Are you visiting us from the USA? To get the most relevant information, you may want to visit our
www.proactis.com/us/ site or choose another country from the global selector above

Privacy Policy


Updated June 2018
Proactis is committed to ensuring that your personal data and privacy is protected. 

We have set out and updated our Privacy Policy so that you can be clear on what we use your information for. At all times, this will be only in accordance with the data privacy laws (such as the General Data Protection Regulation in the UK and EU countries, from 25 May 2018). 

This Privacy Policy page will refer to the subsidiary companies which are part of Proactis Holdings Plc (which includes Proactis, Due North, Millstream, Intelligent Capture, EGS, Perfect Commerce and Hubwoo amongst others) as “Proactis”, "we", "us" or "our". We will do this to make this easier to read and understand. We will refer to the people who visit our website or who use our software as "you" or "your", again to make this page clear and easier to read and understand.

This Privacy Notice is available in the Welsh language. If you require this in Welsh, please click here.

This page is split up into specific sections; please click on the link for the topic you want to read about, or simply scroll down:
General information
Your rights
You have the following rights, in addition to any stated below:
  1. The right to ask what personal data we hold about you at any time;
  2. The right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you;
  3. The right to ask us to delete any personal data that we hold about you that isn’t required to be held by other laws;
  4. The right to opt out of any marketing communications that we may send you.
If you wish to contact us regarding this, please see the section below, called “How to contact us”.

Each email notification we issue has the ability for you to change or refresh what communications you receive. Our products will also allow certain communications to be stopped; see the section “Information about Proactis products” for more information.

If you do not have an email from us with the refresh communication options to hand and you want to change or refresh your preferences, you can do that by following this link. You can also contact the Marketing Team through the options shown in the “How to contact us” section.

Policy amendments
We may revise this Privacy Policy from time to time, by updating this page. We will issue out a notification or other form of communication should this policy fundamentally change, though no changes which would impede or contravene any laws would be made.  In addition to any communications sent, you can also periodically check this page; there will be a date of last update provided so you can determine when the policy was last amended or updated.
 
How to contact us
For further information on how your information is used, how we maintain the security of your information and your rights to access information we hold on you, please contact:

By email: compliance@proactis.com

By post:

The Data Protection Officer
Proactis Limited
Riverview Court
1 Castle Gate
Wetherby
LS22 6LE

If you want us to take any steps with regards to your rights, please use these methods. If you want personal data deleted, we would prefer it if you could raise a support case, so we can track the request there, though we are happy to receive the request in the same way as described above.

For Marketing messages, in addition to the options listed earlier on this page, you can:
  1. Write to us at the address shown above, marking your correspondence “The Marketing Team”;
  2. Send an email to info@proactis.com.
 
Data Protection Officer
Based on Proactis’ current activities and business purpose, there is no mandatory requirement for an official Data Protection Officer under the GDPR in the UK, France or the Netherlands. However, Proactis recognises the importance of this role and the Group Compliance and Quality Manager has assumed those responsibilities. This role has full support and direct access to the Proactis Board. 

Companies in Germany are obliged to appoint a Data Protection Office, as per The Federal Data Protection Act. For Germany, we have appointed a German-based Data Protection Officer.

Information about this website (www.proactis.com)
Personal data submitted on this website will only be used for the purposes specified in this privacy policy. We may use your personal information to:
  • a) Send information (other than marketing communications) to you which we think may be of interest to you by post, by email or similar technology, but only if you consent to this. You can do so, or refresh your options, by clicking on this link.
  • b) Send to you marketing communications relating to our business which we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology. Again, you can change or refresh your options by clicking on this link.
  • c) Provide other companies with statistical information about our users – but this information will not be used to identify any individual user.
Your personal information is kept private and stored securely until it is no longer required, as detailed in the GDPR and UK Data Protection Bill (2018).

Every effort has been made to ensure that a safe and secure email submission process exists, however we do advise those people who use such email forms that they do so at their own risk.

Disclosure
We may also disclose information we collect to law enforcement, other government authorities, or third parties as required by the laws that may apply to us. We may do this as provided for under contract or as we deem reasonably necessary to provide our services.

In these circumstances, we take reasonable efforts to notify you before we disclose information that may reasonably identify you or your organisation, unless prior notice is prohibited by applicable law or is not possible or reasonable in the circumstances.

Cookies
We use cookies to ensure that we give you the best experience on our website.

Cookies are tiny files which are stored on your device (computer, smartphone, tablet and so forth). This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information stored in one of our cookies does not directly identify you, but it can give you a more personalised web experience.

