Data Protection
At Prospectus Plus, we take data protection and privacy very seriously. Whether you’re a Data Protection Officer, an IT lead, or simply doing your due diligence, here’s an overview of what you need to know about how we handle personal data and maintain compliance with key data laws.
All data collected through Prospectus Plus is securely stored on cloud infrastructure hosted in the UK, EU, US, and Canada. This flexibility allows us to support international clients while maintaining strong compliance controls.
Our hosting partners comply with ISO/IEC 27001 standards, ensuring that data is managed in line with international best practices for information security.
Security is at the heart of how we work. Measures include:
- Encryption: All data is encrypted in transit and at rest using modern encryption standards (e.g. HTTPS, TLS 1.2+).
- Access control: Access is strictly limited to authorised SMILE team members on a need-to-know basis.
- Resilience: Regular backups are taken and stored securely to support business continuity and disaster recovery.
By default, Prospectus Plus collects only the minimum data required to deliver a tailored experience—usually just a name and email address.
However, depending on how your institution configures the platform, additional data may be captured through optional features or integrations. This may include:
Subject or course preferences
Device/browser data (for analytics)
Lead source or referral information
Important: When using optional features that collect additional data, the responsibility for ensuring lawful data capture and use lies with the institution configuring the platform.
To provide core functionality, we work with a very small number of trusted subprocessors for Hosting and Infrastructure:
AWS (UK/EU/US/Canada)
Kinsta
In some cases, additional subprocessors may be introduced when using optional integrations or custom features. We maintain a clear and transparent record of all subprocessors, and this can be shared upon request.
⸻
📄 Documentation & Compliance Support
We’re here to help you meet your internal compliance and IT review processes. Upon request, we can provide:
GDPR/Data Protection Agreement (DPA)
Subprocessor list
Technical documentation for security reviews
Cyber Essentials Certification
Cyber Essentials is a UK government-backed scheme that helps protect organisations against a wide range of the most common cyber threats. Certification provides additional assurance that we’ve implemented essential technical controls to safeguard data and infrastructure.
Prospectus Plus is built to help institutions deliver a modern and personalised recruitment experience, while staying aligned with regional and international data privacy standards. From secure data storage to optional integrations, we take a privacy-by-design approach at every step.
If you have any questions about compliance, security, or custom configurations, our team would be happy to assist or liaise directly with your DPO.
Where is data stored?
All data collected through Prospectus Plus is securely stored on cloud infrastructure hosted in the UK, EU, US, and Canada. This flexibility allows us to support international clients while maintaining strong compliance controls.
Our hosting partners comply with ISO/IEC 27001 standards, ensuring that data is managed in line with international best practices for information security.
How is data secured?
Security is at the heart of how we work. Measures include:
- Encryption: All data is encrypted in transit and at rest using modern encryption standards (e.g. HTTPS, TLS 1.2+).
- Access control: Access is strictly limited to authorised SMILE team members on a need-to-know basis.
- Resilience: Regular backups are taken and stored securely to support business continuity and disaster recovery.
What personal data is collected?
By default, Prospectus Plus collects only the minimum data required to deliver a tailored experience—usually just a name and email address.
However, depending on how your institution configures the platform, additional data may be captured through optional features or integrations. This may include:
Subject or course preferences
Device/browser data (for analytics)
Lead source or referral information
Important: When using optional features that collect additional data, the responsibility for ensuring lawful data capture and use lies with the institution configuring the platform.
Subprocessors
To provide core functionality, we work with a very small number of trusted subprocessors for Hosting and Infrastructure:
AWS (UK/EU/US/Canada)
Kinsta
In some cases, additional subprocessors may be introduced when using optional integrations or custom features. We maintain a clear and transparent record of all subprocessors, and this can be shared upon request.
⸻
📄 Documentation & Compliance Support
We’re here to help you meet your internal compliance and IT review processes. Upon request, we can provide:
GDPR/Data Protection Agreement (DPA)
Subprocessor list
Technical documentation for security reviews
Cyber Essentials Certification
Cyber Essentials is a UK government-backed scheme that helps protect organisations against a wide range of the most common cyber threats. Certification provides additional assurance that we’ve implemented essential technical controls to safeguard data and infrastructure.
Summary
Prospectus Plus is built to help institutions deliver a modern and personalised recruitment experience, while staying aligned with regional and international data privacy standards. From secure data storage to optional integrations, we take a privacy-by-design approach at every step.
If you have any questions about compliance, security, or custom configurations, our team would be happy to assist or liaise directly with your DPO.
Updated on: 02/04/2025
Thank you!