This policy describes the principles followed by Prism Investment Management Ltd (“PRISM”) in implementing the applicable privacy and information security requirements under the General Data Protection Requirements, the Data Protection Act and any other relevant legislation and guidance including GCHQ’s 10 Steps to Cyber Security, the ISO27000 family of standards (ISO27K) and the relevant regulatory requirements set out by the Financial Conduct Authority in the Principles for Business, Systems and Controls and Conduct of Business handbooks as well as FG 16/5 Guidance for Firms Outsourcing to the ‘Cloud’ and Other Third-Party IT Services. It is the policy of PRISM to comply with any legislation concerning the protection and prevention of loss or theft of information retained and stored by PRISM.
Collection of Information
PRISM collects contact information from its investors and partners from time to time. Contact details are collected directly from individuals and corporations that PRISM meets.
The types of personal information and data may include, without limitation:
PRISM does not collect information via third parties. The firm is registered as a data controller with the Information Commissioner’s Office (“ICO”) under registration number ZB378022 as a data controller and complies with the relevant data protection principles.
Use of Information
Personal information and/or data may be used to:
Sharing of Information outside of the EEA
The personal information held by PRISM may be shared with:
PRISM does not transfer personal information to parties outside of the EEA, although the personal information held on cloud-based tools may located on servers outside of the EEA. PRISM only works with firms adhering to data protection laws.
Data Retention Periods
Personal information is retained by PRISM only as long as it remains necessary to fulfil the purposes PRISM collected it for, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.
The appropriate retention period for personal data is determined on the basis of the quantity, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of such personal data, the purposes for which the personal data is processed and whether those purposes can be achieved through other means, and the applicable legal requirements.
PRISM is legally obliged to retain basic information about clients (including contact, identity, financial and transaction data) for six years for tax purposes and for at least five years after a client ceases to be a client under the UK money laundering regulations 2017.
In some circumstances personal data may be pseudonymised for statistical purposes in which case PRISM may use this information indefinitely without further notice.
Opt-Out
PRISM contacts can opt-out at any time, if they no longer wish to receive communication from PRISM or if they want PRISM to delete their data. Any request to opt-out of the communication or to delete the data should be directed to legal@prism.ventures.
Security
PRISM takes all steps reasonably necessary to ensure that information and/or data is treated securely and in accordance with this Privacy Policy. Data is stored electronically on cloud-based solutions that are password protected and fully compliant with data regulation.
Rights in Relation to Data
Under GDPR individuals and entities have the right to access information stored about them. They are entitled to ask PRISM about:
If you have a complaint regarding any aspect of the personal data PRISM collects or this Privacy Notice, please contact us at the address listed below in ‘Contacting PRISM’.
Complaints may also be made to the ICO using their online form: https://ico.org.uk/make-a-complaint/. Alternatively, complaints can be sent to the ICO at the following address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Contacting PRISM
The point of contact for matters relating to data and more generally this Privacy Notice shall be PRISM’s legal team. You may contact us via email (legal@prism.ventures) or you may send a letter to the following address:
Prism Investment Management Ltd
Thomas House, 84 Eccleston Square, Pimlico
London SW1V 1PX
Changes to PRISM‘s Privacy Notice
PRISM aims to meet high standards of compliance with applicable regulation, so our policies are under frequent review. From time to time this Privacy Notice may be changed. The page will be updated periodically to reflect the latest version of the Privacy Notice.
Cookies
More information about cookies can be found by clicking on this link.