We use cookies to:
  • Ensure the website works.
  • Measure how you use the website so it can be updated and improved based on your needs.
  • Remember the notifications you’ve seen so that we don’t show them to you again.
We also use tracking cookies such as Google Analytics and Pardot to measure information about our visitors, such as visit frequency, duration and approximate geographical location. This information is used purely to help us align our content and advertising better with our audience. This information is not shared with external third-party companies.

We do not accept advertising cookies or tracking cookies from any other organisation on our site. We do however advertise our own products and services on our websites and you may see adverts for us elsewhere on the internet. The cookies show us where you saw the advert; help us measure the effectiveness of our advertising campaigns; and limit the number of times you see an advert.

If you don’t want cookies placed on your computer or device, then there are a number of ways you can carry out this action; by setting your browser either to reject all cookies; to only allow “trusted” sites to set them, or to accept only those cookies from those websites which you are currently on.

The majority of web browsers (for example Safari, Chrome, Firefox, Internet Explorer, Edge and so forth) will allow you to delete selected / all cookies currently installed on your device. For information on how to do this, please consult your browser help file.
Please remember that if you do delete all your cookies, some features of our products or services, such as remembering your login details, will not work and your experience on our website, products or services may be affected.

Social media linking
We have built into this website social media sharing buttons which, when used, will help share web content from this site directly to the social media platform in question. We advise that before using such sharing buttons that you do so at your own discretion.

Note that the social media platform you share the Proactis.com content may track and save your request to share a web page respectively through your social media platform account.

Communication, engagement and actions taken through external social media platforms that we participate on are custom to the terms and conditions as well as the privacy policies held with each social media platform respectively.

We will never ask for personal or sensitive information through social media platforms.
 
Information about Proactis Support
We use different ticketing systems to allow you raise enquiries in relation to our products. These are Proactis Central (www.proactissupport.com), Kayako Support (http://Proactis.kayako.com/default) (which is also known as Supplier Support) and IMS (Internal Management System) (https://ims.int.hubwoo.com/ims/ssc.html). This last application is used for the supporting the following products: PerfectProcure, WebProcure, TBN, Catalog Manager and Search.

Proactis Central has been developed in-house by us and Kayako is a third-party application which we use for Suppliers to log enquiries. It is recommended that you review Kayako’s own privacy policy which is here: https://www.kayako.com/about/privacy in addition to ours, should you also use that support software.

IMS has been developed by a company called Abocon and we contract them to maintain and enhance the product. Proactis support teams use the system to respond to your enquiries. Abocon are a German company and their privacy policy is here: https://www.abocon.com/datenschutz/

For all applications, users need to register to enable them to raise support tickets. The following personal data is needed for this process:

A person’s name, email address, telephone number; the company or organisation that person works for and their job role (for Proactis Central). 

This personal data is only used for the purpose of allowing users to log enquiries in relation to the software their company or organisation has licenced from us.

User personal data is kept for as long as the user needs access to the ticketing systems; if he or she leaves the company or no longer requires access, they can request removal from the system using the methods described above. 

Whilst the purpose of the software is to log enquiries relating to products, due to the nature of the support enquiries, it is possible that users can add other information to the support ticket which may end up being other personal data. This is not mandatory and should only be for the purposes of resolving that particular support enquiry. 

Support ticket information is kept for the purpose of allowing the same organisation who raised the case to be able to review past enquiries and build up a knowledge base or repository so if the same issue reoccurs, the original support case can be referenced and the resolution identified and acted upon.

To fulfil these enquiries logged with Proactis Central and Kayako, we have staff based in the UK. For some first-line Supplier Support enquiries, we have a team based in Manila, in the Philippines. The work the Manila team does involves updating support enquiry tickets and their roles mean that they do not require access to customer data. All UK customer data (whether this is an individuals’ personal data or company organisation data) remain in the UK.

Enquiries raised through IMS are supported by teams based in the US, France, Germany and Manila. The data contained in IMS is stored in a French data centre.

To meet our GDPR requirements, we have reviewed our technological and organisational measures to ensure that your data is treated securely and that we have processes in place to help prevent unauthorised access to confidential information about you that is under our control.  

We have our information security processes in compliance with ISO 27001, which is externally audited on an annual basis. The controls are also internally audited more frequently. For more information on ISO 27001, you can go here: https://www.iso.org/isoiec-27001-information-security.html.

Our United States offices comply with the US-EU Privacy Shield Framework (more information about this is here: https://www.privacyshield.gov/ and listed as our Perfect Commerce subsidiary here: https://www.privacyshield.gov/list).
These safeguards help prevent unauthorised access, maintain data accuracy, and ensure the appropriate use of Data.
 
Information about Proactis products
Please click on the name of the product you wish to read about: 
In General
Our products will typically require users to have a username and a password which will allow them access to the software. The username may be a unique identifier or an email address. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. 

