Zen Plans Ltd (“us”, “we”, or “our”) regards your privacy and the handling of your personal data with the utmost importance. This Privacy Notice details how and why we collect, use and securely store any personal data submitted to us through use of our websites and our web application (the “Service”). There is also an explanation of the various rights you can exercise as a data subject, as well as how you can exercise those rights.

The scope of this Privacy Notice applies to https://zenplans.co.uk/ and our affiliated applications and websites.

We gather and process your personal information in accordance with this Privacy Notice and in compliance with the relevant data protection regulation and laws. 

For the purposes of this Privacy Notice, we are the data controller and operate the Service.

Our registered office address is: 293 Kenton Lane, Harrow, England, HA3 8RR

Our company number is: 12014930

Our ICO registration is: ZA560401

Our designated Data Protection Officer (DPO) is: Claire Robinson who can be contacted by email at dpo@zenplans.co.uk

Providing us with your personal data is an obligation of using our Service, which we process to meet our legal, statutory and contractual obligations and to provide our Service.

There are a number of justifiable reasons under the UK GDPR that allow the collection and processing of Personal Data. The main reasons that we rely on are:

Consent: you have given clear consent for us to process your personal data for a specific purpose.

Contract: processing is necessary for us to fulfill the contract we have with you to provide the Service.

Legal obligation: processing is necessary for us to comply with the law (not including our contractual obligations)

Legitimate interests: processing is necessary for either our or your legitimate interest. This covers aspects that can be reasonably expected when running our business or providing our service to you, that will not have a material impact on your rights, freedom or interests.

To help you understand how we use your data, we have categorised the personal data that we collect from you under the following headings, along with the reasons we collect it and legal basis for doing so.

A. Profile data

What we collect: 

Your name, email address, job title, company name and date of birth.

Reason for collecting and the legal basis: 

To verify you as a user and allow you to create an account with us (Contract)

To comply with our accounting and tax requirements (Legal obligation)

B. Contact data

What we collect: 

Your email address, address and phone number.

Reason for collecting and the legal basis: 

To ensure that our Service can be completed and that any communication can be sent to your preferred address or email address. For example, so that we can remind you to add items to your plan, remind you to review your plan or to notify you of maintenance updates. (Contract)

To occasionally send you information where we have assessed that it is beneficial to you and in our interests. For example, if the third party providing you with access to Zenplans e.g. your financial advisor, has asked us to contact you on their behalf . (Legitimate Interest)

To occasionally send you marketing communications from us if you have created an account and chosen to opt into receiving those communications. For example, tips, offers and updates. We will rely on separate, explicit consent for marketing communications and you have the right to modify or withdraw your consent at any time by using the unsubscribe options or by contacting us directly. (Consent)  

C. Correspondence data

What we collect:

Records of our email conversations, live chat conversations and your responses to surveys.
Reason for collecting and the legal basis: 

To easily get back in touch with you and connect our conversation history to your user profile, so that we can provide you with efficient support. (Contract)
To use your survey feedback results to help keep our Service updated and relevant to you. (Contract)

D. Billing data

What we collect: 

Your billing name, billing address, credit/debit card information or bank account information. This data is retained by our payment providers, Stripe or GoCardless, and subject to their privacy policies that can be found in “Sharing and Disclosing Your Personal Information”.

Reason for collecting and the legal basis:

If you purchase our Service, we will collect this information from you to fulfil our legal and contractual obligations to you as a customer. (Contract)

E. Plan data

What we collect:

Any data that you, or your chosen delegates, voluntarily enter into our web application when building or updating your plan.

Reason for collecting and the legal basis:

To allow us to securely store your life’s most important information. It should be noted that any plan data that you enter into the web application is done voluntarily by you in order to ensure that you and your delegates are able to access your plan in a timely way when it is needed. You remain the controller of this data and we are the processor working on your behalf, on the basis of the contract that exists between us when you sign up for our Service. (Contract)

To allow us to recommend additional items for you to add to your plan or enhance your experience of our Service. We may use metadata (data about your data) to enable us to help you make the most of our Service. For example, if we identify that you have not added any details about your will to your plan, we may suggest that you should add a will to your plan so that you can build a complete picture of everything important in your life. (Contract) It should be noted that as part of our commitment to protect your sensitive information, we will never view the data stored in your plan.

