Privacy Notice
Planda Portal: Privacy Notice
Please read this Privacy Notice carefully. It explains how we collect, use, and share your personal data when you use Planda Portal.
1. WHO WE ARE
1.1 Data Controller:
Planning Data AI Ltd (Company No. 15253378) is the Data Controller for your personal data.
1.2 Contact:
Email: hello@plandaportal.co.uk
Address: Aston House, Cornwall Avenue, London, N3 1LF
1.3 LPA as Data Controller:
When you submit an application via Planda Portal, the Local Planning Authority (LPA) becomes an independent Data Controller for your data under the Town and Country Planning Act 1990. Their privacy policy applies to their processing.
2. WHAT DATA WE COLLECT
2.1 From You Directly:
• Name, address, email, phone number
• Payment information (processed by payment providers, not us)
• Application details, drawings, and supporting documents
• Any correspondence with us
2.2 Automatically:
• IP address, browser type, device information
• How you use our website (via cookies and analytics)
• Login and account activity data
2.3 From Third Parties:
• LPAs (when verifying your identity or application)
• Payment processors
• Analytics providers
• Architects, surveyors, or agents you authorise to act with you
2.4 Special Information:
We do not intend to collect sensitive data (health, ethnicity, criminal records). If such information is in your planning documents, we limit its capture to what is necessary and apply extra safeguards.
3. WHY WE COLLECT YOUR DATA
We use your data to:
• Process your planning application and payment
• Validate your application before submission
• Submit your application to the LPA
• Provide customer support
• Comply with planning and tax laws
• Prevent fraud
• Improve our website and services
• Send you service updates (legal requirement)
4. WHO WE SHARE YOUR DATA WITH
Essential Sharing (Required to deliver the service):
• Local Planning Authority (your application data)
• Payment processors for payment processing
• Cloud hosting provider for website storage
• Email and analytics providers
On Your Instructions:
• Third-party agents, architects, or surveyors you authorise
Legal Requirements:
• Courts, regulators, or law enforcement if required by law
International Transfers:
Some service providers (Google, OpenAI) may process your data outside the UK. We ensure appropriate safeguards (Standard Contractual Clauses) are in place.
5. PUBLIC REGISTER
Under the Town and Country Planning Act 1990, the LPA must publish your planning application on a public register. This includes:
• Your name and address
• Your application details
• Your drawings and supporting documents
This information is permanent and accessible to the public. Planda Portal cannot prevent this. By submitting an application, you accept this requirement.
6. HOW LONG WE KEEP YOUR DATA
Data Type | Retention Period |
Application data (submitted to LPA) | As LPA requires (typically 10+ years) |
Your account information | Until deletion + 2 years (fraud prevention) |
Payment records | 6-7 years (tax compliance) |
Website cookies | 13 months |
Support records | 3 years from last contact |
Marketing emails | Until you opt out or 2 years inactive |
7. YOUR RIGHTS
7.1 Access Your Data:
Request a copy of your personal data by emailing hello@plandaportal.co.uk. We respond within 30 days.
7.2 Correct Your Data:
Update your account information directly or contact us.
7.3 Delete Your Data:
Request deletion, subject to legal obligations. Note: We cannot delete data already submitted to the LPA.
7.4 Restrict Processing:
Request that we limit how we use your data during a dispute.
7.5 Data Portability:
Request your data in a machine-readable format to transfer to another service.
7.6 Object:
Object to processing for specific purposes (e.g., marketing).
7.7 Withdraw Consent:
If you consented to something, you can withdraw it anytime.
7.8 Complain:
Lodge a complaint with the Information Commissioner's Office (ICO):
• Website: www.ico.org.uk
8. SECURITY
8.1 Protections:
We use encryption (TLS/SSL for data in transit, encryption at rest), regular security audits, access controls, and secure data destruction.
8.2 Limitations:
No system is completely secure. You are responsible for keeping your password confidential.
8.3 Data Breach:
If we discover a breach affecting your data, we will notify you and the ICO within 72 hours.
9. AUTOMATED DECISIONS
We use automated validation to check your application against LPA requirements. This is a technical check, not a decision about you. The LPA, not us, makes the final decision on your application.
10. THIRD-PARTY SITES
Our website links to LPA websites and government resources. This Privacy Notice does not apply to them. Check their privacy policies.
11. CHANGES
We may update this Privacy Notice. We will notify you of material changes by email or website notice. Continued use means you accept the changes.
