Privacy policy
SECUREPAY SYSTEMS LTD
Effective date: 22 May 2025
1. Who We Are – Data Controller
This Privacy Policy (“Policy”) explains how SECUREPAY SYSTEMS LTD (“SECUREPAY”, “we”, “us”) collects, uses, shares and safeguards personal data when you visit https://prompt-place.com or purchase downloadable AI-prompt files (“Digital Content”).
SECUREPAY SYSTEMS LTD is a company incorporated in England & Wales (Company No. 15169049) with its registered office at 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF, United Kingdom.
For GDPR / UK-GDPR purposes, we are the data controller.
2. Personal Data We Process
| Category | Typical items | Source | Lawful basis (Art. 6 UK-GDPR) |
| Identity & Contact | Name, e-mail, postal address, phone | Checkout, contact form (captures name, e-mail, message) | Contract; Legitimate Interest |
| Account | Username, hashed password, purchase history | Registration / checkout | Contract |
| Transaction | Order ID, amount, currency, payment token (last 4 digits), VAT info | PSPs (e.g. Stripe / PayPal) | Contract; Legal Obligation |
| Technical | IP address, browser, OS, device ID, time zone | Site logs, security tools | Legitimate Interest |
| Usage / Analytics | Page views, clickstream, cart activity, referrer URL | WooCommerce & WordPress analytics code | Consent (non-essential cookies); Legitimate Interest |
| Marketing Preferences | Consent status, mailing-list interactions | Newsletter sign-up | Consent |
We do not intentionally collect special-category data or data on children under 16.
3. How We Collect Data
- Directly from you – when you create an account, complete checkout, submit a contact form or sign up to marketing.
- Automatically – via cookies, pixels and similar technologies (see Section 6).
- From third-party providers – our payment processors relay limited transaction metadata; analytics vendors provide aggregated usage metrics.
4. Purposes & Lawful Bases
| Purpose | Legal basis |
| Fulfil orders, provide downloads, issue invoices | Contract (Art. 6 (1)(b)) |
| Respond to enquiries and support tickets | Contract; Legitimate Interest |
| Prevent fraud, secure the Site, maintain backups | Legitimate Interest (IT security) |
| Comply with tax, accounting and sanctions regulations | Legal Obligation (Art. 6 (1)(c)) |
| Send product updates & marketing | Consent (opt-in; Art. 6 (1)(a)) |
| Improve products, user experience and analytics | Legitimate Interest; Consent for non-essential cookies |
Where we rely on legitimate interests, we balance our interests against your rights and freedoms.
5. Sharing & Disclosure
We share personal data only with:
- Payment service providers to process transactions.
- Hosting & IT vendors (EU-based servers; WordPress / WooCommerce stack).
- Analytics providers (e.g. Google Analytics) for aggregated site metrics.
- Professional advisers (lawyers, accountants, auditors).
- Regulators or law-enforcement when legally required.
All processors are bound by contracts that meet Art. 28 UK-GDPR standards.
6. Cookies & Similar Technologies
We use essential cookies for core functionality and optional cookies for analytics and marketing. A granular consent banner is displayed on first visit. Full details are set out in our Cookie Policy (linked in the Site footer). You may withdraw consent at any time via the banner settings.
7. International Transfers
Some vendors are located outside the UK/EEA (e.g. US-based analytics providers). Where transfers occur we rely on:
- Adequacy decisions (e.g. EU–US Data Privacy Framework), or
- Standard Contractual Clauses (SCCs) with supplementary measures.
8. Data Security
We implement proportionate technical and organisational measures, including:
- TLS encryption in transit;
- Regular patching of WordPress core and plugins;
- Role-based access controls;
- Off-site encrypted backups;
- PCI-DSS-compliant payment processing (card data never touches our servers).
9. Retention Periods
| Data set | Retention rule |
| Order & invoice records | 6 years from the end of the financial year (HMRC requirements) |
| Customer account | Active while account exists; deleted within 30 days of closure |
| Marketing consent logs | Until consent withdrawn + 2 years for audit |
| Contact-form correspondence | 12 months from final response |
| Analytics data | 26 months (Google Analytics default) |
We may anonymise data for statistical purposes beyond these periods.
10. Your Rights
Under UK-GDPR / GDPR you may:
- Access your data;
- Correct inaccurate data;
- Erase data (“right to be forgotten”);
- Restrict or object to processing;
- Port data to another provider;
- Withdraw consent at any time (marketing & cookies);
- Lodge a complaint with the Information Commissioner’s Office (ICO) or your local EU supervisory authority.
Requests are free of charge and can be made via the contact details below.
11. Children
The Site is not directed at children under 16. We do not knowingly collect their data; if we learn that we have, we will delete it promptly.
12. Changes to This Policy
We may update this Policy from time to time. Material changes will be highlighted on the Site and, where feasible, notified by e-mail.
13. Contact & Data Protection Officer
For any privacy questions or to exercise your rights, contact:
Data Protection Officer
SECUREPAY SYSTEMS LTD
E-mail: info@prompt-place.com
Postal: 167-169 Great Portland Street, 5th Floor, London, England, W1W 5PF, UK
If you remain dissatisfied, you may complain to the ICO (www.ico.org.uk).
Version 1.0 – 22 May 2025
Supersedes any privacy notices previously displayed on prompt-place.com or its predecessor templates
