Privacy Policy

Effective Date: 08/07/2025

1. Who We Are

Prime PC Services (PPCS)
Based in Fleet, Hampshire
Website: PPCS.uk
Contact: hello@ppcs.uk

We provide cyber security consulting, compliance certification, and governance services to accounting firms and professional services practices across the UK.

2. What Data We Collect

We may collect and process the following data when working with your firm:

Contact and Business Information

• ✓ Names, email addresses, and phone numbers of key contacts within your organization
• ✓ Company name, registration details, and business address
• ✓ Role and department information for relevant personnel

Technical and Security Information

• ✓ IP addresses, browser types, and system configurations when you access our website or services
• ✓ Security audit data, system logs, and technical assessments conducted during consulting engagements
• ✓ Software inventory and IT infrastructure details relevant to certification projects

Service-Related Data

• ✓ Engagement history, project documentation, and certification records
• ✓ Payment information and invoicing details
• ✓ Communication records related to service delivery

3. How We Use Your Data

We use your data to:

• ✓ Deliver cyber security consulting, compliance certification, and governance services
• ✓ Communicate with your team about projects, audits, and certification status
• ✓ Schedule and manage client engagements, assessments, and training sessions
• ✓ Maintain certification records and compliance documentation as required by certification bodies
• ✓ Provide ongoing support and advisory services
• ✓ Improve our service delivery and client experience
• ✓ Comply with legal, regulatory, and professional obligations

4. Legal Basis for Processing

We process your data only when we have a lawful basis, including:

• ✓ Contractual necessity – to fulfil our service agreements and deliver professional consulting services
• ✓ Legal obligation – to comply with regulatory requirements, certification body standards, and UK GDPR obligations
• ✓ Legitimate interest – to maintain business records, manage client relationships, and ensure service quality
• ✓ Consent – where explicitly provided (e.g., for marketing communications or optional services)

5. How Long We Keep Your Data

We retain your data only for as long as necessary to:

• ✓ Fulfil our contractual and professional obligations
• ✓ Maintain certification records as required by certification bodies (typically 3-7 years)
• ✓ Comply with legal, regulatory, and accounting requirements

When data is no longer required, we securely delete or anonymize it in accordance with our data retention policy and UK GDPR requirements.

6. Cookies & Website Analytics

We use essential cookies and standard analytics tools (such as Google Analytics) to monitor website performance and understand how firms interact with our content. You can manage or disable cookies through your browser settings at any time.

7. Your Rights Under UK GDPR

Your firm and its personnel have the right to:

• ✓ Access personal data we hold
• ✓ Correct or update inaccurate information
• ✓ Request deletion of data (subject to legal and contractual retention requirements)
• ✓ Restrict or object to certain data processing activities
• ✓ Data portability – receive your data in a structured, commonly used format
• ✓ Withdraw consent where previously given
• ✓ Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise any of these rights, contact us at hello@ppcs.uk.

8. Data Security

We implement robust technical and organizational measures to protect your data, including:

• ✓ Encryption of data in transit and at rest
• ✓ Secure password policies and multi-factor authentication
• ✓ Access controls limiting data access to authorized personnel only
• ✓ Regular security assessments and vulnerability management
• ✓ ISO 27001-aligned security practices

9. Third-Party Services

We may engage trusted third-party service providers to support our operations, including:

• ✓ Cloud storage and collaboration platforms
• ✓ Payment processors and accounting systems
• ✓ Certification bodies and external auditors
• ✓ Professional indemnity insurers

We only work with providers who comply with UK GDPR and maintain appropriate security standards. All third-party processors are contractually required to protect your data and use it only for specified purposes.

10. Data Sharing and Certification Bodies

In the course of providing certification services (Cyber Essentials, ISO 27001, ISO 42001), we may be required to share certain data with:

• ✓ Accredited certification bodies conducting external audits
• ✓ Regulatory authorities where legally required
• ✓ Professional insurers for liability and compliance purposes

We will only share data when necessary and in accordance with our contractual and legal obligations. You will be informed when such sharing is required.

11. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices. Revised versions will be posted on this page with an updated effective date. We encourage you to review this policy periodically.

For material changes affecting your rights, we will notify you directly via email to your primary contact.

Note: This Privacy Policy applies to professional services provided to business clients. For questions about data processing during specific engagements, please refer to your service agreement or contact your account manager.