Prism Protection Ltd (“we” or “us”) is a company limited by guarantee under Company Number 04959592
Registered office address: PO BOX 501, The Nexus Building, Broadway, Letchworth Garden City, Herts, SG6 9BL
This statement covers the collection, processing and other use of personal data under the Data Protection Act 1998 (“DPA”) and the General Data Protection Regulations (“GDPR”). The privacy statement is designed to tell you how and what personal data we collect and how we use personal data about you, including:
- Any personal data held in our manual filing systems; and
- Information that may be provided by you when you access or use our website
- Information you give us when you access and use information and Services provided by us using a mobile or online application or any other digital product we provide
- Information collected through any other means such as online form, email, or telephone communication.
Our website and other Services offered by Prism Protection through electronic means will collectively be referred to as “Services” in this Privacy Statement.
By using any Services we offer, you are agreeing to be bound by this Privacy Statement.
2. Ways that we collect personal data
We may collect and process the following personal information or data (information that can be uniquely identified with you) about you:
- Certain data required to use our Services
- Data provided to register for our Services
- Data provided if you sign up for information, newsletters, events or other marketing updates
- Information provided in connection with booking places for events
- Details of the Services you access
- A record of any correspondence between you and us, including details of any conversations
- Your replies to any surveys or questionnaires that we may use for research purposes
- Payment information we may use to collect payment for events
- Information we may require from you when you report a problem or complaint
You do not have to provide any personal data to us, but you may not be able to access our Services or attend an event without doing so. You may withdraw our authority to process your personal data (or request that we restrict our processing - see section 6) at any time but Services may not be fully operable should you do so.
3. How we use personal data
We may use your personal data to:
- Provide or deliver Services to you
- Deliver and dispatch content to you
- Deliver and dispatch marketing information to you, where requested
- Assist in the administration of Services
- Assist in making general improvements to our materials and Services
- Carry out and administer any obligations arising from any agreements entered into between you and us
- Contact you and notify you about changes to our or the Services we offer but only where we have a legal basis for doing so
- Analyse how our Services are used
4. Basis on which we process personal data
Personal data we hold about you will be processed for one or more of the following reasons:
- You have consented to the processing for the specific purposes described in this statement
- The processing is necessary in order for us to comply with our obligations under a contract between you and us, or because you have asked us to take specific steps before entering into a contract with you
- The processing is necessary for us to comply with a legal obligation
- The processing is necessary for our legitimate interests (or the legitimate interests of a third party) unless your interests in data privacy and security override our legitimate interests
In the event you provide us with any special category or sensitive personal data, we will take extra care to ensure your rights are protected, in accordance with applicable data protection laws.
5. Sharing your data
We do not disclose any personal data you provide third parties except:
- Where you instruct us to share your personal data with a third party, you authorise us to deliver that content via email, SMS or other electronic messaging or communication system
- If we are under a duty to disclose or share your personal data in order to comply with any legal obligation (for example, if required to do so by a court order for the purposes of prevention of fraud or other crime)
- In order to enforce any terms and conditions or agreements for our Services that you may apply
- We may transfer your personal data to a third party as part of the transfer of some or all of our organisation and assets to any third party or as a party of any restructuring or reorganisation, but we will take steps with the aim of ensuring that your privacy rights continue to be protected
- To protect the rights, property, or safety of Prism Protection, our users and contributors or any third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
Other than the circumstances set out above, we shall not disclose any of your personal data unless you give us permission to do so.
When we share personal data with a third party, we will take steps to ensure that your privacy rights are protected, and that the third party complies with the terms of this Privacy Statement.
6. Privacy rights
|Right of access||
You can make a subject access request (“SAR”) to request information about the personal data we hold about you (free of charge save for reasonable expenses for repeat requests).
|Right to rectification||
Please let us know if information we hold about you is incomplete or inaccurate and we will update our records as soon as possible, but in any event within one month. We will take reasonable steps to communicate changes to your data to any third parties, with your agreement, that we have provided information to on your behalf.
|Right to erasure||
Please tell us if you no longer wish us to hold personal data about you. Please note, it is not possible to deliver all of our Services without holding your personal data.
Unless we have reasonable grounds to refuse your request, we will securely delete your personal data within one month. The data may continue to exist in backup, but we will take steps to ensure that it will not be accessible.
|Right to restrict processing||
You can request that we no longer process your personal data in certain ways. Please note, we will not automatically different delete your data if you exercise your right to restrict processing.
|Right to data portability||
You have the right to receive copies of personal data we hold about you in a commonly used and easily storable format (please let us know what format suits you). You might also ask us to transfer your personal data to a third party (where feasible).
|Right to object||
You can object to us using your personal data for direct marketing purposes (including profiling), research or statistical purposes, and/or for processing based on legitimate interest of a task in the public interest. We may refuse your request if we have compelling legitimate grounds for the processing, which override your interests, rights and freedoms.
|Rights with respect to automated decision-making and profiling||
You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automatic processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.
|Right to withdraw consent||If we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time.
