Articles on: Compliance & Legal

Data Protection

At Prospectus Plus, we take data protection and privacy very seriously. Whether you’re a Data Protection Officer, an IT lead, or simply doing your due diligence, here’s an overview of what you need to know about how we handle personal data and maintain compliance with key data laws.


Where is data stored?


All data collected through Prospectus Plus is securely stored on cloud infrastructure hosted in the UK, EU, US, and Canada. This flexibility allows us to support international clients while maintaining strong compliance controls.


Our hosting partners comply with ISO/IEC 27001 standards, ensuring that data is managed in line with international best practices for information security.


How is data secured?


Security is at the heart of how we work. Measures include:


  • Encryption: All data is encrypted in transit and at rest using modern encryption standards (e.g. HTTPS, TLS 1.2+).
  • Access control: Access is strictly limited to authorised SMILE team members on a need-to-know basis.
  • Resilience: Regular backups are taken and stored securely to support business continuity and disaster recovery.


What personal data is collected?


By default, Prospectus Plus collects only the minimum data required to deliver a tailored experience—usually just a name and email address.


However, depending on how your institution configures the platform, additional data may be captured through optional features or integrations. This may include:


  • Subject or course preferences
  • Device/browser data (for analytics)
  • Lead source or referral information


Important: When using optional features that collect additional data, the responsibility for ensuring lawful data capture and use lies with the institution configuring the platform.


Subprocessors


To provide core functionality, we work with a very small number of trusted subprocessors for Hosting and Infrastructure:

  • AWS (UK/EU/US/Canada)
  • Kinsta


In some cases, additional subprocessors may be introduced when using optional integrations or custom features. We maintain a clear and transparent record of all subprocessors, and this can be shared upon request.



📄 Documentation & Compliance Support


We’re here to help you meet your internal compliance and IT review processes. Upon request, we can provide:

  • GDPR/Data Protection Agreement (DPA)
  • Subprocessor list
  • Technical documentation for security reviews
  • Cyber Essentials Certification


Cyber Essentials is a UK government-backed scheme that helps protect organisations against a wide range of the most common cyber threats. Certification provides additional assurance that we’ve implemented essential technical controls to safeguard data and infrastructure.


Summary


Prospectus Plus is built to help institutions deliver a modern and personalised recruitment experience, while staying aligned with regional and international data privacy standards. From secure data storage to optional integrations, we take a privacy-by-design approach at every step.


If you have any questions about compliance, security, or custom configurations, our team would be happy to assist or liaise directly with your DPO.

Updated on: 02/05/2025

Was this article helpful?

Share your feedback

Cancel

Thank you!