Privacy Policy

At Tendium AB (“Tendium“), we make sure that all processing of personal data complies with applicable legislation. We are committed to protecting your personal data and want you to feel safe when sharing your personal information with us. The purpose of this Privacy Policy is to be transparent with our processing of your personal data and to clarify what rights you have as a data subject.

This Privacy Policy describes what kind of personal information we collect from you when you are in contact with us and use our services.

Tendium is the controller of personal data, and responsible for the collection, use, and management of the personal data that we process:

Company registration number: 559169-6843
Visiting address: Regeringsgatan 28, 11156 Stockholm
Postal address: Box 4122, 10263 Stockholm

1. Cookies

We request to use and store cookies from you when you visit our website or the Tendium Platform. You can regulate your preferences through the Cookie Consent Banner or the settings in your browser. Please read more about how we use cookies in our Cookie Policy.

2. Tendium's Website

2.1. Categories of personal data

When you visit our website, we automatically collect the following personal data:

Information about your use of our website;
Technical data, which may include the URL you are accessing the website from, your IP address, unique device ID, network and computer performance, browser type, language and identifying information, and operating system; and
Location data.

2.2. Purpose

To be able to provide our website and give you as a visitor a customised experience in accordance with your personal choices; and
Ensure the technical functionality of our website and protect our, third party’s, and visitor’s rights, property, and security.

2.3. Lawful ground

We need to process your personal data in order to customise our website and to make sure that misuse does not occur. We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR.

3. Contact forms

3.1. Categories of personal data

In addition to the personal data that is automatically collected when you visit our website, we process the following personal data when you contact us through a form on our website:

Name;
Email address;
Phone number;
Company name; and
Other information you want Tendium to know.

When you visit our website and request a free trial of our services, we ask you to provide us with (in addition to above mentioned information):

Job title, function and level;
Company website;
Country;
Work email address; and
An answer to the question of how Tendium can help you.

3.2. Purpose

To be able to provide contact with you in an appropriate and secure manner; and
To keep you informed about updates of our services, such as new features and up-to-date services (marketing purposes).

3.3. Lawful ground

We need to process your personal data to ensure that your contact/free trial request is fulfilled. This processing is based on contract in accordance with article 6.1 (b) GDPR, meaning that the processing is necessary to fulfil pre-contractual obligations at your request.

We also process personal data in order to keep you updated on our services, as you have expressed an interest (marketing purposes). We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR. Please note that you can always opt out of marketing emails.

4. Tendium's Newsletter

4.1. Categories of personal data

When you sign up for our newsletter, we process your:

Email address; and
Name.

You can, at any time, withdraw your subscription. In this case, you will no longer receive the newsletters and your personal data will no longer be processed for this purpose.

4.2. Purpose

To be able to provide the newsletter to you in accordance with your request.

4.3. Lawful ground

We base our processing on consent in accordance with article 6.1 (a) GDPR.

5. Customer Stories

5.1. Categories of personal data

We process personal information that you, as a customer, voluntarily share with us during an interview, such as:

Name;
Email address;
The name of the company you work at; and
Your position/title.

5.2. Purpose

To acquire a better understanding of how different people, roles, companies, and industries work with public procurement;
To get feedback on our service; and
To publish/customer stories on our website.

5.3. Lawful ground

We process personal data in order to improve, and market, our services. We base our processing on consent in accordance with article 6.1 (a) GDPR.

6. Webinars

6.1. Categories of personal data

We process the following categories of personal data when you sign up for a webinar with us:

Email address; and
Name.

6.2. Purpose

To be able to plan and conduct the webinar and to ensure that you, who is registered, can participate;
To ensure that no unauthorised people participate; and
To keep you updated about our services (marketing purposes).

6.3. Lawful ground

We base our processing on consent in accordance with article 6.1 (a) GDPR.

7. Other commercial activities

7.1. Categories of personal data

In order for us to conduct various commercial activities, we need to process the following categories of personal data:

Name;
Phone number;
Email address;
Company name; and
Position/title.

We have probably received this information from you at some point when you have been in contact with us, or from one of your colleagues. It is also possible that we have received the information from your friends or family who work with us, or alternatively from third-party sources.

7.2. Purpose

In order to market our products;
In order to create and maintain customer contact;
To inform you about current offers, new features, and updates in our business; and
To ensure that you can download reports from us.

7.3. Lawful ground

We base our processing on legitimate interests in accordance with article 6.1 (f) GDPR.

8. The Tendium Platform

Tendium provides and operates an online service (https://app.tendium.com) available to suppliers who want to facilitate their bid work towards the public sector (the “Platform”). In this section, we describe our processing of personal data when you use the Platform and when Tendium holds the role as the controller of personal data.

