subtitle

GDPR Compliance

subtitle

Last Updated: 16/12/2025

GDPR Compliance Statement

ProcureOptima is committed to complying with the General Data Protection Regulation (GDPR) and protecting the personal data of our customers, users, and partners.

We have designed our platform, processes, and security controls with privacy and data protection at their core.

Our Role Under GDPR

Depending on the context:

  • ProcureOptima acts as a Data Controller for:
    Website visitors
    Marketing communications
    Sales enquiries

  • ProcureOptima acts as a Data Processor for:
    Customer data processed within the ProcureOptima platform

    • Customers remain the Data Controller for all business and procurement data uploaded to the platform.

GDPR Principles We Follow

We process personal data in line with GDPR principles:

  • Lawfulness, fairness, and transparency

  • Purpose limitation

  • Data minimisation

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

  • Accountability

Security & Technical Measures

We implement appropriate technical and organisational safeguards, including:

  • Role-based access controls

  • Data encryption in transit and at rest

  • Audit logging and activity tracking

  • Secure cloud infrastructure

  • Regular security reviews and updates

Data Subject Rights

We support all GDPR data subject rights, including:

  • Right of access

  • Right to rectification

  • Right to erasure

  • Right to restrict processing

  • Right to data portability

  • Right to object

    • Requests can be submitted via:


    privacy@procureoptima.com

Sub-processors

We may use trusted third-party service providers (sub-processors) to deliver our services (e.g. hosting, analytics, support tools).

    All sub-processors are:

  • Assessed for GDPR compliance

  • Bound by contractual data protection obligations

    • A list of sub-processors is available upon request.

International Data Transfers

Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)

  • Adequacy decisions

Data Breach Management

In the event of a personal data breach:

  • We will notify affected customers without undue delay

  • We will provide all information required to meet regulatory obligations

Data Retention

Personal data is retained only for as long as necessary to fulfil contractual and legal obligations.

    Contact

    For GDPR-related enquiries:
    Email: privacy@procureoptima.com