planhappy privacy notice
We (PlanHappy Ltd trading as “planhappy”) are committed to ensuring that your personal information and privacy are protected. Please read this privacy notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we collect, store and process your personal data we are regulated by the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 and any other applicable data protection and privacy legislation. We are responsible as a ‘controller’ or a ‘processor’ (depending on why we are storing and processing your personal data) for the purposes of data protection legislation.This privacy notice applies to any individual whose data we process, including (but not limited to) visitors to our website, Licensees and Clients of Licensees (please see definitions below).
planhappy may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective as of February 2020.
|We, us, our, PlanHappy||PlanHappy Ltd (CRN: 10676266) (trading as “planhappy”), a private company limited by shares whose registered office is at The Planning Rooms, Wellington Court, Preston Farm Business Park, Stockton-on-Tees TS18 3TA|
|Our point of contact||
The Planning Rooms, Wellington Court, Preston Farm Business Park, Stockton-on-Tees TS18 3TA
|Personal data/ information||
|Any information relating to an identified or identifiable individual|
|Sensitive personal data/ information||
|Personal data revealing racial or ethnic origin, political opinions, religious beliefs, philosophical beliefs or trade union membership, genetic and biometric data, data concerning health, sex life or sexual orientation, or details of criminal offences|
|Licensees||An entity/individual that is granted a licence by PlanHappy to use the planhappy platform, including any users authorised to use the planhappy platform by such entity/individual, and who provides services to its clients|
|Client||A client of the Licensee|
We may collect, use, store and transfer different types of personal data including, but not limited to, the following:
- Identity data – includes first name, last name, username or similar identifier, title, date of birth. If you attend our offices, we may collect details of your car registration
- Contact data – includes billing address, postal address, email address and telephone numbers
- Financial data – includes bank account and payment card details
- Transaction data – includes details about payments to and from you and other details of products and services you have purchased from us
- Technical data – includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access the planhappy, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs)
- Profile data – includes your username and password, purchases or orders made by you and any requests for support, your feedback and survey responses
- Usage data – includes information about how you use our website, products and services
- Marketing and communications data – includes your preferences in receiving marketing from us and our third parties and your communication preferences
We may also collect and share aggregated data. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
The personal information we collect about you will depend on our relationship with you, e.g. whether you are a Licensee, a Client, a visitor to our website etc. We only collect personal information about you where it is both lawful and necessary.
If you are a Client, please note we provide a subscription service to Licensees that allows them to upload information about you onto the planhappy platform. Such information is securely stored by us, but we do not access such information unless it is necessary to do so.
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with services). In this case, we may have to cancel a service you have with us but we will notify you if this is the case at the time.
Our website is not intended for children and we do not knowingly collect data relating to children.
We may collect/store (via the Licensee) the following sensitive personal information about you:
- If you are a Client, any sensitive personal information uploaded to the planhappy platform by the Licensee. We will not access this information unless it is absolutely necessary.
This sensitive personal information is stored and processed for the reasons, and in the manner, explained below. We only collect and store such sensitive personal information where it is necessary and lawful to do so. We are committed to protecting and preserving the confidentiality of this information.
The Licensee is responsible for ensuring that all necessary appropriate consents and notices in place to enable lawful transfer of personal data and sensitive personal data to us for the purposes of performing our contract with the Licensee.
How we collect your personal data
We use various methods to collect your personal data including, but not limited to:
- Directly: You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or otherwise
- If you are a Client, through the Licensee (as covered above)
- Through third parties or information publicly available: Third parties to whom you have provided your personal data where you have expressly consented to them sharing your contact details with us; Publicly available sources, for example Companies House, The Financial Conduct Authority, directories, search engines and social media.
How and why we use your personal information
We may collect your personal data for the following purposes:
- to register you as a user on the planhappy platform;
- to provide services to you and fulfil our contract with you;
- to administer our relationship with you, including processing payments, accounting and taking other steps linked to the performance of our relationship and/or the relationship between the Licensee and the Client;
- compliance with our legal and regulatory obligations, including maintaining records, compliance checks etc.;
- to analyse and improve our services and communications and to ensure business policies are adhered to e.g. policies covering security, data protection, use of our website etc.;
- to protect the security of our website, communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for insurance purposes;
- to exercise or defend our legal rights, or to comply with court orders;
- for any other purposes related and/or ancillary to any of the above or any other purposes for which your personal data was provided to us;
- for statistical analysis to help us manage our practice e.g. in relation to our financial performance, client base, work type or other efficiency measures;
- to communicate with you to keep you up-to-date on the latest developments, announcements, and other information about our, events and initiatives;
- to send you feedback surveys and marketing campaigns; and
- to collect information about your marketing preferences to personalise and improve the quality of our communications with you.
Under data protection legislation, we can only use your personal data if we have a reason for doing so. We may process your personal data in connection with any of the purposes set out above on one or more of the following legal grounds:
- for the performance of our contract with you or to take steps at your request before entering into a contract;
- to comply with our legal and regulatory obligations;
- because our legitimate interests, or those of a third party recipient of your personal data, make the processing necessary, provided that those interests are not overridden by your interests or fundamental rights and freedoms;
- where you have given consent; or
- in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings.
Please note a legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests.
How and why we store your sensitive personal information
Please note we provide a subscription service to Licensees that allows them to upload information about Clients onto the planhappy platform. Such documents and information are securely stored by us, but we do not access such information unless it is necessary to do so.
If you are a Client, we may collect/store your sensitive personal data for the following purposes:
- to securely store any sensitive personal information uploaded to the planhappy platform by the Licensee, as deemed necessary by the Licensee to allow the Licensee to provide services to you. Please note we will not access such information unless it is absolutely necessary, such as where we need to retrieve lost personal data.
