Please read this Policy carefully and contact us if you have any questions about our privacy practices or your personal information choices.
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
It is important that you check back often for updates to this Policy. If we make changes we consider to be important, we will let you know by placing a notice on our website and/or contacting you using other methods such as email.
This Policy was last updated on 12th May 2022.
The data we collect about you
Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:
- Identity Data includes first name, maiden name, last name, username or similar identifier.
- Contact Data includes billing address, email address and telephone numbers.
- Financial Data includes bank account and payment card details.
- Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website.
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us, including hospitality event preferences and our third parties and your communication preferences.
We do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal information:
Where we need to collect personal information by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
How is your personal information collected?
We use different methods to collect data from and about you including through direct interactions. You may give us your Identity, Contact and Financial Data by filling in forms or by corresponding with us by post, phone, email or otherwise. We also collect information on you when you:
- Apply for our Services;
- Create an account on our website;
- Subscribe to our service or publications;
- Request marketing to be sent to you;
- Enter a competition, promotion or survey; or
- Give us some feedback.
Additionally, we may collect information on you through automated technologies or interactions through third parties or publicly available sources. In addition to collection of technical data, we may receive personal information about you from various third parties including public records and Social media as set out below;
- Contact, Financial and Transaction Data from providers of technical, payment and delivery services
- Identity and Contact Data from publicly availably sources such as Companies House, register of planning decisions and the Electoral Register based inside the EU.
How we use your personal information
We will only use your personal information when the law allows us to.
Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
Please note that we may process your personal information without your knowledge or consent, in compliance with data protection rules, where this is required or permitted by law.
The Company shall not keep employee personal data for any longer than is necessary in light of the purpose or purposes for which it was originally collected, held, and processed.
When employee personal data is no longer required, all reasonable steps will be taken to erase or otherwise dispose of it securely and without delay.
Data Subject Access
Employee data subjects may make subject access requests (“SARs”) at any time to find out more about the personal data which the Company holds about them, what it is doing with that personal data, and why.
Employees wishing to make a SAR should do so using a Subject Access Request Form, sending the form to the Company’s Data Protection Officer at email@example.com.
Responses to SARs must normally be made within one month of receipt; however, this may be extended by up to two months if the SAR is complex and/or numerous requests are made. If such additional time is required, the data subject shall be informed.v
All SARs received shall be handled by the Company’s Data Protection Officer [in accordance with the Company’s Data Subject Access Request Policy and Procedure].
The Company does not charge a fee for the handling of normal SARs. The Company reserves the right to charge reasonable fees for additional copies of information that has already been supplied to an employee data subject, and for requests that are manifestly unfounded or excessive, particularly where such requests are repetitive.
You can ask us [or third parties] to stop sending you marketing messages at any time.
Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of a Service purchase or other transaction.
Disclosures of your personal information
The Company shares or discloses personal information when necessary to provide Services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements. We do not sell any personal information to third parties. Below are the parties with whom we may share personal information and why.
Our business partners: We occasionally partner with other organisations based in the United Kingdom to deliver the Services, provide content, or to host events, conferences, and seminars. As part of these arrangements, you may be a customer of both the Company and our partners, and we and our partners may collect and share information about you.
Our third-party service providers: We partner with and are supported by service providers within the United Kingdom. Personal information will be made available to these parties only when necessary to fulfil the goods or services they provide to us, including (without limitation) software, system, and platform support; direct marketing services; cloud hosting services; advertising; data analytics; and order fulfilment and delivery. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us.
We require our business partners and third party service providers to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
Third parties for legal reasons: Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this privacy notice.
We take appropriate steps to ensure that personal information is processed, secured, and transferred according to applicable law.
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Our information security policies and procedures are closely aligned with widely accepted international standards and are reviewed regularly and updated as necessary to meet our business needs, changes in technology, and regulatory requirements. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your legal rights
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Access to personal information: If you request access to your personal information, we will gladly comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data.
Correction and deletion: You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion or transfer of your personal information; however, this is not always possible due to legal requirements and other obligations and factors. Remember that you can contact us about our use of your personal information by using the “Contact Us” option on our website.
Object to processing of your personal information: where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal information for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Withdrawal of consent
If we are processing your personal information on the basis that you have given your consent to us processing that personal information, you have a right to withdraw your consent at any time by contacting firstname.lastname@example.org.
Request the transfer of your personal information to you or to a third party
We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
GDPR and legitimate interest
The project is to provide well targeted marketing data to third parties by speeding up interrogation of publicly available planning application and allowing Plany clients to offer their services to the applicant in relation to the subjects planning application. This achieved by the system auto generating a hard copy of a letter that our customers can print and mail to the applicant at the property address.
By using Plany's processed data; data feeds can be sent to trusted third party companies for data matching and comparing records held from other sources. This process involves a better understanding of the applicant, so targeted marketing can be achieved under legitimate interest. The trusted third-party companies who receive the data feeds must conduct a legitimate interest assessment to assess their own interest is lawful against the applicant.
Why do we want to process the data?
The intention is to provide well targeted marketing data to third parties by speeding up the interrogation of publicly available planning applications and allowing Plany clients to offer their services to the applicant in relation to the subjects' planning application. This is achieved by the system auto generating a hard copy of a letter that our clients can print and mail to the applicants' postal address. By using Plany's processed data; data feeds can be sent to trusted third party companies for data matching and comparing records held from other sources. This process involves a better understanding of the applicant, so targeted marketing can be achieved under legitimate interest. The trusted third-party companies who receive the data feeds must conduct a legitimate interest assessment to assess their own interest is lawful against the applicant.
What benefit do you expect to get from the processing?
We expect the data we process to be highly targeted for marketing products in connection with the applicants' planning application. By speeding up the process of the data third party suppliers will be able to focus on specific searches to allow directed products to be marketed to the applicant and thus being able to achieve sales. This will discount any unwanted marketers sending unnecessary products to the applicant regarding their planning application.
Do any third parties’ benefit from the processing?
Third parties’ benefit from the process as it speeds up the interrogation of publicly available planning applications and allows Plany clients to offer their services to the applicant in relation to the subjects planning application. The data that is processed is also an opportunity for third parties to be able to data match against records they currently hold so the targeted marketing can be more directed towards the applicant. The processing is necessary for third parties to direct their marketing and products to people who are more likely to be receptive, thus making it more cost-efficient to both parties.
Are there any wider public benefits to the processing?
We believe that processing this data is beneficial to the public as it will save time researching suppliers and will speed up the process of identifying suitable products to complete their project for which they have made a planning application for. This will also reduce the carbon footprint and thus stabilising unwanted use of electricity and carbon emissions in the UK. What would the impact be if you couldn't go ahead with the processing? The impact in not processing the data would have a detrimental issue on Plany's revenue. This would also impact third party companies not being able to highly and specifically target applicants in connection with their planning application. This will be to the detriment of the applicant as they will have to spend considerable time researching and travelling to get to the best suppliers for their intended project.
Are we complying with relevant protection laws, industry guidelines and codes of practice?
Plany complies with all relevant protection laws, industry guidelines and codes of practice. By using the Plany software it produces a marketing letter that is posted to the applicants' address and does not need consent from the applicant under lawful basis. It is targeted marketing material in connection with their planning application under legitimate interest. Plany simply collects the data for their third-party clients to use. Data matching involves comparing computer records held by one body against the other's computer records held by the same or another body to see how specifically they match so that the highly targeted marketing material can be executed on the applicant. It does not require the consent of the applicant under UK General Data Protection Regulations and Data protection Act 2018.
Our legitimate Interest
Our legitimate interest is specifically to enhance the sales, marketing and business processes of the construction, retail, property, financial and associated industries by providing information, which is timely, highly targeted and bespoke. We believe our processes strike a balance between our legitimate interest and the interests of the individuals concerned.
There are clear indications for applicants to op out and wish to stop marketing communication.
If our data was not made available, we believe our customers targeting by mail will be impaired as it will not be highly targeted, with the outcome being that there could be an increase in irrelevant mail communications to applicants.
In a business-to-business context, opt-in consent is not required for Plany to share this data with its third-party customers. In respect of Plany's business properly informed opt-in consent is not realistic or practical.
For data feeds to trusted third party companies under GDPR; once data has been exported from our system, our customer becomes the data controller and therefore must ensure that their collection, use, storage and retention of data complies with the GDPR.
We do strongly recommend that our customers using our data get advice and help with their own position as regards legitimate interest.
Filing a complaint
If you are not satisfied with how the Company manages your personal information, you have the right to make a complaint to the Information Commissioner’s Office (https://ico.org.uk).
This policy has been approved & authorised by:
Name: Simon Philipp
Date: 12th May 2022