top of page

Privacy Policy (UK GDPR / PECR)

1. Who we are

Controller: Planex Controls Ltd

Registered office: C/O Vantage Accounting 1 Cedar Office Park, Cobham Road, Wimborne, United Kingdom, BH21 7SB

ICO registration number: ZC028049

Email: privacy@planexcontrols.com

Opt-out & privacy requests: info@planexcontrols.com

This Privacy Policy explains how we process personal data in connection with our project controls and management consultancy services, including sourcing potential clients via lead-generation providers (e.g., Barbour ABI) and contacting job seekers whose details we source from job adverts, CV databases and other methods under legitimate interests to undertake business activities.

2. Scope

This policy applies to:

  • Prospective and existing business clients and their personnel.

  • Job seekers/candidates who apply to roles with us or whose details we source from third-party platforms.

  • Visitors to our website and recipients of our marketing communications.

3. What data we collect and where we get it

We collect and use personal data such as names, job titles, employer, business contact details (email, telephone, postal address, photograph, marketing profile), communications history, and information relevant to a potential project or role. For candidates we may additionally collect CVs, skills, career history, interview notes, right-to-work documentation, and referee details.

We obtain data from:

  • You directly (e.g., emails, calls, web forms, meetings, online events).

  • Public and commercial sources, including lead-generation providers (e.g., Barbour ABI), company websites, LinkedIn or other business networking sites, job boards and CV databases, and public registers.

  • Referrals and other third parties where lawful to do so.

Where we collect your data from sources other than you, we will provide you with this privacy information within one month or at the first communication, whichever is earlier, unless an exemption applies (Article 14 UK GDPR).

4. Purposes and lawful bases

We process personal data for the following purposes and lawful bases under the UK GDPR:

  • Lead generation and business development (B2B): legitimate interests – to grow our business by offering relevant services to professionals in organisations likely to need them. We conduct a balancing test to ensure our interests don’t override your rights and freedoms.

  • Direct marketing by email, phone and post:

  • Email/SMS to individual subscribers (e.g., sole traders/partnerships): consent or ‘soft opt-in’ where applicable; otherwise we will not send marketing without consent.

  • Email to corporate subscribers (e.g., limited companies, LLPs, public bodies): permitted without prior consent under PECR if we identify ourselves and include a clear, simple opt-out in every message. We still rely on legitimate interests under UK GDPR and honor opt-outs.

  • Live marketing calls: legitimate interests and PECR compliance. We screen numbers against TPS/CTPS and maintain our own ‘do-not-call’ list. We do not use automated calling systems for marketing without prior consent.

  • Postal marketing: legitimate interests; we honor Mail Preference Service and our own suppression list.

  • Pre-contract discussions, proposals and service delivery: necessary for entering into or performing a contract with a client or candidate.

  • Invoicing, accounting and tax: legal obligation.

  • Recruitment (our own hiring and candidate outreach): we rely on legitimate interests to assess suitability and to maintain a talent pool of relevant candidates for up to 12 months so we can contact you about roles that match your profile. You have the right to object at any time and we will stop this processing. We may rely on consent only where we wish to retain your details beyond the standard 12-month period or where consent is otherwise required by law.

  • Security, fraud prevention, and compliance: legitimate interests and/or legal obligation.

We will only use special category or criminal-conviction data in limited circumstances and with an appropriate lawful basis under Articles 9/10 UK GDPR (e.g., right-to-work checks).

5. PECR – electronic and telephone marketing

We comply with the Privacy and Electronic Communications Regulations (PECR). In practice this means:

Electronic mail (emails, texts, in-app messages):

  • Individuals: consent is required unless the ‘soft opt-in’ applies (existing customer relationship, similar products/services, and a clear opt-out offered at collection and in every message).

  • Corporate subscribers: we may send marketing without prior consent, provided we identify ourselves and include a simple, free opt-out in every message. We stop if you opt out.

Live calls: we do not call numbers registered with TPS/CTPS unless the subscriber has specifically consented to our calls. We maintain and respect an internal ‘do-not-call’ list.

Automated marketing calls or recorded messages: only with prior consent.

We keep suppression lists to ensure we don’t contact you again for marketing if you opt out.

6. Transparency and your choices

We provide privacy information at the point of data collection, or as soon as practicable afterwards if sourced from third parties. When we obtain data from third-party sources (e.g., CV databases, lead-gen providers), we provide this information within one month or at first contact, unless an exemption applies.

You can opt out of email marketing at any time using the unsubscribe link, or by contacting us. For phone and postal marketing, you can ask us not to contact you and we will add you to our suppression list. You can also object to talent-pool processing at any time by emailing info@planexcontrols.com.

