ICPlan.com Privacy and Cookies Policy

This Privacy Policy has two sections.  

Section A relates to your own personal information that you provide to us when you browse the Site or subscribe to the Services, which is needed for our own business (i.e. where we are the Data Controller).  There are three parts:

1. Your personal information and privacy
2. Cookies
3. Our details

Section B relates to personal information relating to others that is submitted to us when you are using the Service as a subscriber (i.e. where we are your Data Processor).  

SECTION A: ICPLAN AS DATA CONTROLLER

Part 1: Personal information and privacy

1. Introduction

We are committed to safeguarding your privacy; this policy sets out how we will treat your personal information.  Personal information is any data or information that allows someone to identify or contact you (e.g. your name, address, telephone number, email address, as well as any other information about you that is associated or linked to such information.  This Privacy Policy sets out the basis on which we may collect, use, process and store your personal information that we collect or that you provide to us by any other direct means.  Please do not submit any personal information about you or anyone else unless you have the right to do so.

2. Collecting personal information

When you visit our Site and/or use the Service, we may collect, store and use the following kinds of personal information:

• information about your computer and about your visits to and use of this Site (including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths);
• information that you provide to us when registering with our Site and signing up to our Service (including your email address);
• information that you provide when completing your account profile on our Site (including your name and any profile pictures);
• information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (including your name and email address);
• information that you provide to us when using the Service or our Site, or that is generated in the course of the use of the Service or Site (including the timing, frequency and pattern of your use of the Service or Site);
• information relating to any purchases you make from us any other transactions that you enter into through our Site (including your name, company name, address, telephone number and email address);
• information contained in or relating to any communications that you send to us or send through our Site (including the communication content and meta data associated with the communication);
• any other personal information that you choose to send to us.

Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with the terms of this Privacy Policy.

3. Using your personal information

Personal information submitted to us through our Site or Service will be used for the purposes specified in this Privacy Policy or on the relevant pages of the Site.

We may use your personal information to:

• administer our Site, the Service and our business;
• personalise our Site for you;
• enable your use of the Services available on our Site;
• supply to you Services purchased through our Site;
• send statements, invoices and payment reminders to you, and collect payments from you;
• send you non-marketing commercial communications;
• send you email notifications that you have specifically requested;
• send you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
• send you marketing communications relating to our business or the businesses of carefully selected third parties which we think may be of interest to you, by post or, where you have specifically agreed to this, by email or similar technology. You may instruct us at any time not to process your personal information for marketing purposes.  We will always provide you with a clear opportunity to opt out of the use of your personal information for marketing purposes;
• where reasonable and appropriate, provide third parties with statistical information about our users (but those third parties will not be able to identify any individual user from that information);
• deal with enquiries and complaints made by or about you relating to our Site or Service;
• keep our Sitesecure and prevent fraud;
• verify compliance with the terms and conditions governing the use of our Site.

We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.

All our Site financial transactions are handled through our payment services provider, PayPal. You can review the provider’s privacy policy at https://www.paypal.com/uk/webapps/mpp/ua/privacy-full. We will share information with our payment services provider only to the extent necessary for the purposes of processing payments you make via our Site, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

4. Legal basis of processing

In line with the above, we shall only be entitled to process your personal information as above to the extent that at least one of the following applies:

• You have given consent to the processing of your personal information for one or more specific purposes;
• Processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract;
• Processing is necessary for compliance with a legal obligation to which we are subject;
• Processing is necessary in order to protect your vital interests or those of another natural person;
• Processing is necessary for the performance of a task carried out in the public interest of in the exercise of official authority vested in the controller;
• Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests of your fundamental rights and freedoms which require protection of personal data. Our legitimate interests may include:
  • The proper administration of our Site and Services;
  • The performance of our contractual obligations;
  • Monitoring and improving our Site and Services;
  • Taking steps at your request;
  • Communicating with users of our Site and Services;
  • The protection and assertion of legal rights;
  • The protection of our business against risks.

5. Disclosing personal information

We may disclose your personal information to any of our employees, officers, suppliers or subcontractors insofar as reasonably necessary for the purposes set out in this Privacy Policy.