Our products will issue out system messages, which will be set up as part of the initial implementation of the software. This will enable defined users to act upon processes that are necessary to fulfil the normal practices of the software (such as alerting an authoriser that they have invoices to approve or to alert a supplier that they have a deadline for a tender).

Whilst these are not marketing messages, users are able to change their preferences within the respective product, should they not wish to receive such notifications. By doing so, this may alter the functionality and lessen the effectiveness of the software.

With our products, we will be classed as the data processor, and the organisation who uses our software will be the data controller. The UK data regulator, the Information Commissioners’ Office (ICO) explains the terms ‘data controller’, ‘data processor’ here: https://ico.org.uk/for-organisations/guide-to-data-protection/key-definitions/ France’s regulator, CNIL, is located here: https://www.cnil.fr/, Germany’s BfDI is here: https://www.bfdi.bund.de/. A full list and overview of the National Data Protection authorities is available from the EU’s website: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

Where we store your personal data
As a global company, we ensure that our business is carried as per the laws of the country operated in. In addition to the UK, we have offices in the United States, Europe (such as France, Germany, the Netherlands) and Australasia (such as New Zealand and the Philippines).

All information you provide to us is stored on our secure servers, which for the UK, are based in the UK (Harrogate and Reading). We also have data centres in France, the United States and in New Zealand. 

UK data does not get moved or stored to other data centres outside the UK; EU data is held in our French datacentres. For US customers, the data is in America and for our APAC customers, the data may reside in either our American or New Zealand data centres.

If our UK and EU customers use our software which is not based in the EEA, we will inform you before you agree to use the software. In addition, we have made sure that all our customer data, whether that stored in or outside of the EEA is secure and kept to the same high standards that is expected of a company based in the EU.

We have processes in place, such as with the EU-U.S. Privacy Shield to ensure our customer data is safe. You can find us, listed under our Perfect Commerce subsidiary, here: https://www.privacyshield.gov/list.

Information about specific products

Purchase-to-Pay (P2P)

This application is used to carry out the functions of the purchasing process, from the initial recording of the requisition or purchase order, through to the payment of the received invoice. The invoice may be received electronically into the system, with an image record of that stored with the purchase order (see the Invoice Capture section for more information on this).

Organisations who use P2P have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within P2P are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.

P2P users who have administrator roles can manually amend other users’ details within the Management Console if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above.

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

A session cookie will be used by P2P to identify your user session.

Source-to-Contract (S2C)
There are two versions of this product; one for Buying Organisations, one for Suppliers.

For Buying Organisations, the application is used to contact suppliers, collaborate with them, and perform other actions according to the licenced modules they wish to use.

Suppliers use the application to interact with buyers, to bid for work, to upload catalogues and send electronic documents to buying organisations.

Buying organisations will have terms of use set up in a contract with us, which includes a commitment to data privacy. Suppliers agree to the Supplier Network terms and conditions as part of the registration process. Those T&Cs are available by accessing this page: https://supplierlive.Proactisp2p.com/Content/Documents/ProactisNetworkTermsConditions.pdf.

S2C users in Buying Organisations who have administrator roles can manually amend other users’ details within the Settings section of the application. 

S2C users who are Suppliers can also update details for other users within their organisation in the S2C product.

If personal data is to be completely removed, then please refer to the “Your Rights” chapter in the General Information section, above. Note that personal data will be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

The product uses cookies as per the categories specified by the International Chamber of Commerce, which are Strictly Necessary cookies. These cookies are essential for the operation of our websites because they keep track of a user's movement from page to page. Without these cookies, our websites would have no memories. Product also uses persistent cookies which will remain until you delete them from your browser.

ProContract
The ProContract product is used to carry out the functions of the tendering process, from the initial advertisement to the awarding of the contract. 

The application has Buying organisations and Suppliers. Buying organisations use the application to upload the adverts for the work they need conducting, and to use ProContract to administer out the tendering process. Suppliers use ProContract to check for suitable opportunities they wish to bid for and then use the application to carry out that bid.

Buying organisations have their own terms of use set in a contract with us, which includes a commitment to data privacy. Suppliers must register to use ProContract and this Privacy Policy, plus the applications’ Terms and Conditions are available as part of the registration process.

Personal data types used within ProContract are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system. The personal data types apply to both Buying Organisations and Suppliers.

ProContract operates an email newsletter program, which is used to inform subscribers about products and services supplied by us. This is optional and users can subscribe or unsubscribe through an online automated process.

Some subscriptions may be manually processed through prior written agreement with the user. 

Subscriptions are taken in compliance with UK Spam Laws, which are detailed in the Privacy and Electronic Communications Regulations 2003.

For Buying Organisations, ProContract users who have administrator roles can manually amend details of other users, from the same organisation, within the application if any personal data is incorrect.

