GDPR Compliance Information

Last Updated: May 10, 2026

Our Commitment to GDPR

Prismatic Spark is committed to complying with the General Data Protection Regulation (GDPR) and respecting the data protection rights of individuals in the European Economic Area (EEA) and beyond.

Legal Basis for Processing

We process personal data under the following lawful bases:

• Consent: When you provide explicit consent for specific processing activities
• Contract: When processing is necessary to fulfill our services
• Legitimate Interests: When processing serves our legitimate business interests without overriding your rights
• Legal Obligation: When we must process data to comply with legal requirements

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Right to Access

You have the right to request copies of your personal data that we hold. We may charge a reasonable fee for additional copies beyond the first request.

Right to Rectification

You have the right to request correction of any inaccurate or incomplete personal data we hold about you.

Right to Erasure

You have the right to request deletion of your personal data under certain circumstances, including when the data is no longer necessary for the purposes for which it was collected.

Right to Restrict Processing

You have the right to request that we restrict the processing of your personal data under certain conditions.

Right to Data Portability

You have the right to request transfer of your personal data to another organization or directly to you in a structured, commonly used, machine-readable format.

Right to Object

You have the right to object to our processing of your personal data where we rely on legitimate interests as the legal basis.

Rights Related to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal effects concerning you.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

• Service delivery and client relationship management
• Legal, accounting, and regulatory requirements
• Dispute resolution and legal claims

When personal data is no longer required, we securely delete or anonymize it.

International Data Transfers

If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:

• Standard Contractual Clauses approved by the European Commission
• Transfers to countries with adequacy decisions
• Other legally approved transfer mechanisms

Data Protection Officer

For questions about our GDPR compliance or to exercise your rights, please contact us:

Email: [email protected]
Subject: GDPR Data Request

Exercising Your Rights

To exercise any of your GDPR rights, please submit a written request to the email address above. We will respond within one month of receiving your request. In complex cases, we may extend this period by two additional months and will inform you of the extension.

Right to Lodge a Complaint

If you believe we have not handled your personal data in accordance with GDPR, you have the right to lodge a complaint with your local data protection authority.

Updates to This Information

We may update this GDPR information periodically. Any changes will be posted on this page with an updated revision date.