Terms & Conditions
This website protypeservices.co.uk is operated by Protype Services Ltd, a company registered in England and Wales, company registration number 13466124, whose registered office is located at 7 South Hill, Godalming GU7 1JT.
The Company is registered with the Information Commissioner as a data controller, with registration number ZB099481.
All Protype Services employees, contractors, associates and homeworkers are bound by contractual privacy terms at least as strict as defined in this policy, and are full UK residents paid via UK bank accounts.
When requesting a quote on our website, we ask you to give us your name and email address for the purpose of supplying the services to you.
The information you provide will be kept confidential. We will hold, use and disclose your personal information for our legitimate business purposes including:
Under GDPR, the main grounds that we rely upon in order to process personal information of our users are the following:
Data Processor Obligations
The Processor shall ensure that it and any sub-processor (to be engaged only with the Controller’s consent and on the same terms as below) identifies the Personal Data as above and –
1) in processing the Personal Data:
(a) does so only on documented instructions from the Controller;
(b) does not transfer the Personal Data to a third country or an international organisation, unless the Controller so instructs, or the Processor is required to do so by law;
(c) if the Processor is required by law to make such a transfer, the Processor shall inform the Controller of that legal requirement before transferring, unless the law prohibits such information being given on important grounds of public interest.
2) ensures that persons authorised to process the Personal Data are bound by contractual confidentiality obligations which reflect the requirements of these clauses and the need to keep the Personal Data secure and confidential.
3) ensures appropriate technical and organisational measures are in place (and advises the Controller of these measures) to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of the Personal Data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
(c) the ability to restore the availability and access to the Personal Data in a timely manner in the event of a physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.
In assessing the appropriate level of security, account may be taken of adherence to an approved code of conduct, and shall be taken of:
(i) the state of the art, the costs of implementation and the nature, scope, context and purposes of processing;
(ii) the risk of the varying likelihood and severity for the rights and freedoms of natural persons;
(iii) the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to the Personal Data transmitted, stored or otherwise processed.
4) does not engage another processor (a sub-processor) unless the Controller in its absolute discretion gives a specific or general written authorisation; and where such consent is given, the Processor:
(a) shall inform the Controller of any intended changes to a general written authorisation to add or replace processors, thereby giving the Controller the opportunity to object to such changes;
(b) shall impose the same data protection contractual obligations as set out in these clauses;
(c) acknowledges that the Processor remains fully liable to the Controller for the performance of the sub-processor.
5) assists the Controller by appropriate technical and organisational measures, so far as possible, to respond to requests for exercising the data subject's rights under Data Protection Legislation, including Chapter III of the GDPR.
6) assists the Controller with:
(a) its obligations to ensure that appropriate technical and organisational security measures are in place, including the documentation of those measures;
(b) notifying any Personal Data breach to the supervisory authority (the UK ICO) and to the data subject;
(c) data protection impact assessments and consulting the supervisory authority where an assessment indicates the processing involves unmitigated high risk.
7) at the choice of the Controller, deletes or returns all the Personal Data to the Controller after the end of the provision of services relating to processing, and deletes existing copies unless Data Protection Law requires storage of the Personal Data.
8) makes available to the Controller all information necessary to demonstrate compliance with the obligations laid down in this clause and allow for and contribute to audits, including inspections conducted by the Controller or another auditor mandated by the Controller; and immediately informs the Controller if, in its opinion, an instruction infringes Data Protection Legislation.
Data Retention Policy
Data transfer, including audio uploads and transcript downloads, is secure and encrypted with 256 bit SSL. Non-encrypted transfer of data is always strictly opt-in.
Please click on the following links to download copies of our Confidentiality Agreements: