Data Protection Policy

The Department of Planning (Planning)  is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the Planning website at and governs data collection and usage. By using the planning website, you consent to the data practices described in this statement.


Data Controller: A Data Controller is the person who, alone or jointly with others, determines the purposes, conditions, and manner in which any Personal Data are, or are to be, processed and includes a local representative. A Data Controller can be any legal person, i.e. an individual, corporation, either aggregate or sole, or any club, society, association, public authority, or other body, of one or more persons

Data Processor: A Data Processor processes Personal Data on behalf of a Data Controller and does not itself determine why Personal Data should be processed. A Data Processor may, to a certain extent, decide on how the Personal Data should be processed.

Data Subject: A Data Subject is (a) an identified living individual; or (b) a living individual who can be identified directly or indirectly by means reasonably likely to be used by the Data Controller or by any other person.

Personal Data: Part 1 of the Cayman Islands Data Protection Law (“DPL”) defines Personal Data as any information about a living, natural person (including but not limited to information about staff or members of the public) who can be identified. However, information about sole traders, employees, partners, and company directors who are individually identifiable will still constitute Personal Data.

Examples of Personal Data include, but are not limited to, the following:

  1. First name, last name;
  2. Home contact information (including street address, personal telephone number and personal email address);
  3. Age;
  4. Gender;
  5. Citizenship;
  6. Marital status;
  7. Full credit or debit card number;
  8. Health insurance Identification (“ID”) or account number; and
  9. Bank account number and routing number.

Sensitive Personal Data: Part 1 of the DPL defines Sensitive Personal Data as any information that with unauthorised disclosure could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual. The DPL defines “Sensitive Personal Data” as Personal Data consisting of:

  1. The racial or ethnic origin of the Data Subject;
  2. The political opinions of the Data Subject;
  3. The Data Subject’s religious beliefs or other beliefs of a similar nature;
  4. Whether the Data Subject is a member of a trade union;
  5. Genetic data of the Data Subject;
  6. The Data Subject’s physical or mental health or condition;
  7. Medical data;
  8. The Data Subject’s sex life;
  9. The Data Subject’s commission, or alleged commission, of an offence; and
  10. Any proceedings for any offence committed, or alleged, to have been committed, by the Data Subject, the disposal of any such proceedings or any sentence of a court in the Cayman Islands or elsewhere.

Third Parties: Third Parties mean any person other than:

  1. The Data Subject;
  2. The Data Controller; or
  3. Any Data Processor or other person authorised to process data for the Data Controller or Data Processor.

What Personal Data do we collect and why do we collect it?

We collect several different types of information for various purposes to provide and improve our service to you. We collect the following types of data:

  1. Contact Forms, Surveys, and Applications
    Planning may collect the following information when you fill out a contact form, survey, application or subscribe to our newsletter:
    • Your name;
    • Contact information such as email address, phone number(s), etc.;
    • Payment data which is necessary for us to process payments and implement fraud prevention measures, including credit/debit card numbers, security codes, etc.;
    • Business details such as company name, occupation, etc.; and
    • Demographic Information such as address and postal code.
  2. MediaIf you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included as visitors to the website can download and extract any location data from images on the website.
  3. Cookies
    If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no Personal Data and is discarded when you close your browser.When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
  4. Embedded Content from Other Websites
    Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content may collect data about you, use cookies, embed additional Third Party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged into that website.
  5. Google Analytics Cookies
    We use Google Analytics to collect information about how you use this site. We do this to help make sure the site is meeting the needs of its users and to help us make improvements. We use Google Analytics cookies. Cookies are small text files that are downloaded to your device by websites you visit. These cookies help us improve our site by providing us with information about how users interact with our website such as the number of visitors to the site, the pages they visit and the length of time spent on the site. These cookies do not collect information that identifies a visitor. All of the information that the cookies collect is aggregated and anonymous. You may change your browser settings to delete and block cookies. To find out how, please visit continuing to use this site without changin

What are your Data Protection Rights?

The Cayman Islands Data Protection Law 2017 (“DPL”) grants individuals a number of rights in relation to their Personal Data. We must respond to requests in relation to your rights within 30 days of receipt; however, there are some exceptions to this.

The availability of some of these rights depends on the legal basis that applies in relation to the processing of your Personal Data, and there are some other circumstances in which we may not uphold a request to exercise a right. Your rights and how they apply are described below:

  1. The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.
  2. The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.
  3. The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.
  4. The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.
  5. The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
  6. The right to complain to the Office of the Ombudsman
    You have the right to complain to the Office of the Ombudsman if you are not happy with any aspect of Plannings processing of Personal Data or believe that your rights are not being respected. The contact details for the Office of the Ombudsman are:The Office of the Ombudsman
    5th Floor, Anderson Square
    64 Shedden Road
    George Town
    Grand Cayman
    +1 345 946 6283

How long we retain your data?

We will only keep your Personal Data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal (including the Cayman Islands Government retention requirements), accounting, or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Who has access to your information?

We do not sell or disclose your information to Third Parties. However, we may disclose your information to Third Parties in order to achieve the other purposes set out in this notice. These Third Parties may include those working on our behalf. Examples of such Third Parties include:

  1. Contractors; and
  2. Social media managers.

We may disclose your information to our service providers (Third Parties) including agencies working on behalf of us for the purposes of completing tasks and providing services to you on our behalf. We only disclose the necessary personal information. We do not release your information to Third Parties for them to use for their own direct marketing purposes.

Transfers outside the Cayman Islands

Unless certain exemptions apply or protective measures are taken, Planning will ensure that Personal Data and Sensitive Personal Data, even if it would constitute fair processing, will not be disclosed or transferred outside the Cayman Islands to a country or territory which does not ensure an adequate level of protection for the rights and freedoms of Data Subjects.

How do we keep your data safe?

We take appropriate technical and organisational measures to keep your Personal Data confidential and secure, in accordance with our internal policies and procedures regarding storage of, access to and disclosure of Personal Data. We may keep your Personal Data in our electronic systems, in the systems of our contractors, or in paper files.


The Cayman Islands Data Protection Law, 2017

Changes to our privacy policy

This Privacy Policy was last updated in November 2022. We have the right to update the contents of this Privacy Policy from time to time to reflect any changes in the way in which we process your personal data or to reflect legal requirements as these may change. In case of updates, we will post the revised Privacy Policy on our website. Changes will take effect as soon as the revised version is made available on our website.