Privacy Policy
At Tendium (Tendium AB), we make sure that all processing of personal data complies with applicable legislation. We protect your personal privacy and take data protection seriously. We want you to feel safe when sharing your personal information with us and the purpose of this Privacy Policy is to be transparent with our processing of your personal data and to clarify what rights you have as a data subject.
This Privacy Policy describes what kind of personal information we collect from you when you, inter alia, visit our websites (www.tendium.ai and www.anbudsintelligens.se including subdomains), contact us through our websites (for instance when booking a demo), sign up for our newsletter, and when you conduct interviews with us, as well as how we process your personal information and who we share it with. If you have any questions, comments, or want to assert any of your rights described below, please contact us at dataskydd@tendium.com.
1. Introduction
1.1. The General Data Protection Regulation and processing of personal data
Organisations that collect personal data must follow the General Data Protection Regulation (GDPR). GDPR has multiple purposes, one of which is to protect the right to privacy and integrity, which specifically includes the protection of personal data. “Personal data” is information that can be linked to a natural living person, such as name and address, but it can also be other information, such as IP-address. “Processing” can include, for example, collection, registration, storage, and transmission of personal data. The person whose data is being processed is called “Data subject”.
1.2. Tendium is responsible for your personal information
The one who decides why and how processing of personal data takes place within an organisation is the personal data controller. Tendium AB is the controller:
- Company registration number: 559169-6843
- Visiting address: Regeringsgatan 28, 11156 Stockholm
- Postal address: Box 4122, 102 63 Stockholm
Tendium is responsible for the collection, use and management of personal data about individuals who visit our websites, contact us through one of our features on our websites, sign up for our newsletter, conduct interviews with us, sign up for webinars, and other commercial activities.
2. The usage of cookies
We request to use and store cookies from you, which you can regulate through the cookie consent banner by not leaving your consent. Read more about how we use cookies:
- Tendium (cookie policy)
- Anbudsintelligens (cookie policy)
3. When you visit our websites
3.1. Categories of personal data
When you visit our websites, some personal data will be collected automatically, including:
- Information about your use of our websites;
Technical data, which may include the URL you are accessing the websites from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information, and operating system; and
- Location data.
3.2. Purpose
The purpose of our processing of your personal data when visiting our websites is to be able to provide our websites to you as a visitor and to give you a customised experience in accordance with your personal choices. The purpose is further to ensure the technical functionality of our websites and to protect our, third party’s, and the visitors’ rights, property, and security.
3.3. Lawful ground
Balancing of interests
We need to process your personal data in order to customise our websites and to make sure that misuse does not occur. For processing activities that are based on legitimate interests, we carefully balance our legitimate interests with your right to privacy. Our conclusion is that our legitimate interests can be exercised without an infringement of your right to privacy that prevents our processing of personal data.
3.4. Storage of your personal data
We store your personal data for as long as it is necessary in order to fulfil the purposes of the processing of your personal data. Information that we receive from you when you visit our websites can, however, be used and stored for a longer period of time when the information is subject to legal inquiry or obligation, government investigation or investigations regarding possible violations of our terms of use or policie, or otherwise to prevent damage.
4. When you contact us through our websites
4.1. Categories of personal data
In addition to the personal data that is automatically collected when visiting our websites, we process the following personal data when you contact us through a form on our websites:
- Name;
- Email address;
- Telephone number (not required);
- Company name (not required); and
- IP-address.
4.2. Purpose
The purpose of our processing of your personal data when you contact us through the contact form on our websites is to be able to provide contact with you in an appropriate and secure manner.
We process personal data based on marketing purposes, in order to be able to send notifications and messages by email and to contact you by telephone. This includes marketing of our and related third-party services and products. We collect personal data to keep you informed about updates of our services, for example regarding new features. We also process your personal data in order to offer you up-to-date services.
4.3. Lawful ground
Balancing of interests
We process your personal data to keep you updated about new features and services, based on our legitimate interest to keep you informed on developments and to offer you up-to-date services. When we process your personal data on the lawful ground of legitimate interests, we have considered what our processing of your personal data means for your interests and right to privacy in comparison with the importance of our legitimate interests. Our conclusion is that our legitimate interests can be exercised without an infringement of your right to privacy that prevents the processing of personal data. If you, on the other hand, do not think that our processing of your personal data is okay, you are more than welcome to contact us, and let us explain in detail how we weighed all interests against each other and then, if you want, delete your personal data.
