Privacy Policy

At Tendium AB (”Tendium”), we make sure that all processing of personal data complies with applicable legislation. We are committed to protecting your personal data and want you to feel safe when sharing your personal information with us. The purpose of this Privacy Policy is to be transparent with our processing of your personal data and to clarify what rights you have as a data subject.

This Privacy Policy describes what kind of personal information we collect from you when you are in contact with us and use our services.

Tendium is the controller of personal data, and responsible for the collection, use, and management of the personal data that we process: 

  • Company registration number: 559169-6843
  • Visiting address: Klarabergsviadukten 63, 11164 Stockholm 
  • Postal address: Box 4122, 10263 Stockholm 

1. Cookies

We request to use and store cookies from you when you visit our website. You can regulate your preferences through the Cookie Consent Banner or the settings in your browser. Please read more about how we use cookies in our Cookie Policy.

2. Tendium's Website

2.1. Categories of personal data

When you visit our website, we automatically collect the following personal data: 

  • Information about your use of our website;
  • Technical data, which may include the URL you are accessing the website from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information, and operating system; and
  • Location data.

2.2. Purpose

  • To be able to provide our website and give you as a visitor a customised experience in accordance with your personal choices; and
  • Ensure the technical functionality of our website and protect our, third party’s, and visitor’s rights, property, and security.

2.3. Lawful ground

We need to process your personal data in order to customise our website and to make sure that misuse does not occur. We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR.

3. Contact forms

3.1. Categories of personal data

In addition to the personal data that is automatically collected when you visit our website, we process the following personal data when you contact us through a form on our website:

  • Name;
  • Email address;
  • Phone number;
  • Company name; and
  • Other information you want Tendium to know.

When you visit our website and request a free trial of our services, we ask you to provide us with (in addition to above mentioned information):

  • Job title, function and level;
  • Company website;
  • Country;
  • Work email address; and
  • An answer to the question of how Tendium can help you.

3.2. Purpose

  • To be able to provide contact with you in an appropriate and secure manner; and
  • To keep you informed about updates of our services, such as new features and up-to-date services (marketing purposes).

3.3. Lawful ground

We need to process your personal data to ensure that your contact/free trial request is fulfilled. This processing is based on contract in accordance with article 6.1 (b) GDPR, meaning that the processing is necessary to fulfil pre-contractual obligations at your request.

We also process personal data in order to keep you updated on our services, as you have expressed an interest (marketing purposes). We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR. Please note that you can always opt out of marketing emails.

4. Tendium's Newsletter

4.1. Categories of personal data

When you sign up for our newsletter, we process your:

  • Email address; and
  • Name.

You can, at any time, withdraw your subscription. In this case, you will no longer receive the newsletters and your personal data will no longer be processed for this purpose.

4.2. Purpose

To be able to provide the newsletter to you in accordance with your request. 

4.3. Lawful ground

We base our processing on consent in accordance with article 6.1 (a) GDPR.

5. Customer Stories

5.1. Categories of personal data

We process personal information that you, as a customer, voluntarily share with us during an interview, such as:

  • Name;
  • Email address;
  • The name of the company you work at; and 
  • Your position/title.

5.2. Purpose

  • To acquire a better understanding of how different people, roles, companies, and industries work with public procurement;
  • To get feedback on our service; and
  • To publish/customer stories on our website.

5.3. Lawful ground

We process personal data in order to improve, and market, our services. We base our processing on consent in accordance with article 6.1 (a) GDPR.

6. Webinars

6.1. Categories of personal data

We process the following categories of personal data when you sign up for a webinar with us:

  • Email address; and
  • Name.

6.2. Purpose

  • To be able to plan and conduct the webinar and to ensure that you, who is registered, can participate; 
  • To ensure that no unauthorised people participate; and
  • To keep you updated about our services (marketing purposes).

6.3. Lawful ground

We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR in order to keep you updated on our services and perform webinar(s). Please note that you can always opt out of marketing emails.

