To exercise your rights regarding your Personal Data, or if you have questions regarding our Privacy practices, please reach out to us at:
email@example.com or firstname.lastname@example.org or
Reach out Prismforce Data Protection Officer/ Grievance Officer (Prismforce Privacy Team) at:
Ashwini Kumar Dixit, email@example.com
A-1004, 10th Floor, Kanakia Wall Street,
Andheri Kurla Road, Andheri East, Mumbai - 400093
We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you have the right to lodge a complaint with the competent supervisory authority.
We will update this Privacy Statement from time to time to reflect changes in our practices, technologies, legal requirements, and other factors. If we do, we will update the “effective date” at the top.
If we make a material update, we may provide you with notice prior to the update taking effect, such as by posting a conspicuous notice on our website or by contacting you directly, or where required under applicable law and feasible, seek your consent to these changes.
We encourage you to periodically review this Privacy Statement to stay informed about our collection, processing and sharing of your Personal Data.
While we follow generally accepted standards to protect Personal Data, no method of storage or transmission is 100% secure.
You are solely responsible for protecting your password, limiting access to your devices and signing out of websites after your sessions. If you have any questions about the security of our websites, please connect with us formally with your query related to your personal data.
We take appropriate precautions including organizational, technical, and physical measures to help safeguard against accidental or unlawful destruction, loss, alteration, and unauthorized disclosure of, or access to, the Personal Data we process or use.
This includes personal data used in –
If we process your Personal Data for the purpose of sending you marketing communications, you may manage your receipt of marketing and non-transactional communications from PRISMFORCE by clicking on the “unsubscribe” link located on the bottom of PRISMFORCE marketing emails, by replying or texting ‘STOP’ if you receive PRISMFORCE SMS communications.
Please note that, notwithstanding the above, you will continue to receive marketing and non-transactional communications from PRISMFORCE unless you manage your receipt of such communications by clicking on the “unsubscribe” link located on the bottom of MuleSoft marketing emails, replying or texting ‘STOP’ to PRISMFORCE SMS communications.
You may also turn off push notifications on PRISMFORCE and PRISMFORCE apps on your device, or unsubscribe by contacting us using the information in the “Contacting us” section, below.
Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.
We will refer your request to that customer, and will support them as needed in responding to your request within a reasonable timeframe.
To exercise your rights, please contact us by using the information in the “Contact us” section, on our website.
Your personal data may be processed in responding to these rights. We try to respond to all legitimate requests within one month unless otherwise required by law, and will contact you if we need additional information from you in order to honor your request or verify your identity. Occasionally it may take us longer than a month, taking into account the complexity and number of requests we receive. If you are an employee of a PRISMFORCE customer, we recommend you contact your employer’s system administrator for assistance in correcting or updating your information.
Some registered users may update their user settings, profiles, organization settings and event registrations by logging into their accounts and editing their settings or profiles.
To update your billing information, discontinue your account or request return or deletion of your Personal Data and other information associated with your account, please contact us by using the information in the “Contact Us” section.
The Agreement considers following:
a. Privacy by Design and default
b. Achieving Security of Processing
c. Notification of breaches involving PII to a Supervisory authority within 72 hours.
d. Notification of breaches involving PII to Customers and PII Principals within 72 hours.
e. Prismforce shall inform the customer if in its opinion a processing instruction infringes applicable legislation or regulation.
f. The organization does not use PII processed under a contract for the purposes of Marketing and Advertising
g. Coordinate with Clients for helping Audit the systems. The organization provides the customer with the appropriate information so that it can demonstrate compliance with their obligations
h. The Data shall be deleted or de-identified after the processing is complete (This is after the retention period selected is complete).
i. Prismforce shall inform 24 hours in advance to clients in case of any legally binding requests for disclosure of PII.
You may have certain rights relating to your Personal Data, subject to GDPR as well as local data protection laws. Depending on the applicable laws these rights may include the right to:
We may retain your Personal Data for a period of time consistent with the original purpose of collection (see the “Purposes for which we process Personal Data and the legal basis for the same” section, above) or as long as required to fulfill our legal obligations.
