Privacy Policy

We are committed to protecting and respecting your privacy and this policy (together with our terms of use and any other documents referred to on it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

For the purpose of the Data Protection Act 1998  and subsequently the General Data Protection Regulation (the Act), Paraplan Plus Ltd of Boston House, Grove Business Park, Wantage, Oxfordshire, UK, OX12 9FF is the data controller.

What we collect from you

We may collect the following information from you:

  • Your full name and email address
  • Your company or organsiation name
  • Other information relevant to customer surveys and/or offers
  • We also collect data you enter into Moneyscope about your clients in order to use the service.

What we do with the information we gather

We use information held about you in the following ways:

  • To ensure that content from our site is presented in the most effective manner for you and for your computer.
  • Where you have consented to be contacted for such purposes, to provide you with information or services that you request from us or which we feel may interest you.
  • To carry out our obligations arising from any contracts entered into between you and us.
  • To promote and allow you to participate in any events or features which may offer on our site from time to time, when you choose to do so.
  • To notify you about changes to our service.


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online. You can see our Cyber Essentials Certificate here.

Where we store your personal data

If you live in the EU, the personal data relating to you that we collect may be transferred to, and stored at, locations outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA who work for us or for one of our service providers. As described in this Privacy Policy, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.

Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We will take all steps reasonably necessary to ensure that the recipients of your data will treat that data securely and in accordance with this policy.

We use a private virtual server in a data centre in the UK. Backups of the databases and an image of the entire virtual machine are taken daily. There is a 30 day retention policy for the nightly backups, and a 12 month retention policy for monthly backups. Backups are stored in up to 3 additional data centres for ‘geo-redundancy’, but these are all in the EEA.

We do use several third party businesses to provide the Moneyscope service including:

  • MadMimi for email marketing and mailing list management. It’s part of GoDaddy, based in the US and in Privacy Shield. Their privacy policy is here.
  • Pin Payments for credit and debit card processing. We use their API and do not store any card details ourselves. They are based in Australia and their privacy policy is here.
  • Sage Pay for collecting credit and debit card payments. They are based in Europe and their privacy policy is here.
  • Stripe Payments Europe Limited to collect and process payments on our behalf. They are based in the EU but may pass personal information to their parent company in the United States They are in Privacy Sheild and their privacy statement is here.

Unfortunately, the transmission of information via the internet is not completely secure. Athough we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

You are responsible for keeping your own password for the website secure.


When we provide ser­vices, we want to make them easy, use­ful and reli­able. Where ser­vices are delivered on the inter­net, this some­times involves pla­cing small amounts of inform­a­tion on your device, for example, com­puter or mobile phone. These include small files known as cook­ies. They can­not be used to identify you personally.

These pieces of inform­a­tion are used to improve ser­vices for you through, for example:

  1. Enabling a ser­vice to recog­nise your device so you don’t have to give the same inform­a­tion sev­eral times dur­ing one task;
  2. Recog­nising that you may already have given a user­name and pass­word so you don’t need to do it for every web page requested;
  3. Meas­ur­ing how many people are using ser­vices, so they can be made easier to use and there’s enough capa­city to ensure they are fast.

You can man­age these small files your­self and learn more about them through Inter­net browser cook­ies — what they are and how to man­age them

Our site uses two types of cookies: ‘Session’ and ‘Persistent’.

Ses­sion cook­ies: A ses­sion cookie lasts only for the dur­a­tion of your visit to the web­site. It will expire when you close your browser, or if you haven’t vis­ited the site for cer­tain period of time (called ses­sion idle timeout, in which case, the site will expire/invalidate the user session).

Per­sist­ent cook­ies: A per­sist­ent cookie will out­last user ses­sions. If a per­sist­ent cookie has its Max-Age set to 1 year, then, within the year, the ini­tial value set in that cookie would be sent back to site every time the user vis­its the site. This could be used to record a vital piece of inform­a­tion such as how you ini­tially came to the web­site. For this reason, per­sist­ent cook­ies are also called track­ing cookies.

Cook­ies for meas­ur­ing vis­itor num­bersGoogle Ana­lyt­ics is soft­ware that we use to track num­bers of web­site vis­it­ors. It uses the fol­low­ing cookies.


Typical content



ran­domly gen­er­ated num­ber

2 years


ran­domly gen­er­ated num­ber

30 minutes


ran­domly gen­er­ated num­ber

when you close the browser


ran­domly gen­er­ated num­ber + info on how the site was reached (e.g. dir­ectly or via a link, organic search or paid search)

6 months

For fur­ther details on the cook­ies set by Google Ana­lyt­ics, please refer to the Google Code web­site.

Links to other websites

Our site may, from time to time, contain links to and from the websites of our members, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Disclosure of your personal information

We may disclose your personal information to third parties:

  • If you have given your consent for us to do so for marketing or other specified purposes.
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights or property and the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Marketing and your rights

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by refusing your consent at the time of collection or at any other time by contacting us at

Access to, retention and deletion of information

The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act and we have 30 days to respond. You also have the right to ask us to erase, amend or limit the use of the data we hold about you. If there is a legitimate and permissible reason why we cannot do this we will explain why.

We have a retention policy which means we do not keep information we hold about you for longer than necessary unless we there is a legal obligation to do so.

Making a complaint

If for any reason you are not satisfied with our response, you can complain to the supervisory authority for data protection. In the UK this is:

Information Commissioner’s Office
Wycliffe House
Water Lane
0303 123 1113

Terminating your account

If you wish to terminate your account you can do so via the Account Management area or by emailing us at from the email address that you signed up with. Once we receive this email, providing the email matches your login details, we will terminate your account and any data relating to that account. Please note that there is no undo to this procedure.


Paraplan Plus Ltd may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This policy is effective from 21 May 2018.

Terms of use

Please see here.


Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to