top of page

Privacy & Cookies Policy

Last updated: 22 March 2021

Privacy Policy 


Book & Plan It Limited (“We”, “Us” or “Our”) trading as “Planit” ask that you read this privacy policy (this “Privacy Policy”) carefully as it contains important information on who We are, how and why We collect, store, use and share personal data, your rights in relation to your personal data and on how to contact Us and supervisory authorities in the event you have a complaint.

To the extent that you are a customer or user of Our services, this Privacy Policy applies together with Our Terms of Use and any other terms We provide with Our products and services at the time of your registration. Users of Our services include individuals (natural persons) and businesses (legal persons). This Privacy Policy is aimed at individuals, although some businesses operate as sole traders or are not classed as legal persons, which means they will have certain data protection rights in the same way as natural persons.

About Us

We are a private limited company registered in Gibraltar with registered office situated at World Trade Center, 1st Floor - Unit 1.02, 6 Bayside Road, Gibraltar and company registration number 120428.

This Privacy Policy aims to give you information on how We collect and process your personal data through the use of Our website and Our Planit Gib App (“Our App”), including any data you may provide through Our website or Our App when you login, register, scan a QR code using Our App, contact Us or submit feedback.

One of Our  main priorities is the privacy of Our visitors and users of Our services, and therefore, Our commitment to protecting your personal data whether accessing Our services via Our App. By visiting and / or using Our services via Our App, you agree and where required you consent to the collection, use and transfer of your personal data as set out in this Privacy Policy.

This website is not intended for minors and We do not knowingly collect any personal data relating to minors.

It is important that you read this Privacy Policy together with Our Cookie Policy and/or any other policy/ies We may provide on specific occasions when We are collecting or processing personal data about you so that you are fully aware of how and why We are using your personal data. By using Our website, you hereby consent to Our Privacy Policy and agree to Our Terms of Use. By using Our App you also consent to Our Privacy Policy, although you will be specifically prompted to grant certain App “permissions” to signify your consent and allow Our App to function properly.

If you have additional questions or require more information about Our  Privacy Policy, do not hesitate to contact Us by using the Contact Us section of Our website, or on the details set out in this Privacy Policy.

The Controller

We are the data controller in respect of your personal data, meaning that We make decisions as to how your personal data is processed. To such extent as We process the personal data ourselves, We will also be a data processor. We may also engage the services of other data processors (e.g. providers of server space on which We ‘host’ personal data and other business information) who process data on Our instructions.

Information We collect

“Personal data” (sometimes referred to as personal information), means any information about an individual (the “data subject”) from which that person can be identified, directly or indirectly; in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to the data subject’s physical, physiological, genetic, mental, economic, cultural or social identity. It does not include data where the identity has been removed (anonymous data).

While using Our App and in order to provide features of Our App, We may collect, use, store and transfer personal data, with your prior permission (i.e. your consent). The different kinds of personal data used is summarised under the 'Our App users' heading below.

We use this information to provide Our services, as well as to improve and customize the user experience. The information may be uploaded to Our servers and/or data processors’ servers or it may be simply stored on your device. You can enable or disable access to this information at any time, through your device settings.

You are not obliged to provide your personal data to Us. We rely on your consent to obtain and process your personal data in order to streamline and simplify the supply of your personal data to restaurants/catering establishments, as well as relevant Public Health authorities. As a result, the personal data we collect is sourced directly from you, when you input your personal data into the fields provided within Our App and register as a user, or where you input personal data onto forms on Our website. Further, We process personal data when you scan a barcode in an establishment that uses Our services (e.g. your location at that establishment at that particular time is recorded, and aggregated to the information you have already provided).

For avoidance of doubt, the provision of your personal data to such establishments/ authorities is a statutory requirement, but there is no contractual or statutory requirement to provide your personal data to Us. Accordingly, you may opt to provide this information yourself, without using Our App. Disabling access to your personal data (e.g. disabling camera access via CAMERA) means Our App will not be able to function properly, as it relies on your consent to scan QR codes in different establishments to effectively allow you to ‘check-in’. This means you will not benefit from Our Services in streamlining and simplifying the process of providing your information to relevant establishments/ authorities, and will have to do so manually.

