0345 121 7770
 

We're here to help. Why not speak to one of our expert advisors and see how we could help your business today

Contact us
 

We'd like to hear from you. Vivamus gravida, nisi vitae dignissim volutpat, dolor enim posuere dui,

Get in Touch Today

Privacy Policy

 

 

 

  1. INTRODUCTION

Prism Solutions is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.

You can decide not to receive communications or change how we contact you at any time. If you wish to do so please email info@prism.uk.com or write to Prism Solutions, The Technology Barn, 20 John Bradshaw Court, Congleton, Cheshire, CW12 1LB.

We will never sell your personal data, and will only ever share it with organisations we work with where necessary.

Questions?

Any questions you have in relation to this policy or how we use your personal data should be sent to info@prism.uk.com or addressed to Prism Solutions, The Technology Barn,
20 John Bradshaw Court, Congleton, Cheshire, CW12 1LB.

  1. ABOUT US

Prism Solutions is a leading managed technology service provider (MSP).

Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by Prism Solutions, a UK registered company (no. 4141266)

For the purposes of data protection law, Prism Solutions will be the controller.

  1. WHAT INFORMATION WE COLLECT

We collect data you provide to us and we obtain information about you when you contact us about products and services or use our website. We also collect information from you if you choose to purchase products or services from us. For example:

  • personal details (name, date of birth, email, address, telephone, IP address etc.)
  • financial information (payment information such as credit/debit card or direct debit details. Please see section 8 for more information on payment security); and
  • information relating to Prism website pages that are accessed and when

Information we generate

We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing the products and services you subscribe to we may be able to build a profile which helps us decide which of our communications are likely to interest you. Section 6 (Research and profiling) contains more information about how we use information for profiling and targeted advertising.

Sensitive personal data

We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation). If this does occur, we’ll take extra care to ensure your privacy rights are protected.

Accidents or incidents

If an accident or incident occurs on our property, at one of our events or involving one of our staff then we’ll keep a record of this (which may include personal data and sensitive personal data).

  1. HOW WILL WE FURTHER USE YOUR PERSONAL INFORMATION (OUR LEGITIMATE INTERESTS)?
  • To contact you to ensure that our records of your personal information are correct;
  • To respond to questions or complaints you have about our services;
  • To update you with changes in our terms;
  • For statistical or research analysis relating to the performance of our business or that of our principal and understanding the changing needs of our clients;
  • To review, improve and develop services we offer or handle complaints;
  • To pursue debts or unpaid fees;
  • To evidence company practices;
  • To evidence the standards and processes carried out conform to the company’s ethical standards and expectations;
  • For direct marketing activities;
  • To protect the business from risks which might be introduced by an individual.

You have the right to object to processing for these purposes and we shall cease unless we can show we have compelling legitimate grounds to continue.

Processing when performing a task carried out in the public interest
We will use the information provided to protect members of the public against dishonesty, money laundering or fraudulent activities. This must necessarily be carried out without your explicit consent to ensure this function is not prejudiced.

What information is required?
We only collect information that is necessary to carry out the purposes listed above. This includes information you supply. Where practical and lawful we will inform you about any personal data we receive about you from third parties that you may be unaware of.

We only ever use your personal data with your consent, or where it is necessary in order to:

  • enter into, or perform, a contract with you
  • comply with a legal duty
  • protect your vital interests
  • for our own (or a third party’s) lawful interests, provided your rights don’t override these

In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):

Marketing

We use personal data to communicate with people. This includes keeping you up to date with relevant news, service updates and market developments.

Administration

We use personal data for administrative purposes. This includes:

  • receiving payments (e.g. direct debits);
  • maintaining databases of our clients and performing our obligations under agreements;
  • fulfilling orders for goods or services (whether placed online, over the phone or in person);
  • helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this).

Research and profiling

We evaluate, categorise and profile personal data in order to tailor materials, services and communications. Further information on profiling can be found in Section 6 (Research and profiling).

