CODEplan Privacy Notice 

CODEplan aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and the guidelines on the Information Commissioner’s website. 

Karen Penfold is the Information Governance Lead for CODEplan Ltd, part of the Agilio Software Group. The Agilio Software Group trade as Agilio Software, CODEplan and Isopharm. Agilio Software is the registered trademark of Agilio Software BidCo Limited, registered at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB, Company number 12242288 and VAT number 344765282. The group incorporates Isopharm Limited, registered at 79 Leigh Street, Sheffield, S9 2PR, Company number 03843619 and VAT number 737943788 and CODEplan Limited, registered at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB, Company number 03927086 and VAT number 865046024. 

Our websites are agilio.seoworks.dev, icomply.cc, training.isopharm.co.uk, id.agilio.seoworks.dev, icomply.agilio.seoworks.dev, ilearn.agilio.seoworks.dev, shop.agilio.seoworks.dev, our mobile applications (“mobile apps”) are the iComply app, services, tools, and other applications (collectively, the “Websites”).

This privacy notice is available on the company websites on agilio.seoworks.dev at agilio.seoworks.dev on agilio.seoworks.dev/agilio-privacy-notice, on icomply.cc at icomply.cc/icomply-privacy-notice/ by emailing info@agiliosoftware.com or by calling 01409 254 354.

You will be asked to provide personal data when joining as a member. The purpose of collecting your personal data is to provide the optimum membership services to you. We also collect and process the personal data of our employees and for individuals who have expressed interest in CODEplan and Agilio Software services. 

Members of CODEplan, members of iComply application, members of the iTeam HR service, members of iLearn CPD, members of the Quality Practice Scheme and CODEplan practices are (“Members”). Individuals who use CODEplan services such as consultancy, training and seminars are for the purposes of this agreement are (“Clients”). 

Our lawful basis for processing the personal data of Members is: 

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” 

Our lawful basis for processing data of Members’ patients, in order to administer dental plans is: 

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.” 

Our lawful basis for the processing special category data of Members’ patients, in order to administer dental plans is: 

“Processing is necessary for health care purposes” 

Our lawful bases for processing employees’ and self-employed contractors special category data are: 

“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee.” 

“Processing necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with the view to enabling such equality to be promoted or maintained” 

“Consent is obtained for Criminal record checks”

Our lawful basis for processing Client data is: 

“Legitimate interests” – see the CODEplan Legitimate Interests Assessment (P 217S). 

The categories of data we process 
The categories and purposes of processing data are: 

We never pass personal data to a third party unless it is for processing on behalf of CODEplan or to meet a legal obligation. 
 
The personal data we process includes: 
 
Your name, address, gender, date of birth, email address, website address, financial details for processing subscriptions. For employees and self-employed CODEplan team members we may process more sensitive special category data including ethnicity, race, religion, or sexual orientation so that we can meet our obligations under the Equality Act 2010. We also process IP addresses so that we can continually improve our service to you and inform our marketing. 

Where our data is stored  

Personal data is stored in our email applications (Constant Contact, HubSpot, Awebber and FreshMarketer), on the head office encrypted networked computers, in the CRM programme at head office called Enterprise MRM/Tribe, on the Brighton Hub encrypted computers and on company laptops and mobile phones. Online backups are stored in encrypted format with Data Barracks. We use Microsoft 365 and Dropbox. Practice and personal data is stored on iComply using Amazon Web Services. Full details of who processes data on our behalf and the contracts we have with them is in our Information Governance Procedures (P 217C) available upon request. 
 
Our data processors store personal data in the EU in digital and hard copy formats. Data processors outside of the EU are only in the USA and are companies who are certified for the EU-US Privacy Shield and have appropriate GDPR compliance terms and conditions. Personal data is obtained when a Member subscribes to a membership, when a Client requests a CODEplan service and when a non-member subscribes to a CODEplan email list. 
 
You have the following personal data rights: 

Retention of personal data  

The retention period for members’ data is 10 years as many members re-join after some years. The retention period for staff records and client data is 6 years. The retention period for non-member data is 2 years after it was last processed.  

You have the right to withdraw consent for important compliance notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or texts. You have the right to obtain a copy of your data records within one month of application, for which no fee will be charged. 

Privacy Impact Assessment  

We have carried out a Privacy Impact Assessment (P 217Q) and the details of how we ensure security of personal data is in our Physical Security Risk Assessment (P 217M). We have Information Governance Procedures (P 217C) and a Legitimate Interests Assessment (M 217S). Copies of these policies and procedures can be obtained from the contact details below. 

Complaints  

Please contact Karen Penfold at CODEplan for a comment, suggestion or a complaint about the processing of your data at info@agiliosoftware.com or by calling 01409 254 354 or by writing to CODEplan at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint. 

CODEplan procedures  

You can also use the contact details above to request copies of the following CODEplan policies or procedures:  

Further information  
CODEplan Contract as Data Processor   
CODEplan Cookie Policy  
CODEplan Privacy Policy 

CODEplan 
Karen Penfold, Information Governance Lead, 
Elm Tree House, 
Bodmin Street, 
Holsworthy, Devon, 
EX 22 6BB. 
Telephone 01409 254 354 
Email info@agiliosoftware.com. 

Updated 14th March 2021