Privacy Policy (GDPR)

Introduction

RBP Corp (hereinafter "we", "our", "MomPlans") places great importance on the protection of your personal data.

This Privacy Policy aims to inform you transparently about how we collect, use, share and protect your personal data when you use our site momplans.co.uk.

1. Data Controller

The data controller for your personal data is:

  • Company name: RBP Corp
  • Legal form: C-Corporation (Delaware, USA)
  • Address: 251 Little Falls Drive, Wilmington, New Castle County, Delaware 19808, USA
  • Email: contact@momplans.co.uk
  • Data protection email: privacy@bpcorp.eu

EU Representative (Art. 27 GDPR):
We have appointed Prighter Group with its local partners as our privacy representative in the European Union. To exercise your privacy-related rights, please visit: https://app.prighter.com/portal/rbpcorp

2. Personal Data Collected

We collect the following personal data when you complete the contact form on our site:

Identification data:

  • First name
  • Last name
  • Email address
  • Phone number

Data relating to your situation:

  • Family situation (married, in a relationship, number of children)
  • Main objective (optional): family protection, retirement, wealth transfer, tax optimisation

Navigation data:

  • IP address
  • Browser type
  • Pages visited
  • Visit duration
  • Traffic source (referrer)

3. Purposes of Processing

Your personal data is collected and processed for the following purposes:

a) Connection with insurance advisers

  • Transmit your contact details to one or more FCA-authorised partner advisers
  • Enable these advisers to contact you to offer you personalised support

b) User relationship management

  • Respond to your information requests
  • Send you a confirmation email of your request
  • Follow up on your request

c) Improvement of our services

  • Analyse the use of our site to improve user experience
  • Measure the effectiveness of our advertising campaigns

4. Legal Basis for Processing

The processing of your personal data is based on the following legal grounds:

  • Consent (Article 6.1.a of GDPR): For the transmission of your data to partner advisers and the use of non-essential cookies
  • Legitimate interest (Article 6.1.f of GDPR): For the improvement of our services and audience measurement
  • Legal obligation (Article 6.1.c of GDPR): For the retention of certain data for accounting and tax purposes

5. Recipients of Your Data

Your personal data is transmitted to the following recipients:

a) FCA-authorised partner advisers

Your data is transmitted to one or more FCA-authorised insurance advisers, in order to contact you and offer you personalised support.

b) Technical service providers

  • Site hosting: Vercel Inc.
  • Analytics service: Google LLC (Google Analytics)
  • Advertising platform: Meta Platforms Ireland Limited (Meta Pixel)

We do not sell, rent, or share your personal data with third parties for commercial purposes other than those described above.

5A. Sub-processors and Service Providers

To operate our services, we use the following sub-processors:

Sub-processorPurposeLocationSafeguards
Supabase Inc.Database hostingFrankfurt (EU) / USASCCs + AES-256 encryption
Vercel Inc.Website hosting, CDNGlobal (CDN) / USAUK IDTA + SCCs
Sentry (Functional Software Inc.)Error monitoring and technical diagnosticsUSAUK IDTA + SCCs
Meta Platforms Ireland LtdAdvertising pixel, campaign measurementIreland (EU) / USAUK IDTA + SCCs
Google LLCAnalytics, audience measurementUSAUK IDTA + SCCs

5B. International Data Transfers

Some of our sub-processors are located in the United States. Transfers of personal data to the United States are governed by the following mechanisms:

  • UK International Data Transfer Agreement (IDTA): for transfers to US-based processors, in accordance with the UK GDPR and the ICO's approved transfer mechanisms.
  • Standard Contractual Clauses (SCCs): as supplementary safeguards, in line with the EU Commission Implementing Decision 2021/914 and the UK Addendum.
  • Supplementary measures: encryption of data in transit (TLS 1.2+) and at rest (AES-256), strict access controls, and access logging.

6. Data Retention Period

Your personal data is retained for the following periods:

  • Connection data: 3 years from your last contact with a partner adviser
  • Navigation data and cookies: 13 months maximum
  • Accounting and tax data: 10 years in accordance with legal obligations

7. Your Rights Over Your Personal Data

In accordance with GDPR and the Data Protection Act, you have the following rights:

  • Right of access: Obtain a copy of your personal data
  • Right to rectification: Correct your inaccurate or incomplete data
  • Right to erasure: Request the deletion of your personal data
  • Right to object: Object to the processing of your personal data
  • Right to restriction: Request restriction of processing of your data
  • Right to portability: Retrieve your data in a structured format
  • Right to withdraw consent: Withdraw your consent at any time

8. How to Exercise Your Rights?

To exercise your rights, you can contact us by email at privacy@bpcorp.eu or by post at: RBP Corp, 251 Little Falls Drive, Wilmington, DE 19808, USA.

We commit to responding to your request within one month of receipt.

9. Right to Lodge a Complaint with the ICO

If you believe your rights are not being respected, you can lodge a complaint with the Information Commissioner's Office:

ICO
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Website: ico.org.uk

10. Data Security

We implement all appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, alteration or disclosure.

These measures include: encryption of data in transit (HTTPS/SSL), restricted access to personal data, regular backups, monitoring and detection of security incidents.

Last updated: 13 March 2026