ISO 27001Information security
SOC 2 Type IITrust services criteria
UK GDPRData protection
AES-256Encryption at rest
ISO 27001Information security
SOC 2 Type IITrust services criteria
UK GDPRData protection
AES-256Encryption at rest
ISO 27001Information security
SOC 2 Type IITrust services criteria
UK GDPRData protection
AES-256Encryption at rest
LEGAL · v2026.05

Privacy notice

Effective 1 May 2026. How EnerProcure handles personal data on the platform.

1. Controller

EnerProcure Limited (Dublin, Ireland) is the data controller for personal data processed in connection with the platform, except where a member organisation acts as controller of its own users' data.

2. What we collect

Account information (name, work email, role, organisation); KYB verification artefacts; activity logs (RFQs, quotes, awards, messages, document uploads); device and security telemetry necessary to operate the platform.

3. Lawful basis

Performance of contract (your membership agreement); legal obligation (sanctions screening, AML); and legitimate interest (platform security, fraud prevention, service improvement).

4. Sharing

Personal data is shared only with the counterparties on a transaction you participate in, with our processors under DPAs (cloud hosting, identity, observability), and with regulators where legally required. We do not sell personal data.

5. Retention

Account data is retained for the duration of your membership plus seven years for audit and tax purposes. Transactional records are immutable and retained for the same period.

6. International transfers

Data may be processed in the European Economic Area, the United Kingdom and the United States under appropriate transfer mechanisms (EU SCCs, UK IDTA).

7. Your rights

Subject to applicable law, you may request access, rectification, erasure, restriction or portability of your personal data, and object to processing based on legitimate interest. Some rights are limited by the immutable audit obligations described above.

8. Security

We apply industry-standard controls including encryption in transit and at rest, scoped role-based access, audit logging, and regular security testing. Suspected incidents can be reported to security@enerprocure.com.

9. Contact

Data Protection Officer: dpo@enerprocure.com. You may also lodge a complaint with the Irish Data Protection Commission.

Last updated 1 May 2026.

Platform security

EnerProcure runs on enterprise infrastructure that maintains the following standards

  • ISO 27001Information security
  • SOC 2 Type IITrust services criteria
  • UK GDPRData protection
  • AES-256Encryption at rest

Hosted on enterprise infrastructure that maintains ISO 27001, SOC 2 Type II and UK GDPR compliance. All data is encrypted in transit (TLS 1.3) and at rest (AES-256). These accreditations are held by our platform provider.