Promarc Ltd (“Promarc”, “we”, “us”, “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect personal data when you interact with us, including through our website and our Technical Assurance for Procurement (“TAP”) services.

This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Promarc Ltd is the data controller responsible for your personal data.

Contact details:
Email: contact@promarc.co.uk
Registered address: 30 Beech Court, Langley Park, Durham. DH7 9XL
Company registration number: 14029253
ICO registration number: ZB930188

‍

We may collect and process the following categories of personal data:

a) Identity and contact data

• Name
• Job title
• Company or organisation
• Email address
• Telephone number

b) Business and engagement data

• Enquiry details
• Statements of work or engagement context
• Communications with us (email, forms, calls)

c) TAP-specific data

As part of the TAP service, clients may provide:

• Procurement documents (e.g. ITTs, RFPs, RFIs)
• Supplier responses
• Requirements, specifications, and supporting documentation
• Commentary, risk notes, and clarification material

These documents may contain personal data, typically limited to business contact information of staff involved in procurement or supplier responses.

d) Technical and usage data

• IP address
• Browser and device information
• Website usage and analytics data
• Cookies (see Cookies section)

We collect data through:

• Website contact and enquiry forms
• Direct email or telephone communication
• Client onboarding and engagement processes
• TAP document submission and analysis workflows
• Website analytics and cookies

We use personal data only where necessary and in a proportionate manner to support our business operations and deliver our services.

a) General business purposes

We use personal data to:

• Respond to enquiries and requests
• Communicate with prospective and existing clients
• Establish, manage, and perform contractual relationships
• Deliver consultancy, assurance, and advisory services
• Administer our business and maintain records
• Improve our website, services, and client experience
• Comply with legal, regulatory, and professional obligations

b) Delivery of TAP (Technical Assurance for Procurement)

As part of delivering the TAP service, we process information provided by clients, which may include procurement documentation such as ITTs, RFPs, RFIs, supplier responses, requirements, specifications, and supporting materials.

These materials may contain limited personal data, typically business contact details of individuals involved in procurement or supplier engagement.

We use this information solely to:

• Perform technical assurance, analysis, and evaluation activities
• Identify risks, gaps, ambiguities, and inconsistencies
• Produce assurance outputs, findings, and reports for the client
• Support clarification and follow-up discussions as part of the engagement

All TAP materials are treated as confidential client information and are accessed only by authorised personnel for the duration of the engagement.

c) Anonymised and aggregated learning from TAP engagements

In order to improve our frameworks, methodologies, and guidance, Promarc may derive anonymised and aggregated insights from TAP engagements. Examples include:

• Common requirement patterns
• Recurring technical or commercial risks
• Typical areas of ambiguity or misalignment
• High-level market or sector trends

These insights:

• Do not identify clients, suppliers, or individuals
• Do not include verbatim procurement content
• Do not include confidential or commercially sensitive information
• Cannot be used to re-identify a specific engagement

Identifiable client or supplier materials, including full ITTs, RFPs, or supplier responses, are not reused, shared, or repurposed for learning, benchmarking, or training purposes unless explicitly agreed in writing.

d) Automated analysis and AI-assisted techniques (where applicable)

Where analytical or AI-assisted techniques are used to support TAP or other services:

• Outputs are advisory in nature and subject to human review
• No fully automated decision-making producing legal or similarly significant effects is performed
• Client data is not used to train public or third-party models
• Processing is limited to the scope necessary to deliver the agreed service

e) Marketing and communications

Where permitted, we may use contact details to:

• Share information about our services
• Provide updates, insights, or thought leadership

You can opt out of marketing communications at any time.

We process personal data under one or more of the following lawful bases:

• Contract – where processing is necessary to deliver agreed services
• Legitimate interests – to operate our business, respond to enquiries, and improve services
• Consent – where explicitly provided (e.g. marketing communications)
• Legal obligation – where required by law or regulation

Where TAP documents contain personal data, processing is carried out under contractual necessity and legitimate interests, with strict controls applied.

We do not sell personal data.

We may share data with trusted third parties where necessary, including:

• Website hosting and infrastructure providers
• Analytics and performance monitoring services
• Secure document storage or collaboration platforms
• Professional advisers (legal, accounting)

All third parties are required to process data securely and in accordance with applicable data protection laws.

Where personal data is transferred outside the UK:

• Transfers are limited and controlled
• Appropriate safeguards are in place (e.g. adequacy decisions or standard contractual clauses)

We retain personal data only for as long as necessary:

• Enquiry data: typically up to 24 months
• Client engagement data: duration of the engagement plus any legal or contractual retention period
• TAP materials: retained for the agreed engagement period and securely deleted thereafter, unless otherwise agreed in writing
• Marketing data: until consent is withdrawn

We take appropriate technical and organisational measures to protect personal data, including:

• Access controls and least-privilege principles
• Secure storage and transmission
• Segregation of client materials
• Confidentiality obligations

TAP materials are treated as confidential client information and are accessed only by authorised personnel.

Where analytical or AI-assisted techniques are used within TAP:

• Outputs are advisory and human-reviewed
• No automated decision-making producing legal or significant effects is performed
• Client data is not used to train public or third-party models

You have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request erasure of data
• Restrict or object to processing
• Request data portability
• Withdraw consent at any time
• Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting contact@promarc.co.uk.

We use cookies to:

• Ensure website functionality
• Understand how visitors use our site
• Improve performance and content

You can manage cookie preferences via your browser or our cookie banner.

Our services are intended for business users. We do not knowingly collect personal data relating to children under the age of 13.

We may update this Privacy Policy from time to time. The latest version will always be available on our website, with the revision date clearly shown.

If you have any questions about this Privacy Policy or how we handle your data, please contact:

Email: contact@promarc.co.uk

You also have the right to raise concerns with the UK Information Commissioner’s Office.

‍