7. Other commercial activities

7.1. Categories of personal data

In order for us to conduct various commercial activities, we need to process the following categories of personal data:

  • Name;
  • Phone number;
  • Email address;
  • Company name; and
  • Position/title.

We have probably received this information from you at some point when you have been in contact with us, or from one of your colleagues. It is also possible that we have received the information from your friends or family who work with us, or alternatively from third-party sources.

7.2. Purpose

  • In order to market our products;
  • In order to create and maintain customer contact; 
  • To inform you about current offers, new features, and updates in our business; and
  • To ensure that you can download reports from us.

7.3. Lawful ground

We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR. 

8. The Tendium Platform

Tendium provides and operates an online service (https://app.tendium.com) available to suppliers who want to facilitate their bid work towards the public sector (the “Platform”). In this section, we describe our processing of personal data when you use the Platform and when Tendium holds the role as the controller of personal data. 

Please note that you have the option to connect third-party integrations to your Tendium account, which may request specific permissions to access data or transmit information to your account. The responsibility for reviewing authorised third-party integrations lies with you. 

8.1. Categories of personal data

User Account:  Personal data is collected when you register for a Tendium account, and when you provide any related information necessary for accessing or utilising our services. This personal data includes:

  • Email address;
  • Name; and
  • Registration number (which constitutes personal data when the legal form of your company is sole proprietorship).

Usage Data: Usage data is gathered when you, within your Tendium account, interact with our service. This encompasses metrics related to your interactions with the Platform, such as encountering issues, bugs, errors, and the frequency of certain features’ usage within your account.

8.2. Purpose

  • User Account: To provide you, as a customer, with access to the Platform via a Tendium account. 
  • Usage Data: To ensure uninterrupted service delivery, address issues, and enhance service quality.

8.3. Lawful ground

User Accounts: You have either entered into a contract with Tendium or are in the process of doing so. The processing of personal data is necessary for the execution of the contract to which you are a party or to fulfil pre-contractual obligations at your request, in accordance with article 6.1 (b) GDPR. 

Usage Data: We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. Tendium has a legitimate interest in ensuring the proper functioning of our service while safeguarding your privacy rights.

9. Documents relating to public procurement

Tendium compiles and retrieves documents and information concerning public procurement activities from public databases and public/official document requests, including framework agreements. 

9.1. Categories of personal data

We may process contact information of individuals referenced in these documents relating to public procurement, including:

  • Name;
  • Email address; 
  • Phone number; 
  • Job position; and 
  • Employer.

9.2. Purpose

Tendium’s primary offering revolves around delivering documents and information related to publicly announced procurement opportunities. We extract procurement data within our Platform to:

  • Simplify the bidding processes for suppliers;
  • Aid customers in monitoring public procurements;
  • Expand opportunities for suppliers to bid on and secure public contracts; and
  • Provide unique information to our customers and generate reports. 

* It is important to note that the intent is not to process personal data within these documents, but rather to facilitate access to data concerning public procurements and opportunities for our customers. 

9.3. Lawful ground

We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR.

10. Recordings and transcripts of phone/video calls

We want to ensure a smooth and informative experience when you engage with our Sales Representatives. To help with this, we record our phone calls and video meetings by default, in order to create transcripts. The first contact with our Sales Representatives is usually via a phone call. Once you’ve had an initial phone call with us and there’s an interest in exploring Tendium’s services further, we often schedule a video call. During this video call, both the audio and video are recorded. To make it clear that the call is being recorded, you’ll notice the presence of ”Tendium Notetaker” in the meeting. Please rest assured that if you have any reservations about being recorded, you can always express your objection. 

10.1. Categories of personal data*

In the recordings and transcripts, we will most probably handle your:

  • Name; 
  • Job position;
  • Email address;
  • Phone number; 
  • Voice; and
  • Face. 

* We ask you to not bring up any unnecessary personal data.

10.2. Purpose

  • Internal education: providing valuable training resources for newly hired employees and facilitating educational activities within our organisation;
  • Quality assurance: ensuring the high quality of sales calls and maintaining professionalism among our team; and 
  • Process optimisation: enhancing the efficiency of our sales processes.