What are the consequences if you do not provide your personal information?
Your personal data is essential to enable us to take steps at your request prior to entering into a contract or to perform a contract to which you are a party. Without this information we will not be able to proceed to provide service.

What makes the processing lawful?
Because the processing is necessary:

  • For the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  • for compliance with a legal obligation to which we are subject;
  • for the performance of a task carried out in the public interest;
  • for the purposes of the legitimate interests pursued by us.
  1. DISCLOSING AND SHARING DATA

We will never sell your personal data.

We may share personal data with suppliers who provide us with services, for example, Microsoft when providing you with Office 365 services. However, these activities will be carried out under a contract which imposes strict requirements on our supplier to keep your information confidential and secure in line with the requirements of GDPR

  1. MARKETING

You can decide not to receive communications or change how we contact you at any time. If you wish to do so please email info@prism.uk.com or write to Prism Solutions, The Technology Barn, 20 John Bradshaw Court, Congleton, Cheshire, CW12 1LB.

  1. RESEARCH AND PROFILING

This section explains how and why we use personal data to build profiles which enable us to understand our clients, improve our relationship with them, and provide a better client experience.

By grouping clients together on the basis of common characteristics, we can ensure that the group is provided with communications, products, and information which is most important to them. This helps prevent your inbox from filling up, and also means we aren’t wasting resources on contacting people with information which isn’t relevant to them.

Anonymised data

We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as identify trends or patterns within our existing client base.  This information helps inform our actions and improve our products/services and materials.

  1. HOW WE PROTECT DATA

We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.

Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). All our staff are required to sign a Confidentiality and Data Protection Notice.

Payment security

Prism Solutions complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.

Card payments are processed securely via our payment provider (WorldPay).

Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.

CCTV

Some of our premises have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and Prism Solutions. CCTV will only be viewed when necessary (e.g. to detect or prevent crime) and footage is only stored temporarily. Unless it is flagged for review CCTV will be recorded / deleted over.

TELEPHONE CALL RECORDING
In line with The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 we may record incoming or outgoing telephone conversations for the following purposes:

  • Establishing facts and evidence for business transactions;
  • Ensuring compliance with regulatory or self-regulatory practices;
  • Ascertaining and demonstrating that standards are being met;
  • Preventing or detecting crime;
  • Investigating or detecting the unauthorised use of that or any other telecommunication system;
  • Safeguarding the effective operation of the telecommunications system.
  1. STORAGE

Where we store information

Prism Solution’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.

For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).

How long we store information

We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed).

We continually review what information we hold and delete what is no longer required. We never store payment card information.

  1. KEEPING YOU IN CONTROL

We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:

  • the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
  • the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
  • the right to have inaccurate data rectified;
  • the right to object to your data being used for marketing or profiling; and
  • where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.

Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.

If you would like further information on your rights or wish to exercise them, please write to us at Prism Solutions, The Technology Barn, 20 John Bradshaw Court, Congleton, Cheshire, CW12 1LB

Complaints

You can complain to Prism Solutions directly by contacting us using the details set out above. If you wish to make a complaint which does not directly relate to your data protection and privacy rights, you can do so in accordance with our Complaints and Escalations policy, which is available on request.

If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk

  1. COOKIES AND LINKS TO OTHER SITES

Cookies

We may use cookies to personalise content and ads, to provide social media features and to analyse our traffic.

 Links to other sites

Our website contains hyperlinks to other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by emailing info@prism.uk.com).

If an external website requests personal information from you (e.g. in connection with an order for goods or services), the information you provide will not be covered by Prism Solution’s Privacy Policy. We suggest you read the privacy policy of any website before providing any personal information.

  1. CHANGES TO THIS PRIVACY POLICY

We’ll amend this Privacy Policy from time to time to ensure it remains up-to-date and accurately reflects how and why we use your personal data. The current version of our Privacy Policy will always be posted on our website.

 

Version Number 1.1
Issue Date 17 September 2018