The Licensee is responsible for ensuring that all necessary appropriate consents and notices in place to enable lawful transfer of sensitive personal data to us for the purposes of performing our contract with the Licensee.
Holding your data
We undertake to review the data we hold on you on a regular basis to ensure compliance with data protection law. In the course of any review, we will:
- Subject to you informing us of any changes, update the data to ensure that any errors or inaccuracies are corrected.
- Subject to the data retention periods, as detailed below, securely delete the data when it is identified that we no longer need to hold it.
- We will only keep your personal data for as long as is necessary for the purpose(s) it was collected, including for the purposes of satisfying any legal, regulatory, accounting or reporting requirements.
- We keep your data for the minimum period we consider necessary to resolve any queries and to ensure legal and regulatory compliance and in line with industry practice.
- If you are a Client, as mentioned above, we do not access your personal/sensitive personal data unless it is absolutely necessary. Such data is uploaded by the Licensee to the planhappy platform to be securely stored. We therefore rely on the Licensee promptly archiving your matter
- In general, we may retain and process your data for the following periods. In the event that more than one period applies to the same data, we will retain the data to the last such period to expire.
- We will hold any agreements between you and us for a period of 6 years from the termination or expiry of the agreement unless we have been notified of any claim or circumstance which might give rise to a claim under or by reference to such agreements.
- We will process data relating to services which we have provided to you. We will process such data throughout the entire period you are and remain a client of the firm and for a period of not less than 6 years following our ceasing to provide service to you.
- We will hold data as required by any relevant third party until the end of any limitation period imposed by that relevant third party, which in the case of HMRC shall be 7 years, unless we are notified that any period is considered “open” by HMRC in which case it will be until we are notified the period is “closed”.
- We will hold data as required for the purposes of any legal proceedings for a period of 6 years following the conclusion of any such proceedings unless a longer period is required pursuant to any court rule or enactment. Proceedings will be taken to have concluded on the expiry of any period given for appealing any final judgment or on the date of concluding any settlement staying all relevant claims if the proceedings were settled before judgement.
Save for the above, we will hold data for a maximum of 10 years from the date we receive the data.
We are committed to ensuring that your information is secure. We endeavour to ensure that your data is stored securely and to prevent unauthorised access. We have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online, which we monitor regularly.
We limit access to your personal information to those individuals who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Information may be transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information that passes between us, and you should consider the risk of this. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites and planhappy software, you are responsible for keeping this password confidential. If we do provide you with a password, it is your responsibility to change it on first use. We ask you not to share your password with anyone.
We may use your personal data to send you updates (by email, telephone or post) about our services that might be of interest to you.
We have a legitimate interest in processing your personal data for promotional purposes (see above ‘How and why we use your personal data’). This means we do not usually need your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly.
We will always treat your personal data with the utmost respect.
You have the right to opt out of receiving promotional communications at any time or to update your marketing preferences by:
- contacting us by e-mailing email@example.com; or
- using the ‘unsubscribe’ link in emails.
We may ask you to confirm or update your marketing preferences if you instruct us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.
It is possible to switch off cookies by setting your browser preferences.
Note – Turning cookies off may result in a loss of functionality when using our website.
Whom we may share your data with
We may share your personal information with third parties, but only where this is necessary and lawful. We may share your information with the following categories of third parties, for the purposes of professional advice, compliance, IT systems security, data management and control and auditing.
Details of these companies, their addresses and contact details are available on request:
- Compliance, audit, legal, financial, service delivery, marketing and business support related services
- Other software providers including (but not limited to) providing document storage, code development, document conversion ability, text messaging, remote software support
- IT services and systems suppliers
- HMRC (UK Tax authority)
- Secure and confidential waste disposal services
We reserve the right to change this list from time to time.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
We may disclose and exchange information with law enforcement agencies and regulatory bodies to comply with our legal and regulatory obligations.
Links to other websites
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.
Transferring your information outside of Europe
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
You have the following rights, which you can ordinarily exercise free of charge:
|Access||The right to be provided with a copy of your personal data|
|Rectification||The right to require us to correct any mistakes in your personal data|
|To be forgotten||The right to require us to delete your personal data – in certain situations|
|Restriction of processing||The right to require us to restrict processing of your personal data – in certain circumstances e.g. if you contest the accuracy of the data|
|Data portability||The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party|
|To object||The right to object:
– at any time to your personal data being processed for direct marketing; and
– in certain other situations to our continued processing of your personal data e.g. processing carried out for the purpose of our legitimate interests.
If you would like to exercise any of those rights, please:
- email, call or write to us – see below: ‘How to contact us’; and
- let us have enough information to identify you (e.g. your full name, address and client or matter reference number);
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill); and
- let us know what right you want to exercise and the information to which your request relates.
Right to withdraw consent
If you have provided your consent to the processing of your personal and/or sensitive personal data, you have the right to withdraw your consent. If you wish to do so, please contact us.
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal data for the provision of our legal services.
Updating your personal information
We are committed to maintaining the accuracy of the personal data we process. If any of the personal data that you have provided to us changes or if you become aware that we are processing inaccurate personal data about you, please get in touch. We will not be responsible for any losses arising from any inaccurate or incomplete personal data provided to us by you.
How to complain
We hope that we can resolve any query or concern you may raise about our use of your information.
Data protection legislation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk concerns or by telephone on 0303 123 1113.
How to contact us
Our contact details
The Planning Rooms, Wellington Court, Preston Farm Business Park, Stockton-on-Tees TS18 3TA