We determine the appropriate retention period for Personal Data on the basis of the amount, nature, and sensitivity of the Personal Data being processed, the potential risk of harm from unauthorized use or disclosure of the Personal Data, whether we can achieve the purposes of the processing through other means, and on the basis of applicable legal requirements (such as applicable statutes of limitation).
After expiry of the applicable retention periods, your Personal Data will be deleted. If there is any data that we are unable, for technical reasons, to delete entirely from our systems, we will implement appropriate measures to prevent any further use of such data.
Prismforce is governed by EU GDPR Data Retention and Data Erasure policies, as defined within Prismforce.
The retention period pursuant to a contract termination is 30 days following the expiry or termination of the contract unless otherwise agreed.
The retention period for inactive data processed as a data processor is 2 years unless otherwise agreed with the data controller.
Your Personal Data may be collected, transferred to and stored by us in the US or by our affiliates and third-parties disclosed in Section 6, above, that are based in other countries where such transfers are required for legitimate business reasons.
Prismforce uses following sub processors:
We may also share anonymous or de-identified usage data with PRISMFORCE’s service providers for the purpose of helping PRISMFORCE in such analysis and improvements.
Additionally, PRISMFORCE may share such anonymous or de-identified usage data on an aggregate basis in the normal course of operating our business; for example, we may share information publicly to show trends about the general use of our services.
We may share your Personal Data as follows:
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.
We collect and process your Personal Data for the following purposes. Where required by law, we obtain your consent to use and process your Personal Data for these purposes. Otherwise, we rely on another authorized legal basis (including but not limited to the (a) performance of a contract or (b) legitimate interest) to collect and process your Personal Data.
If you use certain features of our services on a mobile device, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers).
Our websites may use social media features, such as the Facebook “like” button, the “Tweet” button and other sharing widgets (“Social Media Features”). Social Media Features may allow you to post information about your activities on our website to outside platforms and social networks.
Social Media Features may also allow you to like or highlight information we have posted on our website or our branded social media pages. Social Media Features are either hosted by each respective platform or hosted directly on our website.
To the extent the Social Media Features are hosted by the platforms themselves, and you click through to these from our websites, the platform may receive information showing that you have visited our websites. If you are logged in to your social media account, it is possible that the respective social media network can link your visit to our websites with your social media profile.
Your interactions with Social Media Features are governed by the privacy policies of the companies providing them.
As described above, we or one of our authorized partners may place or read cookies on your device when you visit our websites for the purpose of serving you targeted advertising (also referred to as “online behavioral advertising” or “interest-based advertising”).
When you visit our websites, we, or an authorized third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites.
Cookies allow us to track use, browsing preferences, and improve and customize your browsing experience.
We may use both session-based and persistent cookies on our websites. Session-based cookies exist only during a single session and disappear from your device when you close your browser or turn off the device. Persistent cookies remain on your device after you close your browser or turn your device off. To change your cookie settings and preferences for one of our websites, click the Cookie Preferences setting on your respective machine.
The following describes how we use different categories of cookies and similar technologies and your options for managing the data collection settings of these technologies:
We gather certain information automatically when individual users visit our websites. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server information), device and application information, identification numbers and features, location, browser type, plug-ins, integrations, Internet service provider, mobile carrier, the pages and files viewed, searches, referring website, app or ad, operating system, system configuration information, advertising and language preferences, date and time stamps associated with your usage, and frequency of visits to the websites. This information is used to analyze overall trends, help us provide and improve our websites, offer a tailored experience for website users, and secure and maintain our websites.
