Prism 339 Limited respects your privacy and is committed to maintaining processes aimed at protecting the privacy and confidentiality of the personal data we collect and process. The purpose of our Privacy Notice is to describe our data privacy practices. This Privacy Notice describes the ways we may collect, use, store, transfer, disclose, secure and otherwise process information from and about you.

For the purposes of this Privacy Notice, the term "visitor" describes visitors to our website and may include both those who are and those who are not current customers of our products or services, as well as those who interact with us through other means, including other online services (e.g., e-mail, chat), by phone, text messages, by written correspondence or in person. You can choose not to provide certain information when using our websites or interacting with us, but then you might not be able to take advantage of many of our website features or otherwise transact with us.

SCOPE – Processing personal data on behalf of our business and in the provision of our services

When we process personal data belonging to our visitors, employees of our customers or prospective customers, suppliers and job applicants, we do so as a "data controller".

• When you first register an email address to access Prism 339
• To provide status updates on your requests

This notice applies to personal data that we process as a controller.

Further to the services we supply to our customers we process personal data of our customers' clients on behalf of our customers. We do this as a "data processor".

If we are processing your personal data further to a data processing agreement which we have with a customer it is the customer's obligation to notify you, the data subject, about their personal data handling practices at the time that data is collected.

(One of the services we may offer to our customers is called "Open Banking". Further to this service a data subject may identify our role in the processing of their personal data. If you are such a data subject contact us if you do not know on what basis we are processing your data and we will provide you with the relevant customer's contact details.)

Not in Scope. This Notice does not apply to the personal data that we collect and process about Prism 339 Limited employees and personnel. It does apply to job applicants and candidates.

We work in compliance with the UK GDPR and only process your personal data when we have a lawful basis to do so.

1. WHAT PERSONAL DATA DO WE COLLECT, WHAT DO WE USE IT FOR AND ON WHAT LEGAL BASIS DO WE PROCESS IT?

We will only process your personal information where we have a lawful basis to do so and such legal bases are as follows:

• Performance of a Contract: To perform a contract with you or take steps to enter into a contract with you at your request.
• Legitimate Interest: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights and freedoms do not override those interests.
• Compliance with Legal Obligations: To comply with a legal obligation.
• Consent: Where you provide your consent.

We will use your personal information in the following circumstances and on the following lawful basis or bases:

Purpose	Legal Basis	Categories of Personal Information Processed (definitions below)
Process orders for products or Services, handle orders, deliver products and/or Services, facilitate the processing of payments by third party service providers, communicate about orders.	In anticipation of or in the performance of a contract.	Identity and Contact Data.
Correspond about services you may be interested in purchasing and establish your account.	In anticipation of or the performance of a contract.	Identity and Contact Data.
Provide after-sales support and customer service.	Performance of a contract.	Identity and Contact Data.
Administer surveys and questionnaires for market research or member satisfaction purposes.	Legitimate interest in understanding our customers' needs in order to improve our products and services to grow our sales.	Identity and Contact Data.
Recommend products and services that might be of interest to you, personalise your visit to our website, enable us to review, develop and continually improve the products and services we provide.	Legitimate interest in understanding our customers' needs in order to improve our products and services and to encourage interaction with us, to grow our sales.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Enforce our legal rights; protect the rights and safety of others; assist with industry efforts to control fraud, spam or other undesirable conduct; prevent or detect fraud (including credit risk reduction) or abuses of our website; respond to legal process and manage legal proceedings; respond to lawful requests from public authorities in regard to law enforcement or national security requirements.	Compliance with UK law where we are required to respond to legal process or lawful requests. Otherwise, legitimate interest in protecting our rights, assets, and reputation, and complying with applicable law in order to protect our business and reputation.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Diagnose problems with our servers and administer our website.	Legitimate Interest in securing and protecting our website in order to encourage potential customers and other third parties to interact with us and to supply our services to customers.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Administer our general business, accounting, auditing, compliance, record keeping, and legal functions; comply with the law and our legal obligations.	Compliance with UK law. Otherwise, legitimate interest in operating our business in an efficient manner to increase profitability, and in compliance with the law to protect our reputation.	Identity and Contact Data.
Consider and implement mergers, acquisitions, reorganizations, bankruptcies, and other business transactions.	Legitimate Interest in organising and operating our business in an efficient manner to increase profitability. Compliance UK law.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Send information about our company to visitors and potential customers, and to get in touch with them when necessary, and respond to visitors' inquiries on our website.	Consent, where required by law. Legitimate Interest in promoting our Products and Services and encouraging interaction with us in order to grow our sales.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Allow us to tailor content or advertisements to match your preferred interest; avoid showing visitors the same advertisements repeatedly; compile aggregated statistics that allow us to understand how users use our site and to help us improve the structure of our website; count the number of users of our sites.	Consent.	Technical and Device Data; Website Interaction Data.
Count the number of times that our advertisements and web-based email content are viewed.	Consent.	Identity and Contact Data; Technical and Device Data; Website Interaction Data.
Measure interest in and develop our web pages and marketing plans, customize the content you view on your web visits based on your activity on past visits.	Consent.	Technical and Device Data; Website Interaction Data.