4.4. Storage of your personal data
We store your personal data for as long as necessary in order to fulfil the purposes of our processing of your personal data. Information that we receive from you when you contact us through our websites can, however, be used and stored for a longer period of time when the information is subject to legal inquiry or obligation, government investigation or investigations regarding possible violations of our terms of use or policie, or otherwise to prevent damage.
5. Tendium's newsletter
5.1. Categories of personal data
If you are interested in events related to public procurement, digitisation, and AI, Tendium’s newsletter may be something for you. When you sign up for our newsletter, we need to process your:
- Email address; and
- Name (not mandatory).
You can sign up here and you can, at any time, withdraw your subscription in order for the newsletters to end and we will no longer process your personal data for this purpose.
5.2. Purpose
The purpose of our processing of your personal data when you sign up for the newsletter is to be able to provide the newsletter to you in order to keep you updated about news about public procurement, AI, and digitisation. If you don’t provide us with your email address, we are not able to send our newsletter to you.
5.3. Lawful ground
Consent
We process your personal data in order to deliver the newsletter to you. Our processing of your personal data when you sign up for the newsletter is based on your consent.
When you sign up for the newsletter, you accept the processing of personal data in accordance with this Privacy Policy and to receive direct marketing from us or related parties. You always have the right to deny that your personal data is used for direct marketing and you can withdraw your previous consent at any time by contacting us at dataskydd@tendium.com or by unsubscribing from our emails.
5.4. Storage of your personal data
We store your personal data as long as necessary in order to fulfil the purposes of our processing of personal data.
6. Interviews
6.1. Categories of personal data
We collect personal data about you when you conduct interviews with Tendium. We process personal information that you voluntarily share with us during the interview, such as name, email address, the name of the company you work at, and your position.
6.2. Purpose
When you share your personal data with us during an interview, we need to process your personal data in order to analyse the other information that you share with us.
This means that the information that you provide us with (except for your personal data) is used to develop our services, mainly our tender platform, and to improve our operations in general.
The interview is conducted in order for us to analyse user behaviour regarding public procurement, which can improve our functions in order to make them more user-friendly and relevant. We analyse and examine the personal data in order to see how different industries and workplaces work with public procurement. By analysing interviews, we can acquire a better understanding of how different people, roles, companies and industries work and look at processes in public procurement. It is also of interest to get feedback on our service.
6.3. Lawful ground
Balancing of interests
The processing of personal data during interviews is based on the lawful ground of balancing of interests, which is motivated by the fact that the processing of personal data is necessary to fulfil our legitimate interest in analysing, developing and improving our service for our customers and for our business in general.
When we process your personal data on the lawful ground of legitimate interests, we have considered what our processing of your personal data means for your interests and right to privacy in comparison with the importance of our legitimate interests. Our conclusion is that our legitimate interests can be exercised without an infringement of your right to privacy that prevents the processing of personal data. If you, on the other hand, do not think that our processing of your personal data is okay, you are more than welcome to contact us, and let us explain in detail how we weighed all interests against each other and then, if you want, delete your personal data.
6.4. Storage of your personal data
When conducting an interview with us, the storage of your personal data is carried out in one of two following ways:
a) The conversation is recorded, saved as a sound file, and thereafter erased as soon as the file has been transcribed into text. We will ask you if you think it’s okay for the call to be recorded and act in accordance with your wishes.
b) The conversation is not recorded, instead, notes are kept continuously during the interview.
We analyse the collected material on our own. Data erasure takes place at one-year intervals and then all personal data, that is no longer needed based on the purposes of the processing, is deleted. If we need the personal data to fulfil the purposes of our processing, we save the data, for example in order to follow-up on the interview.
7. When you sign up for our webinars
7.1. Categories of personal data
If you are interested in attending our webinars, we need to process the following categories of personal data:
- Email address; and
- Name.
Information about when we arrange our webinars is found on our Linkedin-page.
7.2. Purpose
The purpose of our processing of your personal data when you sign up for our webinars is to be able to plan and conduct the webinar and to ensure that you, who is registered, can participate. We need your name and email address to add you as a participant in the webinar and to ensure that no unauthorised people participate.
Through your registration for the webinar, you will receive marketing material from us in order to keep you updated about our products.
7.3. Lawful ground
Consent
We process your personal data in order to conduct webinars with you as a participant, and the processing of your personal data is based on your consent.
When you sign up for one of our webinars, you accept the processing of personal data in accordance with this Privacy Policy and to receive direct marketing from us or related parties. You always have the right to deny that your personal data is used for direct marketing and you can withdraw your previous consent at any time by contacting us at dataskydd@tendium.com or by unsubscribing from our emails.
7.4. Storage of your personal data
We store your personal data as long as necessary in order to fulfil the purposes of our processing of personal data.
8. Other commercial activities
8.1. Categories of personal data
In order for us to conduct various commercial activities, we need to process the following categories of your personal data:
- Name;
- Phone number;
- Email address;
- Company name; and
- Position.
We have probably received this information from you at some point when you have been in contact with us or from one of your colleagues. It is also possible that we have received the information from your friends or family who work with us, or alternatively from third-party sources.
8.2. Purpose
The purpose of our processing of your personal data in commercial activities is to market our products, create and maintain customer contact, and to inform you about current offers, new features, and updates in our business.
We also collect personal data for inquiries about booking a demo, telephone and email contact, subscription to our newsletter, registration for webinars, and other events. In addition, the personal data is used for you to be able to get an offer for a product or service and for you to be able to download reports from us.
8.3. Lawful ground
Balancing of interests
For commercial activities, we process your personal data on the lawful ground balancing of interests, which is motivated by the fact that the processing is necessary in order for us to fulfil our legitimate interest of marketing our products, create and maintain contact with customers, and to keep customers and other interested parties updated about our business.
When we process your personal data on the lawful ground of legitimate interests, we have considered what our processing of your personal data means for your interests and right to privacy in comparison with the importance of our legitimate interests. Our conclusion is that our legitimate interests can be exercised without an infringement of your right to privacy that prevents the processing of personal data. If you, on the other hand, do not think that our processing of your personal data is okay, you are more than welcome to contact us, and let us explain in detail how we weighed all interests against each other and then, if you want, delete your personal data.
8.4. Storage of your personal data
We store your personal data for as long as necessary in order to fulfil the purposes of our processing of your personal data. You always have the right to deny that your personal data is used for direct marketing and you can withdraw your previous consent at any time by contacting us at dataskydd@tendium.com or by unsubscribing from our emails.
9. Disclosure of personal data
We may share and disclose your personal data to our partners, suppliers, and related third parties for the above stated purposes within and outside the EU/EEA. We use Hubspot, mainly for marketing purposes and other commercial activities, whose personal data process takes place in the USA. Hubspot complies with current data protection legislation and ensures that your personal data is protected in accordance with the requirements of the GDPR. Read more on Hubspot’s privacy policy.
You understand and agree that the privacy policy of third parties will govern all use of information provided to third parties in accordance with this Privacy Policy.
We may access, preserve, and share your information in response to a legal request (like a search warrant, court order or a subpoena, or the like), or when necessary to detect, prevent, and address fraud and other illegal activity to protect ourselves, you, and other users, including as part of investigations, if we have a good faith belief that the applicable law requires us to do so.
This may include responding to legal requests from jurisdictions outside of the EU/EEA where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognised standards.
10. How do we protect your personal data?
We use two-factor authentication to log in and gain access to the personal data that is processed and stored in a specific IT system (Hubspot). Only team members at Tendium that need access to your personal data are granted access for specific given purposes. We use IT support where the personal information is stored in a secure way.
11. Notice of changes
Amendments
If we make changes to this Privacy Policy, we will notify you by publication on our websites. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.
Change of control
If the ownership of our business changes, we may transfer your information to the new owners so they can continue our services. The new owner will still have to honour the commitments we have made in this Privacy Policy.
