GDPR
This support article describes the processing of personal data and the responsibilities of the different parties in the Maventa service, where Maventa acts as the data processor and the customer companies act as data controllers. The article covers the data processing agreement included in the contract, data protection concerning subcontractors, and operational instructions in the event of data protection or data security issues. Additionally, it provides instructions on how user account deletions and other data protection requests are processed, how the organisation's administrator must proceed to forward requests through official channels, and what must be taken into account if the user account to be deleted belongs to the company's last main user.
- Processing of personal data in the Maventa service
- User account deletion and data protection requests
Processing of personal data in the Maventa service
In the Maventa service, personal data is processed as a data processor, and the customer companies using the service act as data controllers.
Maventa Terms and Conditions includes a data processing agreement, which defines the core principles for processing personal data.
A data processing agreement is always concluded with Maventa's subcontractors, ensuring an adequate level of data protection by the subcontractors and safeguarding user privacy. An up-to-date listing of subcontractors can be viewed in the Visma Trust Centre.
Measures in the event of a data protection issue
If data protection or data security issues are detected within the Maventa service or in the operations of its subcontractors, the matter must be reported immediately via email to privacy.maventa@visma.com.
User account deletion and data protection requests
The Maventa account is managed by the user's organisation, which acts as the data controller in accordance with the EU General Data Protection Regulation (GDPR). Although the registered user has the right to view or delete their own data, these requests must be addressed directly to the administrator of their own organisation.
Instructions for organisation administrators
If the organisation's administrator has received a data protection request from a user, contact is made with privacy.maventa@visma.com to execute the request.
For security reasons, requests are only accepted directly from the company acting as the data controller. The email communication must include a person with signing rights for the company, who confirms the request. Depending on country-specific practices, the signing rights are verified from a public registry, or a separate certificate of signing rights is requested from the company. If the person presenting the request acts as the data controller's accountant, the request is only accepted directly from the company itself.
Roles and responsibilities in processing data protection requests
| Role | Responsibility | Action |
| User | Data subject | Contacts the administrator of their own organisation regarding data protection requests. |
| Organisation | Data controller | Manages access rights and processes user data protection requests. |
| Maventa | Processor | Executes requests in accordance with the official instructions given by the data controller (organisation). |
ℹ️ If the user account to be deleted belongs to the company's last admin user, deleting the user account will simultaneously deactivate the entire company's Maventa account. Re-activating the company requires a separate contact with Maventa's customer support. For this reason, it is recommended to add or register a new admin user to the company account before deleting the current admin user, if the use of Maventa's services is to continue.