Definitions

"Identity and Contact Data" means your personal or company contact information, such as your name, contact information, related inquiry information, username and password for website registration and login, account number, user/member ID, and personal financial information.

(Identity and Contact Data are generally required for us to provide Products and Services you have ordered. If you do not provide us with the requested Identity and Contact Data, we may not be able to respond to your inquiry or request or perform the contract obligations we may have for you or your employer or principal.)

"Technical and Device Data" means IP addresses, device types, operating systems, advertising IDs, referring URLs, general location information, hostnames, and other log file information (described below), electronic or telephone communications, product and service selections and orders, or other activities.

"Website Interaction Data" means the information which our system records when you visit our website and includes; our server logs your IP address (unique network address), the time and duration of your visit, and the time and duration of your visit to the specific website pages you view.

Sensitive (or "Special Category") Personal Information
We will not intentionally collect or maintain and do not want you to provide any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs, or other sensitive ("special category") information.

2. HOW WE COLLECT PERSONAL DATA

Generally, we may collect information about you in the following manners:

• From you directly. You may provide your personal information to us via chat, email or other written correspondence, telephone calls, web-based forms, by purchasing a service, or by sending us your CV or by other means.
• Automatically when you visit our website. We use automated technical means to collect information about your use of our Services, for example by use of cookies and other tracking technologies when you visit our website.
  You may visit our website in any of the following ways:
  • Using your browser to navigate to our website prism339.com;
  • Viewing an advertisement displayed on a third-party website that is served content by our web server or
  • Viewing an email that is served content by our or a third-party web server.
• From third party providers. We may collect information about you from third party sources such as marketing partners or other third parties such as our customers (see the Services Delivery section below).

Services Delivery

When a customer purchases services from Prism 339 Limited, we may process personal information to which our customers give us access, in the form of; hostnames, IP addresses, usernames, and any unencrypted data transmitted in raw log file format. We only process this information as a data processor on behalf of our customers.

Prism 339 Limited will store, transmit, and receive this data in an encrypted format, and data is not shared beyond our system boundaries as defined in the customer's contract.

3. COOKIES AND TRACKING

A cookie is a unique alphanumeric identifier that we use to help us identify the number of unique visitors to our website, whether or not those visitors are repeat visitors, and the source of the visits.

We use necessary cookies to make our site work. Necessary cookies enable core functionality such as performance, security, network management, and accessibility.

Analytics cookies help us improve our website by collecting and reporting information on how you use it.

If you do not wish cookies to be placed on your computer, then they can be disabled in your web browser. The option to do so is normally found in your browser's "security settings" section. However, please note that permanently disabling cookies in your browser may hinder your use of our website as well as other websites and interactive services.

We do not currently use any cookies which allow us to process personal data. If this situation changes we will publish a “cookies banner” on your next visit to our website which will provide a link to our Cookies Policy which you can choose to accept or decline.

4. LINKS TO THIRD PARTY WEBSITES

We may provide links to third-party websites for your convenience and information. The privacy practices of those sites may differ from Prism 339 practices, are not controlled by Prism 339, and are NOT covered by this Privacy Notice. We do not make any representations about third-party websites. We encourage you to review their privacy policies before accessing those sites and submitting your personal data.

5. DATA RETENTION POLICY

We retain the personal information we collect only for as long as:

• is reasonably necessary for the purposes described above or otherwise disclosed to you at the time of collection; or
• where we have a legitimate business interest to do so taking into account any risks to you of such retention; or
• where we have a legal obligation to do so.

For example, we will retain:

• your account data for as long as you have an active account with us;
• transactional data for as long as necessary to comply with our legal tax, accounting and record keeping obligations, administer applicable returns and warranty programs;
• contact information for as long as is reasonable to allow us to market the same or similar services which you have already bought from us bearing in mind any risks to you of such retention;

plus, in each case, an additional period of time as necessary to protect, defend or establish our rights, defend against potential claims, and comply with legal obligations.

If you have submitted your CV to us in response to an advertisement for a vacancy or speculatively we will acknowledge receipt and keep this information for no longer than 12 months from the data of receipt.

6. DISCLOSURE/TRANSFER OF PERSONAL INFORMATION TO THIRD PARTIES

Personal information we gather is for internal use and will not be shared with anyone outside Prism 339 Limited, except as described in this Notice. We share personal data with:

• third-party service providers to Prism 339 Limited who perform functions on our behalf, (as listed below). In such an event, personal information will only be shared to the extent reasonably necessary to allow such third parties to perform their functions, and they will not be authorised to use it for any other function, unless they have your prior, express, fully informed consent, or, where such disclosure or use is required by law.
• law enforcement entities to comply with a legal obligation or prevent a crime.
• potential buyers and legal and accountancy professionals in anticipation of or on the sale or merger of part or all of our business.

Our suppliers who act as our processors or sub-processors of personal data

Our third party service providers may include IT service providers, help desks, payment providers, analytics providers, consultants, auditors, open banking providers, and legal counsel. We may disclose or make available personal information to third-party platforms and providers that we use to provide or make available certain features or promotions of our services or as necessary to respond to your requests. We may also make certain information (like aggregated browsing data) available to third parties in support of our marketing, advertising, and campaign management.

Where the personal information is provided to enable such a third party to provide services to us, the third party has agreed in writing to use at least the same level of privacy protections described in this Privacy Notice and is permitted to use the information only for the purpose of providing services to us.

All transfers of personal information to third parties will be done in a manner consistent with applicable laws and regulations, as well as our internal information security policy and this privacy policy.

If you are in breach of an agreement with us or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, such as a lawful request from public authorities in regard to law enforcement or national security requirements, we may disclose your information to a relevant authority or legal advisers. This may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. In particular, we may release the information we collect to third parties when we believe it is appropriate to comply with the law, enforce our legal rights, protect the rights and safety of others, or assist with industry efforts to control fraud, spam or other undesirable conduct.

If we are contemplating or decide to transfer part or the whole of our assets to another organisation, your information may be among the items transferred. We will ensure that in such a situation the buyer or transferee will have to honour the commitments we have made in this Privacy Notice.

We do not transfer your personal data outside of the EU. In certain situations some of our sub-processors reserve the right to transfer personal data outside of the EU and in such an event we are party to the legal contractual protections required by the UK government.