We may also disclose your personal information:

• to the extent that we are required to do so by law;
• in connection with any ongoing or prospective legal proceedings;
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
• to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
• to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.

Except as provided in this policy, we will not provide your personal information to third parties.

6. International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries where we or our suppliers operate in order to enable us to provide our Site and Services to you, including in countries outside the European Economic Area (“EEA”).  If any processing of your personal information is to take place outside the EEA in a third country or international organisation which does not ensure an adequate level of data protection, we may only transfer your personal information if appropriate safeguards have been implemented and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available. The safeguards may be by way of EU Model Contract Clauses, binding corporate rules, approved code of conduct or approved certification mechanism. If you require any further information in this regard, please contact us.

7. Retaining personal information

Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.  Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.  Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal information:

• to the extent that we are required to do so by law;
• if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
• in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).

8. Security of your personal information

We take IT security seriously and take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information as follows:

• We will store all the personal information you provide on a secure (password- and firewall-protected) server infrastructure.
• Personal information exchanged between your computer and our ICPlan communication planning and management web application accessible at https://yourcompany.icplan.comwill be protected by encryption technology.

You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.

You are responsible for keeping the password you use for accessing our Site confidential; we will not ask you for your password (except when you log in to the ICPlan web application at https://app.icplan.com).

9. Amendments

We reserve the right to change this Privacy Policy from time to time.  Changes to this Privacy Policy will come into effect automatically when posted on our Site.  Your continuing use of the Site and/or Service will be deemed to constitute an express acceptance of the new Privacy Policy, unless you notify us of any objection within 14 days of the new Privacy Policy being posted.

10. Your rights

You have a number of rights as a data subject, subject to applicable law, as summarised below:

ACCESS:

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to access your personal information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others. You may request a copy of personal information undergoing processing, subject to evidence of your identity (normally a certified copy of your passport plus an original copy of a utility bill showing your current address). The first copy shall be provided without charge, but reasonable administration fees shall be charged for additional or subsequent copies.

RECTIFICATION:

We will rectify any errors in the personal information we hold on request.

ERASURE:

You may erase your personal information from our systems in the following situations:

• The personal information is no longer necessary in relation to the purpose for which it was collected;
• You withdraw your consent on which the processing is based and where there is no other legal ground for the processing;
• You object to the processing and there are no overriding legitimate grounds for the processing;
• The personal information has been unlawfully processed;
• The personal information has to be erased for compliance with a legal obligation to which we are subject.

RIGHT TO RESTRICTION OF PROCESSING

You have the right to restrict our processing on specified grounds.

NOTIFICATION

Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your Information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.

DATA PORTABILITY

You have the right in specific circumstances where processing is based on consent to receive your personal information in a structured, commonly used and machine-readable format and have the right to transmit your personal information to another controller without hindrance, provided that our processing is carried out by automated means.

RIGHT TO OBJECT

In certain circumstances you have the right to object to our processing of your personal information, including in relation to profiling, direct marketing or scientific or historical research purposes.

11. Third party websites

Our Site includes hyperlinks to, and details of, third party websites.  We have no control over, and are not responsible for, the privacy policies and practices of third parties.

12. Updating information

Please let us know if the personal information that we hold about you needs to be corrected or updated.

Part 2: Cookies

1. About cookies

1.1 A cookie is a small file which asks permission to be placed onto your computer’s hard drive. Once you agree, the file is added and the cookie helps examine web traffic or lets you know when you visit a particular site.

1.2 Essentially, cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

1.3 Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does NOT give us access to your computer or any information about you, other than the data you choose to share with us.

1.4 You can choose to accept or decline cookies. Although most web browsers automatically accept cookies, you can usually modify your browser setting to decline cookies to your preference. However, this may prevent you from taking full advantage of our website and in particular from using the Service.

1.5 We use cookies on our Site and we assume you are agreeable to this. If you are not, please disable cookies in your browser or navigate away and clear cookies set by the Site.

2. Our use of cookies

Cookies on this Site are used for:

2.1 Analytical/performance purposes – this allows us to recognise and calculate the number of visitors and to see how visitors navigate around the Site when they are using it. Therefore helping us improve the way our Site functionality for example, by ensuring that users can find what they are looking for easily.