In addition, we gather certain information automatically as part of your use of our cloud products and services. This information may include identifiers, commercial information, and internet activity information such as IP address (or proxy server), mobile device number, device and application identification numbers, location, browser type, Internet service provider or mobile carrier, the pages and files viewed, website and webpage interactions including searches and other actions you take, operating system and system configuration information and date and time stamps associated with your usage. This information is used to maintain the security of the services, to provide necessary functionality, to improve performance of the services, to assess and improve customer and user experience of the services, to review compliance with applicable usage terms, to identify future opportunities for development of the services, to assess capacity requirements, to identify customer opportunities, and for the security of PRISMFORCE generally (in addition to the security of our products and services).
Some of the device and usage data collected by the services, whether alone or in conjunction with other data, could be personally identifying to you. Please note that this device and usage data is primarily used to identify the uniqueness of each user logging on (as opposed to specific individuals), apart from where it is strictly required to identify an individual for security purposes or as required as part of our provision of the services to our customers.
It is ensured that all of the above mentioned personal data shall be protected at all time by suitable controls as deemed appropriate by PRISMFORCE
We use common information-gathering tools, such as tools for collecting usage data, cookies, web beacons, pixels, and similar technologies to automatically collect information that may contain Personal Data as you navigate our websites, our services, or interact with emails we have sent to you.
We may also collect information about you from other sources including third parties e.g. curated publicly available information. We may combine this information with aggregated personal Data provided by you. This helps us update, expand, and analyze our records, identify new customers, and create more tailored advertising to provide services that may be of interest to you.
The Personal Data we collect from other sources includes identifiers, professional or employment-related information, education information, commercial information, visual information, internet activity information, and inferences about preferences and behaviors.
In particular, we may collect such Personal Data from the following sources or equivalent.
If you provide us or our service providers with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Statement.
If you believe that your Personal Data has been provided to us in an incorrect manner, and want to exercise your rights relating to your Personal Data, please contact us by using the information in the “Contact Us” section.
The Personal Data we collect directly from you may include identifiers, professional or employment-related information, financial account information, commercial information, visual information, and internet activity information. We collect such information in the following situations:
The subject-matter of Processing of Personal Data by Prismforce is the performance of the Services pursuant to the Agreement. The duration of the Processing, the nature and purpose of the Processing, the types of Personal Data and categories of Data Subjects Processed under the agreement shall be specified in the DPA. Prismforce shall keep appropriate documentation on the processing activities carried out on behalf of the data controller.
Data Protection Officer: Prismforce has appointed a data protection officer who may be reached at firstname.lastname@example.org
Prismforce shall treat Personal Data as Confidential Information and shall Process Personal Data on behalf of and only in accordance with Customer’s documented instructions and applicable Data Protection Laws and Regulations for the following purposes:
(i) Processing in accordance with the Agreement;
(ii) Processing initiated by Users in their use of the Services; and
(iii) Processing to comply with other documented reasonable instructions provided by Customer (e.g., via email) where such instructions are consistent with the terms of the Agreement.
Processing of Personal Data is required for receiving certain products or services.
Our websites and services may contain links to other websites, applications, and services maintained by third parties. The information practices of other services, or of social media platforms that host our branded social media pages, are governed by their privacy statements, which you should review to better understand their privacy practices.
This Privacy Statement applies to the processing of Personal Data collected by us when you:
For detailed privacy information related to a PRISMFORCE customer or a customer affiliate who uses the PRISMFORCE products and services as the controller, please contact our customer directly.
We are not responsible for the privacy or data security practices of our customers, which may differ from those explained in this Privacy Statement.
PRISMFORCE INC is the controller/processor of your Personal Data as described in this Privacy Statement, unless specified otherwise.This Privacy Statement does not apply to the extent we process Personal Data in the role of a processor or service provider on behalf of our customers, including where we offer to our customers various products and services through which our customers (or their affiliates):
PRISMFORCE Inc has defined and established an organization level privacy statement to demonstrate our commitment towards a user's right to privacy.
A reference to “PRISMFORCE,” “we,” “us” or the “Company” is a reference to www.prismforce.com and its relevant affiliate involved in the collection, use, sharing, or other processing of Personal Data.