Our App users:

Our App collects information:

  1. at the sign-up/registration stage;

  2. on an ongoing (persistent) basis during App use for diagnostic/performance reasons (not all of which is personal data); and

  3. on a one-off basis each time you use the QR code scanning functionality.

The information collected is as follows:

  • Identity data includes first name and last name and may include any similar identifier(s) used by you when accessing Our App.

  • Contact data includes email address and telephone number(s).

  • Profile data includes your name, email and phone number, support requests and feedback.

  • Technical data includes internet protocol (IP) address, your login data (this refers to the date and time you have checked in to a location by scanning any Planit QR code and is strictly only kept for 10 days), time zone setting and location, browser plug-in types/versions, operating system/platform, and other technology on the devices you use to access the App.

  • Usage data includes login data which is strictly kept for 10 days only after which it will be removed from Our  database.

  • Marketing and communications data includes your preferences in receiving marketing from Us and Our third parties and your communication preferences.

  • Usage Data is collected automatically when using the Service.

  • Usage Data may include information such as your device's Internet Protocol address (e.g. IP address, WIFI state), camera via CAMERA (to scan QR code), Photo (to set the time and date of your visit, and other diagnostic data).

  • When you access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device you use, your mobile operating system, unique device identifiers and other diagnostic data.

  • While using Our App, in order to provide features of Our App, We may collect, with your prior permission:

    • We use camera via CAMERA to scan the Restaurant QR code only and this information to provide features of Our Service, to improve and customize Our Service. The information may be uploaded to the Company's servers and/or data processors’ servers or it may be simply stored on your device.

  • You can enable or disable access to this information at any time, through your Device settings.

Our website users:

We may collect and process personal data about your use of Our website, and further information on how this happens is covered in Our Cookie Policy. In many cases, this data is de-identified or anonymised so that it is no longer personal data. Our website is designed so you can simply browse without providing basic personal identifiers (e.g. your name, email etc.), but certain technical data may still be collected which constitutes personal data, as detailed below.

The following information is collected and processed in every case (see further information in Our Cookie Policy):

  • Technical data includes internet protocol (IP) address, your business’ login data (this refers to the date and time users have checked in to your business by scanning any Planit QR code and is strictly only kept for 10 days), time zone setting and location, browser plug-in types/versions, operating system/platform, and other technology on the devices you use to access Our website.

The following information is collected and processed when you provide it to Us on Our website, or when you login as a registered business customer:

  • Identity data includes first name and last name and may include any similar identifier(s) used by you when entering information into forms provided Our website.

  • Contact data includes email address and telephone number(s).

  • Business Account data includes Company Name (or Business Name if operating as a sole trader, partnership or similar), Business Address, Business Name (if different to the Company Name), Business License Number, Business Email, Business Contact Number, Business Logo, Restaurant/Cafe/Bar Menu(s), whether or not the business is registered with the Gibraltar Environmental Agency and the number of tables for seating if the business is a dining establishment. Note that not all of this data falls under the classification of personal data as defined in this Privacy Policy, to the extent that it does not relate to an individual, natural person.

  • Usage data includes login data which is strictly kept for 10 days only after which it will be removed from Our database.

  • Marketing and communications data includes your preferences in receiving marketing from Us and Our third parties and your communication preferences.

  • Support Requests & Feedback data includes name, email, company name and the contents of your query/feedback when completing the Contact Us form.

If you contact Us directly, We may receive additional information about you such as your name, email address, phone number, the contents of the message and/or attachments you may send Us, and any other information you may choose to provide.

We do not collect any special categories of personal data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

How We use your information

Login Data. We store users’ check-in data via Our App when scanning Planit QR Codes (this will be stored for a maximum of 10 days). Any business at which you have checked in by scanning the Planit QR Code will be able to view your name, contact number and time and date of check-in. This check-in data will only exist for 10 days at which date it will be deleted from Our database and will simultaneously result in the business not being able to view your name, contact number and time and date of check-in.

We will also share all user check-in data via Our App with Public Health Gibraltar in order to aid the tracking and tracing of COVID-19 in accordance with the Data Protection Act only on public health grounds. Public Health Gibraltar may contact any of Our users who have come into contact with someone who has tested positive for COVID-19.

