Data Privacy and Protection Policy
Tendersure™ is a Cloud-Based Supplier Source to Pay Solution offered by Tendersure which operates the Tendersure™ Website and System.
Purpose
The purpose of this document is to outline Tendersure™’s data handling practices with respect to privacy and protection of data containing personal identifying information.
This Policy is in compliance with Annex 18.1.4 and 18.1.4 of the ISO 27001:2013, Article 29 of the Data Protection Act and Article 5(2) of the General Data Protection Regulation.
Scope
Within scope are the:
- Data collected
- Data usage
- Data storage
- Data destruction
- Data disclosure
If you choose to use Tendersure™, then you agree to the collection and use of information in relation with this Policy.
Tendersure™ will not use or share your information with anyone except as described in this Policy.
As used in this Policy,
- “Personal Information” generally has the same meaning as personal data or personal identifiable information (PII). Personal Information is defined in the data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person.
- “Non-Disclosure Agreement” is a legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to any others.
Website Data
Table 1: Contact Page Data
| Data Collected | Data Use | Data Storage | Data Destruction |
| Name |
For identification purposes
|
The data is stored securely in the company’s email drive. | Data is deleted off the database after 5 years of inactivity. |
| To respond to the website user’s queries. | The data is stored securely in the company’s email drive. | Data is deleted off the database after 5 years of inactivity. |
System Data
Table 2: Supplier Registration Data for Companies
| Data Collected | Data Use | Data Storage | Data Protection Measures | Data Access and Disclosure | Data Destruction |
| Name |
For identification purposes
|
The data is stored securely in the company’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Phone Number | To facilitate communication | The data is stored securely in the company’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| To facilitate communication | The data is stored securely in the company’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
Table 3: Supplier Registration Data for Sole Proprietors
| Data Collected | Data Use | Data Storage | Data Protection Measures | Data Access and Disclosure | Data Destruction |
| Name |
For identification purposes
|
The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Phone Number | To facilitate communication | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| To facilitate communication | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. | |
| Postal Address | For contact purposes | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Tax Identification Details | For compliance with legal and regulatory requirements | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Location/County Information | To enable Tendersure™ to customise their services in accordance with your location | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Country Information | To enable Tendersure™ to customise their services in accordance with your country | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
Table 4: Supplier Sourcing Data
| Data Collected | Data Use | Data Storage | Data Protection Measures | Data Access and Disclosure | Data Destruction |
| Name |
For identification purposes
|
The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Phone Number | For communication purposes | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| For communication purposes | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. | |
| Postal Address | For contact purposes | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Identification Card Details |
For identification purposes
|
The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Tax Identification Details | For compliance with legal and regulatory requirements | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
| Bank Details | For compliance with legal and regulatory requirements | The data is stored securely in the system’s database. |
|
Data access is only permitted to the Tendersure employees whose access is necessary, the data owner and by court order | Data is deleted off the database after the seven (7) year archival period. |
Tendersure™ System Data Processing
Personal information is processed for a variety of reasons, depending on the specific requirements of the data owner. The overarching use of personal identifiable information on Tendersure™ is for the purposes of evaluating applications or expressions of interest by individuals or entities seeking to be suppliers of a particular buyer. As such, information submitted by individuals or entities must be subjected to an evaluation process to determine suitability. The following are the reasons why personal data may be processed by Tendersure™:
- To facilitate account creation and authentication, and to otherwise manage user accounts.
- To authenticate user-supplied information (such as name, tax compliance status, professional certifications, etc.) for purposes of determining veracity of information with respect to user’s desired outcome of being engaged as a supplier by the data owner.
- To respond to user inquiries and to offer support to users.
- To send administrative information to you.
Tendersure™ processes personal data based on established valid and legal basis, including but not limited to, consent from the user, to provide you with our services, to enter into or fulfil our contractual obligations, to protect your rights, to comply with laws, or to fulfil our legitimate business interests.
Tendersure™ does not process any personal data belonging to a minor (under the age of 18).
How Tendersure™ protects personal data
Tendersure™ utilises Identity and Access Network Management as well role-based access to ensure that employees’ privileges are limited to the data necessary for performing their job functions. All employees are subject to confidentiality agreements and receive annual training on Tendersure™’s information security policies and procedures, including appropriate data handling, storage and disposal practices.
All sensitive data submitted to the Tendersure™ System is encrypted before being stored in the database making them unreadable and/or unusable by any other user rather than the data’s owners and intended recipient of the information.
All data collected from the Tendersure™ System is stored on Amazon Cloud Services which protects the data from accidental or unlawful destruction, alteration and unauthorised disclosure or access of data.
Additional security measures employed by Tendersure™ include preventative and detective controls, an SSL certification and password requirements.
Who can access the stored data and on what terms
Access to stored data is only authorised:
- To Tendersure™ Administrators whose access is necessary for proper management and monitoring of the data. All personnel are contractually obligated to keep all customer/user data, including all personal data, confidential and undergo regular training on proper data handling practices, a security assessment and sign our Non-Disclosure Agreements.
- To users upon their request or written consent
- If Tendersure™ is compelled to do so by a court order or any other legal or regulatory requirement.
In some circumstances, Tendersure™ may also engage service providers/partners to help provide services to customers. All service providers/partners are extensively vetted and, if they may access any personal data while performing the services, are required to undergo a security assessment and sign Tendersure™’s Non-Disclosure Agreement.
Cookies
The Tendersure™ Website and Platform employs the use of the following cookies:
- If you leave a comment on the Tendersure™ Website, you may opt-in to saving your name, email address, and website in cookies. These are for your convenience to avoid filling in your details again when you leave another comment. These cookies will last for one year.
- If you visit our login page, Tendersure™ sets a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, Tendersure™ will set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Links to Other Sites
Tendersure™ may contain links to other sites. If you click on a third-party link, you will be directed to that site. Note that these external sites are not operated by us. Therefore, it is strongly advised that you review the Privacy Policy of these websites. Tendersure™ has no control over, and assumes no responsibility, for the content, privacy policies, or practices of any third-party sites or services.
Changes to This Policy
This Policy on Data Privacy and Protection is reviewed by Tendersure™ every two years to ensure its continuing suitability, adequacy, and effectiveness in fulfilment of Clause 9.3 of the ISO 27001:2013
Contact Us
If you have any questions or suggestions about the Tendersure™ Data Privacy and Protection Policy, do not hesitate to contact Tendersure™.