Privacy Policy

PRIVACY POLICY – LONDON EXTEND LTD

​

Effective Date: 1st June 2025
Last Updated: 1st June 2025

​

1. Introduction & Who We Are

1.1. Welcome to London Extend! This Privacy Policy explains how LONDON EXTEND LTD ("London Extend," "we," "us," or "our"), a company registered in England and Wales (company number 13073490) with its registered office at 1 Empire Mews, London, England, SW16 2BF, collects, uses, shares, and protects your personal data when you visit our websites https://www.londonextend.com and https://www.londonextend.co.uk (collectively, the "Website"), create an account, or use our architectural planning services (the "Services").

1.2. We are committed to protecting your privacy and complying with our obligations under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1.3. For the purpose of the UK GDPR, London Extend Ltd is the Data Controller of the personal data you provide to us.

1.4. This Privacy Policy should be read in conjunction with our Terms & Conditions and our Cookie Policy [Link to Cookie Policy - To be created].

​

2. What Personal Data We Collect

2.1. We may collect and process the following categories of personal data about you:
a. Identity Data: Full name, title.
b. Contact Data: Physical address (property address and billing address if different), email address, phone numbers.
c. Property Data: Photographs of properties, existing plans of properties, details about the property relevant to planning applications.
d. Service Data: Information you provide by filling in forms on our Website (e.g., service request forms, information about your project requirements), details of Services you have purchased.
e. Account Data: Username, password (stored in hashed format), purchase history, communications with us.
f. Transaction Data: Details about payments to and from you and other details of products and services you have purchased from us (Note: Full payment card details are typically processed by our third-party payment processor and not held by us).
g. Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website. (This is often collected automatically, e.g., by Wix).
h. Usage Data: Information about how you use our Website and Services.
i. Communications Data: Your preferences in receiving marketing from us (if applicable) and your communication preferences, records of your correspondence with us.

2.2. We do not knowingly collect any "Special Categories of Personal Data" about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data).

​

3. How We Collect Your Personal Data

3.1. We collect personal data in the following ways:
a. Direct Interactions: You provide us with your personal data when you:
* Fill in forms on our Website (e.g., contact forms, service request forms, account registration).
* Correspond with us by post, phone, email, or otherwise.
* Create a User Account on our Website.
* Purchase our Services.
* Submit documents, photographs, or plans to us.
b. Automated Technologies or Interactions: As you interact with our Website, we (and our third-party service providers like Wix) may automatically collect Technical Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies and other similar technologies. Please see our Cookie Policy [Link to Cookie Policy - To be created] for further details.

​

4. How We Use Your Personal Data & Our Lawful Basis for Processing

4.1. We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances and based on the following lawful bases:

a.  To provide our Services and manage our contract with you: When you register as a new client, create an account, or purchase our architectural planning Services, we use your Identity Data, Contact Data, Account Data, Property Data, Service Data, Transaction Data, and Communications Data. The lawful basis for this processing is the Performance of a contract with you. This includes preparing and submitting planning applications to local councils, where we may also rely on Legal obligation if specific information is statutorily required for such applications.

b.  To manage payments: For processing payments for our Services, we use your Identity Data, Contact Data, Transaction Data, and Account Data. The lawful basis is the Performance of a contract with you.

c.  To manage our relationship with you: This involves responding to your inquiries, providing updates on your projects, and seeking feedback. For this, we use your Identity Data, Contact Data, Account Data, and Communications Data. Our lawful basis is the Performance of a contract with you, and our Legitimate interests (specifically, to keep our records updated, to study how customers use our services, and to maintain good customer relations).

d.  To administer and protect our business and Website: This includes activities like troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data. We use Identity Data, Contact Data, Technical Data, and Usage Data for these purposes. Our lawful basis is our Legitimate interests (for running our business, providing administration and IT services, and ensuring network security), and in some cases, Legal obligation

e.  To comply with legal or regulatory obligations: Where required by law, we may need to process your Identity Data, Contact Data, and Transaction Data to comply with such obligations. The lawful basis for this is Legal obligation.