Please note that you have the option to connect third-party integrations to your Tendium account, which may request specific permissions to access data or transmit information to your account. The responsibility for reviewing authorised third-party integrations lies with you.

8.1. Categories of personal data

User Account: Personal data is collected when you register for a Tendium account, and when you provide any related information necessary for accessing or utilising our services. This personal data includes:

Email address;
Name; and
Registration number (which constitutes personal data when the legal form of your company is sole proprietorship).

Usage Data: Usage data is gathered when you, within your Tendium account, interact with our service. This encompasses metrics related to your interactions with the Platform, such as encountering issues, bugs, errors, and the frequency of certain features’ usage within your account.

8.2. Purpose

User Account: To provide you, as a customer, with access to the Platform via a Tendium account.
Usage Data: To ensure uninterrupted service delivery, address issues, and enhance service quality.

8.3. Lawful ground

User Accounts: You have either entered into a contract with Tendium or are in the process of doing so. The processing of personal data is necessary for the execution of the contract to which you are a party or to fulfil pre-contractual obligations at your request, in accordance with article 6.1 (b) GDPR.

Usage Data: We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR. Tendium has a legitimate interest in ensuring the proper functioning of our service while safeguarding your privacy rights.

9. Documents relating to public procurement

Tendium compiles and retrieves documents and information concerning public procurement activities from public databases and public/official document requests, including framework agreements.

9.1. Categories of personal data

We may process contact information of individuals referenced in these documents relating to public procurement, including:

Name;
Email address;
Phone number;
Job position; and
Employer.

9.2. Purpose

Tendium’s primary offering revolves around delivering documents and information related to publicly announced procurement opportunities. We extract procurement data within our Platform to:

Simplify the bidding processes for suppliers;
Aid customers in monitoring public procurements;
Expand opportunities for suppliers to bid on and secure public contracts; and
Provide unique information to our customers and generate reports.

* It is important to note that the intent is not to process personal data within these documents, but rather to facilitate access to data concerning public procurements and opportunities for our customers.

9.3. Lawful ground

We base our processing on legitimate interests, in accordance with article 6.1 (f) GDPR.

10. Recordings and transcripts of phone/video calls

We want to ensure a smooth and informative experience when you engage with our Sales Representatives. To help with this, we record our phone calls and video meetings by default, in order to create transcripts. The first contact with our Sales Representatives is usually via a phone call. Once you’ve had an initial phone call with us and there’s an interest in exploring Tendium’s services further, we often schedule a video call. During this video call, both the audio and video are recorded. To make it clear that the call is being recorded, you’ll notice the presence of “Tendium Notetaker” in the meeting. Please rest assured that if you have any reservations about being recorded, you can always express your objection.

10.1. Categories of personal data*

In the recordings and transcripts, we will most probably handle your:

Name;
Job position;
Email address;
Phone number;
Voice; and
Face.

* We ask you to not bring up any unnecessary personal data.

10.2. Purpose

Internal education: providing valuable training resources for newly hired employees and facilitating educational activities within our organisation;
Quality assurance: ensuring the high quality of sales calls and maintaining professionalism among our team; and
Process optimisation: enhancing the efficiency of our sales processes.

10.3. Lawful ground

Our processing of personal data during these calls is based on legitimate interests, in accordance with article 6.1 (f) GDPR.

11. Disclosure of personal data

We may share and disclose your personal data to our partners, suppliers, and related third parties for the above stated purposes within and outside the EU/EEA. We use Hubspot, mainly for marketing purposes and other commercial activities, whose personal data process takes place in the USA. Hubspot complies with current data protection legislation and ensures that your personal data is protected in accordance with the requirements of the GDPR. Read more on Hubspot’s privacy policy.

You understand and agree that the privacy policy of third parties will govern all use of information provided to third parties in accordance with this Privacy Policy.

We may access, preserve, and share your information in response to a legal request (like a search warrant, court order or a subpoena, or the like), or when necessary to detect, prevent, and address fraud and other illegal activity to protect ourselves, you, and other users, including as part of investigations, if we have a good faith belief that the applicable law requires us to do so.

This may include responding to legal requests from jurisdictions outside of the EU/EEA where we have a good faith belief that the response is required by law in that jurisdiction, affects users in that jurisdiction, and is consistent with internationally recognised standards.

12. How do we protect your personal data?

We use two-factor authentication to log in and gain access to the personal data that is processed and stored in a specific IT system (Hubspot). Only team members at Tendium that need access to your personal data are granted access for specific given purposes. We use IT support where the personal information is stored in a secure way.

13. Notice of changes

Amendments

If we make changes to this Privacy Policy, we will notify you by publication on our websites. If the changes are material, we will provide you additional, prominent notice as appropriate under the circumstances and, where required under applicable law, ask for your consent.

Change of control

If the ownership of our business changes, we may transfer your information to the new owners so they can continue our services. The new owner will still have to honour the commitments we have made in this Privacy Policy.

14. Your rights as data subject

The one whose personal data is being processed by us is called data subject, and as a data subject, you have certain rights that you can assert in accordance with the description below. Your rights apply to all of our processing of your personal data, which includes contact with us through our websites, visits to our websites, sign up for our newsletter, interviews, by registering for a webinar, and for other commercial activities.

Right to be forgotten

You have the right to have your personal data erased and you have the right to be forgotten, for instance if you get newsletters and no longer want them.

Right to rectification

The processing of personal data shall be adequate and correct. You have the right to obtain from the controller, without undue delay, the rectification of inaccurate personal data. You have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

Right to access by the data subject

You have the right to obtain confirmation from us as controller, whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data. You have the right to information about the categories of personal data concerned, how long the data will be stored, where we got the information, and so on.

Right to information about how we manage your personal data

You have the right to information about how we manage your personal data. You have the right to information when the personal data is obtained and when you ask for information. If something were to happen with your personal data that can affect you negatively, you have the right to know. You have the right to information about why your personal data is processed and used, who the information may be disclosed to, how to revoke your consent, and so on.

You have the right to this information in an easy accessible form with a clear and plain language. You have the right to get a copy of the personal data that we process once every calendar year without any costs. For any additional copies you request, we may charge a reasonable fee based on the administrative costs.

Right to restriction of processing

You have the right to ask that we restrict processing about you in some cases, for example if the information about you is not accurate and you have asked for rectification or if you have objected to a certain processing.

Right to object to the processing of your personal data

You have the right to object to the processing of your personal data and you can, whenever, object to processing of your personal data which is based on direct marketing. You can also revoke your consent. Revoking your consent will however not affect the lawful ground on the earlier processing before the consent was revoked, and based on other lawful grounds we can continue to process your personal data, except for direct marketing.

Right to data portability

If the processing of your personal data is based on consent or performance of a contract, you have the right to data portability, which means that you have the right to transmit your data to another controller, for instance, another company.

15. How to exercise your rights as a data subject

To exercise your rights or if you have any questions or complaints, please contact us at dataskydd@tendium.com.

To ensure that you receive a prompt response, please provide your full name in your message and, if applicable, your address and the email address used for registration. Please note that you may need to verify your identity before your request can be processed.

16. Referral to other websites and collection of personal data

You should be aware that when visiting our websites (including subdomains) and when you sign up for the newsletter, you may be referred to other websites and/or applications whose collection of personal data is beyond our control. The privacy notice of their websites will manage the personal data collected from you and this Privacy Policy only applies to our websites and subdomains. We are not responsible for the processing of personal data by third parties.

Google’s service reCAPTCHA

We use the Google service reCAPTCHA in order to distinguish human and automated access. reCAPTCHA is used to ensure that a human contacts us through the form on our websites and not a robot. The original version of reCAPTCHA asked users to interpret difficult text or to match images.

The use of this service is subject to Google’s privacy policy and terms of use. The service works by collecting hardware and software information, such as device and application data, and this data is transferred to Google for analysis. The information collected will be used to improve the service and for general security purposes, the service will not be used for personal advertising by Google.

Tendium Careers – Teamtailor

If you apply for employment at Tendium, your application, including personal data such as name, address, resume, cover letter, etc. will be subject to Teamtailor’s privacy policy. Please read Teamtailor’s privacy policy before applying for employment with Tendium.

You can, at any time, request information about what kind of personal data Teamtailor is processing and you can request your data to be erased. You will thereafter no longer be contacted about job opportunities at Tendium. You send this request by clicking on this link.

LinkedIn

On our websites you may be referred to LinkedIn and their website. Click here to read LinkedIn’s privacy policy.

Twitter

You may also be referred to Twitter on our website. Here is Twitter’s privacy policy.

17. Personal data incidents and complaints

If you have any complaints regarding our processing of your personal data, you can send the complaint to the Privacy Protection Authority in Sweden or the Data Protection Ombudsman’s office in Finland, whose task is to monitor compliance with the GDPR.

We are also obliged to report personal data incidents to the Privacy Protection Authority. A personal data incident refers to an event that leads to an illegal/unintentional destruction, loss, or alteration of your personal data, but it can also be an event that leads to someone gaining unauthorised access to your personal data. We are obliged to report the incident to the Privacy Protection Authority within 72 hours of it being discovered.

Press here to find information about local European data protection authorities.

Last updated: 2023-06-30