Statement of Processing Activity
Plan✕ is run by Open Systems Lab on behalf of your Local Planning Authority to make the planning process simpler. In order to do this, Plan✕ will handle the data you provide through the tool, including some personal data.
Your privacy is important. This document explains how we process all the data you provide via Plan✕, including personal data.
We run Plan✕ in accordance with the instructions set out in this statement, in order to ensure that the confidentiality of any personal information under our stewardship is protected and maintained. If you have any questions, please contact us here
Who is involved
For the purposes of personal data covered by Data Protection Legislation, the Local Planning Authority is the Data Controller and Open Systems Lab is the Processor.
Open Systems Lab may also appoint appropriate sub-processors in order to provide third party services such as hosting, security, testing, feedback and analytics, provided those services are consistent with the terms of this Statement.
When you or an agent acting on your behalf uses Plan✕ you or they may be asked to provide some or all of the following information:
What information we collect
|1. User & applicant data||Your name
Your email address (unless using a third party login)
Your password (unless using a third party login)
Your relationship with the property and/or application
|2. Application data||Information relating to your enquiry application|
|3. Property data||Information relating to the property in question, including its location and address|
|4. Proposal data||Information relating to the development you plan to do|
Some of this data is personal data (because it can be used to identify you as a person), much of it is not (because it cannot).
What do we do with this information
We may do any of the following with this data: collect it, store it, structure it, classify it, organise it, adapt it, retrieve it, analyse it, encrypt it, combine it with other data, transmit it, display it or otherwise make it available (including for example via a secure interface, a report or an API), and ultimately erase it. These activities may be done by automated or manual means.
Who sees this information and why
In order to provide the service
Your Local Authority will use this information to:
– Provide automated guidance relevant to your planning enquiry or application.
– Process and respond to your planning enquiry or application.
Any personal information you provide while using Plan✕ will not be seen by your Local Planning Authority until you submit it to them, whether within Plan✕ or by sharing a Plan✕ output with them.
No-one else views any of the personal information you provide, unless you share it with them.
In the event that you encounter a problem while you are using Plan✕, and request help or provide feedback, it is possible that our admin team may see some of the personal data you provide. Our team have been trained to keep the same high levels of confidentiality set out in this policy.
No one will ever see your password, and you should never reveal your password to anyone.
We will not share your personal data with anyone except your Local Authority, except where they are a sub-processor operating under the same terms of confidentiality, or we are required to do so by law.
Note that any personal data you submit to your Local Planning Authority will be used according to their Privacy Notice.
In order to improve the service
Open Systems Lab will also use non-personal data including usage analytics to operate, monitor and improve the service, in order to provide Local Planning Authorities with feedback and analysis, allowing them to understand demand on their planning service, and identify areas where it can be improved.
Open Systems Lab may also use non-personal data to conduct research which may be of wider benefit to planners, planning authorities and the public. This means that any data we use for research does not contain identifying details such as your name or address.
We will not retain copies of any personal data for any longer than is necessary to provide the service and any backup requirements: up to 2 years.
Copies of non-personal data may be retained indefinitely.
However, please note that your local planning authority is likely to retain information for longer than this. For further information on this we recommend contacting your local planning authority.
Plan✕ will never send you emails except:
– When you explicitly request one, for example when signing up to the service, requesting access, or contacting us.
– To provide you with notifications regarding the service (for example, if there has been a problem).
If at any time you receive an email from us and wish to stop receiving any emails in future, please contact us or use the ‘unsubscribe’ button in the email.
In order to operate the service, to analyse its use and collect feedback, we sometimes place small data files on your computer or mobile phone known as cookies; many websites do this. We use this information to measure how people use the website so we can improve it and make sure it works properly.
Some of these cookies are ‘essential’ cookies, in that they are necessary to run the service. The services we use that deploy essential cookies are:
Caching & security
We use a service such as Cloudflare to manage access, to make Plan✕ faster and more stable, and to keep it secure (for example by protecting it from DDoS attacks). This service will log data such as your IP address. Those logs are erased after a very short period of time (typically 4 hours). We do not allow Cloudflare to share this data for any purpose besides providing us with this service.
We also use some ‘non-essential’ cookies. These are installed on the basis of consent, and you can withdraw this consent if you wish.
The services we use that deploy non-essential cookies are:
We use a service such as HotJar, to allow users to give us feedback, this includes tracking your activity whilst on Plan✕. Site visitors are assigned a unique, masked user identifier, so that Hotjar can keep track of returning visitors without relying on any personal information, such as the IP address. Unless you provide your name or contact details, any feedback you provide is anonymous. We do not allow Hotjar to use or share the data for any purpose besides providing us with analytics information.
We only use these services for one reason: to help us understand how we can make the site work better for users.
How we protect personal information
We protect personal information by using reasonable security safeguards against loss or theft, as well as unauthorized access, disclosure, copying, use or modification.
Your right to complain
If you wish to object, or request that your data be deleted, you should contact the data controller, who will instruct us on how to proceed.
If you believe that we, as a processor, have mishandled your personal data, you have the right to lodge a complaint with the Data Controller or the Information Commissioner’s Office. You can report a concern here (but please do contact us first, so we can try to address your complaint first).