4.2. We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

4.3. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

​

5. Sharing Your Personal Data

5.1. We may have to share your personal data with the parties set out below for the purposes outlined in Section 4:
a. Local Planning Authorities (Councils): To submit planning applications and related communications as part of the Services you have requested.
b. Third-Party Service Providers (Data Processors):
* Our website hosting provider (Wix), who hosts the Website and data submitted through it.
* Our payment processing provider ([To be confirmed - e.g., Stripe, PayPal]), who will process your payment information securely.
* Analytics providers (e.g., if using Google Analytics via Wix) to help us improve our Website and services.
* Cloud storage providers, if used for storing project files.
c. Professional Advisers: Including lawyers, bankers, auditors, and insurers based in the UK who provide consultancy, banking, legal, insurance, and accounting services.
d. HM Revenue & Customs, regulators, and other authorities based in the UK who require reporting of processing activities in certain circumstances or if legally compelled.
e. Third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal data in the same way as set out in this privacy policy.

5.2. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

​

6. International Data Transfers

6.1. Some of our external third-party service providers (e.g., Wix, payment processors, cloud service providers) may be based outside the UK or European Economic Area (EEA), or may process data outside these areas.
6.2. Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
a. We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK authorities (an "adequacy decision").
b. Where we use certain service providers, we may use specific contracts approved by the UK authorities which give personal data the same protection it has in the UK (e.g., Standard Contractual Clauses or the UK's International Data Transfer Agreement).

6.3. Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK/EEA.

​

7. Data Retention

7.1. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

7.2. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

7.3. General Retention Guidelines (you will need to define specific periods):
* Client Project Files (including plans, correspondence, application details): Typically retained for a period after project completion (e.g., 6-12 years) to address any post-completion queries, for professional indemnity insurance purposes, or legal requirements.
* Account Information: For as long as the account is active and for a reasonable period thereafter (e.g., 6 years for financial records related to the account).
* Financial and Transaction Data: For at least 6 years after the end of the relevant tax year for HMRC purposes.
* Enquiries not leading to a service: For a shorter period (e.g., 1-2 years).
* [You must finalise these periods for your internal policy and reflect them here or state that details are available on request.]

7.4. In some circumstances, you can ask us to delete your data: see Section 8 below for further information.

​

8. Your Data Protection Rights

8.1. Under UK data protection law, you have rights regarding your personal data, including:
a. Right to be informed: To be informed about how we collect and use your personal data (which is what this Privacy Policy aims to do).
b. Right of access: To request access to your personal data (commonly known as a "data subject access request").
c. Right to rectification: To request correction of the personal data that we hold about you if it is inaccurate or incomplete.
d. Right to erasure ('right to be forgotten'): To request the deletion or removal of your personal data where there is no compelling reason for us to keep using it.
e. Right to restrict processing: To request the suspension of the processing of your personal data in certain circumstances.
f. Right to data portability: To request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format (this applies to data processed by automated means based on your consent or for the performance of a contract).
g. Right to object: To object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
h. Rights related to automated decision making and profiling: We do not currently conduct automated decision-making or profiling that has legal or similarly significant effects.
i. Right to withdraw consent: Where we are relying on consent to process your personal data, you have the right to withdraw that consent at any time.

8.2. If you wish to exercise any of the rights set out above, please contact us at info@londonextend.com.

8.3. You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

8.4. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

​

9. Data Security

9.1. We have put in place appropriate technical and organisational security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. For example:
* Our Website is hosted by Wix, which implements its own security measures for its platform.
* We use SSL technology (encryption) for data transmitted via our Website.
* Access to your personal data is limited to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

9.2. While we strive to protect your personal information, we cannot guarantee the security of data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

9.3. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (like the ICO) of a breach where we are legally required to do so.

​

10. Cookies

10.1. Our Website uses cookies. Cookies are small text files placed on your device to collect standard Internet log information and visitor behaviour information.
10.2. We use cookies to [e.g., make our website work, improve user experience, analyse website traffic - you need to confirm this with Wix's actual cookie usage].
10.3. For detailed information on the cookies we use and the purposes for which we use them, please see our Cookie Policy [Link to Cookie Policy - To be created and linked here]. You will be able to manage your cookie preferences via a consent banner on our Website.

​

11. Children's Privacy

11.1. Our Website and Services are not intended for children under the age of 18, and we do not knowingly collect personal data relating to children. If you are under 18, please do not use or provide any information on this Website or through any of its features.

​

12. Changes to This Privacy Policy

12.1. We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically for any changes.

​

13. How to Contact Us & Complaints

13.1. If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your data protection rights, please contact us at:
Email: info@londonextend.com
Postal Address: Data Protection, LONDON EXTEND LTD, 1 Empire Mews, London, England, SW16 2BF

13.2. You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.