Privacy Policy
Effective Date: 1 June 2026 Version: 2.1
1. Introduction
Welcome to Profymarket. We are an AI-powered procurement platform for the construction industry, connecting buyers and suppliers through transparent, competitive tender processes.
Profymarket ("we", "us", or "our") operates the website and platform at https://profymarket.com (the "Service"). This Privacy Policy explains how we collect, use, store, protect, and disclose personal data when you use our Service.
By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree, please do not use the Service.
This Policy should be read together with our Terms and Conditions, which govern all use of the Service.
2. Definitions
For the purposes of this Privacy Policy:
Service - the Profymarket website and platform at https://profymarket.com.
Personal Data - any information relating to an identified or identifiable natural person.
Usage Data - data collected automatically from your interaction with the Service (e.g. pages visited, session duration, device info).
Cookies - small text files stored on your device by your browser.
Data Controller - Profymarket, which determines the purposes and means of processing your Personal Data.
Data Processor / Service Provider - a third party that processes data on our behalf.
Data Subject / User - any living individual using the Service.
GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council.
3. Data We Collect
3.1 Personal Data
When you register or interact with the Service, we may collect the following:
-
Full name and company name
-
Email address
-
Phone number
-
Business address (country, city, postal code)
-
VAT / registration number (for supplier and buyer accounts)
-
Profile information: role, specialisation, certifications
-
Documents and files uploaded as part of tender or procurement activities
3.2 Usage Data
We automatically collect technical information when you use the Service, including:
IP address and approximate geographic location Browser type and version, operating system
3.3 Cookies and Tracking
We use cookies and similar technologies to operate and improve the Service. Types of cookies we use:
Session Cookies - required for the platform to function. Preference Cookies - remember your language and display settings. Security Cookies - help detect fraud and protect your account. Analytics Cookies - help us understand how the Service is used.
You may disable cookies in your browser settings. Note that some features of the Service may not work correctly without cookies.
4. How We Use Your Data
Profymarket uses your data to:
Provide, operate, and maintain the Service Register and manage your account Match buyers with relevant suppliers and process procurement tenders Process transactions and send related notices (invoices, receipts, status updates) Communicate with you about your account, requests, and platform activity Send service-related notifications, system alerts, and policy updates Send marketing communications (only where you have consented; you may opt out at any time) Analyse usage to improve and develop new features Detect, investigate, and prevent fraudulent or unauthorised activity Comply with legal obligations (tax, accounting, regulatory requirements) Enforce our Terms and Conditions and other agreements
5. Legal Basis for Processing (GDPR)
We process your Personal Data under the following legal grounds:
Performance of a contract - to provide the Service and fulfil obligations under agreements with you.
Legitimate interests - to improve the platform, prevent fraud, and ensure security, where these do not override your rights.
Legal obligation - to comply with applicable laws and regulations.
Consent - for marketing communications and non-essential cookies. You may withdraw consent at any time.
6. Data Storage and Infrastructure Security
To power the Service's business logic (payments, user accounts, procurement workflows), Profymarket is built on a headless architecture using the Wix platform. All user Personal Data is processed and stored in Wix's isolated, certified cloud infrastructure.
PLATFORM SECURITY CERTIFICATIONS
The infrastructure on which Profymarket operates is fully certified to the following international security and privacy standards:
SOC 2 Type II - independent audit of security, availability, and confidentiality controls
ISO 27001 - information security management system
ISO 27017 - cloud services security controls
ISO 27018 - protection of personal data in the cloud
ISO 27701 - privacy information management (PIMS)
PCI DSS Level 1 - highest level of payment card data security
GDPR Compliant - full compliance with EU General Data Protection Regulation
Physical Hosting Infrastructure
AWS, Google Cloud Platform, and Equinix (world-leading data centre providers, compliant with highest physical and environmental security standards)
Data Encryption
HTTPS + TLS 1.2+ for data in transit AES-256 encryption for data at rest
Official Security Resources
Wix Trust Center - Security Framework https://www.wix.com/trust-center/security
Wix Privacy & Data Processing Agreement (DPA) https://www.wix.com/about/privacy-dpa-users
Wix Security Measures Overview https://support.wix.com/en/article/wix-security-measures-overview
7. Payment Data
Payment processing on Profymarket is handled by Stripe, Inc. - a globally certified payment processor. We do not store your full card numbers or sensitive payment credentials on our servers.
Stripe is certified to PCI DSS Level 1, the highest level of payment security. When you submit payment information, it is transmitted directly to Stripe's secure environment.
