Microsoft Project Online retires September 30, 2026, migrate to a modern platform before it's too late.Start migration

Legal · Data Protection

Data Processing Agreement

Last updated: May 13, 2026

This page hosts the current Onplana Data Processing Agreement (DPA), entered into between Devsoft Solutions (acting as Processor) and the customer organisation (acting as Controller) for any personal data processed on behalf of that organisation through the Onplana platform. It satisfies the Article 28 requirements of the EU GDPR (and the UK GDPR equivalent) and is incorporated by reference into the Onplana Terms of Service.

The DPA covers data processing scope and duration, the categories of data subjects and personal data, the security measures applied (encryption in transit and at rest, access controls, breach notification timelines), sub-processor authorisation, international transfer mechanisms (Standard Contractual Clauses), and the data-subject-rights assistance the Processor provides on request. The list of currently-engaged sub-processors is published separately on the Subprocessors page; the DPA authorises that list and the notification process for material changes.

Request the DPA

The current DPA is provided on request. Email privacy@onplana.com and we will send the PDF (and, if required, a bilaterally-signed counterpart) within one business day. Each issuance is logged so we can notify you of any material revisions per the change-notification commitments in Annex III.

Request the DPA

What to include in your request

For most DPO reviews the unilateral form of the DPA is sufficient and we will return it within one business day. If your procurement team requires a bilaterally-signed copy with your organisation's name in the parties block, please include:

  • Your organisation's legal name and registered address.
  • The signatory's name, title, and email.
  • Any sector-specific addenda you need (HIPAA BAA, UK addendum, Swiss addendum, IDTA). We support each of these; we'll route to the right counterpart on our side.

We turn signed counterparts around within five business days. For enterprise procurement timelines, request the DPA before your other security review tracks so it doesn't end up on the critical path.

Companion documents

  • Privacy Policy — describes the personal data we process when you visit the marketing site, sign up, and use the product, plus the legal bases and your data-subject rights.
  • Subprocessors — the third-party providers authorised by the DPA, with purpose, data category, processing region, and per-provider DPA reference.
  • DPIA support resource — structured inputs for the Controller's Art. 35 DPIA, satisfying our Art. 28(3)(f) / 35(7) assistance obligation.
  • Security overview — the technical and organisational measures (TOMs) referenced by Schedule 2 of the DPA.
  • Terms of Service — the Master Services Agreement that the DPA forms part of.

Questions about the DPA?

Email privacy@onplana.com — typical response within one business day. For urgent procurement-clock items, mention the deadline in the subject line.

We use strictly-necessary cookies to operate this site (sign-in, anti-spam). With your consent, we also use Google Analytics 4 (anonymized IP) to understand which pages are useful. No ad tracking. See our Cookie Policy and Privacy Policy.