7. OPTING OUT OF MARKETING COMMUNICATIONS

Where Prism 339 Limited is relying on your consent as its lawful basis to process your personal data we will always provide you with an option to notify us that your consent is withdrawn. For example, we will give you an opportunity to choose to opt out of receiving future marketing mailings. We will not use your contact information to promote our services if you ask us not to. Please send such a request to compliance@prism339.com or write to us at Prism 339 Limited, Privacy Department, Shenton House, 3 Oxford Court, Manchester, M2 3WQ. Please note that it may take up to ten working days from our acknowledgement of the receipt of your request to remove your contact information from our marketing communications lists, so you may receive correspondence from us for a short time after you make your request.

8. SECURITY OF YOUR INFORMATION

Prism 339 Limited aims to safeguard and protect your personal data from unauthorised access, improper use or disclosure, unauthorised modification or, unlawful destruction or accidental loss. Prism 339 Limited utilises and maintains certain reasonable processes, systems, and technologies to do so. However, you acknowledge that no transmission over the Internet is completely secure or error-free and that these processes, systems, and technologies utilised and maintained by Prism 339 Limited may be subject to compromise. Accordingly, Prism 339 Limited cannot be held responsible for unauthorised or unintended access that is beyond our control.

9. DATA SUBJECT RIGHTS

Further to the UK GDPR, you (a data subject) have the right to:

Request access to your personal information (commonly known as a “data subject access request”). This enables you to access and receive a copy of the personal information we hold about you. You also have the right to request confirmation and information about the personal information we hold about you.

Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you completed or corrected, though we may need to verify the accuracy of the new data you provide to us.

Request the erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no reason recognised by law for us to continue to process it.

Object to processing of your personal information (including profiling) where we are relying on a legitimate interest (or those of a third party), as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your right to object.

Request restriction on processing your personal information. This enables you to ask us to suspend or restrict the processing of your personal information in the following scenarios:

• If you want us to establish the accuracy of the information,
• Our use of the information is unlawful, but you do not want us to erase it.
• You need us to hold the information even if we no longer require it, as you need it to establish, exercise, or defend legal claims.
• You have objected to our use of your information but we need to verify whether we have overriding legitimate grounds to use it.

Request the transfer of your personal information to you or to a third party (portability right). We will provide you, or a third party you have chosen, with your personal information in a structured, commonly used, machine-readable format. (Note that this right only applies to information processed by automated means, which you initially provided consent for us to use or where we used the information to perform a contract with you.)

Withdraw consent at any time when we rely only on consent to process your personal information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent or where we are relying on another lawful basis for such processing. If you withdraw your consent, we may not be able to provide you with certain products or Services. We will advise you if this is the case at the time you withdraw your consent.

Updates and accuracy of your information

If you believe that any personal information we have about you is incorrect, or is, has been, or might be used inappropriately or you would like to exercise one of the above mentioned rights please contact us at compliance@prism339.com and we will take steps to correct or delete the information, or restrict its use, as appropriate. You also have the right to lodge a complaint with the relevant data protection supervisory authority.

10. CHILDREN'S PERSONAL DATA

Our services are not designed for or directed to children under the age of 16, and we will not intentionally collect or maintain information about anyone under the age of 16. If you believe or suspect that we have collected information for a child under the age of 16 please contact us at compliance@prism339.com immediately so that we may delete it.

11. INQUIRIES OR COMPLAINTS

If you have a question or complaint about this Privacy Notice or our personal information collection practices, please email us at compliance@prism339.com or write to us at:

Prism 339 Limited,
ATTN: Privacy Department,
Shenton House
3 Oxford Court
Manchester
M2 3WQ

We will investigate the matter and are committed to resolving any privacy concerns that you may have.

12. CHANGES

Our business changes constantly, and our Privacy Notice may also change from time to time. You should check our website frequently to see recent changes.

This Privacy Notice was last updated on 23 July 2025.

If you have any questions, don't hesitate to drop us an email at team@prism339.com.