Privacy Notice
This notice explains how Nexus Planning Limited collects, uses and protects personal data when people use our website, contact us or interact with us as part of our business activities.
Controller details
Who we are
Nexus Planning Limited is a UK town planning consultancy. For the purposes of this privacy notice, "Nexus", "we", "us" and "our" mean Nexus Planning Limited, registered in England and Wales under company number 08491440. Our registered office is Holmes House, Pear Place, London, England, SE1 8BT.
We are the controller of personal data collected through this website and through our general business activities, unless we tell you otherwise. This means we decide why and how your personal data is used.
Scope
What this notice covers
This notice explains how we use personal data about website visitors, clients, prospective clients, professional contacts, suppliers, consultants, public authority contacts, statutory consultees, community stakeholders and other people who interact with us.
Recruitment data is covered in our separate Recruitment Privacy Notice.
Information we use
Personal data we may collect
- Contact details such as name, job title, organisation, address, email address and telephone number.
- Information you provide when you complete a website form, email us, call us, attend an event, subscribe to updates or ask us to contact you.
- Business and project information linked to planning, development, consultation, research or other consultancy work.
- Correspondence, meeting notes, consultation feedback and records of communications.
- Technical data such as IP address, browser type, device information, pages visited and cookie preferences. Where analytics tools are active, this may also include website usage information.
- Marketing preferences and records of your communications with us.
- Supplier and consultant information, including contact details, payment administration details and contract records.
- Information needed for legal, regulatory, insurance, finance, audit or professional compliance purposes.
Special category data
Most of the personal data we use is business contact or project information. Occasionally, planning, consultation, recruitment or accessibility-related materials may include more sensitive information, such as health, disability, equality, accessibility, vulnerability or community-impact information. We will only use this type of information where it is necessary and where we have a lawful basis and any additional condition required by data protection law.
UK GDPR
How we use personal data and our lawful bases
We use personal data for the purposes below. The lawful basis we rely on will depend on the circumstances and the relationship we have with you.
| Purpose | What we do | Lawful basis |
|---|---|---|
| Responding to enquiries | To respond to website, email, telephone or event enquiries and to provide information about our services. | Legitimate interests; contract or steps before entering into a contract. |
| Providing consultancy services | To manage client relationships and deliver planning consultancy, research, community engagement and related professional services. | Contract; legitimate interests; legal obligation where relevant. |
| Project administration | To keep project records, coordinate meetings, liaise with authorities, consultees, communities and professional teams. | Legitimate interests; contract; legal obligation where relevant. |
| Website operation | To operate, secure and improve the website and understand how users interact with it. | Legitimate interests for essential operation and security; consent for non-essential cookies. |
| Marketing and updates | To send newsletters, event invitations, insight updates or similar business communications. | Consent where required; legitimate interests for appropriate business-to-business communications; always with an opt-out. |
| Finance and supplier management | To manage invoices, payments, contracts, procurement and supplier relationships. | Contract; legal obligation; legitimate interests. |
| Legal and professional compliance | To protect our business, respond to legal requests, manage disputes, comply with tax and accounting obligations and maintain insurance records. | Legal obligation; legitimate interests. |
Sources
Where we get personal data from
- Directly from you when you contact us, complete a form, attend a meeting or communicate with us.
- From our clients, project teams, professional advisers, consultants, local authorities, public bodies, statutory consultees and other stakeholders involved in a matter.
- From publicly available sources such as planning portals, Companies House, Land Registry, local authority websites, public consultation materials, professional directories and public registers.
- From website cookies and similar technologies, subject to your choices and applicable law.
Data sharing
Who we share personal data with
We may share personal data where appropriate and proportionate with:
- Project teams, sub-consultants, professional advisers and other parties involved in delivering our services.
- Local planning authorities, the Planning Inspectorate, statutory consultees, public bodies, community engagement platforms and other bodies involved in planning or consultation processes.
- IT, website hosting, email, Microsoft 365, form, website maintenance and other service providers who support our business systems.
- Insurers, auditors, accountants, legal advisers and other professional advisers.
- Regulators, courts, law enforcement agencies or public authorities where legally required or where necessary to protect our rights.
We do not sell personal data.
Retention
How long we keep personal data
We keep personal data only for as long as we need it for the purposes set out in this notice, including to meet legal, accounting, insurance, professional and project-record requirements. Our typical retention approach is:
| Record type | Typical retention period |
|---|---|
| Website enquiries | Up to 24 months after the last meaningful contact, unless the enquiry becomes a client or project matter. |
| Client and project records | Usually up to 7 years after project closure, or longer where needed for limitation, insurance, regulatory, planning history or ongoing project reasons. |
| Finance and tax records | Usually 6 years from the end of the relevant financial year, unless a longer period is required. |
| Marketing records | Until you unsubscribe or object, with a suppression record retained to respect your opt-out. |
| Cookie records | As set out in our Cookie Policy and consent platform. |
| Recruitment records | As set out in our Recruitment Privacy Notice. |
Website use
Marketing, cookies and security
Marketing
We may send business updates, insights, event invitations or similar communications where permitted by law. You can unsubscribe or ask us to stop sending marketing at any time by using the unsubscribe link in our emails or by contacting us.
Cookies
Our website uses cookies and similar technologies. Necessary cookies help the website work. Non-essential cookies, such as analytics, functional or advertising cookies, are controlled through our cookie banner and settings tool. Please see our Cookie Policy for more information.
Security
We use appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. Access to personal data is limited to people and service providers who need it for legitimate business purposes.
Individual rights
Your rights
Depending on the circumstances, you may have the right to:
- ask for access to your personal data;
- ask us to correct inaccurate or incomplete personal data;
- ask us to delete personal data;
- ask us to restrict how we use personal data;
- object to certain uses of personal data, including direct marketing;
- ask for personal data to be transferred to you or another organisation, where applicable;
- withdraw consent where we rely on consent; and
- complain to the Information Commissioner's Office.
To exercise your rights, contact us using the privacy contact details above. We may need to confirm your identity before responding.
Complaints
Data protection complaints
If you are concerned about how we use your personal data, please contact us first so that we can look into the issue. We will acknowledge data protection complaints within 30 days and respond without undue delay. More detail is set out in our Data Protection Complaints Procedure.
You also have the right to complain to the Information Commissioner's Office, the UK data protection regulator, at ico.org.uk.
Updates
Changes to this notice
We may update this notice from time to time. The latest version will be published on this website.
Questions about your data?
For privacy queries, rights requests or data protection complaints, please contact Nexus Planning using the details below.

