Prospekt Agency Limited is a company registered in England and Wales (company number 08833489). We are registered with the UK Data Protection Registrar, reference number ZA392959.
1.1 In this policy, “we”, “us” and “our” refer to Prospekt Agency Ltd.
1.2 “Client”, “User”, “Visitor” refer to “you”, a customer of Prospekt Agency Ltd.
1.3 “Services” includes our websites, applications and other platforms such as our CMS.
1.2 This policy applies where we are acting as a “data controller” with respect to the personal data of our website visitors and service users; in other words, why we process personal data and by what means.
2.1 For a detailed breakdown of GDPR related terms please see the following ICO Guidance.
3.1 We may process certain types of personal data about you as follows:
3.2 We do not collect any Sensitive Data about you, neither do we collect any information about criminal convictions and offences.
4.1 Direct Communication: You may provide your personal data by filling in a contact form on one of our websites or by communicating with us by post, phone, email or otherwise.
4.3 Third parties: We may receive personal data about you from various third parties and public sources, these include:
5.1 We will only use your personal data when legally permitted. The most common uses of your personal data are:
5.2 There are 6 legal bases for processing personal data (as permitted by the GDPR). To explore these terms in more detail please visit: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
5.3 We may process Personal Data because it allows us to communicate with you manage our relationship with you. For instance, if you complete a contact form on one of our websites, then you can reasonably expect a response from us.
5.4 We may process Technical Data because it allows us to safeguard our services and technology. This is to ensure that you can receive help should there be a technical problem. Additionally, we need to ensure that the users of our services are genuine and not fraudulent. The purpose of this is for the protection and security of our business and your personal data.
5.5 We may process Usage Data to understand and analyse usage trends and preferences, to improve our services and develop new features and functionalities. All data will be anonymised or aggregated therefore it is not personal data.
6.2 We require all third parties to whom we transfer your data, to respect the security of your personal data and to treat it in accordance with the law and under our direct instruction.
7.1 Some of our third parties service providers are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.
7.2 Whenever we transfer your personal data out of the EEA, we do our best to ensure a similar degree of data protection.
We will only transfer your personal data to countries or services providers that adhere to good security practices when processing personal data. For instance, we may transfer data to a company based in the US, such as Google Analytics because they are part of the EU-US Privacy Shield, which requires them to provide a similar level of protection.
7.3 In the unlikely event that this is not the case, we will request your explicit consent or simply not transfer personal data at all. You will have the right to withdraw this consent at any time.
8.1 We will not keep your personal data for any longer than necessary.
8.2 We will retain your personal data as follows:
9.1 Data subjects have a right to request the erasure of their personal data, as long as the original legal basis for processing the data, permits the data subject to do so. (See Section 10).
9.2 For access, amendment and erasure enquiries please contact email@example.com
9.3 You will not have to pay a fee to access your personal data (or to exercise any of the other rights) providing that your request is not repetitive or excessive.
9.4 We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to those whom have no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
9.5 We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month, if your request is particularly complex. In this case, we will notify you and keep you updated.
9.6 If you are not happy with any aspect of how we collect and use your data, please contact us.
Our full details are:
9.7 Additionally, if you are not satisfied with our handling of your request, you have the right to complain to the Information Commissioner’s Office (ICO).
10.1 Under certain circumstances, you have rights under the GDPR in relation to your personal data. These include the right to. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ If you wish to exercise any of the rights set out above, please email us at firstname.lastname@example.org
10.3 Not all rights under the GDPR can be exercised; it is dependent on the lawful basis that was used to process the personal data in the first place. For more information see: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/
12.1 We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
12.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach, where we are legally required to do so.
13.1 Please revisit this page periodically to stay aware of any changes to this Policy, which we may update from time to time. We’ll ensure that it is accessible and indicate the date of the latest revision. For significant changes (and if we hold a current email address) we will notify you by email.