PRSM
Request a briefing
All legal & compliance

Privacy Policy

Last updated 6 June 2026

This Privacy Policy explains how [Legal entity name] (“PRSM”, “we”, “us”) handles personal data in connection with this website and our managed due-diligence service. It is written for two audiences: visitors to this site, and the clients and subjects involved in our investigations.

This document is a starting template and must be reviewed by qualified legal counsel for your jurisdiction before it is relied upon.

Who we are

[Legal entity name] is a managed financial-crime and open-source intelligence provider. For the purposes of applicable data-protection law, we act as a data controller for this website and for our own business records, and as a data processor or joint controller for client-directed investigations, as set out in the relevant client agreement.

  • Controller: [Legal entity name], [registered office address].
  • Data protection contact: [email protected].

The data we collect

When you use this website

  • Information you submit through the contact / briefing-request form (such as your name, work email, organization, role, and the details of your enquiry).
  • Limited technical data necessary to serve the site (for example, request logs held by our hosting provider).

We do not run advertising trackers on this website. See our Cookie Policy for the small set of functional storage we use.

When you use our service

  • Account and organization details for authorized users.
  • The people and entities you submit for screening, and the evidence, findings, and reports produced during an investigation.

Investigation data is handled under the terms of the applicable client agreement and the safeguards described in our security overview.

How we use personal data

  • To respond to enquiries and provide briefings you request.
  • To deliver, support, and improve the service.
  • To meet legal, regulatory, and anti-financial-crime obligations.
  • To protect the security and integrity of our systems.

Where applicable data-protection law requires a legal basis, we rely on one or more of: performance of a contract, our legitimate interests in operating and securing the service, your consent (where requested), and compliance with legal obligations. [Confirm the bases applicable in your jurisdiction.]

Sharing

We share personal data only as needed to operate the service and meet our obligations, including with: service providers (such as hosting and infrastructure) acting on our instructions; professional advisers; and authorities where required by law. We do not sell personal data.

International transfers

Where personal data is transferred across borders, we put appropriate safeguards in place as required by applicable law. [Describe mechanisms — e.g. standard contractual clauses — once confirmed.]

Retention

We keep personal data only as long as necessary for the purposes above and as required by law and our client agreements, after which it is deleted or anonymized. [Confirm retention periods.]

Your rights

Depending on your location, you may have rights to access, correct, delete, or restrict the processing of your personal data, to object to certain processing, and to data portability. To exercise these rights, contact [email protected]. You may also have the right to complain to a data protection authority.

Security

We design the service around tenant-scoped access, least-privilege controls, private evidence storage, and audit logging. No system is perfectly secure, but we take reasonable measures to protect personal data. See our security overview and Responsible Disclosure policy.

Changes

We may update this policy from time to time. The “Last updated” date above reflects the latest revision.

Contact

Questions about this policy or your personal data: [email protected].