Privacy Policy

Introduction

prismcrest SARL ("we," "our," or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your personal information when you visit our website prismcrest.top or use our ghost kitchen setup services.

As a company registered in Luxembourg, we comply with the General Data Protection Regulation (GDPR) and Luxembourg's data protection laws. This policy applies to all personal data we collect through our website, services, and business interactions.

Data Controller Information

Data We Collect

The data we collect depends on how you interact with our services. We collect and process the following categories of personal information:

Information You Provide Directly

• Contact information (name, email address, phone number, company name)
• Business information (project details, requirements, preferences)
• Communication records (emails, messages, consultation notes)
• Payment information (billing address, transaction details)

Information Collected Automatically

• Website usage data (pages visited, time spent, click patterns)
• Technical information (IP address, browser type, device information)
• Cookies and tracking technologies (see our Cookie Policy)
• Referral sources and marketing campaign data

How We Use Your Information

We process your personal data for the following purposes, based on legitimate legal grounds under GDPR:

Service Provision (Contract Performance)

• Providing ghost kitchen setup consultation and services
• Responding to your enquiries and communication
• Managing our business relationship and service delivery
• Processing payments and maintaining financial records

Legitimate Business Interests

• Improving our website and services based on usage patterns
• Conducting market research and business analysis
• Preventing fraud and ensuring website security
• Managing our business operations and customer relationships

Marketing (With Your Consent)

We may use cookies and tracking technologies for analytics, advertising, and remarketing purposes, including Google Ads. These technologies help us measure campaign effectiveness, deliver relevant advertisements, and improve our services. You can manage your cookie preferences at any time through our cookie consent banner.

Legal Basis for Processing

Under GDPR, we process your personal data based on the following legal grounds:

• Contract performance: To provide our services and fulfil our contractual obligations
• Legitimate interests: For business operations, security, and service improvement
• Consent: For marketing communications and non-essential cookies
• Legal obligation: To comply with applicable laws and regulations

Data Sharing and Third Parties

We do not sell your personal data. We may share your information with trusted third parties in the following circumstances:

Service Providers

• Website hosting and technical infrastructure providers
• Email communication and customer relationship management services
• Payment processing and financial services
• Analytics and marketing platforms (Google Analytics, Google Ads)

Legal Requirements

We may disclose your information when required by law, court order, or to protect our rights, property, or safety, or that of our clients or the public.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and provide personalised services. We use cookies for:

• Essential website functionality and security
• Analytics to understand website usage patterns
• Marketing and advertising personalisation
• Remembering your preferences and settings

For detailed information about our cookie usage, please refer to our comprehensive Cookie Policy.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes outlined in this policy or as required by law:

• Client data: Retained for the duration of our business relationship plus 7 years for accounting and legal purposes
• Marketing data: Retained until you withdraw consent or for 3 years from last interaction
• Website analytics: Aggregated data retained for 26 months (Google Analytics default)
• Communication records: Retained for 3 years for business continuity and quality assurance

Your Rights

Under GDPR, you have the following rights regarding your personal data:

• Right of access: Request a copy of the personal data we hold about you
• Right to rectification: Request correction of inaccurate or incomplete data
• Right to erasure: Request deletion of your personal data in certain circumstances
• Right to restrict processing: Request limitation of how we use your data
• Right to data portability: Request transfer of your data in a structured format
• Right to object: Object to processing based on legitimate interests or for marketing purposes
• Right to withdraw consent: Withdraw consent for processing where consent is the legal basis

To exercise any of these rights, please contact us at privacy@prismcrest.top or +352 27389029. We will respond to your request within one month.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• Encryption of data in transit and at rest
• Regular security assessments and updates
• Access controls and authentication procedures
• Staff training on data protection and security practices
• Secure hosting and backup procedures

International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When we transfer your data internationally, we ensure appropriate safeguards are in place, such as:

• Adequacy decisions by the European Commission
• Standard Contractual Clauses approved by the European Commission
• Binding Corporate Rules or certification schemes

Contact Information

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us:

You also have the right to lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) if you believe we have not handled your personal data appropriately.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of our services after such changes constitutes acceptance of the updated policy.