Privacy Policy
Contents
1. Who We Are
PRISM Digital Solutions ("PRISM", "we", "us", "our") is a web design and development agency headquartered at Room 2701–2712, Block A, Chamber of Commerce Building, Xiaoshan District, Hangzhou, Zhejiang, China.
We operate the website at webdevprism.com (the "Site") and provide web design, website development, visual communication, and digital marketing services.
For the purposes of the EU General Data Protection Regulation (GDPR) and applicable data protection laws, PRISM Digital Solutions is the data controller of personal data collected through this Site.
Our website and all client data are hosted on Alibaba Cloud servers located in Frankfurt, Germany (EU Central region), ensuring full compliance with GDPR requirements. All personal data is stored and processed within the European Economic Area (EEA).
Contact us at: [email protected]
2. Data We Collect
We collect personal data in the following categories:
2.1 Data you provide directly
- Contact form submissions: First name, last name, email address, service interest, project details.
- Email correspondence: Any information you include when contacting us by email.
- WhatsApp / chat: Messages and contact details shared via WhatsApp or other messaging platforms.
2.2 Data collected automatically
- Usage data: IP address, browser type and version, operating system, pages visited, time and date of visit, referring URL, time spent on pages.
- Device data: Device type, screen resolution, language settings.
- Cookies and similar technologies: See Section 9 for details.
2.3 Data from third parties
We may receive data about you from analytics providers (e.g. Google Analytics), advertising networks, and social media platforms when you interact with our content on those platforms.
3. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Data Used |
|---|---|
| Responding to enquiries and contact form submissions | Name, email, project details |
| Providing and managing our services | Name, email, project information |
| Sending service-related communications | Email address |
| Marketing and promotional communications (with consent) | Email address, name |
| Improving our website and user experience | Usage data, cookies |
| Analytics and performance monitoring | Usage data, IP address |
| Legal compliance and fraud prevention | All categories as required |
We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
4. Legal Basis for Processing (GDPR Article 6)
We process your personal data on the following legal bases:
- Contractual necessity (Art. 6(1)(b)): Processing necessary to respond to your enquiries and deliver services you have requested.
- Legitimate interests (Art. 6(1)(f)): Processing for website analytics, security, fraud prevention, and improving our services, where such interests are not overridden by your rights.
- Consent (Art. 6(1)(a)): Where you have given explicit consent, such as for marketing emails or non-essential cookies. You may withdraw consent at any time.
- Legal obligation (Art. 6(1)(c)): Processing required to comply with applicable laws and regulations.
5. Data Sharing & Third Parties
We may share your data with the following categories of recipients:
- Service providers: Hosting providers, email platforms, CRM systems, analytics tools — who process data on our behalf under data processing agreements.
- Professional advisers: Lawyers, accountants, auditors acting as processors or joint controllers.
- Regulatory authorities: Where required by law, court order, or governmental authority.
- Business transfers: In connection with a merger, acquisition, or sale of assets, subject to appropriate confidentiality protections.
Key third-party tools we currently use:
- Google Analytics — website usage analytics (Google LLC, USA) — Privacy Policy
- Alibaba Cloud (Frankfurt, Germany) — hosting and infrastructure services — Privacy Policy
- WordPress — content management system (open-source software)
6. International Data Transfers
Our website and all client data are hosted on Alibaba Cloud servers in Frankfurt, Germany, within the European Economic Area (EEA). Personal data submitted through this Site is stored and primarily processed within the EEA, benefiting from the full protections afforded by the GDPR.
PRISM's core team operates from China. Certain operational data — such as project communications, internal correspondence, and service delivery information — may be accessed by our team members in China. This constitutes an international transfer of personal data outside the EEA.
Where such transfers occur, we ensure appropriate safeguards are in place in accordance with GDPR Chapter V, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914).
- Internal data access policies limiting the scope and purpose of any transfer to what is strictly necessary for service delivery.
- Technical and organisational measures (encryption, access controls) to protect data in transit and at rest.
We do not transfer personal data outside the EEA unless adequate safeguards are in place. You may request a copy of the relevant safeguards by contacting us at [email protected].
7. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this Policy, or as required by law.
- Contact form data: Up to 3 years from last contact, unless an ongoing business relationship exists.
- Client project data: Up to 7 years for legal and accounting compliance.
- Analytics data: Up to 26 months (Google Analytics default).
- Marketing data: Until you withdraw consent or unsubscribe.
After retention periods expire, data is securely deleted or anonymised.
8. Your Rights Under GDPR
If you are located in the EEA, UK, or Switzerland, you have the following rights regarding your personal data:
- Right of access (Art. 15): Request a copy of the personal data we hold about you.
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data.
- Right to erasure (Art. 17): Request deletion of your data ("right to be forgotten"), subject to legal exceptions.
- Right to restriction (Art. 18): Request that we limit processing of your data in certain circumstances.
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Right to object (Art. 21): Object to processing based on legitimate interests or for direct marketing.
- Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.
- Right to lodge a complaint: You have the right to lodge a complaint with your national data protection supervisory authority.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before processing your request.
9. Cookies & Tracking Technologies
We use cookies and similar tracking technologies on our Site. Cookies are small text files stored on your device.
Types of cookies we use:
- Strictly necessary cookies: Essential for the Site to function. Cannot be disabled.
- Analytics cookies: Help us understand how visitors interact with the Site (e.g. Google Analytics). Require your consent.
- Preference cookies: Remember your settings and preferences.
- Marketing cookies: Used to deliver relevant advertisements. Require your consent.
You can manage cookie preferences through our cookie consent banner or by adjusting your browser settings. Note that disabling certain cookies may affect Site functionality.
For more information, see the Cookies & You guide.
10. Children's Privacy
Our Site and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at [email protected] and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or a prominent notice on our Site.
We encourage you to review this Policy periodically. Your continued use of the Site after changes are posted constitutes your acceptance of the updated Policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
PRISM Digital Solutions
Room 2701–2712, Block A, Chamber of Commerce Building,
Xiaoshan District, Hangzhou, Zhejiang, China
Email: [email protected]
WhatsApp: +86 134 5671 8884
We aim to respond to all data-related requests within 30 days.
If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority. In the EU, a list of supervisory authorities is available at edpb.europa.eu.