The privacy and security of your data stored within Planning Center is of utmost importance to us. We view recent data privacy legislation from the EU, such as GDPR and Privacy Shield, as opportunities to demonstrate our commitment to the privacy of you and your church.
Even though a small portion of our customer base is located in the EU, all of the data that we store or process is held to the same higher standards set forth in the GDPR.
We have self-certified with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. Details of our participation status are available on the Privacy Shield website. (Our registration is under our corporate name, Ministry Centered Technologes, Inc.)
Planning Center is fully committed to upholding the standards put in effect by GDPR. We have contracted with an EU data privacy firm to act as our DPO and provide us ongoing guidance to ensure we are continually meeting the obligations of GDPR and to help our customers.
You can request to enter a Data Processing Agreement (DPA) with us here.
Information about Planning Center’s security practices is available on our Security Overview page.
Does our church always need to collect consent from every individual in our database?
Not necessarily. Consent is just one of several legal bases for processing data. Built into the GDPR are provisions for using “legitimate interest” as a basis for churches to process their member’s data.
This tool can help you determine your lawful basis for processing data, and if you indeed have legitimate interest or any other basis.
Where are your servers located?
Our servers and infrastructure are all based in Amazon’s AWS data centers in Virginia.
Who are your subprocessors?
An up to date list of all of our subprocessors is available here. From there you can subscribe to receive notifications before we engage with new processors.