Introduction

Prismaya Ventures Ltd ("Prismaya," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our CRM platform and related services.

We comply with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, and other applicable data protection laws.

Information We Collect

Personal Information You Provide

When you register for Prismaya CRM, we collect:

• Name and contact information (email address, phone number)
• Organization details (nonprofit/charity name, address)
• Account credentials (username, password)
• Payment information (processed securely through third-party payment processors)
• Any other information you choose to provide

Information Collected Automatically

• Device information (IP address, browser type, operating system)
• Usage data (features used, pages visited, time spent)
• Cookies and similar tracking technologies
• Log data (access times, error reports)

Data You Store in Our Platform

As a CRM platform, you may store donor information, volunteer records, event details, and other data related to your nonprofit operations. You are the data controller for this information, and we act as the data processor.

How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and manage your account
• Send you technical notices, updates, and support messages
• Respond to your inquiries and provide customer support
• Monitor and analyze usage patterns and trends
• Detect, prevent, and address technical issues and security threats
• Comply with legal obligations and enforce our terms
• Send you marketing communications (with your consent)

Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interests: Improving our services, security, and fraud prevention
• Legal Obligation: Compliance with applicable laws and regulations
• Consent: Marketing communications and optional features (you can withdraw consent at any time)

Data Sharing and Disclosure

We do not sell your personal information. We may share your information with:

• Service Providers: Third-party vendors who perform services on our behalf (hosting, payment processing, email delivery)
• Legal Requirements: When required by law or to protect our rights and safety
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• With Your Consent: When you explicitly authorize us to share your information

All third-party service providers are contractually required to protect your data and comply with GDPR where applicable.

International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and the European Union. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data residency options in the US, EU, and UK
• Compliance with adequacy decisions where applicable

Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication mechanisms
• Employee training on data protection
• Incident response and breach notification procedures

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but will notify you of any breach as required by law.

Your Rights Under GDPR

If you are in the European Economic Area (EEA) or UK, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal obligations)
• Right to Restriction: Limit how we use your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent at any time (where processing is based on consent)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@prismaya.com. We will respond within 30 days.

Data Retention

We retain your personal information for as long as necessary to:

• Provide our services and maintain your account
• Comply with legal, tax, and accounting obligations
• Resolve disputes and enforce our agreements

When you close your account, we will delete or anonymize your data within 90 days, except where we must retain it for legal purposes.

Cookies and Tracking

We use cookies and similar technologies for:

• Essential functionality (authentication, security)
• Analytics and performance monitoring
• Preferences and settings

You can control cookies through your browser settings, but some features may not work properly if you disable cookies.

Children's Privacy

Our services are not directed to individuals under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through our platform. Your continued use of our services after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Data Protection Officer: For GDPR-related inquiries, contact our DPO at dpo@prismaya.com