Legal

Privacy Policy

Effective date: 2 May 2026. Last updated: 2 May 2026.

1. Who we are

This website (procurement.dfbl-solution.com) is operated by DFBL Limited, a company incorporated in Ireland under company number 772000, with its registered office at:

DFBL Limited
The Tara Building
11–15 Tara Street
Dublin 2, D02 RY83
Ireland

For the purposes of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), DFBL Limited is the data controller of personal data collected through this website.

2. Scope

This policy describes how we collect, use, share and protect personal data when you visit our marketing website, request a meeting, or submit our procurement maturity audit. It does not cover the DFBL Procure SaaS application provided to customers under a separate contract; that processing is governed by the applicable Master Services Agreement and Data Processing Addendum.

3. Information we collect

We collect the following categories of personal data:

  • Audit form submissions. When you submit our procurement maturity audit, we collect: company name, contact name, contact email, your responses to the maturity questions (Likert scale 1–5), the procurement categories you select, your annual spend band, and your explicit consent to be contacted. We also store the locale you used (EN / FR / ES).
  • Meeting requests. When you book a meeting via the "Book a 30-min call" button, you are redirected to TidyCal, which collects the data required to schedule the meeting (name, email, time slot, optional message). That collection is governed by TidyCal's own privacy policy.
  • Server and technical logs. Like any website, our hosting provider records standard technical data (IP address, browser user-agent, timestamp, requested URL, HTTP status). These logs are used for security, integrity, and operational diagnostics only.

We do not use any third-party analytics, advertising pixels, or marketing cookies. We do not build behavioural profiles of visitors.

4. Why we use your data and on what legal basis

  • Audit submissions: to compute and return your maturity score and indicative savings range, and to follow up by email on the result of the audit and a possible engagement. Legal basis: your explicit consent (Art. 6(1)(a) GDPR).
  • Meeting requests: to schedule and prepare the call. Legal basis: steps taken at your request prior to entering into a contract (Art. 6(1)(b) GDPR).
  • Server logs: to operate the website securely. Legal basis: our legitimate interest in the security and reliability of our service (Art. 6(1)(f) GDPR).

5. Service providers (sub-processors)

We rely on a limited number of vetted service providers to operate the website. They process personal data only on our instructions, under written agreements that include GDPR-required safeguards.

  • Hostinger International Ltd. — website hosting and server logs (EU servers).
  • Resend, Inc. — transactional email delivery (audit results, meeting confirmations). Hosted in the United States.
  • TidyCal (TinyApps LLC). — meeting scheduling. Hosted in the United States.

6. International transfers

Some of our service providers (Resend, TidyCal) are established outside the European Economic Area, in the United States. Where personal data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses and any additional safeguards required to ensure an adequate level of protection equivalent to that guaranteed by EU law.

7. How long we keep your data

  • Audit submissions and contact data: retained for up to 24 months from the date of submission for the purpose of commercial follow-up, then deleted unless you have entered into a contract with us.
  • Meeting metadata: retained as long as the TidyCal account holds it; we keep an internal record of scheduled meetings for up to 24 months.
  • Server logs: retained for up to 90 days, then automatically purged.

You can ask us to delete your data sooner at any time (see Section 9).

8. Cookies

This website does not set tracking, advertising, or analytics cookies. The only cookies that may be set are strictly technical cookies required for the website to function (for example, to remember your language preference). No consent banner is required because no non-essential cookies are deployed.

9. Your rights

Under the GDPR, you have the right to:

  • access the personal data we hold about you;
  • request rectification of inaccurate or incomplete data;
  • request erasure of your data (right to be forgotten);
  • request restriction of processing;
  • object to processing based on legitimate interest;
  • request data portability;
  • withdraw your consent at any time, without affecting the lawfulness of processing carried out before withdrawal;
  • lodge a complaint with the Irish Data Protection Commission (dataprotection.ie) or the supervisory authority of your country of residence.

To exercise any of these rights, contact us at privacy@dfbl-solution.com. We will respond within one month.

10. Security

We apply technical and organisational measures appropriate to the risk: encrypted transport (HTTPS / TLS), access controls, hardened hosting, and regular review of our service providers. No transmission over the internet is fully secure; we cannot guarantee absolute security but commit to applying industry standards.

11. Children

This website is intended for business users. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, contact us and we will delete it.

12. Changes to this policy

We may update this policy to reflect changes in our practice or in applicable law. The "Last updated" date at the top of the page indicates the most recent version. Material changes will be notified to active contacts by email where feasible.

13. Contact

Questions, requests, and complaints about this policy or our handling of your personal data:

DFBL Limited
The Tara Building, 11–15 Tara Street, Dublin 2, D02 RY83, Ireland
Email: privacy@dfbl-solution.com

Privacy Policy — DFBL Procure