ICPlan.com Privacy and Cookies Policy
Section A relates to your own personal information that you provide to us when you browse the Site or subscribe to the Services, which is needed for our own business (i.e. where we are the Data Controller). There are three parts:
Section B relates to personal information relating to others that is submitted to us when you are using the Service as a subscriber (i.e. where we are your Data Processor).
SECTION A: ICPLAN AS DATA CONTROLLER
Part 1: Personal information and privacy
When you visit our Site and/or use the Service, we may collect, store and use the following kinds of personal information:
We may use your personal information to:
We will not, without your express consent, supply your personal information to any third party for the purpose of their or any other third party’s direct marketing.
In line with the above, we shall only be entitled to process your personal information as above to the extent that at least one of the following applies:
We may also disclose your personal information:
Except as provided in this policy, we will not provide your personal information to third parties.
Information that we collect may be stored and processed in and transferred between any of the countries where we or our suppliers operate in order to enable us to provide our Site and Services to you, including in countries outside the European Economic Area (“EEA”). If any processing of your personal information is to take place outside the EEA in a third country or international organisation which does not ensure an adequate level of data protection, we may only transfer your personal information if appropriate safeguards have been implemented and on the condition that enforceable data subject rights and effective legal remedies for data subjects are available. The safeguards may be by way of EU Model Contract Clauses, binding corporate rules, approved code of conduct or approved certification mechanism. If you require any further information in this regard, please contact us.
Our data retention policies and procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information. Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Notwithstanding the other provisions of this section, we will retain documents (including electronic documents) containing personal information:
We take IT security seriously and take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information as follows:
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our Site confidential; we will not ask you for your password (except when you log in to the ICPlan web application at https://app.icplan.com).
You have a number of rights as a data subject, subject to applicable law, as summarised below:
You have the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, to access your personal information and details of how we process it, as long as this does not adversely affect the rights and freedoms of others. You may request a copy of personal information undergoing processing, subject to evidence of your identity (normally a certified copy of your passport plus an original copy of a utility bill showing your current address). The first copy shall be provided without charge, but reasonable administration fees shall be charged for additional or subsequent copies.
We will rectify any errors in the personal information we hold on request.
You may erase your personal information from our systems in the following situations:
RIGHT TO RESTRICTION OF PROCESSING
You have the right to restrict our processing on specified grounds.
Where you have asked us to rectify, erase or restrict processing of your information, we shall communicate the same to each recipient to whom your Information has been disclosed, unless this proves impossible or involves disproportionate effort, in which case we shall let you know.
You have the right in specific circumstances where processing is based on consent to receive your personal information in a structured, commonly used and machine-readable format and have the right to transmit your personal information to another controller without hindrance, provided that our processing is carried out by automated means.
RIGHT TO OBJECT
In certain circumstances you have the right to object to our processing of your personal information, including in relation to profiling, direct marketing or scientific or historical research purposes.
Our Site includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Please let us know if the personal information that we hold about you needs to be corrected or updated.
Part 2: Cookies
1.1 A cookie is a small file which asks permission to be placed onto your computer’s hard drive. Once you agree, the file is added and the cookie helps examine web traffic or lets you know when you visit a particular site.
1.2 Essentially, cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
1.3 Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie does NOT give us access to your computer or any information about you, other than the data you choose to share with us.
1.4 You can choose to accept or decline cookies. Although most web browsers automatically accept cookies, you can usually modify your browser setting to decline cookies to your preference. However, this may prevent you from taking full advantage of our website and in particular from using the Service.
Cookies on this Site are used for:
2.1 Analytical/performance purposes – this allows us to recognise and calculate the number of visitors and to see how visitors navigate around the Site when they are using it. Therefore helping us improve the way our Site functionality for example, by ensuring that users can find what they are looking for easily.
2.2 Functionality purposes – to help us recognise you when you return to our Site. This allows us to personalise our content for you and remember your preferences and settings (e.g. your choice of language or region). Cookies are also needed for the Service to run.
