It also explains how we store and handle that data and keep it safe.
1. Who we are and what we do.
Astill Planning Consultants Limited is a Town Planning & Architects Consultancy providing professional town planning advice to the business community, private individuals, and public organisations. We can be contacted at
Astill Planning Consultants 13, University Road Leicester LE1 7RA
Telephone 0116 3440114
For the purposes of the Data Protection Legislation (GDPR, Data Protection Act 2018), Astill Planning Consultants Limited are the Data Controllers of the information you provide to us.
2. The first point of contact for data protection
If you have any concerns or queries about our data protection procedures, please contact us on 0116 3440114, firstname.lastname@example.org, 13, University Road Leicester LE17RA.
3. Why we process data.
We support our clients with residential, commercial, industrial, and health care developments, and listed building issues.
This means that we need to process data to supply you with the service(s) and information you have requested, and when managing your account. We will also process your payment data when we are processing invoices.
If you are one of the suppliers, we work with to provide our services, then we process your data and finance details as part of our ongoing working relationship.
4. Lawful bases for processing your data including any explanation of legitimate interests.
The law on data protection sets out several different reasons for which a company may collect and process your personal data. Some of these reasons, set out below, are the bases we have for processing your personal data:
In specific situations, we can collect and process your data with your consent. For example, when you contact us with an enquiry via phone, email or on our website.
When collecting your personal data, we always make it clear to you which data is necessary in connection with a particular service.
In certain circumstances, we need your personal data to comply with our contractual obligations.
We need to collect and retain your contact details, so we can, for example:
- Supply you with our information and/or services as a planning consultancy or.
- Enter a contract with you to supply us with your services, such as with our IT services provider.
Please note that this may include preliminary consultancy services before a formal contract is agreed.
If the law requires us to, we may need to collect and process your data.
For example, we are obliged to retain certain information for HMRC tax and accounting purposes or to comply with other legislative provisions.
In particular circumstances, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business, and which does not materially impact your rights, freedom, or interests.
For example, we retain customer and supplier information six years beyond the contract period, to maintain a good working relationship with these individuals.
5. When we collect data
Via our website
When you use the form to contact us online with an enquiry, we collect your name, addresses and phone number in order for us to respond to you.
Phone or email
If you make an enquiry over the phone or email, we will use the details you give us to assist with your query or registration with us as a client, as applicable.
We also collect data when we enter a contract with suppliers.
6. What data we collect
- Contact information including: name, addresses and phone number.
- If you are one of our clients or suppliers, then we also collect your contact and payment details as part of our ongoing working contract and to process invoices and payments.
For example, the cookies we use are ‘analytical’ cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works, for example by making sure users are finding what they need easily and by helping you enter our site without having to re-login.
7. How we use your personal data.
- We process data to enable us to fulfil our contractual obligations for both our clients and our suppliers.
- Client and supplier bank details will only be used when processing payment.
8. How long we keep your personal data.
Whenever we collect or process your personal data, we only keep it for as long as is necessary for the purpose for which it was collected.
At the end of that retention period, your data will be deleted completely. Some examples of our data retention period:
We will keep the personal data you give us for 6 years so that we can retain a good working relationship with you should you have any queries or wish to work with us again on another project.
For companies supplying us with services, we retain your personal information for a period of 6 years so that we can, if necessary, contact you again and continue our business relationship with you.
We also need to comply with our legal contractual obligations and therefore we need to retain certain transactional information from your account for 7 years to satisfy accounting rules.
9. How we keep your data safe.
We are aware of the need to maintain the correct and highest-level security when processing your personal information. We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way.
We take the following steps to maintain the security of your personal information:
- We keep all your information in systems that are secure.
- Access to client information is limited to those who need access for the performance of their job.
- We maintain firewalls and anti-virus software.
- Our systems are password protected.
- Any data which is accessed off site or on a mobile device is kept locked when not in use and never left unattended.
All documentation retained in paper form is kept locked in our offices and premises are protected by an intruder alarm.
We also have Procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
10. Who we share your data with
We sometimes share your personal data with trusted third parties which act only on our instruction (known as “Data Processors”).
Data Processors might be, for example, a third-party supplier, or the local council.
Where we share information with these companies, public organisations, or individuals, we make sure that they also keep your data secure and that they also protect your rights. To this end, we make sure that:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them or where their terms and conditions of processing contain the correct data processor clauses under GDPR.
We sometimes also share your data with third parties for their own purposes (“joint controllers”) e.g., HMRC, accountants, legal advisors, or public organisations.
We will only do this in very specific circumstances, for example:
- With your consent
- Where we have a data sharing agreement in place with the other party
- Where we are obliged to share the information for legal reasons
11. Where your data is processed.
We do not transfer data outside of the EEA.
From time to time we may pass personal data such as your name and email address to other services that we use to send out communications (both electronic and print).
However, your personal data will remain in the EU or countries considered by the EU to have equivalent policies such as Jersey, Guernsey, Switzerland, New Zealand, and Canada. Companies based in the USA that have certified with the EU-US Privacy Shield programme are also considered to be permitted destinations by the EU (this includes popular US products like Gmail, Drop Box and MailChimp).
Following on from the end of the transition period for the exit of the United Kingdom from the European Union, data transfer between the UK and the EEA will continue to operate as the UK will be receiving an adequacy decision. Accordingly, there is no change with regards to the implications of processing data as set out above.
12. Your rights and who to contact.
You have the following rights, which you can exercise dependant on the lawful basis for which we process your data.
The right to be provided with a copy of your personal data.
The right to require us to correct any mistakes in your personal data.
- To be forgotten
The right to require us to delete your personal data, in certain situations.
- Restriction of processing
The right to require us to restrict processing of your personal data, in certain circumstances e.g., if you contest the accuracy of the data.
- Data portability
The right to receive the personal data you provided to us, in a structured, commonly used, and machine-readable format and/or transmit that data to a third party, in certain situations.
- To object
The right to object:
- at any time to your personal data being processed for direct marketing (including profiling).
- in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests.
- Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.
If you would like to exercise any of those rights, please contact us on Email – email@example.com 13, University Road Leicester LE1 7RA.
Your right to withdraw consent.
Whenever we process your data under the lawful basis of consent, you have the right to change your mind at any time and withdraw that consent. You can do this by contacting,
Astill Planning Consultants 13, University Road Leicester LE1 7RA
Tel: 0116 3440114 or Email: firstname.lastname@example.org
Where we rely on our legitimate interest
In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation.
We will then stop processing your information unless we believe we have a legitimate overriding reason to continue processing.
Checking your identity
For us to check your identity, please:
- Let us have enough information to identify you (e.g., your full name, address and customer/supplier number or order number, if applicable).
- Let us know what right you want to exercise and the information to which your request relates.
If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act on your behalf.
If we choose not to action your request, we will explain to you the reasons for our refusal.
Your right to contact the ICO.
We would hope that you will always raise any issues with us first, and that we will be able to resolve them to your satisfaction. However, if this is not possible then you always have a right to complain directly to the Information Commissioner’s Office (ICO) If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data.
You can contact them by calling 0303 123 1113 (local rate) or go online to www.ico.org.uk/concerns (this opens in a new window; please note we cannot be responsible for the content of external websites).
If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
You also have the right to take to seek a judicial remedy.