10.3. Lawful ground

Our processing of personal data during these calls is based on legitimate interests, in accordance with article 6.1 (f) GDPR. 

11. Louis

We offer free use of our AI-assistant Louis (https://chat.tendium.ai/). Louis can assist you with providing answers to public procurement questions. 

11.1. Categories of personal data*

When using Louis, we process: 

  • Email address; and 
  • Usage data (at what date and time you ask Louis questions).

In addition, we analyse:

  • Input (what you ask to Louis); and
  • Output (what Louis responds to your question).

* We ask you to not bring up any personal data in your input to Louis.

11.2. Purpose

  • To be able to provide Louis as a service;
  • To improve and make Louis a better assistant, meaning that we analyse input, output, and response time; and
  • To be able to inform about updates relating to Louis and other relevant updates in our services (marketing purposes).

11.3. Lawful ground

We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR.

______________________________________________________________________________

Clarifications

Legitimate interests 

For processing activities that are based on legitimate interests, we carefully balance our legitimate interests with your right to privacy. Our conclusion is that our legitimate interests can be exercised without an infringement of your right to privacy that prevents our processing of personal data. You are more than welcome to contact us, and we can explain in detail how we weigh all interests against each other, and then delete your personal data if desired.

 

Marketing emails

When you participate in commercial activities carried out by Tendium, you accept the processing of your personal data in accordance with this Privacy Policy and to receive direct marketing from us or related parties. Please note that you can always opt out of marketing emails. If you opt out, you will no longer receive marketing emails from us and we will no longer process your personal data for this purpose.

______________________________________________________________________________

12. Storage of personal data

Processing activity 

Storage 

Cookies 

The storage period differs depending on the cookie in question. Please visit our Cookie Policy for information on cookie duration. 

Contact forms 

Tendium Newsletter 

Webinars

Other commercial activities 

We manage personal data sourced from the activities mentioned within our Customer Relationship Management System. We only maintain relevant contact details, and remove contacts and their personal data if there has been no engagement over the past year, unless there is a specific need to retain their information for marketing or sales activities, such as product information, event invitations, or billing questions. Data erasure takes place in three-month intervals. Thereafter, all unnecessary personal data based on the purposes of our processing is erased. 


Further, we communicate via email subscriptions with individuals who have explicitly opted into our subscription channels. All other marketing and informational emails are exclusively sent to recipients for whom the content holds relevance.

Customer Stories 

Data erasure takes place at one-year intervals. Thereafter, all unnecessary personal data based on the purposes of our processing is erased. Personal data that is needed to fulfil the purposes of our processing is kept, more specifically, in order to follow up on interviews. Additionally, we may publish Customer Stories on our blog for marketing purposes in accordance with your pre-given consent.

Tendium platform 

Should you choose to terminate your account and the associated agreement, Tendium will cease processing your personal data on the Platform. In the event of your complete account deletion, all personal data linked to your account and user profile will be permanently removed. 

Documents Relating to Public Procurement

Tendium stores documents relating to public procurement, hence, personal data included, for the duration necessary to fulfil the purposes of our data processing activities, which in this case is for as long as the procurement data from said documents are relevant and of interest for report purposes and for customers’ using the Platform. 


We want to highlight (again) that the intent is not to process personal data within these documents, but rather to facilitate access to data. 

Recordings and transcripts 

We retain the recordings for a period of two years. Thereafter, the recordings are deleted. 


Transcripts of meetings will be retained for as long as necessary to fulfil the purposes of our processing. However, after two years, we delete the association to the one whose personal data is being processed, meaning that we will no longer process personal data in the transcripts. 


Please note that only a limited group of employees, and authorised personnel only, will have access to the recordings and transcripts. Should the recordings and/or transcripts include any sensitive personal data, we will delete it immediately. By emailing dataskydd@tendium.com, you can request deletion of your personal data.

Louis 

Any traces of your email address, what questions you ask Louis, at what time and date, is automatically deleted after twelve months. 

