Please rotate the screen to Landscape view for best viewing experience.

iComply Privacy Notice

CODEplan aims to meet the requirements of the Data Protection Act 2018, the General Data Protection Regulation (GDPR) and the guidelines on the Information Commissioner’s website.

Karen Penfold is the Information Governance Lead for CODEplan Ltd, part of the Agilio Software Group. The Agilio Software Group trade as Agilio Software, CODEplan and Isopharm. Agilio Software is the registered trademark of Agilio Software BidCo Limited, registered at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB, Company number 12242288 and VAT number 344765282. The group incorporates Isopharm Limited, registered at 79 Leigh Street, Sheffield, S9 2PR, Company number 03843619 and VAT number 737943788 and CODEplan Limited, registered at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB, Company number 03927086 and VAT number 865046024. Our websites are,,,,,,, our mobile applications (“mobile apps”) are the iComply app, services, tools, and other applications (collectively, the “Websites”).

This privacy notice is available on the company websites on at on, on at by emailing or by calling 01409 254 354.

You will be asked to provide personal data when joining as a member. The purpose of collecting your personal data is to provide the optimum membership services to you. We also collect and process the personal data of our employees and for individuals who have expressed interest in CODEplan and Agilio Software services.

Members of CODEplan, members of iComply application, members of the iTeam HR service, members of iLearn CPD, members of the Quality Practice Scheme and CODEplan practices are (“Members”). Individuals who use CODEplan services such as consultancy, training and seminars are for the purposes of this agreement are (“Clients”).

Our lawful basis for processing the personal data of Members is:

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”

Our lawful basis for processing data of Members’ patients, in order to administer dental plans is:

“Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.”

Our lawful basis for the processing special category data of Members’ patients, in order to administer dental plans is:

“Processing is necessary for health care purposes”

Our lawful bases for processing employees’ and self-employed contractors special category data are:

“9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee.”

“Processing necessary for identifying or keeping under review the existence or absence of equality of opportunity or treatment between groups of people with the view to enabling such equality to be promoted or maintained”

“Consent is obtained for Criminal record checks”

Our lawful basis for processing Client data is:

“Legitimate interests” – see the CODEplan Legitimate Interests Assessment (P 217S).

The categories of data we process
 The categories and purposes of processing data are:

  • Personal data for the purposes of Client management
  • Personal data for the purposes of Member management
  • Personal data for the engagement of our own staff
  • Personal data for Members to manage the engagement of their employees and self-employed contractors
  • Personal data for direct mail, email and texts to Clients and non-members for: compliance updates to the profession, important dentistry news, information about CODEplan/Agilio Software Group member services, surveys and marketing
  • Special category data for the processing of the dental plan subscriptions of patients who are under the care of our Members
  • Special category data for employment purposes, for employees and self-employed contractors, including their health data
  • Criminal record checks for employees and self-employed contractor
  • Special category data to meet the requirements of the Equality Act 2001

We never pass personal data to a third party unless it is for processing on behalf of CODEplan or to meet a legal obligation.

The personal data we process includes:

Your name, address, gender, date of birth, email address, website address, financial details for processing subscriptions. For employees and self-employed CODEplan team members we may process more sensitive special category data including ethnicity, race, religion, or sexual orientation so that we can meet our obligations under the Equality Act 2010. We also process IP addresses so that we can continually improve our service to you and inform our marketing.

Where our data is stored

Personal data is stored in our email applications (Constant Contact, HubSpot, Awebber and FreshMarketer), on the head office encrypted networked computers, in the CRM programme at head office called Enterprise MRM/Tribe, on the Brighton Hub encrypted computers and on company laptops and mobile phones. Online backups are stored in encrypted format with Data Barracks. We use Microsoft 365 and Dropbox. Practice and personal data is stored on iComply using Amazon Web Services. Full details of who processes data on our behalf and the contracts we have with them is in our Information Governance Procedures (P 217C) available upon request.

 Our data processors store personal data in the EU in digital and hard copy formats. Data processors outside of the EU are only in the USA and are companies who are certified for the EU-US Privacy Shield and have appropriate GDPR compliance terms and conditions. Personal data is obtained when a Member subscribes to a membership, when a Client requests a CODEplan service and when a non-member subscribes to a CODEplan email list.

 You have the following personal data rights:

  • The right to be informed about the collection and use of your personal data
  • The right of access – to have a free copy of your data that we have
  • The right to rectification – to correct the data we have if it is inaccurate or incomplete
  • The right to deletion of your personal data (please see below why your records may have to be retained for a certain time period)
  • The right to restrict processing of your personal data
  • The right to data portability – to have your data transferred to someone else
  • The right to object to the processing of your personal data.
  • Rights in relation to automated decision making and profiling

Retention of personal data

The retention period for members’ data is 10 years as many members re-join after some years. The retention period for staff records and client data is 6 years. The retention period for non-member data is 2 years after it was last processed.

You have the right to withdraw consent for important compliance notifications, newsletters, surveys or marketing. You can inform us to correct errors in your personal details or withdraw consent from communication methods such as telephone, email or texts. You have the right to obtain a copy of your data records within one month of application, for which no fee will be charged.

Privacy Impact Assessment 

We have carried out a Privacy Impact Assessment (P 217Q) and the details of how we ensure security of personal data is in our Physical Security Risk Assessment (P 217M). We have Information Governance Procedures (P 217C) and a Legitimate Interests Assessment (M 217S). Copies of these policies and procedures can be obtained from the contact details below.


Please contact Karen Penfold at CODEplan for a comment, suggestion or a complaint about the processing of your data at or by calling 01409 254 354 or by writing to CODEplan at Elm Tree House, Bodmin Street, Holsworthy, Devon, EX22 6BB. If you are unhappy with our response or if you need any advice you should contact the Information Commissioner’s Office (ICO). Their telephone number is 0303 123 1113, you can also chat online with an advisor. The ICO can investigate your claim and take action against anyone who’s misused personal data. You can also visit their website for information on how to make a data protection complaint.

CODEplan procedures

You can also use the contact details above to request copies of the following CODEplan policies or procedures:

  • Data Protection Policy (P 233-DPT), which has a list of all data protection procedures
  • Consent Policy (P 233-CNS)
  • Privacy Impact Assessment (P 217S)
  • Information Governance Procedures (P 217C)

Further information
CODEplan Contract as Data Processor
CODEplan Cookie Policy
CODEplan Privacy Policy

 Karen Penfold, Information Governance Lead,
 Elm Tree House,
 Bodmin Street,
 Holsworthy, Devon,
 EX 22 6BB.
 Telephone 01409 254 354

 Updated 14th March 2021