Are you visiting us from the USA? To get the most relevant information, you may want to visit our
www.proactis.com/us/ site or choose another country from the global selector above

Privacy Policy


Updated March 2022
Proactis is committed to ensuring that your personal data and privacy is protected. 

We have set out and updated our Privacy Policy so that you can be clear on what we use your information for. At all times, this will be only in accordance with the data privacy laws (such as the Data Protection Act 2018 in the UK and the General Data Protection Regulation in the UK and EU countries). 

This Privacy Policy page will refer to the subsidiary companies which are part of Proactis Holdings Ltd (which includes Proactis Limited, Perfect Commerce LLC, Proactis SA, Proactis Deutschland GmbH, Esize Holdings BV amongst others) as “Proactis”, "we", "us" or "our".

We will do this to make this easier to read and understand. We will refer to the people who visit our website or who use our software as "you" or "your", again to make this page clear and easier to read and understand.

Proactis Tenders Limited has its’ own Privacy Policy here, and its’ own cookie policy here.

This page is split up into specific sections; please click on the link for the topic you want to read about, or simply scroll down:
General information
Your rights
You have the following rights, in addition to any stated below:
  1. The right to ask what personal data we hold about you at any time;
  2. The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
  3. The right to ask us to delete any personal data that we hold about you that isn’t required to be held by other laws;
  4. The right to opt out of any marketing communications that we may send you.
If you wish to contact us regarding this, please see the section below, called “How to contact us”. We aim to make this process as easy as we can.
 
Communications we send out
Proactis will send out messages in two broad categories – Marketing messages and those generated by our products which you use.
 
Marketing Messages
With regards to Marketing messages, these are issued only if we have your consent to do so or where we have a legally permissible reason to do so under the GDPR. This will typically be the condition known as ‘legitimate interests’ and we will balance that interest in accordance not only with the GDPR but with the Privacy and Electronic Communications Regulation, which Marketing emails also fall under.

Each Marketing email we issue will clearly state that it is from Proactis and has a link in the email to unsubscribe or update your preferences.

If you do not have a recent email from us, or if you wish to unsubscribe or update your preferences, you can do that by contacting the Marketing Team through the options shown in the “How to contact us” section of this Privacy policy.

Product Messages
Our products will only issue out email notifications to users of the software. Depending upon the product in question, the preferences will allow certain communications to be managed by our users.

Briefly, the principle behind these messages is that they are requesting registered users to perform a task, such as to approve an invoice, or to provide registered users with awareness of a sourcing event, such as a notification regarding a tendering opportunity. Some of these are optional, whereas others are part of the product functionality. Your Sysadmin or organisational equivalent can advise you.

The section “Information about Proactis products” has additional information which is bespoke to each product. Further information can be found in each products’ release notes, which can be requested from your dedicated Account Manager.
 
How to contact us
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you, please contact:

By email: [email protected]

By post:

The Data Protection Officer
Proactis Limited
Riverview Court
1 Castle Gate
Wetherby
LS22 6LE

If you want us to take any steps with regards to your rights, please use these methods. If you want personal data deleted, we would prefer it if you could raise a support case, so we can track the request there, though we are happy to receive the request in the same way as described above.

For Marketing messages, in addition to the options listed earlier on this page, you can:
  1. Write to us at the address shown above, marking your correspondence “The Marketing Team”;
  2. Send an email to [email protected].

Compaints

If you wish to make a complaint in relation to how we have handled your personal data, we would of course prefer it if you contacted us directly by following the instructions given in the “How to contact us” section above.

However, you do have a right to lodge a complaint with the data protection authority relevant to your country. For example, in the UK, the data protection authority is the Information Commissioner’s Office (www.ico.org.uk/).

The European Data Protection Board’s website provides a list of all members and their Data Protection Authorities. The link below will provide you with their contact details and websites should you need it.

https://edpb.europa.eu/about-edpb/board/members_en

Policy amendments

We may revise this Privacy Policy from time to time, by updating this page. There will be a date of last update provided so you can determine when the policy was last amended or updated.
 

