Procurist
Privacy Policy
Last Updated: July 2026
1. Who We Are
Procurist is operated by ProcuristIO OÜ (registration code: 17477812), registered in Estonia at Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551 ("Procurist", "we", "us", or "our"). ProcuristIO OÜ is the data controller for the personal data described in this Policy. For any privacy matter, contact privacy@procurist.io. We have assessed our processing and are not required to appoint a Data Protection Officer.
2. What This Policy Covers
This Privacy Policy explains how ProcuristIO OÜ collects, uses, and protects personal data in connection with the public Procurist website (procurist.io) and when you contact us, apply for an account, subscribe to updates, or otherwise interact with us before holding a Procurist account. Separate privacy policies apply once you use the platform under an account — the Designer Privacy Policy for interior designers and design studios, and the Vendor Privacy Policy for suppliers and brands. Procurist is a B2B service intended for professional trade users and is not directed at consumers or individuals under 18.
3. Information We Collect When You Browse
When you visit the Procurist website, we and our analytics and hosting providers automatically process limited technical and usage information — such as device and browser type, pages viewed, and general location — to operate, secure, and improve the website. Further detail, including our use of cookies and similar technologies, is set out in our Cookie Policy. Where you submit information through a form — such as an account application, newsletter signup, or careers application — we also collect the information described in the relevant section below.
4. Information You Provide
When you interact with us — including but not limited to applying for an account, subscribing to our newsletter or resources, applying for a role, registering your interest, or contacting us — we collect the information you provide. Depending on the interaction, this may include your contact details (such as name, email, and phone number), your business and professional details (such as company or studio name, role, country, website, and information about your business or products), any VAT or registration information you provide, and the content of your enquiry or application. For job applications, this includes your professional profile (such as your CV or LinkedIn).
Where VAT numbers are provided at signup, we may submit them to the appropriate authorities for verification — the European Commission (VIES) for EU VAT numbers, or HMRC for UK VAT numbers.
If you go on to create an account, the further information collected during onboarding and use of the platform is governed by the Designer Privacy Policy or Vendor Privacy Policy, as applicable. Where you accept our terms, we record the date, time, and technical details (including IP address and browser) as evidence of acceptance.
5. Why We Process It and Our Legal Basis
We process the information you provide to respond to your enquiry, to assess and administer your application, to send you the updates or resources you have requested, to manage waitlists and events, and for our legitimate interest in operating, securing, and growing the platform. Where we process your data to take steps at your request before entering into a contract, our basis is Article 6(1)(b) GDPR; where we send marketing communications, our basis is your consent (Article 6(1)(a)), which you may withdraw at any time; and where we process data to meet a legal obligation, our basis is Article 6(1)(c).
6. Who We Share It With
We share personal data with service providers who process it on our behalf — such as our email, hosting, database, and payment providers — and with authorities or professional advisers where required by law. We do not sell personal data. A list of our processors is available on request.
7. International Transfers
Personal data is stored and processed on servers in the United Kingdom and the European Union. Where personal data is transferred to service providers located outside the UK/EEA, we take appropriate steps to ensure it remains protected in accordance with applicable data protection law.
8. Data Retention
- Newsletter subscriptions, job applications, unsuccessful applications, and general enquiries: up to 24 months, after which the data is deleted or anonymised unless a longer period is required by law.
- Financial and VAT records: 10 years (legal requirement).
- Terms acceptance records: 10 years.
(Personal data relating to account holders is retained as set out in the applicable Designer or Vendor Privacy Policy.)
9. Your Rights
Under the GDPR and UK GDPR, you have the right to: access your personal data; request correction of inaccurate data; request deletion (subject to legal exceptions); restrict processing in certain circumstances; data portability; object to processing based on legitimate interest; and withdraw consent where processing is based on consent. To exercise your rights, contact privacy@procurist.io.
We will respond to requests without undue delay and within one month of receipt. This period may be extended by up to two further months where necessary, taking into account the complexity and number of requests, in which case we will inform you within one month.
You can unsubscribe from marketing emails at any time by contacting privacy@procurist.io.
10. Data Breach Notification
In the event of a personal data breach, we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of it, in accordance with Article 33 GDPR. Where the breach is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay in accordance with Article 34 GDPR.
11. Data Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit (HTTPS) and at rest, access controls, and ongoing monitoring. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
12. Cookies
Our website uses cookies and similar technologies, as described in our Cookie Policy.
13. Automated Decision-Making
We do not make decisions producing legal or similarly significant effects about you based solely on automated processing.
14. Complaints
If you are unhappy with how we handle your data, you can complain to us at privacy@procurist.io, or to a supervisory authority: the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) — www.aki.ee; the UK Information Commissioner's Office (ICO) — ico.org.uk; or your local EU/UK data protection authority.
15. Changes to This Policy
We may update this Policy from time to time. Where changes are material, we will take appropriate steps to inform you, and the "Last Updated" date above will reflect the latest version.
16. Contact
For privacy enquiries or to exercise your rights, contact privacy@procurist.io. To report a security vulnerability or incident, contact privacy@procurist.io.