with capital adequacy requirements.
    - To comply with applicable laws, such as anti-money laundering and bookkeeping laws, and rules issued by our designated banks and relevant card networks.
    - To confirm your identity and verify whether you could be interested in the Pleo Service.

  • Legitimate interests

    - To provide our services and products.
    - To confirm your identity and verify your personal and contact details.
    - To establish, exercise or defend a legal claim or collection procedures.
    - To comply with internal procedures.
    - For customer analysis, to administer Pleo's services, and for internal operations, including troubleshooting, data analysis, to develop and inform you about product enhancements, testing, research and statistical purposes.
    - To ensure that content is presented in the most effective way for you and your device.
    - To prevent misuse of Pleo´s services as part of our efforts to keep our services safe and secure.
    - To carry out risk analysis, fraud prevention and risk management.
    - To provide you with information, news and marketing about our and similar services.
    - To provide our services and products.
    - To establish, exercise or defend a legal claim or collection procedures.
    - To comply with internal procedures.
    - To prevent misuse of Pleo´s services as part of our efforts to keep our services safe and secure.
    - To carry out risk analysis, fraud prevention and risk management obligations, insurance risks and to comply with capital adequacy requirements.
    - To comply with applicable laws, such as anti-money laundering and bookkeeping laws, and rules issued by our designated banks and relevant card networks.
    - To provide and market our services and/or products to you.
    - To provide the support you seek from us.
    - To confirm your identity and verify whether you could be interested in the Pleo Service.
    - To answer any questions about our services.

Security standards

Organisations must ensure that data is stored and processed securely.

Observations

Pleo's policy indicates that they implement technical and organisational security measures to protect personal data.

How specific is this information?

This organisation provides general details about how they secure data

Data processing addendum

Some organisations offer a data processing addendum that gives data adequate protections when it leaves the EEA.

This privacy notice does not appear to have this information.

Automated decision making

Organisations must give details about how data is used to make decisions without human involvement.

Summary

This organisation does not use automated decision making

Observations

Pleo indicate that they do not currently carry out any processing which is defined as automated decision making.

Complaint information

Organisations must give details about how to make a complaint with a data protection authority.

Summary

This privacy notice contains information about to make a complaint to a data protection regulator

Observations

Pleo direct complaints and questions to their Data Protection Officer in the first instance, and provide contact details for a Danish-specific data protection authority.

How specific is this information?

This privacy notice contains specific contact details for a data protection regulator

Design recommendations

Organisations are required to provide privacy information in a transparent way. The Article 29 Working Party has provided recommendations on how to do this.

Assessment

This privacy notice:

  • Has language that is easy to understand

  • Is designed in a way that makes it easy to find information

  • Can be easily found on the organisation's website

Last updated 2018-06-29 at 08:06:08 • Download as JSONAPI documentationView on GitHubView on OpenCorporates