2.2 Functionality purposes – to help us recognise you when you return to our Site. This allows us to personalise our content for you and remember your preferences and settings (e.g. your choice of language or region). Cookies are also needed for the Service to run.

2.3 Sharing purposes – this allows you to share pages with social networks such as Facebook and Twitter.

Part 3: Our details

1. Data protection registration

1.1 We are registered as a data controller with the UK Information Commissioner’s Office.

1.2 Our data protection registration number is ZA115051.

1.3 Complaints can be made to the UK Information Commissioner’s Office by calling their helpline on: 0303 123 1113 or by visiting their website https://ico.org.uk/make-a-complaint/

2. Our details

2.1 This Site and the Service are owned and operated by ICPlan Ltd.

2.2 We are registered in England and Wales under registration number 09249162, and our registered office is at 7 ST. PETERSGATE, STOCKPORT, CHESHIRE, ENGLAND, SK1 1EB.

2.3 Our principal place of business is at The Studio, 1 Church Lane Cottages, Church Lane, Ripe, Lewes, BN8 6AS

2.4 You can contact us by using our Site contact form or by email to contact@icplan.com.

SECTION B: DATA PROCESSOR TERMS

This Section of our Privacy Policy only applies to personal data that we process on your behalf as your Data Processor once you subscribe to the Service.  It sets out the minimum standards that we must comply with at law when processing personal data on your behalf.

Processing of Subscriber Personal Data

Where processing of personal data relating to others controlled by you (“Subscriber Personal Data”) is to be carried out on your behalf pursuant to the terms and functionality applicable to your Service subscription, appropriate technical and organisational measures shall be implemented by us in such a manner that processing will meet the requirements of the EU General Data Protection Regulation 2016/679 (“GDPR”), as may be amended or superseded and other applicable data protection laws and regulations in the UK and EU (together, “Data Protection Laws”) and ensure the protection of the rights of the data subject.

Restriction on subprocessing

We shall not engage a subprocessor to process Subscriber Personal Data (“Subprocessor”) without your prior specific or general written authorisation, which may be given in electronic form. In the case of general written authorisation, we shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes. Details of this process are set out below.

Compulsory processor terms pursuant to Article 28(3) GDPR

Details of the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects are set out below.

In respect of any processing of Subscriber Personal Data we shall:

• process Subscriber Personal Data only on your documented instructions (including electronic instructions), including with regard to transfers of personal data to a third country or an international organisation, unless required to do so by applicable law to which we are subject; in such a case, we shall inform you of that legal requirement before processing, unless that law prohibits such information on important grounds of public interest;
• ensure that persons authorised to process Subscriber Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
• take all measures required pursuant to Article 32 GDPR (Security of processing), to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons;
• respect the conditions referred to herein for engaging a Subprocessor;
• taking into account the nature of the processing, assist you by appropriate technical and organisational measures, insofar as this is possible, for the fulfilment of your obligation to respond to requests for exercising the data subject’s rights laid down in Chapter III GDPR. This shall include promptly notifying you if we receive a request to exercise any data subject rights under Data Protection Laws within 14 days of receiving such request and thereafter assisting you as reasonably necessary to comply with such request promptly. We shall not respond to such requests directly to any data subject except on your documented instructions or as required by applicable laws to which we are subject;
• assist you in ensuring compliance with the obligations pursuant to Articles 32 to 36 GDPR (Security of processing; Notification of a personal data breach to the supervisory authority; Communication of a personal data breach to the data subject; Data protection impact assessment; and Prior consultation) taking into account the nature of processing and the information available to us. This shall include notifying you without delay and, where feasible, within one working day, after having become aware of any Personal Data breach, being a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Subscriber Personal Data transmitted, stored or otherwise processed hereunder;
• at your choice, delete or return all Subscriber Personal Data after the end of the provision of services relating to processing, and delete existing copies unless Data Protection Laws require storage of the personal data;
• make available to you all information necessary to demonstrate compliance with the obligations laid down in these terms and allow for and contribute to audits, including inspections, conducted by you or another auditor mandated by you.
• inform you if, in its opinion, an instruction infringes Data Protection Laws.

