PROACTIS Privacy Policy


Updated May 2018
PROACTIS is committed to ensuring that your personal data and privacy is protected. 

We have set out and updated our Privacy Policy so that you can be clear on what we use your information for. At all times, this will be only in accordance with the data privacy laws (such as the General Data Protection Regulation in the UK and EU countries, from 25 May 2018). 

This Privacy Policy page will refer to the subsidiary companies which are part of PROACTIS Holdings PLC (which includes PROACTIS, Due North, Millstream, Intelligent Capture, EGS, Perfect Commerce and Hubwoo amongst others) as “PROACTIS”, "we", "us" or "our". We will do this to make this easier to read and understand. We will refer to the people who visit our website or who use our software as "you" or "your", again to make this page clear and easier to read and understand.


This page is split up into specific sections; please click on the link for the topic you want to read about, or simply scroll down:  

General Information


Your rights
You have the following rights, in addition to any stated below:
  1. The right to ask what personal data we hold about you at any time;
  2. The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
  3. The right to ask us to delete any personal data that we hold about you that isn’t required to be held by other laws;
  4. The right to opt out of any marketing communications that we may send you
If you wish to contact us regarding this, please see the section below, called “How to Contact Us”.
 
Each email notification we issue has the ability for you to change or refresh what communications you receive. Our products will also allow certain communications to be stopped; see the section “Information about PROACTIS products” for more information.
 
If you do not have an email from us with the refresh communication options to hand and you want to change or refresh your preferences, you can do that by following this link . You can also contact the Marketing Team through the options shown in the “How to Contact Us” section.
 
Policy amendments
We may revise this Privacy Policy from time to time, by updating this page. We will issue out a notification or other form of communication should this policy fundamentally change, though no changes which would impede or contravene any laws would be made.  In addition to any communications sent, you can also periodically check this page; there will be a date of last update provided so you can determine when the policy was last amended or updated.
 

How to Contact Us


For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you, please contact:
 

By post:
The Data Protection Officer
PROACTIS Group Limited
Riverview Court
1 Castle Gate
Wetherby
LS22 6LE
 
If you want us to take any steps with regards to your rights, please use these methods. If you want personal data deleted, we would prefer it if you could raise a support case, so we can track the request there, though we are happy to receive the request in the same way as described above.
 
For Marketing messages, in addition to the options listed earlier on this page, you can:
  1. Write to us at the address shown above, marking your correspondence “The Marketing Team”;
  2. Send an email to info@proactis.com.

Data Protection Officer


Based on PROACTIS’ current activities and business purpose, there is no legal requirement for an official Data Protection Officer under the GDPR. However, PROACTIS recognises the importance of this role and the Group Compliance and Quality Manager has assumed those responsibilities. This role has full support and direct access to the PROACTIS Board. 
 

Information About This Website (www.proactis.com)

 
Personal data submitted on this website will only be used for the purposes specified in this privacy policy. We may use your personal information to:
  • a. Send information (other than marketing communications) to you which we think may be of interest to you by post, by email or similar technology, but only if you consent to this. You can do so, or refresh your options, by clicking on this link 
  • b. Send to you marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology. Again, you can change or refresh your options by clicking on this link 
  • c. Provide other companies with statistical information about our users – but this information will not be used to identify any individual user.
Your personal information is kept private and stored securely until it is no longer required, as detailed in the GDPR and UK Data Protection Bill (2018).
 
Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.
 
Disclosure
We may also disclose information we collect to law enforcement, other government authorities, or third parties as required by the laws that may apply to us. We may do this as provided for under contract or as we deem reasonably necessary to provide our services.

In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
 
Cookies
We use cookies to ensure that we give you the best experience on our website.
 
Cookies are tiny files which are stored on your device (computer, smartphone, tablet and so forth). This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information stored in one of our cookies does not directly identify you, but it can give you a more personalised web experience.
 
We use cookies to:
  • ensure the website works
  • measure how you use the website so it can be updated and improved based on your needs
  • remember the notifications you’ve seen so that we don’t show them to you again
We also use Google Analytics to measure anonymous information about our visitors, such as visit frequency, duration and approximate geographical location. Again, all of this information is completely anonymous and is used purely to help us align our content and advertising better with our audience.

The majority of web browsers (for example Safari, Chrome, Firefox, Internet Explorer, Edge and so forth) will allow you to delete selected / all cookies currently installed on your device. For information on how to do this, please consult your browser help file.
 
Social Media linking
We have built into this website social media sharing buttons which, when used, will help share web content from this site directly to the social media platform in question. We advise that before using such sharing buttons that you do so at your own discretion.
 
Note that the social media platform you share the proactis.com content may track and save your request to share a web page respectively through your social media platform account.
 