Business Data. We store the business data highlighted above, provided during registration and during account setup, in order for businesses to view user check-in data and comply with the Gibraltar Government’s Track & Trace requirements. For the avoidance of doubt, contact tracing is an important part of a public health response to any virus outbreak. It is the process of identifying people who may have come into close contact with someone who has tested positive for a contagious virus (in this case COVID- 19).

Business logos and menu(s) are the property of the business registered with Us and this information is shared with users when they scan any Planit QR Code to improve their user experience.

Where We intend to further process personal data for a purpose other than that for which the personal data were collected, We would provide you with information on that other purpose prior to that further processing, together with additional information as required by law.

All other personal data. This is used to:

  • Provide, operate, and maintain Our website and Our App;

  • Improve, personalise, and expand Our website and Our App;

  • Understand and analyse how you use Our App;

  • Develop new products, services, features, and functionality;

  • Communicate with you, either directly or through one of Our partners, including for customer service, to provide you with updates and other information relating to Our website and Our App, and for marketing and promotional purposes; and

  • Send you emails (including responding to support requests and/or feedback.

We may use personal data for the following purposes:

  • To provide and maintain Our services, including to monitor the usage of Our services;

  • To manage your user account: to manage your registration as a user of Our services. The personal data you provide can give you access to different functionalities of the services that are available to you as a registered user.

  • For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased (if any) or of any other contract with Us in relation to Our services.

Log Files

We follow a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analysing trends, administering the site, tracking users' movement on the website, and gathering demographic information.

No transfer of your personal data to third countries

We do not transfer your personal data to third countries. We will ensure that any transfer of Personal Data outside the European Economic Area (EEA) to what are commonly referred to as “third countries” is only effected to such extent as allowed by applicable legislation, and subjected to additional safeguards that are appropriate to ensure the processing of your data outside of the EEA remains within Our control as far as possible and allows you to continue to enforce your rights as a data subject. The EEA includes all the EU Members States, plus Norway, Iceland and Liechtenstein.

No automated decision-making

We do not use automatic decision-making or profiling when processing personal data. This means decisions are not made by robots or computers, and therefore not ‘automated’. However, certain third parties may use certain automated decision-making tools or software. We are not responsible for the privacy practices of others and will take reasonable steps to bring such automated decision-making to your attention, but you are encouraged to become familiar with the privacy practices of any third parties you enter into any agreements with.

Security of your personal data

We are committed to taking appropriate measures designed to keep your personal data secure. Our technical, administrative and physical procedures are designed to protect personal data and non-personal data from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal data submitted to us, both during transmission and once it is received.

Although the transmission of information via the internet is not completely secure, we take all reasonable steps to protect personal data from loss, misuse or alteration when it is within our control. For example, if you choose to complete our online forms, we will ensure that personal data are stored on password-protected databases or secure servers, which not every employee will have access to. Additionally, we use technologies and processes such as access control procedures, network firewalls, encryption and physical security to protect the privacy of information and have other security measures in place to help prevent fraud and cybercrime. Whilst we take appropriate technical and organisational measures to safeguard your personal information, please note that we cannot guarantee the security of any data that you transfer over the internet to us.

Advertising Partners Privacy Policies

Third-party ad servers or ad networks use technologies like cookies, JavaScript, or Web Beacons that are used in their respective advertisements and links that appear on Our  website, which are sent directly to users' browsers. They automatically receive your IP address when this occurs. These technologies are used to measure the effectiveness of their advertising campaigns and/or to personalise the advertising content that you see on websites that you visit.

Note that We have no access to or control over these cookies that are used by third-party advertisers. See further information on Our use of cookies in Our Cookie Policy.

Third party privacy policies

Our Privacy Policy does not apply to other advertisers or websites. Thus, We are advising you to consult the respective privacy policies of these third-party ad servers / data controllers/processors for more detailed information. Such policies may include their practices and instructions about how to opt-out of certain options.

You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, you  can refer to user settings and user guides for your particular web browser(s).

GDPR Data Protection Rights

The law gives you specific rights over your information, such as the right to be informed of Our use of information about you, and your right to access your information.

If you have any concerns or questions please contact Us by using the Contact Us section of Our website, or on the details set out in this Privacy Policy.

