Privacy Notice

Last Updated: May 3, 2018

This Privacy Notice describes how the PROS group of companies may collect, use, disclose and process personal data when individuals visit our website or otherwise provide information to us, either directly or indirectly, and when individuals use our cloud-based applications, portals and related services (collectively, our “Services”).

For additional information describing the use of our website, please see:

1. What we Collect

PROS collects information, which may include personal data, as part of our normal business operations, including the administration of our relationships with customers.

Data We Collect On Our Own Behalf

Business Contact and Customer Relationship Management. We collect and maintain information about our customers and their authorized users, which may include company name, business contact name and title, phone number, email and other contact details. We also collect billing address, financial account, order details, subscription and license information, and usage details. In addition, we collect user credential and profile data (name and other contact information) of our customers’ authorized users and account administrators.

Data Submitted Through our Services. In conducting business with us or seeking to conduct business with us, you may be prompted to provide certain personal data to us, including in the following ways:

Typically, the personal data you give us may include name, business affiliation, business address, phone number, and email address, and any personal details required to respond to or resolve any enquiries or complaints.

Third Parties. We may obtain personal data about business customers or prospects from third parties that we engage to perform lead generation services, and other publicly accessible sources, such as LinkedIn.

Usage Details/Analytics. We collect information derived from the performance, use and operation of our Services, including the number of records in our Services, and the number and types of transactions, configurations and reports processed in our Services. We also collect IP address, log files and other usage statistics as described below.

More specifically, when you visit our Services, our server automatically collects certain browser or device generated information, which may in some cases constitute personal data, including but not limited to:

De-identified Data. We may de-identify and aggregate certain data we collect such that the data no longer identifies or can be linked to a particular customer or an individual data subject, subject to the terms of any applicable customer agreements. We may use this data to improve our Services, analyze trends, publish market research, and for other marketing, research or statistical purposes, and we may disclose such data to third parties.

Data We Collect on Behalf of Our Customers
As a provider of Services, we receive, process and store certain information, including personal data, on behalf of our customers, which are businesses. In the normal course of using the Services and receiving support, our customers input electronic data into our systems, which may include personal data.

2. How We Use Data

Use of Personal Data We Collect on Our Own Behalf
The following is an overview of how we use personal data that we process as a data controller. When we use the terms “data controller” and “data processor” in this notice, we mean those terms as defined under applicable European data protection laws. Additional details on how we process your personal data may be provided to you in a separate notice or contract.

Our processing (i.e., use) of your personal data is justified on one or more legal bases:

We use the personal data we collect to:

Disclosure of Personal Data. PROS is a global group of companies and we may share personal data with our affiliated businesses as part of our business operations and administration of the Services. We may also appoint third party service providers (who will operate under our instructions) to assist us in providing Services to you, in conducting and managing our business, or in managing and improving the Services. PROS may share your personal data with these affiliates and third parties to perform services that they have been engaged by PROS to perform on our behalf, subject to appropriate contractual restrictions and security measures.

We also may disclose personal data:

Your Rights. Depending on your country of residence, applicable laws may entitle you to some or all of the following rights in respect of your personal data:

In addition to the above rights, you have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data that we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent, or to perform a contract with you). You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes. You also have the right to lodge a complaint with your local supervisory authority for data protection.

Please contact us to exercise these rights. Please note that we may request proof of identity and we reserve the right to charge a fee where permitted by law (for example, if your request is manifestly unfounded or excessive). We will endeavor to respond to your request within all applicable timeframes. If you contact us regarding personal data for which we are a data processor, we will attempt to refer your request to the data controller for your personal data.

Use of Personal Data We Collect on Behalf of Our Customers

In our capacity as a service provider, we process personal data at the direction of our customers. We may access personal data in accordance with our agreement with the relevant customer in order to provide the Services, prevent or address service or technical problems, respond to support issues, respond to customer’s instructions or as required by law. PROS is a data processor for all such personal data, which is owned and controlled by our customers who are the data controllers.

Subprocessors. We use subprocessors to perform on our behalf certain technical and administrative functions required in the provision of the Services. A list of PROS subprocessors, and more information about how we use subprocessors, is located on our customer portal, PROS Connect.

Microsoft is a subprocessor when we provide certain of our Services. Under the terms of certain of our agreements with Microsoft, any personal data provided to the Services and processed by Microsoft will be processed according to the Microsoft privacy and security terms available at and at

Processing of Data Outside of the Country of Collection. If PROS or its subprocessors process personal data of our EEA or Swiss customers in a country outside of the EEA or Switzerland, respectively, without an “adequate level of protection”, as defined in applicable data protection laws, PROS will enter into Standard Contractual Clauses (or such variation as required by applicable data protection laws) to ensure that personal data will be transferred in compliance with applicable data protection law.

3. General

Retention of Your Personal Data

We apply a general rule of keeping personal data only for as long as required to fulfill the purposes for which it was collected. However, in some circumstances we may retain personal data for other periods of time (for example, where we are required to do so in accordance with legal, tax or accounting requirements). In specific circumstances, we may also retain your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of your dealings with us in the event of any complaints or challenges. We may also retain your personal data for longer periods of time if required under a contract with you.


Data security is very important to us. We maintain a comprehensive, written information security program that contains administrative, technical and physical safeguards designed to prevent unauthorized access to customer data and other confidential information. In addition, we maintain the following certifications: SOC2 Type 2 (since 2014); ISO 27001 (since 2017) and CSA STAR (assessment available upon request). We provide additional information about our security measures in the documentation that our customers use to subscribe for certain of our Services.


Our website uses cookies. More information about our use of cookies can be found in our cookie policy at

Google Analytics

We use Google Analytics in certain of our Services. Google Analytics is a web analytics service provided by Google that uses cookies to help us analyze how users use our Services. The information generated by the cookies about your use of the Services will be transmitted to and stored by Google on servers in the United States. On our behalf, Google will use this information to evaluate your use of the Services, compile reports on Services activity and provide other services relating to Services activity. In addition, we may use the information Google collects about your use of our website for marketing purposes.

We have enabled Google’s IP Masking, which means that Google will truncate the last octet of the IP address for users. Only in exceptional cases will the full IP address be sent to and shortened by Google servers in the United States. Google will not associate your IP address with any other data held by Google.

Google has developed the Google Analytics opt-out browser add-on for the Google Analytics JavaScript (ga.js, analytics.js, dc.js). You can prevent Google’s collection and use of the data it collects as defined in its policy by downloading and installing this browser plug-in: For more information about Google Analytics cookies, please see Google’s help pages ( and privacy policy (

Contact Information
If you have any questions related to this notice, please email