Tendero LogoTendero

Privacy Policy

SIA “Pioneer” - Tenderly Software


Introduction


SIA “Pioneer” (The Company) bridges the gap between bureaucracy and technology, by developing B2B solutions which increase user efficiency.


Tenderly is Pioneer’s solution for Public Procurement in the European Union. Tenderly offers all tendering opportunities alongside the respective documents for all opportunities inside the European Union at no cost. Furthermore, it offers intelligent solutions for document understanding, summarization, form navigation and compliance analysis.


Privacy Policy Scope


This Privacy Policy ("Policy") outlines the collection, use, storage, and protection of personal and non-personal data on SIA Pioneer's public procurement platform (referred to as the "Platform"). This Policy applies to all users, including registered and unregistered users, who access or use the Platform.


Company Information


The company, officially known as SIA "Pioneer," is registered in the Latvian Business Registry and was established on the 21st of September, 2023 (Twenty-first of September, two thousand and twenty-three). Our corporate headquarters is located at Kr. Valdemara iela 27/29, LV-1010, Riga.


Data Controller Information

The Company’s Data Controller is Victor-Catalin Bodiu, COO & CFO at Pioneer. Contact Information:

Contact Email - [email protected]


Data Collection

We collect various types of data from users to provide a comprehensive public procurement opportunity search service. This data may include but is not limited to:


  • Personal information: Names, email addresses, company positions and contact details voluntarily provided during user registration.

  • Company information: Company names, industries, location and other information voluntarily provided by representatives.

  • User-generated content: Search queries, preferences, and other content submitted by users.

  • Technical information: IP addresses, browser information, and device information collected for system administration and analytics.


Purpose of data collection


We collect various types of data from users for the following essential purposes:


  1. Enhancing User Experience:

    • Personalized Services: The data we collect allows us to offer tailored procurement opportunities and recommendations to enhance the user experience.

    • Notifications and Updates: User data helps us communicate important updates, alerts, and information related to public procurement opportunities, ensuring that our users stay informed.


  2. Legal Compliance:

    • Regulatory Requirements: We collect and process certain data as mandated by legal obligations and regulatory requirements. This ensures that we meet our legal responsibilities and maintain the integrity of our platform.

    • Dispute Resolution: Data collection assists in resolving potential disputes and investigations in compliance with applicable laws.


  3. Platform Improvement:

    • Quality and Performance: Data analysis enables us to continuously improve the quality and performance of the Platform, ensuring that users have access to reliable and up-to-date procurement information.

    • User Feedback: We may use data to gather user feedback and conduct surveys, allowing us to make informed decisions for platform enhancements.

    • The collection of user data for these purposes is fundamental to the functioning of the Platform and contributes to a more valuable and secure user experience.


What are we processing your data for and why are we processing it? ( ‘legal basis of the data processing’ and ‘storage periods’)


We will process your data when we have to perform a contract, and we will be processing your data as long as the contractual relationship with you is in force and during the five years

following the end of said relationship. This results in us having to process your data for purposes of providing you with both the Services, as well as to perform our obligations under the Services Terms and Conditions.


Subject to obtaining your consent, and as long as you do not withdraw any such consent, we may also process your data for the following purposes:


  1. To send you electronic commercial communications (if you subscribe to a newsletter or alert) or to answer the requests you may address us when contacting us;


  2. To process information obtained through cookies, as described in detail in the Cookie Policy, and subject to the terms set forth therein;


  1. For profiling purposes based on your behavior and how you browse the Site and use the Services, which pages you have visited, and to build audiences. Please note that we may profile users by means of cookies. In those cases, your acceptance of the installation and use of cookies results in a data processing for profiling purposes, as described in this paragraph.


  2. When we have to comply with a legal obligation applicable to us from time to time, such as those set forth in tax and anti-money laundering laws and regulations (such as the European Union's Directive 2018/822/EU on Administrative Cooperation; Latvia's Corporate Income Tax Law of 1995; Latvia's Law on the Prevention of Money Laundering and Terrorism and Proliferation Financing of 2017; or the Latvian Criminal Law of 1998). In any such cases, the data will be processed only during the periods set forth by said laws, being deleted thereafter.