7. Sharing your data

We may share personal data with:

  • Service providers acting as processors (e.g., CRM, email and marketing platforms, CV databases, cloud hosting, IT support).

  • Professional advisers (e.g., legal, accounting, insurance).

  • Public authorities where required by law.

  • Prospective or existing client organisations for the purpose of recruitment, consultancy placements, or project engagements (acting as independent controllers of your data once shared).

We require processors to keep data secure and to process it only on our documented instructions. We do not sell personal data.

8. International transfers

Where we transfer personal data outside the UK (for example, because a cloud provider stores data overseas), we will ensure appropriate safeguards are in place, such as UK Addendum/IDTA to the EU Standard Contractual Clauses and transfer risk assessments.

9. How long we keep data

We keep:

  • B2B marketing and lead records: typically up to 24 months from the last meaningful interaction, unless you opt out sooner (in which case we retain minimal suppression data indefinitely to respect your choice).

  • Client matter files and financial records: usually 6–7 years to meet tax and accounting requirements.

  • Candidate/applicant data: we keep candidate-talent-pool data for up to 12 months under legitimate interests. We will stop sooner if you object/opt out. We only retain beyond 12 months where you have given consent or where law permits or requires longer (e.g., to establish, exercise or defend legal claims).

We will keep data longer where necessary to establish, exercise or defend legal claims.Where a candidate has been submitted to a client organisation, we may retain submission records and related communications for up to 6 years for contractual, compliance, and legal defence purposes

10. Your rights

You have rights under the UK GDPR, including to request access, rectification, erasure, restriction, portability, and to object to processing (notably, an absolute right to object to direct marketing). Where we rely on consent, you may withdraw it at any time.

To exercise your rights, contact us using the details above. You also have the right to complain to the Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

11. Security

We use appropriate technical and organisational measures to protect personal data, including access controls, encryption in transit where feasible, regular patching, least-privilege access, staff training, and processor due diligence.

12. Cookies and similar technologies

Our website may use cookies, pixels and similar technologies. Please see our separate Cookie Policy and consent mechanism for details of categories, purposes and how to manage your preferences.

13. Contact & updates to this policy

If you have questions about this policy or our data protection practices, contact us using the details above. We may update this policy from time to time; we will post the latest version on our website with the effective date.

14. Candidate Representation and Client Submissions

Where you apply for a role or join our talent pool, we may:

  • Reformat or standardise your CV into a Planex Controls branded profile or company CV template;

  • Summarise or highlight relevant experience, skills and qualifications;

  • Present your profile to prospective client organisations for the purpose of securing contract or permanent engagements;

  • Share your personal data (including name, career history, qualifications and contact details where appropriate) with prospective client organisations for recruitment and business development purposes.

We will only submit your details to specific client organisations where we believe there is a legitimate opportunity relevant to your profile.

15. Use of Publicly Available Professional Information

Where you have provided consent, we may use publicly available professional information (such as details from LinkedIn or other professional networking platforms) to supplement your CV or profile. This may include:

  • Profile photographs;

  • Publicly listed qualifications or certifications;

  • Public career summaries.

We will only use such information for recruitment, client submission, or business development purposes and in accordance with your consent.

You may withdraw this consent at any time by contacting us.

16. Candidate Photograph and Profile Marketing Consent

Where you provide explicit consent, we may include your professional photograph and profile summary in branded candidate documents or marketing materials provided to prospective client organisations.

This consent is optional and may be withdrawn at any time. Withdrawal will not affect prior processing but will prevent future use of your photograph in marketing materials.

Lawful basis:
Legitimate interests in operating a recruitment and consultancy business and introducing suitable professionals to client organisations. You have the right to object at any time to this processing.

Appendix A – Candidate/Job Seeker Privacy Notice (summary)

What we collect: CV, contact details, work history, skills/qualifications, interview feedback, right-to-work documentation, and references.

Why we use it: to assess suitability for roles, arrange interviews, maintain a talent pool, and comply with legal obligations (e.g., right-to-work).

Lawful bases: legitimate interests (recruitment and maintaining a 12-month talent pool); steps taken at your request before entering a contract; consent only for extended retention beyond 12 months or where legally required; legal obligation (e.g., right-to-work). You can object to talent-pool processing at any time.

Sources: directly from you; from job boards, CV databases and recruitment partners; and publicly available professional profiles where lawful.

How long we keep it: usually 12 months from last contact if not hired, unless you consent to a longer period or law requires longer.

Your choices: object/opt out of talent-pool processing at any time; unsubscribe from emails using the link in each message or email info@planexcontrols.com; request deletion (subject to legal limits); withdraw consent where we rely on it.

 

bottom of page