GDPR Compliance
Last updated: January 2026
GDPR Compliance
Prysm Edge is committed to full compliance with the EU General Data Protection Regulation (GDPR). This document outlines our approach to protecting the rights of data subjects in the European Economic Area.
1. Our GDPR Commitment
We are committed to ensuring that personal data is:
- Processed lawfully, fairly, and transparently
- Collected for specified, explicit, and legitimate purposes
- Adequate, relevant, and limited to what is necessary
- Accurate and kept up to date
- Kept in a form that permits identification only as long as necessary
- Processed securely with appropriate technical and organizational measures
2. Lawful Basis for Processing
We process personal data only when we have a lawful basis under GDPR Article 6:
- Consent: When you voluntarily provide information (e.g., contact forms, newsletter subscriptions)
- Contractual Necessity: To perform services or fulfill contractual obligations
- Legal Obligation: To comply with applicable laws and regulations
- Legitimate Interest: For business operations, provided your rights are not overridden
3. Data Subject Rights
Under GDPR, you have the following rights regarding your personal data:
- Right to Access (Art. 15) — Obtain a copy of your personal data we hold
- Right to Rectification (Art. 16) — Have inaccurate data corrected
- Right to Erasure (Art. 17) — Request deletion of your data ("right to be forgotten")
- Right to Restriction (Art. 18) — Restrict how we process your data
- Right to Portability (Art. 20) — Receive your data in a machine-readable format
- Right to Object (Art. 21) — Object to processing based on legitimate interests or direct marketing
Right to Access (Article 15)
You have the right to obtain confirmation of whether we are processing your personal data and to receive a copy of that data.
Right to Rectification (Article 16)
You have the right to have inaccurate personal data corrected and incomplete data completed.
Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to have your personal data deleted when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal basis for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing (Article 18)
You have the right to request restriction of processing when:
- You contest the accuracy of the data
- Processing is unlawful but you oppose erasure
- We no longer need the data but you require it for legal claims
- You have objected to processing pending verification
Right to Data Portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.
Right to Object (Article 21)
You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.
4. How to Exercise Your Rights
To exercise any of your GDPR rights, please submit a request to:
Please include the following in your request:
- Your full name and contact information
- The specific right you wish to exercise
- Any relevant details to help us locate your data
- Proof of identity (to prevent unauthorized disclosure)
We will respond to your request within 30 days. If additional time is required, we will notify you within the initial 30-day period.
5. Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will:
- Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
- Notify affected individuals without undue delay if the breach poses a high risk
- Document all data breaches, including facts, effects, and remedial actions taken
6. International Data Transfers
If we transfer your personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions recognizing equivalent data protection standards
- Binding corporate rules for intra-group transfers
7. Data Protection Officer
For questions about our GDPR compliance or to exercise your data subject rights, you may contact our data protection team at:
8. Right to Lodge a Complaint
If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.