12. Your rights as data subject
The one whose personal data is being processed by us is called data subject, and as a data subject, you have certain rights that you can assert in accordance with the description below. Your rights apply to all of our processing of your personal data, which includes contact with us through our websites, visits to our websites, sign up for our newsletter, interviews, by registering for a webinar, and for other commercial activities.
Right to be forgotten
You have the right to have your personal data erased and you have the right to be forgotten, for instance if you get newsletters and no longer want them.
Right to rectification
The processing of personal data shall be adequate and correct. You have the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data. You have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to access by the data subject
You have the right to obtain confirmation from us as controller, whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. You have the right to information about the categories of personal data concerned, how long the data will be stored, where we got the information, and so on.
Right to information about how we manage your personal data
You have the right to information about how we manage your personal data. You have the right to information when the personal data is obtained and when you ask for information. If something were to happen with your personal data that can affect you negatively, you have the right to know. You have the right to information about why your personal data is processed and used, who the information may be disclosed to, how to revoke your consent, and so on.
You have the right to this information in an easy accessible form with a clear and plain language. You have the right to get a copy of the personal data that we process once every calendar year without any costs. For any additional copies you request, we may charge a reasonable fee based on the administrative costs.
Right to restriction of processing
You have the right to ask that we restrict processing about you in some cases, for example if the information about you is not accurate and you have asked for rectification or if you have objected to a certain processing.
Right to object to the processing of your personal data
You have the right to object to the processing of your personal data and you can, whenever, object to processing of your personal data which is based on direct marketing. You can also revoke your consent. Revoking your consent will however not affect the lawful ground on the earlier processing before the consent was revoked, and based on other lawful grounds we can continue to process your personal data, except for direct marketing.
Right to data portability
If the processing of your personal data is based on consent or performance of a contract, you have the right to data portability, which means that you have the right to transmit your data to another controller, for instance, another company.
13. How to exercise your rights as a data subject
To exercise your rights or if you have any questions or complaints, please contact us at dataskydd@tendium.com.
To ensure that you receive a prompt response, please provide your full name in your message and, if applicable, your address and the email address used for registration. Please note that you may need to verify your identity before your request can be processed.
14. Referral to other websites and collection of personal data
You should be aware that when visiting our websites (including subdomains) and when you sign up for the newsletter, you may be referred to other websites and/or applications whose collection of personal data is beyond our control. The privacy notice of their websites will manage the personal data collected from you and this Privacy Policy only applies to our websites and subdomains. We are not responsible for the processing of personal data by third parties.
Google’s service reCAPTCHA
We use the Google service reCAPTCHA in order to distinguish human and automated access. reCAPTCHA is used to ensure that a human contacts us through the form on our websites and not a robot. The original version of reCAPTCHA asked users to interpret difficult text or to match images.
The use of this service is subject to Google’s privacy policy and terms of use. The service works by collecting hardware and software information, such as device and application data, and this data is transferred to Google for analysis. The information collected will be used to improve the service and for general security purposes, the service will not be used for personal advertising by Google.
Tendium Careers – Teamtailor
If you apply for employment at Tendium, your application, including personal data such as name, address, resume, cover letter, etc. will be subject to Teamtailor’s privacy policy. Please read Teamtailor’s privacy policy before applying for employment with Tendium.
You can, at any time, request information about what kind of personal data Teamtailor is processing and you can request your data to be erased. You will thereafter no longer be contacted about job opportunities at Tendium. You send this request by clicking on this link.
On our websites you may be referred to LinkedIn and their website. Click here to read LinkedIn’s privacy policy.
You may also be referred to Twitter on our website. Here is Twitter’s privacy policy.
15. Personal data incidents and complaints
If you have any complaints regarding our processing of your personal data, you can send the complaint to the Privacy Protection Authority in Sweden or the Data Protection Ombudsman’s office in Finland, whose task is to monitor compliance with the GDPR.
We are also obliged to report personal data incidents to the Privacy Protection Authority. A personal data incident refers to an event that leads to an illegal/unintentional destruction, loss, or alteration of your personal data, but it can also be an event that leads to someone gaining unauthorised access to your personal data. We are obliged to report the incident to the Privacy Protection Authority within 72 hours of it being discovered.
Press here to find information about local European data protection authorities.
Last updated: 2022-03-16
Svenska