Data Protection Officer
Based on Proactis’ current activities, business purpose and how it processes personal data, in most countries which have the GDPR as their data protection legislation, there is no mandatory requirement for a Data Protection Officer.
However, Proactis recognises the importance of this role. The Compliance and Quality Manager has assumed and enacts those responsibilities. This role has full support, is independent and has direct access to the Proactis Board.

Most companies in Germany are obliged to appoint a Data Protection Office, as per The Federal Data Protection Act. For Proactis GmbH, based in Germany, we have appointed a German-based Data Protection Officer as an addition commitment to data privacy. All Proactis Data Protection Officers can be contacted via [email protected].                          

Information about this website (www.proactis.com)
Personal data submitted on this website will only be used for the purposes specified in this privacy policy.

How we collect, process and your information

Collection and Processing
We collect and process the following information about you either from your use of our site, or your correspondence with us by phone or email:

Information you give us. We collect and store the personal information that you submit through the site or by corresponding with us by phone, email or other communication methods, such as through online chats or social media.

The information you give us may include your name, postal address, email address, telephone number, plus details of any comments you provide to us. We may also collect and process records of any correspondence and communications with us.

Information we collect about you. We also collect and store following information regarding each of your visits to our site. As this can be varied based on the cookie settings you allow, we strongly recommend that you read our Cookie Policy, which is here, which will give you more information. That page can also allow you to change your cookie settings.

In brief, we will collect and store:
  • technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time), products and / or services you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to browse away from the page. Your personal information is kept private and stored securely until it is no longer required, as detailed in the GDPR and UK Data Protection Bill (2018).
Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.

As mentioned above, the two types of information, as shown in list a and b can vary, so not all may be collected and stored, if you’ve adjusted your cookies.

We may use your personal information to:
  • Send you information, including Marketing communications, which we think may be of interest to you by email, post or similar technology – as outlined in the “Communications we send out”  section;
  • Communicate with you to gain feedback on our products or services in order to improve them;
  • Administer any contest or other promotional feature that you may enter with us and to notify winners;
  • Provide other companies with statistical information about our users, such as Google Analytics – but this information will not be used to identify any individual user – it is aggregated, anonymous data. Please see our Cookies Policy page for further information.
Your personal information is kept private and stored securely, as in accordance with our retention policy. This policy is compliant with the GDPR and UK Data Protection Act (2018) – please contact us for further details.

Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.

How long we hold your data
We will only hold your information for as long as it is required for the purposes for which it was obtained. There may be instances where we keep your personal information for longer periods for legal and regulatory purposes, such as to comply with our audit or revenue reporting obligations.
 
Our legal basis for using your information
The legal grounds on which we rely to use your information are to allow us to exercise our legitimate interests as a data controller.

We rely on our legitimate interests as a data controller to process the personal information that you provide to us on feedback forms or through any contest or promotional feature that we may run, and to process personal information that we collect from you when you use our site.

It is in our legitimate interests as a business to process the above information in order administer our site, to ensure that content from our site is presented to you effectively and securely, and to run contests and other promotional features.

Social media linking
We have built into this website social media sharing buttons which, when used, will help share web content from this site directly to the social media platform in question. We advise that before using such sharing buttons that you do so at your own discretion.

Note that the social media platform you share the Proactis.com content may track and save your request to share a web page respectively through your social media platform account.

Communication, engagement and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.
We will never ask for personal or sensitive information through social media platforms.
 
Disclosure
We may also disclose information we collect to law enforcement, other government authorities, or third parties as required by the laws that may apply to us. We may do this as provided for under contract or as we deem reasonably necessary to provide our services.

In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.
Cookies
We use cookies to ensure that we give you the best experience on our website (www.proactis.com). More information about the cookies we use on this website is available on the dedicated Cookies page. Cookies in our products are described in their respective section, which is located here.
 
Data Residency
Proactis is a company based across the world, with customers in multiple countries. We take the handling and processing of your data extremely seriously.

To meet our GDPR requirements, we have reviewed our technological and organisational measures to ensure that your data is treated securely and that we have processes in place to help prevent unauthorised access to confidential information about you that is under our control. 

We have our information security processes in compliance with ISO 27001, which is externally audited on an annual basis. The controls are also internally audited more frequently. For more information on ISO 27001, you can go here https://www.iso.org/isoiec-27001-information-security.html.

