GDPR Compliance
FacilityLane is committed to protecting your data and complying with the General Data Protection Regulation (GDPR).
Our Commitment to GDPR
As a CMMS and EAM platform serving customers worldwide, including the European Union, FacilityLane is fully committed to GDPR compliance. We have implemented comprehensive technical and organizational measures to ensure the protection of personal data.
Our GDPR compliance program covers all aspects of data processing, from collection to deletion, and we continuously monitor and update our practices to align with regulatory guidance and best practices.
Data Processing Agreement (DPA)
We offer a Data Processing Agreement that meets GDPR requirements for all customers processing EU personal data. Our DPA includes Standard Contractual Clauses (SCCs) for international data transfers.
Request a DPA →GDPR Principles We Follow
Our data processing practices align with the six key principles of GDPR.
Lawfulness, Fairness & Transparency
We process personal data lawfully and transparently. You always know what data we collect and why.
Purpose Limitation
Personal data is collected for specified, explicit, and legitimate purposes only.
Data Minimization
We only collect data that is necessary for the purposes for which it is processed.
Accuracy
We take reasonable steps to ensure personal data is accurate and kept up to date.
Storage Limitation
Personal data is kept only as long as necessary for the purposes for which it was collected.
Integrity & Confidentiality
Personal data is processed securely using appropriate technical and organizational measures.
Your Data Subject Rights
Under GDPR, you have specific rights regarding your personal data. Here's how we support each right.
Right to Access
You can request a copy of your personal data at any time. We will provide this within 30 days.
Right to Rectification
If your data is inaccurate or incomplete, you can request that we correct or update it.
Right to Erasure
You can request deletion of your personal data when it's no longer necessary for the purposes it was collected.
Right to Restrict Processing
You can request that we limit how we use your data under certain circumstances.
Right to Data Portability
You can request your data in a structured, commonly used, machine-readable format.
Right to Object
You can object to processing of your personal data for direct marketing at any time.
To exercise any of these rights, please contact our Data Protection Officer.
[email protected]Data Processing & Storage
EU Data Residency
For EU customers, we offer data residency within the European Union. Your data never leaves EU borders unless you explicitly configure otherwise.
| Region | Location | Infrastructure |
|---|---|---|
| European Union | Frankfurt, Germany | AWS EU-Central-1 |
| United Kingdom | London, UK | AWS EU-West-2 |
Security Measures
We implement robust technical and organizational measures to protect personal data:
Sub-Processors
We use a limited number of sub-processors to deliver our services. All sub-processors are bound by data protection agreements and undergo regular security assessments.
Our current list of sub-processors includes cloud infrastructure providers, email service providers, and analytics tools. A complete list is available upon request and is updated whenever changes occur.
Frequently Asked Questions
Is FacilityLane GDPR compliant?
Yes. FacilityLane has implemented comprehensive measures to ensure GDPR compliance, including data processing agreements, technical security controls, and organizational policies that align with GDPR requirements.
Where is my data stored?
EU customers' data is stored in our Frankfurt, Germany data center (AWS EU-Central-1). UK customers can choose between our Frankfurt or London (AWS EU-West-2) locations. Data never leaves these regions without explicit configuration.
How do I request my data?
You can export your data directly from FacilityLane's admin settings, or contact our Data Protection Officer at [email protected] to request a complete copy of your personal data.
Do you have a DPA?
Yes, we provide a Data Processing Agreement (DPA) that includes Standard Contractual Clauses. Contact us to receive and execute a DPA for your organization.
How do you handle data breaches?
We have incident response procedures in place. In the event of a data breach affecting personal data, we will notify affected customers within 72 hours as required by GDPR, and work with supervisory authorities as needed.
Questions About GDPR Compliance?
Our team is here to help with any questions about our data protection practices.