Privacy Policy

1) Scope

This Privacy Policy applies to information collected through our website and related communications, including:

• Website visits and browsing activity
• Contact forms and request forms (including "Request a Risk Snapshot")
• Email communications with PRM

This Privacy Policy does not apply to third-party websites or services that may be linked from our site. Those third parties have their own privacy practices.

2) Public Sector and Institutional Confidentiality Commitment

PRM is built to support procurement governance in high-trust environments, including public sector and regulated institutions. We operate with a confidentiality-first approach:

• We treat information you submit through our website and forms as confidential business information.
• We do not sell personal information.
• We use personal information only for legitimate business purposes described in this policy.
• We limit disclosure to vetted service providers who support our operations and are required to protect the information.
• When we analyze marketplace/procurement-related data in connection with services, we use it only to provide the requested services and deliver agreed reporting.

If you engage PRM under a written agreement (for example, an NDA or services agreement), those terms may impose additional protections and will govern where applicable.

3) Information We Collect

A. Information you provide to us

When you submit a form or contact us, we may collect:

• Identifiers: name, email address, phone number (if provided)
• Professional information: organization, role/title (if provided)
• Inquiry details: your message, procurement concerns, and information you choose to share
• Submission metadata: date/time of submission and technical details needed to process the request

B. Information we collect automatically

When you visit our website, we may collect:

• Device and browser information: device type, browser type, operating system
• Internet/network activity: pages viewed, clicks, time on page, referrer/exit pages
• General location information: approximate location derived from IP address (for example, city/region)

C. Cookies and similar technologies

We may use cookies and similar technologies to support website functionality and analytics. You can control cookies through your browser settings (see Section 9).

4) How We Use Information

We use the information we collect to:

• Respond to inquiries and form submissions
• Provide and improve our website and services
• Communicate about PRM services, including requested follow-up
• Produce reporting and analytics outputs related to PRM services (see Section 6)
• Maintain security, detect and prevent fraud or misuse
• Comply with legal obligations and enforce applicable terms

We do not use website-collected personal information to make decisions that produce legal or similarly significant effects solely through automated processing.

5) Legal Bases (Practical Summary)

PRM is a business-to-business service provider. We typically process information because:

• You request information or services from us
• We have a legitimate business interest in operating and securing our website
• We must comply with legal obligations

If you are subject to additional legal frameworks beyond California, your organization may request contract terms to address those requirements.

6) Analytics and Reporting Back to Customers

PRM may use analytics to understand website performance and service effectiveness, and to support customer-facing reporting. This may include:

• Aggregated website performance metrics (for example, traffic patterns, page engagement trends)
• Form conversion and engagement metrics
• Service-related reporting that summarizes findings, trends, and risk indicators derived from data shared during an engagement

How we handle analytics for customer reporting:

• We aim to provide reporting in an aggregated and business-appropriate manner.
• We do not sell personal information.
• We do not provide third parties with personal information for their own advertising purposes.
• Where reporting includes customer-specific information, it is provided to that customer and used to support the services requested.

7) How We Disclose Information

We may disclose information in the following situations:

A. Service Providers

We may share information with service providers who help us operate our website and business (for example, hosting, analytics, form processing, and communications tools). These providers are permitted to use information only to perform services for PRM and are required to protect it.

B. Legal, Compliance, and Security

We may disclose information if we believe it is necessary to:

• Comply with applicable law, lawful requests, or legal process
• Protect the security of our website and systems
• Investigate or prevent fraud, abuse, or security incidents
• Protect PRM's rights, property, and safety, and that of others

C. Business Transfers

If PRM undergoes a merger, acquisition, financing, reorganization, or sale of assets, information may be transferred as part of the transaction, subject to reasonable confidentiality protections.

8) Data Retention

We retain information only as long as reasonably necessary for the purposes described in this policy, including:

• Responding to requests and maintaining business records
• Providing services and related reporting
• Security and fraud prevention
• Compliance with legal obligations

Retention periods vary based on the type of information and the nature of the relationship. We will delete or de-identify information when it is no longer needed, unless retention is required by law or legitimate business needs (for example, recordkeeping or dispute resolution).

9) Cookies and Your Choices

A. Browser controls

You can control cookies through browser settings, including blocking or deleting cookies. Note that blocking cookies may affect site functionality.

B. Analytics controls

Depending on the analytics tools used, you may be able to limit certain tracking through cookie controls and/or browser-based privacy controls.

10) Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect information against unauthorized access, disclosure, alteration, or destruction. However, no website or transmission is completely secure, and we cannot guarantee absolute security.

For institutional engagements, additional security and confidentiality measures may be applied through contract and implementation practices.

11) Children's Privacy

Our website and services are intended for business and institutional audiences and are not directed to children under 16. We do not knowingly collect personal information from children under 16.

12) California Privacy Notice (CCPA/CPRA)

This section applies to California residents and describes rights and disclosures required under the California Consumer Privacy Act as amended by the CPRA ("CCPA/CPRA").

A. Categories of personal information collected (past 12 months)

PRM may collect:

• Identifiers (for example, name, email address, phone number if provided)
• Internet or other electronic network activity information (for example, browsing/usage data)
• Professional or employment-related information (for example, organization, title if provided)
• Inferences drawn from website interactions in a limited way (for example, what pages are most relevant to visitors)

PRM does not intentionally collect "Sensitive Personal Information" as defined under CPRA through the website.

B. Purposes for collection

We collect and use personal information for the business purposes described in Section 4, including providing services, responding to inquiries, operating the website, improving performance, security, and compliance.

C. Selling or sharing personal information

PRM does not sell personal information.

PRM does not share personal information for cross-context behavioral advertising.

D. Your California rights

Subject to certain exceptions, California residents may have the right to:

• Know what personal information we collected, used, and disclosed
• Access a copy of the personal information we maintain about you
• Delete personal information we collected from you
• Correct inaccurate personal information
• Opt out of sale/sharing (not applicable because we do not sell/share as described above)
• Limit the use/disclosure of sensitive personal information (generally not applicable because we do not intentionally collect it via the website)
• Non-discrimination for exercising privacy rights

E. Submitting a request

To submit a request, contact us at hello@procurementriskmanagement.com.

We will take steps to verify your request consistent with applicable law. Verification may require confirming access to the email address used to contact us and/or confirming details sufficient to locate the relevant records.

F. Authorized agents

You may use an authorized agent to submit a request. We may require proof of the agent's authorization and verification of your identity.

G. "Shine the Light"

PRM does not share personal information with third parties for their own direct marketing purposes.

13) Changes to This Policy

We may update this Privacy Policy from time to time. The "Last Updated" date reflects the most recent revision. Continued use of our website after changes means you accept the updated policy.

14) Contact Us

For questions about this Privacy Policy or privacy requests, contact: