Privacy Policy

1. Who We Are

Plan-IT Consulting Ltd is the data controller for the personal information we collect and process. Our Data Protection Officer (DPO) is Blake Dunnage.

Email: enquiries@plan-it.co.uk
Data protection queries: dpo@plan-it.co.uk
Phone: 01473 723046

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

• Identity data: first name, last name, job title and company name.
• Contact data: email address, telephone number and postal address.
• Technical data: IP address, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform, and other technology used to access our website.
• Usage data: information about how you use our website and services, including pages visited and time spent on pages.
• Communications data: any information you provide when you contact us via email, telephone, contact forms or other means.
• Marketing and communications data: your preferences in receiving marketing from us and your communication preferences.

We do not knowingly collect any special categories of personal data (such as data about race, religion, health or biometric data) unless there is a specific legal requirement to do so.

3. How We Collect Your Data

We collect personal data through the following means:

• Direct interactions: when you submit our contact form, log a support ticket, request a quote, call us or email us.
• Our website: through our contact form and cookie-based technologies. Please refer to our Cookie Policy for more information.
• Third parties: we may receive data about you from analytics providers (such as Google Analytics), advertising networks and search information providers.

4. How We Use Your Data

We use your personal data for the following purposes and on the following legal bases:

• To respond to enquiries and provide IT support services — lawful basis: performance of a contract or pre-contractual steps.
• To manage and improve our website — lawful basis: legitimate interests (to maintain a functional and user-friendly website).
• To send marketing communications — lawful basis: consent (where you have opted in) or legitimate interests (for existing customers, where we market similar services).
• To comply with legal and regulatory obligations — lawful basis: compliance with a legal obligation.
• To prevent fraud and maintain security — lawful basis: legitimate interests and legal obligation.
• To analyse and improve our services — lawful basis: legitimate interests.

5. Sharing Your Data

We do not sell your personal data. We may share your information with the following parties where necessary:

• Service providers and subcontractors who assist us in operating our business (e.g. cloud hosting providers, email services, IT tools). These parties are required to process data only on our instructions and in accordance with data protection law.
• Microsoft — we use Microsoft 365 and related cloud services for business operations. Microsoft acts as a data processor on our behalf.
• Analytics providers such as Google Analytics, to help us understand website usage. Data is anonymised where possible.
• Regulatory bodies or law enforcement if required by law or to protect our legal rights.

All third-party processors we use are required to take appropriate security measures to protect your personal data and are not permitted to use it for their own purposes.

6. Data Retention

We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

• Customer and supplier records: retained for 7 years after the end of the business relationship, in line with HMRC guidance.
• Enquiry and contact form data: retained for up to 2 years unless a business relationship is established.
• Marketing data: retained until you withdraw consent or object to processing, or until we determine the data is no longer relevant.
• Website analytics data: retained in accordance with the retention periods set by the analytics provider (typically up to 26 months for Google Analytics).

When personal data is no longer required, it is securely deleted or anonymised.

7. Data Security

We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to prevent unauthorised access, loss, alteration or disclosure. These include:

• Secure, encrypted connections (HTTPS) on our website.
• Access controls limiting who within our organisation can access personal data.
• Regular security reviews and staff awareness training.
• Use of reputable, security-certified third-party platforms.

While we take every reasonable precaution, no method of transmission over the internet is completely secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.

8. International Transfers

Some of our third-party service providers are based outside the UK. Wherever we transfer personal data outside the UK, we ensure a similar level of protection is in place by using providers that are covered by adequacy decisions or by requiring appropriate safeguards such as standard contractual clauses.

9. Your Rights Under UK GDPR

Under the UK GDPR and Data Protection Act 2018, you have the following rights regarding your personal data:

• Right of access: you can request a copy of the personal data we hold about you (commonly known as a Subject Access Request).
• Right to rectification: you can ask us to correct any inaccurate or incomplete data we hold.
• Right to erasure: you can ask us to delete your personal data in certain circumstances (the "right to be forgotten").
• Right to restrict processing: you can ask us to suspend the processing of your personal data in certain scenarios.
• Right to data portability: where processing is based on your consent or a contract, you can request that we transfer your data to you or a third party in a structured, machine-readable format.
• Right to object: you can object to our processing of your personal data where we rely on legitimate interests or for direct marketing purposes.
• Rights in relation to automated decision-making: we do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

To exercise any of these rights, please contact us using the details below. We will respond to your request within one month. There is no charge for making a request, though we may charge a reasonable fee for requests that are manifestly unfounded, excessive or repetitive.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or by calling 0303 123 1113.

10. Cookies

Our website uses cookies to distinguish you from other users and to improve your experience. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy.

11. Third-Party Links

Our website may contain links to third-party websites. If you follow a link to any of these websites, please note that they have their own privacy policies and we accept no responsibility for those policies or their practices. We encourage you to read the privacy policy of any website you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be published on this page with a revised "Last updated" date. Where changes are significant, we may also notify you by email (if we hold your contact details) or by displaying a prominent notice on our website.

We encourage you to review this page periodically to stay informed about how we are protecting your information.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have a concern about how we handle your personal data, please contact us:

General: enquiries@plan-it.co.uk
Data Protection Officer: dpo@plan-it.co.uk
Phone: 01473 723046