Communication, engagement and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
 
We will never ask for personal or sensitive information through social media platforms.
 
 

Information About PROACTIS Support

 
We use two ticketing systems to allow you raise enquiries in relation to our products. These are PROACTIS Central (www.proactissupport.com) and Kayako Support (http://proactis.kayako.com/default) (which is also known as Supplier Support). 
 
PROACTIS Central has been developed in-house by us and Kayako is a third-party application which we use for Suppliers to log enquiries. It is recommended that you review Kayako’s own privacy policy which is here: https://www.kayako.com/about/privacy in addition to ours, should you also use that support software.
 
For both applications, users need to register to enable them to raise support tickets. The following personal data is needed for this process:
 
A person’s name, email address, telephone number; the company or organisation that person works for and their job role (for PROACTIS Central). 
 
This personal data is only used for the purpose of allowing users to log enquiries in relation to the software their company or organisation has licenced from us.
 
User personal data is kept for as long as the user needs access to the ticketing systems; if he or she leaves the company or no longer requires access, they can request removal from the system using the methods described above. 
 
Whilst the purpose of the software is to log enquiries relating to products, due to the nature of the support enquiries, it is possible that users can add other information to the support ticket which may end up being other personal data. This is not mandatory and should only be for the purposes of resolving that particular support enquiry. 
 
Support ticket information is kept for the purpose of allowing the same organisation who raised the case to be able to review past enquiries and build up a knowledge base or repository so if the same issue reoccurs, the original support case can be referenced and the resolution identified and acted upon.
 
To fulfil these enquiries, we have staff based in the UK. For some first-line Supplier Support enquiries, we have a team based in Manila, in the Philippines. The work the Manila team does involves updating support enquiry tickets and their roles mean that they do not require access to customer data. All UK customer data (be this an individuals’ personal data or company organisation data) remain in the UK.
 
To meet our GDPR requirements, we have reviewed our technological and organisational measures to ensure that your data is treated securely and that we have processes in place to help prevent unauthorised access to confidential information about you that is under our control.  
 
We have our information security processes in compliance with ISO 27001, which is externally audited on an annual basis. The controls are also internally audited more frequently. For more information on ISO 27001, you can go here: https://www.iso.org/isoiec-27001-information-security.html.
 
Our United States offices comply with the US-EU Privacy Shield Framework (more information about this is here: https://www.privacyshield.gov/ and listed as our Perfect Commerce subsidiary here: https://www.privacyshield.gov/list).
 
These safeguards help prevent unauthorised access, maintain data accuracy, and ensure the appropriate use of Data.

 

Information About PROACTIS Products


Please click on the name of the product you wish to read about: 
Our products will typically require users to have a username and a password which will allow them access to the software. The username may be a unique identifier or an email address. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 
 
Our products will issue out system messages, which will be set up as part of the initial implementation of the software. This will enable defined users to act upon processes that are necessary to fulfil the normal practices of the software (such as alerting an authoriser that they have invoices to approve or to alert a supplier that they have a deadline for a tender).
 
Whilst these are not marketing messages, users are able to change their preferences within the respective product, should they not wish to receive such notifications. By doing so, this may alter the functionality and lessen the effectiveness of the software.
 
With our products, we will be classed as the data processor, and the organisation who uses our software will be the data controller. The data regulator, the Information Commissioners’ Office (ICO) explains the terms ‘data controller’, ‘data processor’ here: https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/
 
Where we store your personal data
As a global company, we ensure that our business is carried as per the laws of the country operated in. In addition to the UK, we have offices in the United States, Europe (such as France, Germany, the Netherlands) and Australasia (such as New Zealand and the Philippines).
 
All information you provide to us is stored on our secure servers, which for the UK, are based in the UK (Harrogate and Reading). We also have data centres in France, the United States and in New Zealand. 
 
UK data does not get moved or stored to other data centres outside the UK.
 
If our UK customers use our software which is not based in the EEA, we will inform you before you agree to use the software. In addition, we have made sure that all our customer data, whether that stored in or outside of the EEA is secure and kept to the same high standards that is expected of us here in the UK.
 
We have processes in place, such as with the EU-U.S. Privacy Shield to ensure our customer data is safe. You can find us, listed under our Perfect Commerce subsidiary, here: https://www.privacyshield.gov/list.
 
This application is used to carry out the functions of the purchasing process, from the initial recording of the requisition or purchase order, through to the payment of the received invoice. The invoice may be received electronically into the system, with an image record of that stored with the purchase order (see the Invoice Capture section for more information on this).
 
Organisations who use P2P have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within P2P are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.
 
P2P users who have administrator roles can manually amend other users’ details within the Management Console if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above.
 
Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
A session cookie will be used by P2P to identify your user session.
 
There are two versions of this product; one for Buying Organisations, one for Suppliers.
 
For Buying Organisations, the application is used to contact suppliers, collaborate with them, and perform other actions according to the licenced modules they wish to use.
 
Suppliers use the application to interact with buyers, to bid for work, to upload catalogues and send electronic documents to buying organisations.
 
Buying organisations will have terms of use set up in a contract with us, which includes a commitment to data privacy. Suppliers agree to the Supplier Network terms and conditions as part of the registration process. Those T&Cs are available by accessing this page: https://supplierlive.proactisp2p.com/Content/Documents/PROACTISNetworkTermsConditions.pdf.
 
S2C users in Buying Organisations who have administrator roles can manually amend other users’ details within the Settings section of the application. 
 
S2C users who are Suppliers can also update details for other users within their organisation in the S2C product.
 
If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above. Note that personal data will be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
The product uses cookies as per the categories specified by the International Chamber of Commerce, which are Strictly Necessary cookies. These cookies are essential for the operation of our websites because they keep track of a user's movement from page to page. Without these cookies, our websites would have no memories. Product also uses persistent cookies which will remain until you delete them from your browser.
 
The ProContract product is used to carry out the functions of the tendering process, from the initial advertisement to the awarding of the contract. 
 
The application has Buying organisations and Suppliers. Buying organisations use the application to upload the adverts for the work they need conducting, and to use ProContract to administer out the tendering process. Suppliers use ProContract to check for suitable opportunities they wish to bid for and then use the application to carry out that bid.
 
Buying organisations have their own terms of use set in a contract with us, which includes a commitment to data privacy. Suppliers must register to use ProContract and this Privacy Policy, plus the applications’ Terms and Conditions are available as part of the registration process.
 
Personal data types used within ProContract are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system. The personal data types apply to both Buying Organisations and Suppliers.
 
ProContract operates an email newsletter program, which is used to inform subscribers about products and services supplied by us. This is optional and users can subscribe or unsubscribe through an online automated process.
 
Some subscriptions may be manually processed through prior written agreement with the user. 
 
Subscriptions are taken in compliance with UK Spam Laws, which are detailed in the Privacy and Electronic Communications Regulations 2003.
 
For Buying Organisations, ProContract users who have administrator roles can manually amend details of other users, from the same organisation, within the application if any personal data is incorrect.
 
If you are a Supplier and have incorrect information in place that you cannot manually amend, please contact one of your Company Administrators in the first instance. If you still cannot update the data, please raise a support ticket and we will correct this for you.
 
For Buyers or Suppliers, if your personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above. 
 
Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
 
This application is used to carry out the functions of the purchasing process, from the initial recording of the requisition or purchase order, through to the payment of the received invoice. The invoice may be received electronically into the system, with an image record of that stored with the purchase order (see the Invoice Capture section for more information on this).
 
Organisations who use Purchasepoint have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within PurchasePoint are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.
 
PurchasePoint users who have administrator roles can manually amend other users’ details within the Management Console if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above.
 
Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
A session cookie will be used by PurchasePoint.
 
This application is used to capture the data from which the original source is a paper invoice document. The image record will also be stored with the electronic document, which will be located in the PROACTIS Purchase to Pay solution you use.
 
The purpose for the processing is to carry out the functions of the invoice scanning process which will then allow the scanned document to be associated with the relevant document in the purchase to pay solution being used. The data sets include: name and email address within the product for basic operations of the software.
 
The scanned invoice documents can contain an address (usually this is a business address), contact name, email address and telephone number. A description of the goods / services the Invoice covers may contain personal data.
 
The Invoice Capture application uses Session cookies, which will only exist during the time that you use the application in the web browser. As with other sessions cookies mentioned in this Privacy Policy, they are only used to pass information between pages to allow the system to function. 
 
If needed, if there are Invoice Capture users who have incorrect name or email addresses incorrectly setup, then please contact PROACTIS support for that to be rectified. If an email address has been set up incorrectly, that would require the user account to be deleted and a new one set up with the correct email address. If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above.
 
Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
This application is a catalogue management tool, along with the ability to perform purchasing functions, including the ability to raise invoices. 
 
Organisations who use Marketplace have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within Marketplace are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.
 
Marketplace users who have administrator roles can manually amend other users’ details within the system if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above.
 
Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.
 
A session cookie is in place to allow for the system to function.
 
We also have other solutions, which are developed and maintained by our French, German and US offices. The specific privacy policy information relating to those solutions can be found by following this link: http://www.perfect.com/terms-use-legal-information/privacy-policy/ 

Last Updated: May 2018