F. Special category data

What we collect:

This includes sensitive personal information that you may choose to voluntarily add to your plan. 

Reason for collecting and the legal basis:

We are here to help you build a complete picture of your life’s important information, so you may wish to voluntarily add data to your plan concerning special category data. For example, details about your medication that reveals data about your health, or details about your funeral plans that reveals data about your religious beliefs. Where we collect such information, we will only request and process the minimum necessary for the specified purpose and do so on the basis of the explicit consent given by you when signing up to the Service. (Consent)

G. Related persons data

A “Related Person” means an individual or entity whose information you or a third party provides to us, or which otherwise comes to our knowledge in connection with our Business Relationship. In this context, we ask that you ask the permission of the related person before entering them into your plan and ensure they agree to this Privacy Notice.

What we collect:

If you choose to share your plan with a Delegate, then we will collect their name, email address, phone number and relation to you.

You may choose to add items to your plan containing the name and contact information of a Related Person. For example, your medical professional or someone that you would like to be notified if you pass away.

Reason for collecting and the legal basis:

As part of our Service, we give you the option to share your plan with Delegates. These are the people closest to you in life – your friends, family or trusted advisors.

We collect information about your Delegates so that we can invite them to create an account with us and allow them to access your plan according to the sharing permissions that you granted them.

When you provide us with any personal data relating to your Delegates, you represent that you have the authority to do so. (Legitimate interest)

When you voluntarily add items to your plan that contain Related Persons data, such as the name of your accountant, we collect this information so that it is securely stored for you and accessible to you and your delegates when needed.

When you provide us with such data, we will be the processor of that data and you will be the controller of that data. You represent that you have the authority to provide that data and acknowledge that it will be used in accordance with this Privacy Statement. (Contract) 

H. Verification data

What we collect:

A certified copy of a death certificate or a medical professionals assessment of mental capacity.

Reason for collecting and the legal basis:

If you are a Delegate of someone else’s Plan, you may have been provided ‘Viewer-Future’ access to certain sections of their Plan. This means you can only view these sections if they pass away or lose their mental capacity. Should this happen, then you must notify us via our Web Application and provide us with supporting documents to verify the death or loss of mental capacity, as set out in our Terms of Service.

When you provide such information, you represent that you have the authority to do so (Contract)

We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons and similar technologies to automatically collect information that may contain Personal Data from your computer or mobile device as you navigate our websites, web application or interact with emails we have sent to you.

As is true of most websites, we gather certain information automatically on connection with the use of the website by individual users. This information may include IP address (or proxy server), device and application identification numbers, location, browser type, Internet service provider and/or mobile carrier, the pages and files viewed, searches, operating system and system configuration information and date/time stamps associated with your usage. This information is used to analyze overall trends, to help us provide and improve our Service and to guarantee its security and continued proper functioning.

This information is used to maintain the security of the Service, to provide necessary functionality, as well as to improve performance of the Service, to assess and improve customer and user experience of the Service, to review compliance with applicable usage terms, to identify future opportunities for development of the Service, to assess capacity requirements, to identify customer opportunities and for the security of Zenplans generally (in addition to the security of our Service). Some of the device and usage data collected within the Service, whether alone or in conjunction with other data, could be personally identified to you. Please note that this device and usage data is primarily used for the purposes of identifying the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the Service to our customers (where we act as a processor).

Cookies, web beacons and other tracking technologies on our website and in email communications

We use cookies and similar technologies such as web beacons, tags and JavaScript, alone or in conjunction with cookies, to compile information about the usage of our websites and interaction with emails from us.

When you visit our websites, we or an authorised third party may place a cookie on your browser and/or device, which collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track usage, determine your browsing preferences and improve and customise your browsing experience.

