Privacy Policy

This Privacy Policy describes how ProcureX (“we”, “us”, “our”) collects, uses, and protects information when you use our web-based procurement service (“Service”). We are committed to protecting your privacy and handling your data in accordance with applicable data protection laws, including the Personal Data Protection Act 2012 of Singapore (“PDPA”) where applicable.

1. Data controller

The organisation responsible for your personal data in connection with the Service is the operator of ProcureX, operating from Singapore. You can contact us at the email address given at the end of this policy.

2. Data we collect

We may collect:

• Account and identity data: name, email address, and profile information you provide when signing up or signing in (e.g. via Google or email).
• Usage and product data: data you create when using the Service, such as saved vendors, RFQs, line items, draft emails, search history, and sender preferences. This may include business contact details you enter (e.g. vendor names, email addresses).
• Technical and log data: IP address, browser type, device information, and logs of access to the Service (e.g. for security, debugging, and improving the Service).
• Communications: if you contact us (e.g. feedback or support), we keep the content of your messages and our replies.

We do not intentionally collect sensitive personal data (e.g. health, race, religion). If you include such information in your RFQs or other content, we will process it only as necessary to provide the Service.

3. How we use your data

We use your data to:

• Provide, operate, and maintain the Service;
• Authenticate you and manage your account;
• Store and process your RFQs, vendors, and preferences so you can use the Service across sessions;
• Improve the Service, fix errors, and develop new features;
• Send you service-related messages (e.g. account or security notices) and, where you have agreed, marketing or product updates;
• Comply with legal obligations, enforce our Terms of Service, and protect our rights and the security of the Service;
• Respond to your enquiries and support requests.

We process your data on the legal bases of: (a) performance of our contract with you (providing the Service), (b) our legitimate interests (e.g. security, improvement of the Service, analytics where not overridden by your rights), and (c) where required, your consent. Under the PDPA, we will collect, use, and disclose personal data only for purposes you have been informed of and with your consent (or as permitted by law). Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

4. Data retention

We retain your data for as long as your account is active and as needed to provide the Service and comply with our legal obligations. After you delete your account or request deletion of your data, we will delete or anonymise your personal data within a reasonable period, except where we must retain it for legal, regulatory, or legitimate operational purposes (e.g. backups, dispute resolution). Aggregated or anonymised data may be retained for longer.

5. Security

We implement appropriate technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction, including encryption in transit (HTTPS), secure authentication, access controls, and secure hosting. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

6. Sharing and subprocessors

We do not sell your personal data. We may share your data only in the following circumstances:

• Service providers: with trusted third parties who assist us in operating the Service (e.g. hosting, database, authentication, email delivery, analytics). These subprocessors are bound by contract to use your data only for the purposes we specify and in accordance with applicable data protection law.
• Legal and safety: where required by law, court order, or government request, or to protect our rights, your safety, or the safety of others.
• Business transfer: in connection with a merger, acquisition, or sale of assets, subject to the same privacy commitments.

If you would like a list of our main subprocessors (e.g. hosting and auth providers), please contact us.

7. Your rights

Under the PDPA (for Singapore) and other applicable laws, you may have rights including:

• Access: request a copy of the personal data we hold about you.
• Correction: request correction of inaccurate or incomplete data.
• Erasure: request deletion of your personal data, subject to legal and operational constraints.
• Restriction: request that we restrict processing in certain circumstances.
• Portability: request a copy of your data in a structured, machine-readable format where applicable.
• Object: object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: where we rely on consent, withdraw it at any time.
• Complaint: lodge a complaint with a supervisory authority in your country.

To exercise these rights, contact us at the email below. We will respond within the time required by applicable law (e.g. under the PDPA, within a reasonable period). You can also delete your account and associated data from within the Service where that option is available. If you are in Singapore and are not satisfied with our response, you may contact the Personal Data Protection Commission.

8. Cookies and similar technologies

We use cookies and similar technologies to operate the Service (e.g. session and authentication cookies). These are necessary for the Service to function. We may also use analytics or similar tools to understand usage; where these involve personal data, we do so in line with this policy and applicable consent requirements. You can control cookies through your browser settings; disabling certain cookies may affect the functionality of the Service.

9. International transfers

We operate from Singapore. Your data may be processed in Singapore and in other countries where we or our subprocessors operate. Where we transfer data outside Singapore, we ensure appropriate safeguards are in place (e.g. under the PDPA or by way of binding agreements) as required by applicable data protection law.

10. Children

The Service is not directed at children. We do not knowingly collect personal data from anyone under 16 (or the applicable age in their jurisdiction). If you become aware that a child has provided us with personal data, please contact us and we will take steps to delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the “Last updated” date. Material changes may be notified by email or a notice in the Service. Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this policy periodically.

12. Contact

For privacy-related requests, questions, or complaints, contact us at enquiries@procurexorg.com.