Stripe Privacy Policy: https://stripe.com/privacy
8. Third-Party Service Providers
We work with carefully selected third-party providers to operate and improve the Service. These providers access your data only to the extent necessary to perform their functions and are bound by confidentiality and data protection obligations.
Our key service providers include:
Wix.com - platform hosting, backend logic, CMS, and user authentication Anthropic, Inc. - AI services OpenAI, Inc. - AI services Stripe - payment processing Google LLC - analytics and cloud infrastructure (part of Wix hosting)
We do not sell your Personal Data to third parties.
9. International Data Transfers
Your data may be transferred to and stored on servers located outside your country of residence, including in the United States and European Union. These transfers are governed by:
Standard Contractual Clauses (SCCs) approved by the European Commission Wix's GDPR-compliant Data Processing Agreement: https://www.wix.com/about/privacy-dpa-users Stripe's Privacy Shield / SCCs for payment data
We take all reasonably necessary steps to ensure that your data is treated securely during any transfer.
10. Data Retention
We retain your Personal Data for as long as necessary to provide the Service and fulfil the purposes described in this Policy, and as required by applicable law.
Active account data: retained for the duration of your account Transaction and billing records: minimum 7 years (tax and accounting obligations) Usage Data: 12-24 months for analytics purposes Marketing opt-in records: until you withdraw consent Data subject requests / correspondence: minimum 3 years
Upon account deletion or a verified erasure request, we will delete or anonymise your Personal Data, unless we are legally required to retain it.
11. Your Data Protection Rights
If you are located in the European Union, European Economic Area, or a jurisdiction with equivalent data protection law, you have the following rights:
Right of access - request a copy of the Personal Data we hold about you.
Right of rectification - request correction of inaccurate or incomplete data.
Right of erasure ("right to be forgotten") - request deletion of your data, subject to legal retention requirements.
Right to restrict processing - request that we limit how we use your data.
Right to data portability - receive your data in a structured, machine-readable format.
Right to object - object to processing based on legitimate interests or direct marketing.
Right to withdraw consent - where processing is consent-based, withdraw at any time without affecting prior lawful processing.
To exercise any of these rights, contact us at: info@profymarket.com
We will respond within 30 days. We may ask you to verify your identity before processing your request.
12. Cookie Policy
We use cookies and similar technologies (pixels, web beacons) for the following purposes:
Strictly necessary cookies - essential for the platform to function. Cannot be disabled.
Preference / functional cookies - remember your settings and personalise your experience.
Analytics cookies - help us understand how users interact with the Service.
Marketing cookies - used to show you relevant advertisements (only with consent).
You can manage cookie preferences through your browser settings or our cookie consent banner. Disabling certain cookies may affect platform functionality.
13. Children's Privacy
The Service is intended for business use and is not directed to individuals under the age of 18. We do not knowingly collect Personal Data from minors.
If you believe a minor has provided data to us, please contact us at info@profymarket.com and we will promptly delete it.
14. Links to Other Websites
The Service may contain links to external websites not operated by Profymarket. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policy of any website you visit.
15. Disclosure of Personal Data
We may disclose your Personal Data in the following circumstances:
To our service providers who assist in operating the Service (under appropriate data processing agreements)
To fulfil the purpose for which you provided the data (e.g. sharing your company profile with a counterparty in a procurement process, with your knowledge)
If required by law, regulation, court order, or government authority
To protect our legal rights or the security of the Service
In connection with a business transfer, merger, or acquisition. You will be notified in advance.
We do not sell, rent, or trade your Personal Data.
16. Security Measures
We implement technical and organisational measures to protect your Personal Data, including:
TLS 1.2+ encryption for all data in transit (HTTPS) AES-256 encryption for data at rest (Wix infrastructure) Two-factor authentication (2FA) available for all accounts Role-based access controls limiting data access to authorised personnel only Regular security reviews, penetration testing, and vulnerability management (Wix Bug Bounty Program) Wix's 24/7 security monitoring and incident response team
While we strive to protect your data, no method of transmission over the internet is 100% secure. We will notify you of any breach affecting your Personal Data as required by applicable law.
17. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
Post the updated Policy on this page with a new Effective Date Notify you by email and/or a prominent notice on the Service at least 14 days before the change takes effect
Continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the changes.
18. Contact Us
If you have questions, requests, or concerns about this Privacy Policy, please contact us:
Email: info@profymarket.com Website: https://profymarket.com/privacy
We aim to respond to all data protection inquiries within 30 calendar days.