Compulsory subprocessor contract terms (Article 28(4))

Where we engage a Subprocessor, such engagement shall contain the same, or equivalent, data protection obligations as are referred to above by way of a binding contract or other other legal act, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of GDPR.

Where any Subprocessor engaged by us fails to fulfil its data protection obligations in respect of Subscriber Personal Data, we shall remain fully liable to you for the performance of that subprocessor’s obligations.

Documented instructions to process Subscriber Personal Data

• Processing by us

You hereby instruct us to process Subscriber Personal Data as reasonably necessary for the provision of the Site and Services and in compliance with our Terms and Conditions.

• Current Subprocessors

We may continue to use those Subprocessors already engaged by us as at the start of your subscription.

• New Subcontractors

With respect to each new Subprocessor appointed after the date of your subscription, we shall:

• before the Subprocessor first processes Subscriber Personal Data, carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Subscriber Personal Data required by Data Protection Laws;
• ensure that the arrangement between us and the Subprocessor is governed by a contract that complies with this Privacy Policy;
• if that arrangement involves a transfer of Subscriber Personal Data to a third country, a territory or one or more specified sectors within a third country or international organisation outside the EEA that does not benefit from a formal adequacy decision by the European Commission (pursuant to Article 45 GDPR), ensure that such transfer is subject to appropriate safeguards within the meaning of Article 46 GDPR, which may include the use of EU Model Contractual Clauses, Binding Corporate Rules or recognised legal frameworks or accreditations, such as the EU-US Privacy Shield;
• provide to you for review on request details of all Subcontractors, including our contracts with them (which may be redacted to remove confidential commercial information not relevant to the requirements of these terms) as you may request from time to time.

Approval process

We shall publish on the Site the appointment of any new Subprocessors to be appointed, including full details of the processing to be undertaken by the Subprocessor. If, within 14 days of publication, you notify us in writing of any objections (on reasonable grounds) to the proposed appointment, we shall not disclose any Subscriber Personal Data to that proposed Subprocessor and/or (as applicable) you shall not access any element of our Site or Service affected by this issue until reasonable steps have been taken to address the objections raised by you. If no such objections are raised, you shall be deemed to have consented to the appointment of the Subprocessor.

Charges and Costs Mitigation

We shall be entitled to charge you for the reasonable and verified costs of our specific assistance and cooperation provided pursuant to this Privacy Policy except to the extent that such measures have been necessitated by a breach by us or our Subprocessors. Our charges shall be on a time and materials basis according to our prevailing rates and invoiced according to our standard payment terms.

In the event that we are able to demonstrate that we and/or any Subprocessor adheres to an approved code of conduct or approved certification mechanism as referred to in Article 40 GDPR, you accept that we may rely on the same to demonstrate its compliance with this Privacy Policy, so as to mitigate or avoid incurring unnecessary administration and costs, unless otherwise required by Data Protection Laws or as may be mutually agreed by the parties.

DETAILS OF PROCESSING OF SUBSCRIBER PERSONAL DATA

The processing of Subscriber Personal Data as required by Article 28(3) GDPR is as follows:

Subject matter and duration of the processing of Subscriber Personal Data

The subject matter and duration of the processing of the Subscriber Personal Data are set out in our Site, Terms and Conditions and Privacy Policy.

The nature and purpose of the processing of Subscriber Personal Data

All reasonable purposes in relation to our performance of our contractual obligations to you.

The types of Subscriber Personal Data to be processed

All personal data processed in the normal use, management and development of our Site and Services including:

• Names
• Addresses
• Email addresses
• Contact details
• Passwords
• Profile information provided by users
• Usage data
• Preferences/personalisation details
• Evidence of opt-ins/contact permissions and other privacy consents/unsubscribe requests

The categories of Data Subject to whom the Subscriber Personal Data relates

All users of our Site and Services, mobile applications and other features, services and technology provided by us which may include:

• Site users
• Any other individuals within subscriber organisations involved in your communications planning

Your obligations and rights

Your obligations and rights are set out in the Terms and Conditions and this Privacy Policy.