Last updated: 22 March 2021
We are a private limited company registered in Gibraltar with registered office situated at World Trade Center, 1st Floor - Unit 1.02, 6 Bayside Road, Gibraltar and company registration number 120428.
This website is not intended for minors and We do not knowingly collect any personal data relating to minors.
We are the data controller in respect of your personal data, meaning that We make decisions as to how your personal data is processed. To such extent as We process the personal data ourselves, We will also be a data processor. We may also engage the services of other data processors (e.g. providers of server space on which We ‘host’ personal data and other business information) who process data on Our instructions.
“Personal data” (sometimes referred to as personal information), means any information about an individual (the “data subject”) from which that person can be identified, directly or indirectly; in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to the data subject’s physical, physiological, genetic, mental, economic, cultural or social identity. It does not include data where the identity has been removed (anonymous data).
While using Our App and in order to provide features of Our App, We may collect, use, store and transfer personal data, with your prior permission (i.e. your consent). The different kinds of personal data used is summarised under the 'Our App users' heading below.
We use this information to provide Our services, as well as to improve and customize the user experience. The information may be uploaded to Our servers and/or data processors’ servers or it may be simply stored on your device. You can enable or disable access to this information at any time, through your device settings.
You are not obliged to provide your personal data to Us. We rely on your consent to obtain and process your personal data in order to streamline and simplify the supply of your personal data to restaurants/catering establishments, as well as relevant Public Health authorities. As a result, the personal data we collect is sourced directly from you, when you input your personal data into the fields provided within Our App and register as a user, or where you input personal data onto forms on Our website. Further, We process personal data when you scan a barcode in an establishment that uses Our services (e.g. your location at that establishment at that particular time is recorded, and aggregated to the information you have already provided).
For avoidance of doubt, the provision of your personal data to such establishments/ authorities is a statutory requirement, but there is no contractual or statutory requirement to provide your personal data to Us. Accordingly, you may opt to provide this information yourself, without using Our App. Disabling access to your personal data (e.g. disabling camera access via CAMERA) means Our App will not be able to function properly, as it relies on your consent to scan QR codes in different establishments to effectively allow you to ‘check-in’. This means you will not benefit from Our Services in streamlining and simplifying the process of providing your information to relevant establishments/ authorities, and will have to do so manually.
Our App users:
Our App collects information:
(i) at the sign-up/registration stage;
(ii) on an ongoing (persistent) basis during App use for diagnostic/performance reasons (not all of which is personal data); and
(iii) on a one-off basis each time you use the QR code scanning functionality.
The information collected is as follows:
Our website users:
The following information is collected and processed when you provide it to Us on Our website, or when you login as a registered business customer:
If you contact Us directly, We may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send Us, and any other information you may choose to provide.
We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).
Login Data. We store users’ check-in data via Our App when scanning Planit QR Codes (this will be stored for a maximum of 10 days). Any business at which you have checked in by scanning the Planit QR Code will be able to view your name, contact number and time and date of check-in. This check-in data will only exist for 10 days at which date it will be deleted from Our database and will simultaneously result in the business not being able to view your name, contact number and time and date of check-in.
We will also share all user check-in data via Our App with Public Health Gibraltar in order to aid the tracking and tracing of COVID-19 in accordance with the Data Protection Act only on public health grounds. Public Health Gibraltar may contact any of Our users who have come into contact with someone who has tested positive for COVID-19.
Business Data. We store the business data highlighted above, provided during registration and during account setup, in order for businesses to view user check-in data and comply with the Gibraltar Government’s Track & Trace requirements. For the avoidance of doubt, contact tracing is an important part of a public health response to any virus outbreak. It is the process of identifying people who may have come into close contact with someone who has tested positive for a contagious virus (in this case COVID- 19).
Business logos and menu(s) are the property of the business registered with Us and this information is shared with users when they scan any Planit QR Code to improve their user experience.
Where We intend to further process personal data for a purpose other than that for which the personal data were collected, We would provide you with information on that other purpose prior to that further processing, together with additional information as required by law.
All other personal data. This is used to:
We may use personal data for the following purposes:
We follow a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
No transfer of your personal data to third countries
We do not transfer your personal data to third countries. We will ensure that any transfer of Personal Data outside the European Economic Area (EEA) to what are commonly referred to as “third countries” is only effected to such extent as allowed by applicable legislation, and subjected to additional safeguards that are appropriate to ensure the processing of your data outside of the EEA remains within Our control as far as possible and allows you to continue to enforce your rights as a data subject. The EEA includes all the EU Members States, plus Norway, Iceland and Liechtenstein.
No automated decision-making
We do not use automatic decision-making or profiling when processing personal data. This means decisions are not made by robots or computers, and therefore not ‘automated’. However, certain third parties may use certain automated decision-making tools or software. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.
Security of your personal data
We are committed to taking appropriate measures designed to keep your personal data secure. Our technical, administrative and physical procedures are designed to protect personal data and non-personal data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.
Although the transmission of information via the internet is not completely secure, we take all reasonable steps to protect personal data from loss, misuse or alteration when it is within our control. For example, if you choose to complete our online forms, we will ensure that personal data are stored on password-protected databases or secure servers, which not every employee will have access to. Additionally, we use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information and have other security measures in place to help prevent fraud and cybercrime. Whilst we take appropriate technical and organisational measures to safeguard your personal information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.
Advertising Partners Privacy Policies
Third party privacy policies
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, you can refer to user settings and user guides for your particular web browser(s).
GDPR Data Protection Rights
The law gives you specific rights over your information, such as the right to be informed of Our use of information about you, and your right to access your information.
We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
The right to rectification – You have the right to request that We correct any information you believe is inaccurate or mistaken. You also have the right to request that We complete the information you believe is incomplete.
The right to erasure – You have the right to request that We erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that We restrict the processing of your personal data, under certain conditions, for example in instances where you contest the accuracy of the data.
The right to object to processing – You have the right to object to Our processing of your personal data, under certain conditions.
The right to data portability – You have the right to request that We transfer the data that We have collected to another organisation, or directly to you, under certain conditions and in compliance with Gibraltar law and / or EU Law (where applicable).
The right to object – You have the right to object, at any time, to your personal data being processed for direct marketing (if any).
You also have the right to make a complaint at any time to the Gibraltar Regulatory Authority (GRA), Gibraltar’s supervisory authority for data protection issues. You can contact them on:
For further information on each of the above rights, including the circumstances in which they apply, please contact Us or see the guidance from the Gibraltar Regulatory Authority: https://www.gra.gi/news/rights-of-individuals-under-GDPR
If you make a request, We have one month to respond to you. If you would like to exercise any of these rights, please contact Us.
Another part of Our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
We do not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on Our website, We strongly encourage you to contact Us immediately and We will do Our best efforts to promptly remove such information from Our records.
Hopefully the above information has clarified things for you. However, if you are still looking for more information, then you can contact Us by using the Contact Us section of Our website. Alternatively, you may write to Us on the address below:
Address: World Trade Center, 1st Floor - Unit 1.02, 6 Bayside Road, Gibraltar, GX11 1AA