These safeguards help prevent unauthorised access, maintain data accuracy, and ensure the appropriate use of Data.
All our standards are listed on this page

Where does my data reside?
Proactis partners with data centre providers in the UK, France and the United States. 

All information you provide to us is stored on our secure servers, which for the UK, are based in Harrogate and Reading. We also have data centres in Paris, France and in the United States.

UK data does not get moved or stored to other data centres outside the UK, including for backup or disaster recovery purposes. This principle also applies to our other data centres, so EU data resides there, US data in the US and so forth.

EU data is held in our French datacentres. For US customers, the data is in America. For our APAC customers, the data may reside in either our American or EU data centres.

If our UK and EU customers use our software which is not based in the EEA, we will inform you before you agree to use the software. Buying organisations which have a contract with us, have this – plus other protective provisions – written into contract, which is in place before our software is used.

Suppliers for those organisations who use our software are also informed during their registration process of this fact.
In addition, we have made sure that all our customer data, whether that stored in or outside of the EEA is secure and kept to the same high standards that is expected of a company based in that region. Any citizens who benefit from the GDPR’s provisions are still protected and can enable their rights, as described in the “General Information” section on this page.
 
Data Protection Adequacy Status for the UK
As of June 2021, the UK continues to maintain its’ current data protection ‘Adequacy’ status, as determined by the EU Commission. This status has been guaranteed for four years. The ‘Adequacy’ status refers to non-EU/EEA countries who have a level of data protection which is considered to offer the same level of protection that EU/EEA countries using the GPDR benefit from.

Irrespective of this positive decision, Proactis continues its’ commitment to data privacy and the GDPR. Proactis already has technological and organisational safeguards in place to ensure compliance, which are regularly audited in line with the Group ISO 27001 and ISAE 3402 obligations.
Schrems II ruling
Proactis appreciates that the EU-US Privacy Shield Framework is no longer considered to be an adequate mechanism for the lawful processing of personal data, following on from the European Court of Justice’s 2020 judgement (more commonly known as “Schrems II”).

Proactis has worked with its’ customers who have previously used this mechanism and encourages Standard Contract Clauses (“SCCs”), plus a risk assessment of the processing, to ensure lawful processing can continue.

Proactis will continue to work with its’ customers and suppliers to ensure that it protects personal data when processing across countries that do not benefit from the GDPR or other deemed adequate data protection mechanisms.
 
Information about Proactis Support
Proactis provides support for its’ products, regardless of whether you are a direct Buying organisation or a Supplier.
For users of our TendersDirect service, they have a dedicated Customer Services telephone number and a LiveSupport chat function, both of which are on their website, https://www.tendersdirect.co.uk/ . You can also send your Tenders Direct enquiries by email to [email protected]. MyTenders customers can complete a form, which is located here.

For all other Proactis products, there is an online ticketing system to allow you raise enquiries.

These support systems are designed to allow registered users to ask product-related questions, raise potential defects and enquire about product functionality.

Proactis Support is available from this website, https://www.proactis.com/, and at the top any page, via the “Support” link. Simply click on that link where you can be directed, whether you’re a Buying Organisation or a Supplier, to the correct destination.

For all support applications, users need to register to enable them to raise support tickets. The following personal data is needed for this process:

A person’s name, email address, telephone number; the company or organisation that person works for.

This personal data is only used for the purpose of allowing users to log enquiries in relation to our software which is being used by the Buying organisation or Supplier and for us to contact the user in resolving their issue. 

User personal data is kept for as long as the user needs access to the ticketing systems; if he or she leaves the company or no longer requires access, they can request removal from the system by contacting us described in the “How to contact us” section.

Whilst the purpose of the software is to log enquiries relating to products, due to the nature of the support enquiries, it is possible that users can add other information to the support ticket which may end up being or including other personal data. This is not mandatory and should only be for the purposes of resolving that particular support enquiry.

Support ticket information is kept for the purpose of allowing the same organisation who raised the case to be able to review past enquiries and build up a knowledge base or repository so if the same issue reoccurs, the original support case can be referenced, and the resolution identified and acted upon.

