CivicPlus Resident Account Data Governance Overview
CivicPlus operates a unified resident account system enabling individuals to access multiple municipal Customers through a single account. Depending on the data category involved, CivicPlus and the Customer may operate as Processor, Independent Controller, or as Independent Controllers with shared responsibilities.
This document summarizes those roles and the allocation of responsibilities under the CivicPlus Data Processing Addendum (DPA). This overview is provided for transparency and does not modify the DPA or the Master Service Agreement.
Data Category | CivicPlus Role | Customer Role | DSAR Responsibility |
|---|---|---|---|
Service Data | Processor | Controller | Customer responds; |
Resident Account Data | Independent Controller | Not Controller (unless shared) | CivicPlus responds |
Resident-Directed Shared Data | Independent Controller | Independent Controller | Each responds for its own processing |
Public Records & Retention
Once incorporated into municipal systems, shared data may become subject to applicable public records, archival, and retention laws. The Customer assumes sole responsibility for compliance with such obligations. CivicPlus does not control municipal retention schedules or public disclosure obligations.
Interoperability
Cross-municipality data sharing occurs only with the affirmative direction of the resident and for the purpose of enabling access to municipal services. Such resident-directed interoperability does not constitute unauthorized disclosure.
Data Protection Laws
Each party remains independently responsible for compliance with applicable Data Protection Laws for its own processing activities.
Questions
For questions, please contact privacy@civicplus.com