1. Controller
EnerProcure Limited (Dublin, Ireland) is the data controller for personal data processed in connection with the platform, except where a member organisation acts as controller of its own users' data.
2. What we collect
Account information (name, work email, role, organisation); KYB verification artefacts; activity logs (RFQs, quotes, awards, messages, document uploads); device and security telemetry necessary to operate the platform.
3. Lawful basis
Performance of contract (your membership agreement); legal obligation (sanctions screening, AML); and legitimate interest (platform security, fraud prevention, service improvement).
4. Sharing
Personal data is shared only with the counterparties on a transaction you participate in, with our processors under DPAs (cloud hosting, identity, observability), and with regulators where legally required. We do not sell personal data.
5. Retention
Account data is retained for the duration of your membership plus seven years for audit and tax purposes. Transactional records are immutable and retained for the same period.
6. International transfers
Data may be processed in the European Economic Area, the United Kingdom and the United States under appropriate transfer mechanisms (EU SCCs, UK IDTA).
7. Your rights
Subject to applicable law, you may request access, rectification, erasure, restriction or portability of your personal data, and object to processing based on legitimate interest. Some rights are limited by the immutable audit obligations described above.
8. Security
We apply industry-standard controls including encryption in transit and at rest, scoped role-based access, audit logging, and regular security testing. Suspected incidents can be reported to security@enerprocure.com.
9. Contact
Data Protection Officer: dpo@enerprocure.com. You may also lodge a complaint with the Irish Data Protection Commission.
Last updated 1 May 2026.