Support Staff
To fulfil these enquiries, we have staff based in the UK, US, the EU and Manila. All of these people are directly employed by Proactis. Proactis does not outsource its’ Support staff.

The Support teams will work on specific enquiries, as described below:
  • UK Buying organisations – the UK team (Wetherby and Telford)
  • UK Suppliers – the UK team (for Level 3 enquiries), first-line enquiries, the Manila team.
  • All TendersDirect, MyTenders customers – the UK team (Aberdeen)
  • Proactis P9 support – the Netherlands
  • US, French and German organisations (Buyers and Suppliers) – by the US, French, German and Manila teams
Where is the Support ticket data stored?

For
  • UK Buying organisations – the UK
  • All TendersDirect & MyTenders customers – the UK
  • UK Suppliers – Germany
  • Proactis P9 support – the Netherlands
  • US, French and German organisations (Buyers and Suppliers) – France

Information about the Proactis Customer Forum
Proactis runs and moderates a Customer Forum, which allows Proactis UK users to collaborate, share experiences and ask each other questions about business processes, best-practices, implementation approaches, solution configuration models, and more, in relation to the Proactis software and solutions they use.

In order to access the forum, Customers can register for an account here.

Joining the forum requires you to enter a valid business email address and create a password, as access will not be provided to those using personal email addresses.

As with most forums, there is limited personal data required to use the forum functionality. For the Proactis forum, this is: an email address, the user’s name and organisation.

There is also an opportunity to add an email signature. As this gives users the ability to write text freeform, users should be aware that whatever text is put in this field will be visible to all forum users when they send a message within the forum.
Users should be mindful of conditions laid out in the forum guide and FAQs regarding appropriate content. A User’s IP address is also captured, which is used as part of a security check. The forum data is stored in UK data centres and the forum is moderated by dedicated Proactis UK team members.

If you do not log into your Customer Forum account at least once every 12 months, we will disable it. If you do not re-enable your Customer Forum account during the following 12 months after it has been disabled, the account will be deleted. Users who have had their account deleted, can choose to re-register.  This does not change your rights under the Data Protection Act and GDPR and you can request for your account to be closed or deleted at any time.

Cookies are used within the forum.
Please see the table below for more information on what cookies are used on this site and their purpose. Note that these are in addition to those defined in the Cookies Policy
 
Cookie name Type Description Duration
ASPXFORMSAUTH Strictly necessary Identifies an authenticated user Session only 
 
The Customer Forum FAQs provides more information and rules regarding posting. This can be accessed here.
Information about Proactis products
In General
Our products will typically require users to have a username and a password which will allow them access to the software. The username may be a unique identifier or an email address.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Our products will issue system messages, the purpose of which and any applicable text will be set up as part of the initial implementation of the software by our contracted customers in conjunction with our implementation team.

This will enable defined users to act upon processes that are necessary to fulfil the normal practices of the software (such as alerting an authoriser that they have invoices to approve or to alert a supplier that they have a deadline for a tender). These system messages can appear when you are using the software and will be delivered to the email address stored in the software.

Whilst these are not marketing messages, users are able to change their preferences within the respective product, should they not wish to receive such notifications. However, by doing so, this may alter the functionality and lessen the effectiveness of the software.

With our products, unless otherwise stated, we will be classed as the data processor, and the organisation who uses our software will be the data controller. This will be written into contract with our direct Customers. Other customers, such as those through our Partner Reseller network, the relationship between us and the customers will again be defined in contract.

The UK data regulator, the Information Commissioners’ Office (ICO) explains the terms ‘data controller’, ‘data processor’ on their website here.
 
For other European Data Regulators, such as France’s regulator, CNIL, their website is located here, and Germany’s BfDI is here.

A full list and overview of the National Data Protection authorities is available from the EU’s website, here.

To the extent that when we are a data controller in relation to the processing of personal data regarding any of our products, we rely on fulfilling contractual obligations and legitimate interests as the appropriate lawful basis for the purposes of the GDPR.

Information about specific products, the information typically found in a data processing schedule along with the cookies used, can be found here.

Version: 3.3 | Last Updated: March 2022.