If you are a Supplier and have incorrect information in place that you cannot manually amend, please contact one of your Company Administrators in the first instance. If you still cannot update the data, please raise a support ticket and we will correct this for you.

For Buyers or Suppliers, if your personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above. 

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

ProContract has a cookie policy here: https://procontract.due-north.com/SiteInformation/CookiePolicy.

PurchasePoint
This application is used to carry out the functions of the purchasing process, from the initial recording of the requisition or purchase order, through to the payment of the received invoice. The invoice may be received electronically into the system, with an image record of that stored with the purchase order (see the Invoice Capture section for more information on this).

Organisations who use PurchasePoint have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within PurchasePoint are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.

PurchasePoint users who have administrator roles can manually amend other users’ details within the Management Console if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above.

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

A session cookie will be used by PurchasePoint.

Invoice Capture
This application is used to capture the data from which the original source is a paper invoice document. The image record will also be stored with the electronic document, which will be located in the Proactis Purchase to Pay solution you use.

The purpose for the processing is to carry out the functions of the invoice scanning process which will then allow the scanned document to be associated with the relevant document in the purchase to pay solution being used. The data sets include: name and email address within the product for basic operations of the software 

The scanned invoice documents can contain an address (usually this is a business address), contact name, email address and telephone number. A description of the goods / services the Invoice covers may contain personal data.

The Invoice Capture application uses Session cookies, which will only exist during the time that you use the application in the web browser. As with other sessions cookies mentioned in this Privacy Policy, they are only used to pass information between pages to allow the system to function. 

If needed, if there are Invoice Capture users who have incorrect name or email addresses incorrectly setup, then please contact Proactis support for that to be rectified. If an email address has been set up incorrectly, that would require the user account to be deleted and a new one set up with the correct email address. If personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above.

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

Marketplace
This application is a catalogue management tool, along with the ability to perform purchasing functions, including the ability to raise invoices. 

Organisations who use Marketplace have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used within Marketplace are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.

Marketplace users who have administrator roles can manually amend other users’ details within the system if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above.

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

A session cookie is in place to allow for the system to function.

PerfectProcure and WebProcure
This application is used to carry out the functions of the purchasing process, from the initial recording of the requisition or purchase order, through to the payment of the received invoice. The invoice may be received electronically into the system, with an image record of that stored with the purchase order.

Organisations who use PerfectProcure have their own terms of use set in a contract with us, which includes a commitment to data privacy. Personal data types used are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.

WebProcure also has an additional function, which is to carry out the functions of the tendering process, from the initial advertisement to the awarding of the contract.

It is possible to import catalogues of items into the system which for users within the same organisation to purchase. Documents can be raised or received electronically in conjunction with purchase requests or order fulfilment. The software can also manage supplier relationships and contracts, through optional modules within the WebProcure software.

Users who have administrator roles can manually amend other users’ details within the system if your personal data is incorrect. If personal data is to be completely removed, then please refer to the “Your rights” chapter in the General information section, above.

Note that personal data will only be removed in accordance with the law, and upon confirmation that the user making the request is authorised to do so. We will do this in a timely manner and aim to have such requests completed within thirty (30) days of confirmation that the request is valid.

A session cookie is in place to allow for the system to function.

TBN (The Business Network)
The Business Network (TBN) is an application which connects companies and provides them with spend management and business process collaboration for goods and services. This can be broken down into sourcing and auction activities, contract management, catalogue management along with procurement tasks such as raising purchase orders, invoicing, receipting goods, approving services; analysing spend. Buying organisations and Suppliers both can use TBN.

Buying organisations will have terms of use set up in a contract with us, which includes a commitment to data privacy. Suppliers agree to the Terms of Use as part of the registration process. Those Terms are available here.

Personal data types used within TBN are: name, email address, telephone number. These are needed for product functionality. A business address is listed for each user of the system.

Buying organisation users can update details for other users within their organisation. Suppliers who have incorrect information in place that you cannot manually amend should raise a support ticket and we will correct this for you.

A session cookie is in place to allow for the system to function.

Catalog Manager and Search
This application is used to provide data for the purchasing process by uploading, approving and releasing catalogue content. The purpose for the processing is to carry out the functions of the purchasing process, from the initial upload of the catalogue content, to verify, enrich, approve and release the content for the purchasing process.

Personal data types used are: name and email address are used within the product for basic operations of the software.

Free-text form or SmartForms can be filled out in the software, which can contain an address (usually this is a business address), contact name, email address and telephone number. A description of the goods / services may contain personal data which Proactis has no control over being included nor is necessarily needed for the functionality of the Catalog Manager product.

A session cookie is in place to allow for the system to function.

Version: 3 | Last Updated: June 2018.