GDPR Policy

For residents (data subjects) of the European Economic Area (EEA), when we collect and use personal data (information) about you, we may be subject to the General Data Protection Regulation (‘GDPR’) of the European Union and responsible as a ‘data controller’ for such personal data. Below you will find the additional specific provisions applicable to you as a resident within the EEA; including your rights to your data as it may be processed by Prisma AI.

How we will use your personal data

Where the GDPR is applicable to Prisma AI, we are only permitted to process your personal data on the basis of certain legal requirements which are outlined in the applicable legislation. As such, you will find below the valid legal bases which permits us to process your personal data for the fulfilment of one of the below purposes (which are outlined more specifically above in our general notice).

To ensure access to our website and online services Under the GDPR, the lawful basis for this processing is our legitimate interest in enabling and improving our website and online services, or consent, where requested and obtained.
To answer your queries, support and contact requests Under the GDPR the lawful basis for this processing may be for the performance of a contract with you or to take steps at your request before entering into a contract with you, or for our legitimate interests in behaving as a responsible organization in dealing with these matters, or consent, where requested and obtained.
Subscriptions to our promotional communications Under the GDPR the lawful basis for this processing is the consent, where requested and obtained.
To administer events and activities Under the GDPR the lawful basis for this processing is our legitimate interest in organizing and running such events, or consent, where requested and obtained.
To manage, administer and fulfil the obligations under contracts, and regulations Under the GDPR and depending on the processing activity, the lawful bases for this processing may be for the performance of a contract with you or to take steps at your request before entering a contract with you, our legitimate interest in providing services to your company or employer, or legal obligation.
To promote Prisma AI brand, products, initiatives and values with marketing communications Under the GDPR the lawful basis for this processing are Prisma’s legitimate interests in promoting its brand, products, initiatives and values, or consent, where requested and obtained.

Transferring EEA Data Subject information outside the EU/EEA for GDPR

We may transfer the personal data we collect about you to one of more countries outside the EU/EEA, including India, to perform one of the activities listed above (see “How we will use information about you”). Where there isn’t an adequacy decision by the European Commission in respect of those countries – meaning that these are not deemed to provide an adequate level of protection for your personal data – we have put in place the appropriate measures to ensure that your personal data will be secure. These measures include Data Transfer Agreements based on the European Commission’s Standard Contractual Clauses. If you require further information about these protective measures, you can request it from our Data Protection Officers (see contacts below).

Rights of EU data subjects under GDPR

If the processing of your personal data is subject to the EU General Data Protection Regulation (“GDPR “) (or any United Kingdom replacement legislation), you are entitled to the rights listed below.

Your duty to inform us of changes.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. Your rights in connection with personal data Under certain circumstances, by law you have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you.
Request correction of the personal data that we hold about you. This enables you ask us to have any incomplete or inaccurate information we hold about you corrected.
Request erasure of your personal data. This enables you to ask us, in certain situations, to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
Request the restriction of processing of your personal data. This enables you to ask us, in certain circumstances, to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
Data portability: This enables you to ask us, in certain circumstances, to provide you with the personal data you have provided to us in a structured, commonly used and machine-readable format or to transmit the personal data that you have provided to us to another party.
Automated decision-making: The right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or similarly significantly affects you.

If you are an EU or United Kingdom resident and want to exercise a data subject right in connection to your personal data, please contact our Data Protection Officers for the EU or United Kingdom (see contacts below).

What we may need from you

If you exercise one of the above rights, we may need to request specific information from you to help us confirm your identity and that you are entitled to make such a request. This is to ensure that personal data is not disclosed to any person who has no right to receive it.

Data protection supervisory Authority under GDPR

If you’re not satisfied of how we process your personal data and the processing of your personal data is subject to the EU GDPR, you can lodge a complaint at any time to our Data Protection Officers or to the relevant data protection supervisory Authority; you can find the complete list of the European Authorities https://edpb.europa.eu/about-edpb/board/members_en .

Data Protection Officer

We have appointed Data Protection Officers (DPOs) to oversee compliance of Prisma AI with applicable data protection laws and with this privacy notice. If you have any questions about this privacy notice or how we handle your personal data, please contact the DPO in your region.