We use both session-based and persistent cookies on our websites. Session-based cookies exist only during one session and disappear from your computer when you close your browser or turn off your computer. Persistent cookies remain on your computer or device after you close your browser or turn off your computer. You can control the use of cookies at the individual browser level, but choosing to disable cookies may limit your use of certain features or functions on our websites and web application.

We also use web beacons on our websites and in email communications. For example, we may place web beacons in marketing emails that notify us when you click on a link in the email that directs you to one of our websites. Such technologies are used to operate and improve our websites and email communications. All our communications include easy instructions about how to unsubscribe.

The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:

You have the right to access any personal information that we process about you and to request information about:

• What personal data we hold about you
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

The personal data that we collect from you is stored in the United Kingdom (UK) on Cloud Servers of Linode with all primary processing taking place in London, UK. This data may, however, be processed by sub-processors operating outside of the United Kingdom based on a data processing agreement if the additional requirements of Art. 44 et seq. UK GDPR for processing in third countries are compliant with an appropriate level of protection in the third country and appropriate guarantees under Art. 46 UK GDPR (such as standard data protection clauses, or exceptional circumstances under Art. 49 UK GDPR). A full list of our third-party sub-processors and details of their privacy policies can be found at the end of this section.

All of your Plan Data will be stored and processed on cloud servers in the UK. 

If you voluntarily choose to appoint a Delegate to your plan, then we will share your plan according to the sharing permissions that you have selected.

If your Plan has been provided to you by a third party e.g. your Legal or Financial Professional, then we will share some personal data such as your name and email address with that third party. This is so they can monitor who has created a Plan via their account and support you in using the Service.

We may also, from time to time, share your data in the course of corporate transactions, such as during a sale of a business or a part of a business to another company, or any reorganization, merger, joint venture, or other disposition of our business.

Infrastructure processors

Linode LLC. https://www.linode.com/legal-privacy/

Customer feedback, engagement and analytics

Google https://policies.google.com/privacy?hl=en

Customer Support

Pipedrive https://www.pipedrive.com/en/privacy

Help Scout   https://www.helpscout.com/company/legal/privacy/

Mail Chimp https://mailchimp.com/legal/privacy/

Drip https://www.drip.com/privacy

Payment

Go Cardless https://gocardless.com/privacy/payers/

Stripe https://stripe.com/gb/privacy

Chargebee https://www.chargebee.com/privacy/

Our websites may use social media features, such as the Facebook “Like” button and the Twitter “Tweet” button and other sharing widgets (“Social Media Features”). 

You may be given the option by such Social Media Features to post information about your activities to a profile page of yours that is provided by a third party social media network. In this case, the social media network may receive information showing that you have visited our website. 

Your interactions with Social Media Features are governed by the privacy policies of the companies providing the relevant Social Media Features.

We take every reasonable measure and precaution to protect and secure your personal data from unauthorised access, alteration, disclosure or destruction. 

We have several layers of security measures in place, including encrypted databases, encrypted data communications and multi factor authentication. 

Sensitive information between your browser and our Service is transferred in encrypted form using Transport Layer Security (“TLS”). When transmitting sensitive information, you should always make sure that your browser can validate our certificate.

As noted in the ‘Information we collect and how we use it’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and appropriate.

We only ever retain personal information for as long as is necessary and we have a strict Data Retention Policy in place to meet these obligations.

Securely storing your Plan Data forms a key part of our Service. The following examples are provided to help you understand how we will retain your Plan Data in certain scenarios.

If you cancel or choose not to renew your account

Should either scenario occur, will retain your Plan Data for up to 12 months so that your plan remains intact should you wish to rejoin the Service. After this period your Plan Data will be erased.

If you pass away or lose mental capacity

Should either scenario occur whilst you have an active account with us, we will retain your Plan Data for up to 36 months from the final billing period. This is to allow your nominated Delegates continued access to your plan to help them throughout the estate administration process. After this period your Plan Data will be erased.

If you would like further information, then please contact us to review our Data Retention Policy.

If you wish to raise a complaint regarding the processing of your personal data, you have the right to lodge a complaint with the supervisory authority.

Information Commissioner’s Office: Wycliffe House, Water Ln, Wilmslow SK9 5AF