Alexandria Client Portal Privacy Notice

Last Updated: February 17, 2026

1. Introduction

This Privacy Notice (“Notice”) describes how Alexandria Holdings LLC (together with its subsidiaries and other affiliates, “Alexandria,” “we,” “us,” or “our”) collects, uses, discloses, and safeguards information processed through our secure online portal (the “Portal”). The Portal is made available exclusively to authorized business entities who have entered into a written agreement with us (the “Customer Agreement”) and their designated representatives (“you” or “your”) for the purpose of participating in procurement-related activities.

This Notice is subject to the Customer Agreement and the Alexandria Client Portal Terms of Service of Agreement (the “Terms”). The Notice is intended to satisfy the requirements of the EU and UK General Data Protection Regulation (“GDPR”) and applicable U.S. state privacy laws governing personal information.

2. Scope of This Notice

This Notice applies to:

  • Authorized business users accessing the Portal
  • Information submitted in connection with bids, proposals, or other procurement activities
  • Communications between your organization and us

This Notice does not apply to public facing websites or consumer oriented services.

3. Categories of Information Collected

We may collect, receive, or generate the following categories of information, including:

A. Business Entity Information

  • Legal business name and identifiers
  • Business address and contact information
  • Tax identification numbers
  • Ownership and corporate structure, including personal information about owners and ultimate beneficial owners
  • Certifications and eligibility documentation

B. Bid, Proposal, and Contract Information

  • Bid submissions and supporting documents
  • Pricing and technical proposals
  • Compliance and due diligence materials
  • Contract performance records
  • Financial information, including data about corporate financial capabilities, billing and collections

C. User and System Information

  • User credentials and authorization levels
  • Access logs and activity records
  • Device, browser, and security telemetry

4. Purposes and Legal Bases for Processing

We process information for the following purposes:

A. Contractual Necessity

To establish, administer, and enforce contractual or pre contractual obligations, including bid evaluation and contract management.

B. Legal and Regulatory Compliance

To comply with procurement laws, audit requirements, and government contracting regulations.

C. Legitimate Interests

To ensure secure and efficient operation of the Portal, prevent fraud, and maintain system integrity.

D. Consent

Where required by law, we may rely on your explicit consent for specific processing activities.

E. U.S. State Law Purposes

Under U.S. state privacy laws, we also process personal information for:

  • Operational and service delivery purposes
  • Security and fraud prevention
  • Compliance and auditing
  • Internal analytics

5. Disclosure of Information

We may disclose information to:

  • Customers or potential customers, including government agencies involved in procurement or oversight and commercial entities
  • Prime contractors, subcontractors, and teaming or joint venture partners
  • Third party service providers, including authorized representatives, vendors, contractors, and those supporting hosting, security, analytics, or document management
  • Legal, regulatory, or judicial authorities, as well as others involved in investigating and preventing fraud or security issues relating to the Portal
  • Professional and business advisors under confidentiality obligations
  • Others in your organization
  • Our affiliates, including companies that we or our affiliates may acquire in the future and companies that may acquire us in the future due to a merger, acquisition or sale of assets
  • Third parties to whom you provide consent for us to disclose information

We do not sell or share personal information except as required by law.

6. Data Security

To protect the data in the Portal, we implement administrative, technical, and physical safeguards, including:

  • Access controls and authentication
  • Encryption in transit and at rest
  • Network monitoring and intrusion detection
  • Periodic audits and assessments

Although we seek to use commercially appropriate methods to protect your information, we cannot guarantee absolute security due to the inherent limitations of security measures and data transmissions over the internet. You are solely responsible for protecting your password, limiting access to your devices, and signing out of the Portal after your sessions.

7. Data Retention

We keep your information for as long as it is required in order to fulfill the relevant purposes described in this Notice, or for other essential purposes such as complying with our legal obligations, resolving disputes and enforcing our agreements. Our purposes for retention include:

  • Performing our contractual obligations to you
  • Fulfilling procurement and contract related obligations
  • Complying with legal and regulatory requirements
  • Maintaining accurate business and audit records

Our retention obligations may require us to retain your information after your relationship with us has ended. These retention obligations may also prohibit us in some cases from deleting information after you have asked us to delete your information.

8. Rights Under GDPR

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion (subject to legal exceptions)
  • Restrict or object to processing
  • Data portability
  • Lodge a complaint with a supervisory authority

9. Rights Under U.S. State Privacy Laws

Depending on your state of residence, you may have the right to:

  • Know what personal information is collected
  • Access and obtain a copy of personal information
  • Request deletion
  • Correct inaccuracies
  • Opt out of:
    • Targeted advertising
    • Sale of personal information
    • Certain profiling activities

We will not discriminate against you for exercising your rights.

10. International Data Transfers
Information we collect may be stored and processed in your region, in the United States or in any other country where we or our service providers maintain facilities. We maintain a primary data center in the United States. We take steps designed to ensure that the information we collect under this Notice is processed as described in this Notice and according to any applicable laws. As a result, your information may be subject to the laws of foreign jurisdictions, including laws that permit or require the disclosure of information to law enforcement or national security authorities upon request. When information is transferred outside your jurisdiction, we will seek to implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Your consent

11. Authorized User Responsibilities

As required by the Terms, authorized users must:

  • Maintain the confidentiality of credentials
  • Use the Portal only for legitimate business purposes
  • Ensure submitted information is accurate and authorized
  • Report suspected unauthorized access

12. Updates to This Notice

We may amend this Notice periodically. Updates will be posted within the Portal and become effective upon publication unless otherwise required by law.

13. Contact Information

For questions or to exercise your rights:

Privacy Office
Alexandria Holdings LLC
privacy@alexandria.com