All requests or notifications in respect of the above rights must be sent to Prism Protection, Solar House, Church Street, Shillington, Hitchin, Herts, SG5 3LH.
7. Data retention
Our current data retention policy is to delete or destroy (to the extent where able to) the personal data we hold about you in accordance with the following:
|Category of personal data||Length of retention|
|Records relevant for tax purposes||Copies of invoices are kept in filing cabinets at our main premises and at our accountants premises for a period of 7 years. After this duration, all paperwork is destroyed.|
|Personal data processed in relation to a contract between you and us||Once contact has been made with a potential new client on email, we delete the email from our software programme, Microsoft Outlook, if the client chooses not to order from us. If they choose to order from us and a business transaction takes place, their contact details and project communication stays on our software programme for a period of 7 years, in line with HMRC regulations.|
For any category of personal data not specifically referred to in this Privacy Statement, and unless otherwise required by law, our data retention period will be 7 years from the date we receive the data.
The retention periods in this Privacy Statement can be prolonged or shortened as may be required (for example, in the event that proceedings apply to the data or if there is an ongoing investigation into the data).
We review the personal data (and the categories of personal data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete the data.
If you wish to request that data we hold about you is amended or deleted, please refer to section 6 above, which explains your privacy rights and your right to request access.
8. Cookie Information
We may collect information about your computer, including where available your IP address, operating system and browser type for system administration. This is statistical data about our users' browsing actions and patterns, and does not identify any individual and we will not collect personal information in this way.
We may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer's hard drive. They help us to improve our site and to deliver a better and more personalised service. They enable us:
- To estimate our audience size and usage pattern.
- To recognise you when you return to our site.
The two type of cookies used on this site are classified as "Strictly Necessary" and "Performance" cookies.
Strictly Necessary Cookies
We use "Strictly Necessary" cookies to:
- Administrate website content
- Make sure you connect to the right service on our website when we make any changes to the way the website works
Cookies we have defined as 'Strictly Necessary' cookies will NOT be used to:
- Gather information that could be used to advertise products or services to you
- Remember your preferences or username beyond your current visit
There is one cookie that we use on this site that is defined as "strictly necessary" cookies:
This has a randomly generated name (eg "2a8ff4c2f40bef232b830aa" ) and it is used to keep the session live so that an administrator can update the website. It doesn't store any confidential information and is destroyed as soon as the session ends (when you close the browser).
We use performance cookies to:
- Provide statistics on how our website is used
- Help us improve the website by measuring any errors that occur
Cookies we have defined as 'Performance' cookies will NOT be used to:
- Gather information that could be used to advertise products or services to you on other websites
- Target adverts to you on any other website
In some cases, some of these cookies are managed for us by third parties, but we don't allow the third party to use the cookies for any purpose other than those listed above.
There are four cookies that we use on this site that are defined as "performance" cookies:
_utma Identifies unique visitors
_utmb Tracks the referral source of your visit.
_utmc Determines the length of time of your visit to this site.
_utmz Determines visitor navigation within this site.
9. Other websites
Our Services may contain links and references to other third-party websites and applications. Please be aware that this Privacy Statement does not apply to those websites.
We cannot be responsible for the privacy policies and practices of websites that are not operated by us, even if you access them via our Services. We recommend that you check the policy of each website you visit and contact its owner or operator if you have any concerns or questions.
In addition, if you came to use our Services via a third-party website, we cannot be responsible for the privacy policies and practices of the owners or operators of that third-party website and recommend that you check the policy of that third-party website and contact its owner or operator if you have any concerns or questions.
10. Transferring your information outside of Europe
As part of our own due diligence we have identified that personal data held for and by Prism Protection resides in the EU. Prism Protection will continue to monitor this for Prism Protection considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, Prism Protection will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced and records retained to evidence this.
11. Notification of changes to our Privacy Statement
Any changes we may make to our Privacy Statement will be posted to our website. Similarly, we will post on our website details of any changes to ensure you are always aware of the information we collect, how we use it, and in what circumstances if any, we share it with other parties.
12. Contact us
If any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to the way we use your personal data, you can do so using the contact details in section 6.
If you are unable to resolve any issues you may have, or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting www.ico.org.uk for any assistance.