Privacy Policy

Last updated: January 2024

Introduction

prism-nectar ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services or visit our website at prism-nectar.com.

We encourage you to read this policy carefully. By using our services, you acknowledge that you have read and understood this Privacy Policy.

Information We Collect

We collect information that you provide directly to us, as well as information generated through your use of our services.

Personal Information You Provide

When you engage our services or contact us, we may collect:

  • Name, address, and contact details including email address
  • Date of birth and National Insurance number (where required for benefit applications)
  • Employment status and income information
  • Health information and medical records relevant to your claim
  • Housing circumstances and living arrangements
  • Family composition and dependent information
  • Bank details (only when required for specific benefit claims)
  • Previous benefit claim history

Automatically Collected Information

When you visit our website, we may automatically collect:

  • IP address and browser type
  • Pages visited and time spent on each page
  • Referring website address
  • Device information including operating system

How We Use Your Information

We use the information we collect for the following purposes:

  • To provide benefits advisory services and prepare applications on your behalf
  • To communicate with you about your case and respond to enquiries
  • To correspond with government departments and agencies regarding your claims
  • To prepare documentation for appeals and tribunals
  • To improve our services and website functionality
  • To comply with legal obligations
  • To send you information about our services (with your consent)

Legal Basis for Processing

Under UK data protection law, we must have a legal basis for processing your personal data. Our processing activities are based on:

  • Contract: Processing necessary to fulfil our service agreement with you
  • Legal obligation: Processing required to comply with applicable laws
  • Legitimate interests: Processing for our legitimate business purposes where these do not override your rights
  • Consent: Where you have given explicit consent for specific processing activities

Special Category Data

Benefits applications often require health and medical information, which is considered special category data under UK GDPR. We process this data based on your explicit consent and because it is necessary for the provision of health or social care services.

We handle such information with additional care and implement heightened security measures.

Sharing Your Information

We may share your personal information with:

  • Government departments: Including the Department for Work and Pensions, HM Revenue and Customs, and local authorities, as required for your benefit applications
  • Tribunals and courts: When preparing or attending appeal hearings
  • Healthcare providers: To obtain medical evidence supporting your claims (with your consent)
  • Professional advisors: Such as solicitors, where necessary for your case

We will never sell your personal information to third parties or share it for marketing purposes without your explicit consent.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Encryption of sensitive data in transit and at rest
  • Secure storage of physical documents in locked facilities
  • Access controls limiting data access to authorised personnel
  • Regular security assessments and staff training
  • Secure disposal of records when no longer needed

Data Retention

We retain your personal information for as long as necessary to fulfil the purposes for which it was collected, typically:

  • Active client records: For the duration of our engagement plus six years
  • Appeal and tribunal documentation: Seven years after final decision
  • Financial records: Six years as required by law
  • Website analytics: Twelve months

After these periods, data is securely deleted or anonymised.

Your Rights

Under UK data protection law, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data in certain circumstances
  • Object to processing based on legitimate interests
  • Request restriction of processing
  • Data portability (receiving your data in a machine-readable format)
  • Withdraw consent at any time where processing is based on consent

To exercise any of these rights, please contact us using the details below.

International Transfers

Your personal data is stored and processed within the United Kingdom and European Economic Area. We do not routinely transfer personal data outside these regions. If such a transfer becomes necessary, we will ensure appropriate safeguards are in place.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last updated" date. We encourage you to review this policy periodically.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:

prism-nectar
47 Clerkenwell Road
London EC1M 5RS
Email: [email protected]

Supervisory Authority

You have the right to lodge a complaint with the Information Commissioner's Office (ICO) if you believe your data protection rights have been violated:

Information Commissioner's Office
Wycliffe House, Water Lane
Wilmslow, Cheshire SK9 5AF
Website: ico.org.uk