13. Disclosure of personal data

We always aim to process your personal data within the EU/EEA. In some cases, we process personal data outside the EU/EEA through our service providers, for the above stated purposes. In the latter case, we always carry out a detailed pre-assessment in order to ensure that the processing of personal data is compliant with the GDPR. Please note that the only country outside the EU/EEA that we process personal data to is the US, and as of July 2023, the European Commission has assessed that the level of protection is adequate, provided that the receiver is participating in the EU-US Privacy Framework.

We may access, preserve, and share your information in response to a legal request (like a search warrant, court order or a subpoena, or the like), or when necessary to detect, prevent, and address fraud and other illegal activity to protect ourselves, you, and other users, including as part of investigations, if we have a good faith belief that the applicable law requires us to do so. This may include responding to legal requests from jurisdictions outside of the EU/EEA where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognised standards.

If the ownership of our business would change, we may transfer your information to the new owners so they can continue our services. The new owner will still have to honour the commitments we have made in this Privacy Policy.

14. Referral to other websites and services

You should be aware that when visiting our website and using our services, you may be referred to other websites and/or applications whose collection of personal data is beyond our control. The privacy notice of their websites will manage the personal data collected from you. We are not responsible for the processing of personal data by third parties in these situations. You understand and agree that the privacy policy of third parties will govern all use of information provided to third parties in accordance with this Privacy Policy.

15. Tendium Careers – Recruitment via Teamtailor

If you apply for employment at Tendium, your application, including personal data such as name, address, resume, cover letter, etc. will be subject to Teamtailor’s privacy policy. You can, at any time, request information about what kind of personal data Teamtailor is processing and you can request your data to be erased. You will thereafter no longer be contacted about job opportunities at Tendium. You send this request by clicking on this link.

16. Notice of changes

If we make changes to this Privacy Policy, we will notify you by publication on our website. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.

17. Your rights

Right

Description

Right to be forgotten

You have the right to have your personal data erased and be “forgotten” by us.

Right to rectification

The processing of your personal data shall be adequate and correct. You have the right to obtain a rectification of inaccurate personal data, without undue delay. You also have the right to have incomplete personal data completed.

Right to access

You have the right to obtain confirmation from us, whether or not personal data concerning you are processed, and, where that is the case, access to your personal data, including details of our processing.

Right to information

You have the right to information about how we manage your personal data. If something were to happen with your personal data that can affect you negatively, you have the right to know. Further, you have the right to know why your personal data is processed and used, who it may be disclosed to, how to revoke your consent, and similarly. You have the right to receive this information in an easy, accessible form with a clear and plain language. Additionally, you have the right to get a copy of your personal data once every calendar year without any costs. For any additional copies you request, we may charge a reasonable fee based on the administrative costs.

Right to restriction of processing

You have the right to ask that we restrict processing about you in some cases, for example if the information about you is not accurate and you have asked for rectification, or if you have objected to a certain processing.

Right to data portability

If the processing of your personal data is based on consent or performance of a contract, you have the right to data portability, which means that you have the right to transmit your data to another controller, for instance, another company.

18. How to exercise your rights as a data subject

To exercise your rights or if you have any questions or complaints, please contact us at dataskydd@tendium.com.

To ensure that you receive a prompt response, please provide your full name in your message and, if applicable, your address and the email address used for registration. Please note that you may need to verify your identity before your request can be processed.

19. Personal data incidents and complaints

If you have any complaints regarding our processing of your personal data, you can send the complaint to the Privacy Protection Authority, whose task is to monitor compliance with the GDPR.

We are also obliged to report personal data incidents to the Privacy Protection Authority. A personal data incident refers to an event that leads to an illegal/unintentional destruction, loss, or alteration of your personal data, but it can also be an event that leads to someone gaining unauthorised access to your personal data. We are obliged to report the incident to the Privacy Protection Authority within 72 hours of it being discovered.

Press here to find information about local European data protection authorities.

Last updated: 2023-12-20