Finally, we may also process your data to protect our legitimate interests, as long as said data is strictly necessary to fulfil the goals set forth below, namely:


  1. To review, monitor, investigate, and analyze how to improve the Services and/or the Site, as well as to keep our Services and the Site secure and operational and prevent abusive activity (e.g. fraud, spam, phishing activities, etc.). This may include sending you forms to assess any problems in the service or know how to improve your user experience. The interests at stake are ensuring a correct and safe environment for both other users and us, taking those interests prevalence over your legitimate interests (we need to create and maintain an environment which is in accordance with the law, the legitimate interests of other parties, what other users may expect from our end, and to protect other users’ security when accessing the Site and using the Services);


  2. Besides any commercial electronic and non-electronic commercial communication sent when we have obtained your consent as mentioned above, we may also send you those kind of communications when you are our client. In this last case, we will only send you information belonging to us and concerning services and/or products identical or similar to the ones you have contracted with us. In these cases, we have a legitimate interest in processing your contact information to keep you informed about any of our products and services, prevailing this

    interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting these kinds of communications;


  3. For purposes of maintaining records related to our daily operations, to any corporate reorganizations, financial management and reporting, and, in general, for operating our business. In these cases, we have a legitimate interest in processing your information to satisfy the legal requirements and the interest in perform our business and the obligations we have vis-à-vis you as agreed with you, prevailing this interest over your right to personal data given the non-sensitive nature of the data in question and the fact that the contractual relationship built with our clients results in those clients expecting to keep the relationship with them; and


  4. Upon dissociating the data we have so as to be impossible to be associated to you or any other person, to perform statistical and other analysis on information we collect (technical and metadata) to analyze and measure user behavior and trends, to understand how people use our services, in order to improve and optimize our performance of such services, and to publish any findings.


To which extent do we require to have access to your personal data?


We need to process your personal data to perform the legal and contractual obligations mentioned above. Otherwise, we are not able to provide you with the Services and/or access to the Site. On the other hand, for data processing which depends on your consent or on our legitimate interests, the data processing is not legally required.


Legal Basis


The processing of personal data by the company is based on various legal grounds as required by EU-wide laws, including the General Data Protection Regulation (GDPR), as well as national laws and regulations of EU member states. These legal bases include, but are not limited to:


Consent (Art. 6(1)(a) GDPR): In cases where we process personal data based on an individual's explicit and informed consent, such as for marketing communications or the use of cookies, we rely on the legal basis of consent. Individuals have the right to withdraw their consent at any time.


Contractual Necessity (Art. 6(1)(b) GDPR): When processing personal data is necessary for the performance of a contract with an individual, we rely on the legal basis of contractual necessity. This includes processing data required to provide products or services, fulfill orders, or manage customer relationships.


Compliance with Legal Obligations (Art. 6(1)(c) GDPR): We may process personal data to fulfill legal obligations imposed by EU-wide laws, Latvian laws, or other European country-specific

laws. This legal basis encompasses activities such as financial reporting, tax compliance, and regulatory obligations.


Legitimate Interests (Art. 6(1)(f) GDPR): In certain situations, we may process personal data based on our legitimate interests, provided such interests are not overridden by the fundamental rights and freedoms of individuals. This may include activities such as fraud prevention, improving our services, and conducting marketing research.


Vital Interests (Art. 6(1)(d) GDPR): We may process personal data to protect the vital interests of individuals in emergencies or life-threatening situations, as permitted by applicable laws.


Public Interest (Art. 6(1)(e) GDPR): In specific circumstances, we may process personal data to fulfill tasks carried out in the public interest or in the exercise of official authority vested in us by EU-wide, Latvian, or other European country-specific laws.


Contractual Necessity in Employment Context (Art. 88 GDPR, Member State Laws): In our role as an employer, we process personal data as necessary for the performance of employment contracts, compliance with employment-related laws, and the exercise of rights and obligations related to employment. Member state laws may provide additional legal bases in this context.


Special Categories of Data (Art. 9 GDPR): When processing special categories of personal data (e.g., health data or biometric data), we do so in accordance with specific legal bases provided by applicable laws, such as explicit consent or necessary processing for the establishment, exercise, or defense of legal claims.


Data transfer


As a matter of principle, your data will not be transmitted to third parties, unless we are legally obliged to do so, or the data transfer is necessary for the performance of the contractual relationship or you have previously expressly consented to the disclosure of your data.