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that We correct any information you believe is inaccurate or mistaken. You also have the right to request that We complete the information you believe is incomplete.

The right to erasure – You have the right to request that We erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that We restrict the processing of your personal data, under certain conditions, for example in instances where you contest the accuracy of the data.

The right to object to processing – You have the right to object to Our processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that We transfer the data that We have collected to another organisation, or directly to you, under certain conditions and in compliance with Gibraltar law and / or EU Law (where applicable).

The right to object – You have the right to object, at any time, to your personal data being processed for direct marketing (if any).

The right to withdraw consent – You have the right to withdraw consent at any time (but this shall not affect the lawfulness of Our processing based on consent before its withdrawal). You may exercise this right by (i) choosing the “Delete Account” option found in Our App settings or (ii) contacting Book & Plan It Limited on the contact details contained in this Privacy Policy.

You also have the right to make a complaint at any time to the Gibraltar Regulatory Authority (GRA), Gibraltar’s supervisory authority for data protection issues. You can contact them on:

For further information on each of the above rights, including the circumstances in which they apply, please contact Us or see the guidance from the Gibraltar Regulatory Authority:

If you make a request, We have one month to respond to you. If you would like to exercise any of these rights, please contact Us.

Children's Information

Another part of Our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.

We do not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on Our website, We strongly encourage you to contact Us immediately and We will do Our best efforts to promptly remove such information from Our records.

Review of this Privacy Policy

We may amend this Privacy Policy at any time, so remember to keep up to date by checking Our website every so often on Where we update this Privacy Policy, we will notify those who have a business relationship with us, have an online account with us, or who are subscribed to our emailing lists directly of the changes, and change the ‘Last updated’ date above. Any amended policy will be effective immediately on the date stated therein. In addition, we may use ‘in-app’ notifications to notify Our App users of changes to our products and services, including this Privacy Policy. If you do not agree to the revised Privacy Policy, you should discontinue your use of Our website and/or Our App, and withdraw consent as outlined above or by contacting us.

Cookie Policy 

We use cookies on our website for a number of purposes,namely to improve user experience and by continuing to browse the website, you are agreeing to our use of cookies.

What Are Cookies

As is common practice with almost all websites, this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or 'break' certain elements of our website’s functionality.

For more general information on cookies, please visit here.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you enable all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

We use cookies on our site. Any browser visiting these sites will receive cookies from us.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of this site. Therefore, it is recommended that you do not disable cookies. 

The Cookies We Set

  • Account related cookies
    If you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.

  • Login related cookies
    We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.

  • Email newsletters related cookies
    This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.

  • Forms related cookies
    When you submit data through a form such as those found on ‘Business Registration’ or ‘Contact Us’, cookies may be set to remember your user details for future correspondence.

  • Site preferences cookies
    In order to provide you with a great experience on this site, we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences, we need to set cookies so that this information can be called whenever you interact with our website.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

  • We may use Google Analytics to collect data about website usage. This data does not include personally identifiable information. You can view the Google Privacy Policy here:

  • We use Google reCAPTCHA solution for preventing spam requests on our public contact forms, and user signup pages.

  • We may use cloudflare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. You can view the cloudflare Privacy Policy here:

  • Third party analytics may be used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on our website or pages you visit which helps us to understand how we can improve our website for you.

  • From time to time, we test new features and make subtle changes to the way that our website is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on our website whilst ensuring we understand which optimisations our users appreciate the most.

  • We may use the Google AdSense service to serve advertising and this uses a DoubleClick cookie to serve more relevant ads across the web and limit the number of times that a given ad is shown to you.
    For more information on Google AdSense see the official Google AdSense privacy FAQ.

  • We also use social media buttons and plugins on this site that allow you to connect with your social network in various ways. For these to work, the following social media sites including; Facebook, Instagram and LinkedIn, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

Contact Information

Hopefully the above information has clarified things for you. However, if you are still looking for more information, then you can contact Us by using the Contact Us section of Our website. Alternatively, you may write to Us on the address below:

Address: World Trade Center, 1st Floor - Unit 1.02, 6 Bayside Road, Gibraltar, GX11 1AA 

bottom of page