This privacy notice lets you know what happens to any personal data that you give to us, or any that we may collect from you or about you. It applies to all our products and services, and any instances where we collect your personal data.
GetPlanD Limited is a company registered in England and Wales (registration number 12144298), whose business address is at, 27 Ceylon Road, London, England, W14 0PY . GetPlan D Limited is an Appointed Representative of Enterprise Investment Partners LLP who is authorised and regulated by the Financial Conduct Authority with firm reference number: 12901503.
For the purposes of the General Data Protection Regulation (‘GDPR’), GetPlan D (“Plan D”) is the data controller under the Regulation, which means that we determine the purposes and means of processing personal data. We are registered with the Information Commissioner’s Office with registration number: ZB038268.
We may change this privacy notice occasionally in order to reflect changes in the law, as well as our privacy practices. While we encourage you to check this notice on our website regularly, we will notify you should any substantial change take place.
The Data Protection Officer is Rufus Pearl. You can get in touch with Rufus using the contact details provided above or be sending him an email: email@example.com
Personal information that we will process in connection with our products and services includes:
● Personal contact details (e.g. title, full name, current address and address history)
● Records of your contact with us (including telephone number, e-mail address and IP address)
● Products and services that you hold with us, as well as products and services you have been interested in
● Information about your employment status
● Information about your source of income and source of wealth (to comply with anti-money laundering requirements)
● Payment related information, such as sort code and bank account number and credit or debit card information (to comply with anti-money laundering requirements)
We will collect personal information from the following sources:
● From you directly, and any information from family members, associates or beneficiaries of products and services
● Information generated about you when you use our products and services
● From other sources such as Fraud Prevention Agencies, Credit Reference Agencies, other lenders, HMRC, DWP, publicly available directories and information (for example, telephone directory, social media, internet, news articles), debt recovery and/or tracing agents, other organisations to assist in prevention and detection of crime, police and law enforcement agencies
We use your personal data for the following purposes:
● To improve the operation of our business and that of our business partners
● To follow guidance and best practice under the change to rules of governmental and regulatory bodies
● To monitor and to keep records of our communications with you and our staff
● To administer our good governance requirements such as internal reporting and compliance obligations or administration required
● For market research and analysis and developing statistics
● For direct marketing communications
● To comply with legal and regulatory obligations, requirements and guidance
We rely on the following legal bases to use your personal data:
● Where it is in our legitimate interests to do so, such as:
- To follow guidance and recommended best practice of government and regulatory bodies
- To carry out monitoring and to keep records of our communications with you and our staff
- For market research and analysis and developing statistics
- For direct marketing communications
- Where we need to share your personal information with people or organisations to run our business or comply with any legal and/or regulatory obligations
- Where we have a reasonable business case to do so
● To comply with our legal obligations
- We are an authorised representative, and as such may be required to process data to comply with the FCA’s rules. This may mean that we are unable to erase your data in certain circumstances, if to do so would result in a breach of the FCA’s record keeping requirements.
● With your consent or explicit consent:
- For some direct marketing communications
We may share information with the following third parties for the purposes listed above: ● Business partners (for example, other entities operated or affiliated with Plan D.)
Where we rely upon your consent to process your personal data, you can withdraw this at any time by contacting the Data Protection Officer (details above).
Plan D is based in the UK, but sometimes your personal information may be transferred outside the European Economic Area. If we do so, we will make sure that suitable safeguards are in place, for example by using approved contractual agreements, unless certain exceptions apply.
You should tell us as soon as possible so that we can update our records. You can do so via the ‘contact us’ section of our website.
You do not have to provide your personal information to us should you not wish to. However, we are unable to provide you with our products or services if you do not provide certain information to us. In cases where providing some personal information is optional, we will make this clear.
In this section monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages, in person (face to face) meetings and other communications.
We may monitor where permitted by law and we’ll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:
● For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations.
● Retention periods in line with legal and regulatory requirements or guidance, in particular in conjunction with FCA rules.
Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we’ll explain at that time if they are engaged or not. The right of data portability is only relevant from May 2018.
● The right
to be informed
about the processing of your personal information
● The right to have your personal information
corrected if it is inaccurate
and to have
incomplete personal information completed
● The right
to processing of your personal information
● The right
to restrict processing
of your personal information
● The right
to have your personal information erased
(the “right to be forgotten”)
● The right
to request access
to your personal information and to obtain information about how we process it
● The right
to move, copy or transfer your personal information
● Rights in relation to
automated decision making which has a legal effect or otherwise significantly affects you
You have the right to complain to the Information Commissioner’s Office which enforces data protection laws: https://ico.org.uk/.
You have the right to object to certain purposes for processing, in particular to data processed for direct marketing purposes and to data processed for certain reasons based on our legitimate interests. You can contact us by going to the Contact Us section of our website to exercise these rights.
We may use your home address, phone numbers, email address and social media or digital channels (for example, Facebook, Google and message facilities in other platforms) to contact you according to your marketing preferences. You can stop our marketing at any time by contacting us using the details below or by following the instructions in the communication.
If you have any questions about this privacy notice, or if you wish to exercise your rights or contact our DPO, you can contact us via the methods listed above in the ‘Data Protection Officer’ section.
All individuals have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if they have concerns about how we handle information. Any concerns can be reported via the ICO’s website https://ico.org.uk/concerns/ or over the telephone, by calling 0303 123 1113.