Privacy Policy — Digital Procurement Now
Home / Privacy Policy
Legal

Privacy Policy

This policy explains how Digital Procurement Now collects, uses, and protects your personal data. We are committed to handling your information with transparency and in accordance with applicable data protection law.

Last updated: April 2026  ·  Version 1.0
Summary: We only collect the information you provide through our contact form. We use it to respond to your enquiry and, with your consent, to send relevant follow-up communications. We do not sell your data. You can withdraw consent or request deletion at any time by emailing roi@dpnow.ai.

1. Who we are

Digital Procurement Now (“DPNow”, “we”, “us”, “our”) is a procurement consultancy specialising in Coupa Source-to-Pay implementations and ongoing managed services. We are headquartered in Switzerland.

For the purposes of EU and Swiss data protection law, DPNow acts as the data controller in respect of the personal data described in this policy.

Data controller contact

Digital Procurement Now
Switzerland

Email: roi@dpnow.ai

Although DPNow is based in Switzerland (governed by the Swiss Federal Act on Data Protection — nFADP), we serve clients across the European Union and align our practices with the EU General Data Protection Regulation (GDPR, Regulation 2016/679) as the higher standard.

2. Data we collect

We collect only the personal data you voluntarily provide to us through our website contact form. This may include:

  • First name and last name
  • Business email address
  • Company name
  • Annual spend under management (optional, self-selected range)
  • Service-specific details you choose to share (e.g. ERP system, programme status, Coupa modules in use)
  • Any additional context you provide in the free-text notes field

We do not use website analytics, tracking pixels, or cookies beyond those strictly necessary for the website to function. We do not collect any special category data (e.g. health, political, or biometric data).

3. Why we use your data

PurposeDescription
Responding to your enquiryTo review your submission, route it to the right team member, and contact you to arrange a discovery call.
Follow-up communicationsWith your explicit consent, to send relevant information about our services, proposals, or updates.
CRM managementTo record and manage our relationship with you via HubSpot, our CRM platform.
Legal complianceTo comply with applicable legal obligations, including maintaining records of consent.

We do not use your data for automated decision-making or profiling.

4. Legal bases for processing

Under GDPR, we rely on the following legal bases:

  • Consent (Art. 6(1)(a) GDPR) — for sending follow-up communications and marketing. You provide this via the checkbox on our contact form. You may withdraw consent at any time.
  • Legitimate interests (Art. 6(1)(f) GDPR) — to respond to your enquiry and manage our business relationship. Our legitimate interest is balanced against your rights and is limited to processing directly related to your inbound request.
  • Legal obligation (Art. 6(1)(c) GDPR) — where we are required to retain records for compliance purposes.
Withdrawing consent: You can withdraw consent for follow-up communications at any time by emailing roi@dpnow.ai or clicking “unsubscribe” in any email we send you. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Data sharing and third parties

We do not sell, rent, or trade your personal data. We share your data only in the following limited circumstances:

  • HubSpot, Inc. — our CRM and email platform. Your contact details and enquiry information are stored in HubSpot to manage our relationship with you. HubSpot is certified under the EU-US Data Privacy Framework and provides appropriate safeguards for international transfers. See HubSpot’s Privacy Policy.
  • Our internal team — only team members who need to handle your enquiry will have access to your data.
  • Legal authorities — where we are required to disclose data by law, court order, or regulatory obligation.

We require all third-party processors to handle your data securely and in accordance with applicable data protection law.

6. International data transfers

DPNow is based in Switzerland. If you are located in the European Economic Area (EEA), your data may be transferred to and processed in Switzerland, which the European Commission has recognised as providing an adequate level of data protection (Adequacy Decision 2000/518/EC, updated under the EU–Switzerland framework).

Data processed via HubSpot may be transferred to the United States. HubSpot participates in the EU-US Data Privacy Framework and relies on Standard Contractual Clauses (SCCs) as an additional safeguard. You can request a copy of the applicable safeguards by contacting us.

7. How long we keep your data

Data typeRetention period
Enquiry data (contact form submissions)3 years from date of last contact, unless a client relationship is established
Client relationship data7 years from end of engagement (to meet contractual and legal obligations)
Consent recordsRetained for as long as we process data on that basis, plus 1 year

After the applicable retention period, data is securely deleted or anonymised. You may request earlier deletion — see Section 8 below.

8. Your rights

Under GDPR and the Swiss nFADP, you have the following rights in relation to your personal data:

  • Right of access — to request a copy of the personal data we hold about you.
  • Right to rectification — to request correction of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”) — to request deletion of your data, subject to legal obligations to retain certain records.
  • Right to restrict processing — to ask us to pause processing your data in certain circumstances.
  • Right to data portability — to receive your data in a structured, machine-readable format.
  • Right to object — to object to processing based on legitimate interests.
  • Right to withdraw consent — at any time, where processing is based on consent, without affecting prior lawful processing.
  • Right to lodge a complaint — with your national supervisory authority. EU residents may contact their local Data Protection Authority. Swiss residents may contact the Federal Data Protection and Information Commissioner (FDPIC) at www.edoeb.admin.ch.

To exercise any of these rights, email us at roi@dpnow.ai. We will respond within 30 days. We may need to verify your identity before fulfilling a request.

9. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include access controls, encrypted communications, and limiting data access to authorised personnel only.

In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Art. 33–34.

10. Children

Our website and services are directed at business professionals and are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently received data from a child, please contact us immediately at roi@dpnow.ai and we will delete it promptly.

11. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page will always indicate the most recent revision.

Where changes are material, we will take reasonable steps to notify you — for example, by email if we hold your contact details. Continued use of our website or services after any update constitutes acceptance of the revised policy.

12. Contact us

If you have any questions about this Privacy Policy, how we handle your data, or wish to exercise your rights, please contact us:

Digital Procurement Now

Switzerland

Email: roi@dpnow.ai

We aim to respond to all data protection enquiries within 30 days.

© 2026 Digital Procurement Now · Switzerland · Privacy Policy · Contact