External service providers and partner companies, such as governments, online payment providers or the shipping company commissioned with the delivery, will only receive your data insofar as this is necessary to process your order. In these cases, however, the scope of the data transmitted is limited to the necessary minimum. Insofar as our service providers come into contact with your personal data, we ensure that they comply with the provisions of the data protection laws in the same way within the framework of order processing in accordance with Art. 28 GDPR. Please also note the respective data protection notices of the providers. The respective service provider is responsible for the content of third-party services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.


We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In these cases, we ensure that an

adequate level of data protection is established at the recipient's premises prior to the transfer of your personal data. This means that a level of data protection is achieved by means of EU standard contracts or an adequacy decision that is comparable to the standards within the EU.


5 Your rights


The applicable data protection law grants you comprehensive rights .as a data subject vis-a-vis the controller with regard to the processing of your personal data (rights of information and intervention), about which we inform you below:


  1. Right of access pursuant to Art. 15 GDPR:

    In particular, you have the right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, erasure, restriction of processing, Objection to processing, complaint to a supervisory authority, the origin of your data if it has not been collected from you by us, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope of such processing and the intended effects of such processing, as well as your right to be informed about the safeguards in accordance with Art. 46 GDPR for the transfer of your data. to third countries;


  2. Right to rectification pursuant to Art. 16 GDPR:

    You have the right to have incorrect data concerning you corrected without undue delay and/or to have your incomplete data stored by us completed;


  3. Right to erasure pursuant to Art. 17 GDPR:

    You have the right to request the deletion of your personal data if the requirements of Art. 17 (1) GDPR are met. However, this right does not apply, in particular, where the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;


  4. Right to restriction of processing pursuant to Art. 18 GDPR:

    You have the right to request the restriction of the processing of your personal data as long as the accuracy of your data, which you dispute, is verified, if you oppose the deletion of your data due to inadmissible data processing and instead request the restriction of the processing of your data, if you need your data to assert, exercise or defend legal claims, after we no longer need this data after the purpose has been achieved, or if you have lodged an objection for reasons relating to your particular situation, as long as it has not yet been determined whether our legitimate reasons prevail;


  5. Right to information pursuant to Art. 19 GDPR:

    If you have asserted the right to rectification, erasure or restriction of processing vis-a-vis the controller, the controller is obliged to notify all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.


  6. Right to data portability pursuant to Art. 20 GDPR:

    You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller, to the extent that this is technically feasible;


  7. Right to withdraw consent pursuant to Art. 7 (3) GDPR:

    You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent before its withdrawal;


  8. Right to lodge a complaint pursuant to Art. 77 GDPR:

If you believe that the processing of your personal data infringes the GDPR. you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, without prejudice to any other administrative or judicial remedy.


5.9 Right to object pursuant to Art. 21 GDPR:

IF, AS PART OF A BALANCING OF INTERESTS, WE PROCESS YOUR PERSONAL DATA ON THE BASIS OF OUR OVERRIDING LEGITIMATE INTEREST, YOU HAVE THE RIGHT TO OBJECT TO THIS PROCESSING AT ANY TIME WITH EFFECT FOR THE FUTURE ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION. IF YOU EXERCISE YOUR RIGHT TO OBJECT, WE WILL STOP PROCESSING THE DATA CONCERNED. HOWEVER, WE RESERVE THE RIGHT TO FURTHER PROCESSING IF WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, FUNDAMENTAL RIGHTS AND FREEDOMS, OR IF THE PROCESSING SERVES TO ASSERT, EXERCISE OR DEFEND LEGAL CLAIMS.


IF YOUR PERSONAL DATA IS PROCESSED BY US FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF YOUR PERSONAL DATA FOR THE PURPOSE OF SUCH ADVERTISING. YOU CAN EXERCISE THE OBJECTION AS DESCRIBED ABOVE. IF YOU MAKE USE OF YOUR RIGHT TO OBJECT, WE Will STOP PROCESSING THE DATA CONCERNED FOR DIRECT MARKETING PURPOSES.


Data security

We have taken extensive technical and operational safeguards to protect the users data from accidental or intentional manipulation, loss, destruction or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to technological advances.