2.3 Sharing purposes – this allows you to share pages with social networks such as Facebook and Twitter.
Part 3: Our details
1.1 We are registered as a data controller with the UK Information Commissioner’s Office.
1.2 Our data protection registration number is ZA115051.
1.3 Complaints can be made to the UK Information Commissioner’s Office by calling their helpline on: 0303 123 1113 or by visiting their website https://ico.org.uk/make-a-complaint/
2.1 This Site and the Service are owned and operated by ICPlan Ltd.
2.2 We are registered in England and Wales under registration number 09249162, and our registered office is at 7 ST. PETERSGATE, STOCKPORT, CHESHIRE, ENGLAND, SK1 1EB.
2.3 Our principal place of business is at The Studio, 1 Church Lane Cottages, Church Lane, Ripe, Lewes, BN8 6AS
2.4 You can contact us by using our Site contact form or by email to firstname.lastname@example.org.
SECTION B: DATA PROCESSOR TERMS
Processing of Subscriber Personal Data
Where processing of personal data relating to others controlled by you (“Subscriber Personal Data”) is to be carried out on your behalf pursuant to the terms and functionality applicable to your Service subscription, appropriate technical and organisational measures shall be implemented by us in such a manner that processing will meet the requirements of the EU General Data Protection Regulation 2016/679 (“GDPR”), as may be amended or superseded and other applicable data protection laws and regulations in the UK and EU (together, “Data Protection Laws”) and ensure the protection of the rights of the data subject.
Restriction on subprocessing
We shall not engage a subprocessor to process Subscriber Personal Data (“Subprocessor”) without your prior specific or general written authorisation, which may be given in electronic form. In the case of general written authorisation, we shall inform you of any intended changes concerning the addition or replacement of other processors, thereby giving you the opportunity to object to such changes. Details of this process are set out below.
Compulsory processor terms pursuant to Article 28(3) GDPR
Details of the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects are set out below.
In respect of any processing of Subscriber Personal Data we shall:
Compulsory subprocessor contract terms (Article 28(4))
Where we engage a Subprocessor, such engagement shall contain the same, or equivalent, data protection obligations as are referred to above by way of a binding contract or other other legal act, in particular providing sufficient guarantees to implement appropriate technical and organisational measures in such a manner that the processing will meet the requirements of GDPR.
Where any Subprocessor engaged by us fails to fulfil its data protection obligations in respect of Subscriber Personal Data, we shall remain fully liable to you for the performance of that subprocessor’s obligations.
Documented instructions to process Subscriber Personal Data
You hereby instruct us to process Subscriber Personal Data as reasonably necessary for the provision of the Site and Services and in compliance with our Terms and Conditions.
We may continue to use those Subprocessors already engaged by us as at the start of your subscription.
With respect to each new Subprocessor appointed after the date of your subscription, we shall:
We shall publish on the Site the appointment of any new Subprocessors to be appointed, including full details of the processing to be undertaken by the Subprocessor. If, within 14 days of publication, you notify us in writing of any objections (on reasonable grounds) to the proposed appointment, we shall not disclose any Subscriber Personal Data to that proposed Subprocessor and/or (as applicable) you shall not access any element of our Site or Service affected by this issue until reasonable steps have been taken to address the objections raised by you. If no such objections are raised, you shall be deemed to have consented to the appointment of the Subprocessor.
Charges and Costs Mitigation
DETAILS OF PROCESSING OF SUBSCRIBER PERSONAL DATA
The processing of Subscriber Personal Data as required by Article 28(3) GDPR is as follows:
Subject matter and duration of the processing of Subscriber Personal Data
The nature and purpose of the processing of Subscriber Personal Data
All reasonable purposes in relation to our performance of our contractual obligations to you.
The types of Subscriber Personal Data to be processed
All personal data processed in the normal use, management and development of our Site and Services including:
The categories of Data Subject to whom the Subscriber Personal Data relates
All users of our Site and Services, mobile applications and other features, services and technology provided by us which may include:
Your obligations and rights