Privacy Policy (GDPR)

Introduction

RBP Corp (hereinafter "we", "our", "DadPlans") attaches great importance to the protection of your personal data.

This Privacy Policy aims to inform you transparently about how we collect, use, share and protect your personal data when you use our website DadPlans.co.uk.

1. Data Controller

The data controller for your personal data is:

  • Company name: RBP Corp
  • Legal form: C-Corporation (Delaware, USA)
  • Address: 251 Little Falls Drive, Wilmington, New Castle County, Delaware 19808, USA
  • Email: contact@dadplans.co.uk
  • Data protection email: privacy@bpcorp.eu

EU Representative (Art. 27 GDPR):
We have appointed Prighter Group with its local partners as our privacy representative in the European Union. To exercise your privacy-related rights, please visit: https://app.prighter.com/portal/rbpcorp

2. Personal Data Collected

We collect the following personal data when you complete the contact form on our site:

Identification data:

  • First name
  • Surname
  • Email address
  • Phone number

Data about your situation:

  • Family situation (married, in a relationship, number of children)
  • Main objective (optional): family protection, retirement, wealth transfer, tax optimisation

Browsing data:

  • IP address
  • Browser type
  • Pages visited
  • Visit duration
  • Traffic source (referrer)

3. Purposes of Processing

Your personal data is collected and processed for the following purposes:

a) Connection with insurance advisors

  • Transmit your contact details to one or more certified partner advisors
  • Enable these advisors to contact you to offer personalised support

b) User relationship management

  • Respond to your requests for information
  • Send you a confirmation email of your request
  • Follow up on your request

c) Improvement of our services

  • Analyse use of our site to improve user experience
  • Measure the effectiveness of our advertising campaigns

4. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds:

  • Consent (Article 6.1.a of UK GDPR): For the transmission of your data to partner advisors and the use of non-essential cookies
  • Legitimate interest (Article 6.1.f of UK GDPR): For the improvement of our services and audience measurement
  • Legal obligation (Article 6.1.c of UK GDPR): For the retention of certain data for accounting and tax purposes

5. Recipients of Your Data

Your personal data is transmitted to the following recipients:

a) Certified partner advisors

Your data is transmitted to one or more certified insurance advisors, for the purpose of contacting you and offering you personalised support.

b) Technical service providers

  • Website host: Vercel Inc.
  • Analytics service: Google LLC (Google Analytics)
  • Advertising platform: Meta Platforms Ireland Limited (Meta Pixel)

We do not sell, rent or share your personal data with third parties for commercial purposes other than those described above.

5A. Sub-processors and Service Providers

To operate our services, we use the following sub-processors:

Sub-processorPurposeLocationSafeguards
Supabase Inc.Database hostingFrankfurt (EU) / USASCCs + AES-256 encryption
Vercel Inc.Website hosting, CDNGlobal (CDN) / USAUK IDTA + SCCs
Sentry (Functional Software Inc.)Error monitoring and technical diagnosticsUSAUK IDTA + SCCs
Meta Platforms Ireland LtdAdvertising pixel, campaign measurementIreland (EU) / USAUK IDTA + SCCs
Google LLCAnalytics, audience measurementUSAUK IDTA + SCCs

5B. International Data Transfers

Some of our sub-processors are located in the United States. Transfers of personal data to the United States are governed by the following mechanisms:

  • UK International Data Transfer Agreement (IDTA): for transfers to US-based processors, in accordance with the UK GDPR and the ICO's approved transfer mechanisms.
  • Standard Contractual Clauses (SCCs): as supplementary safeguards, in line with the EU Commission Implementing Decision 2021/914 and the UK Addendum.
  • Supplementary measures: encryption of data in transit (TLS 1.2+) and at rest (AES-256), strict access controls, and access logging.

6. Data Retention Period

Your personal data is retained for the following periods:

  • Connection data: 3 years from your last contact with a partner advisor
  • Browsing data and cookies: 13 months maximum
  • Accounting and tax data: 7 years in accordance with legal obligations

7. Your Rights Over Your Personal Data

In accordance with the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of access: Obtain a copy of your personal data
  • Right of rectification: Correct inaccurate or incomplete data
  • Right of erasure: Request the deletion of your personal data
  • Right to object: Object to the processing of your personal data
  • Right to restriction: Request the restriction of processing of your data
  • Right to portability: Retrieve your data in a structured format
  • Right to withdraw consent: Withdraw your consent at any time

8. How to Exercise Your Rights?

To exercise your rights, you can contact us by email at privacy@bpcorp.eu or by post to: RBP Corp, 251 Little Falls Drive, Wilmington, DE 19808, USA.

We undertake to respond to your request within one month of its receipt.

9. Right to Complain to the ICO

If you believe your rights are not being respected, you can lodge a complaint with the ICO:

Information Commissioner's Office (ICO)
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk

10. Security of Your Data

We implement all appropriate technical and organisational measures to protect your personal data against any unauthorised access, loss, destruction, alteration or disclosure.

These measures include: encryption of data in transit (HTTPS/SSL), restricted access to personal data, regular backups, monitoring and detection of security incidents.

Last updated: 13 March 2026