Definitions

1. Site (Platform) – website with domains: e-tender.com, platform.e-tender.com and all related links, mobile and localized site versions, other domains, and subdomains of eTender sites; all products, applications, and services currently and in the future provided to Users; all mobile apps and services provided by eTender now and in the future.

2. User – An adult individual who can acquire civil rights and obligations through their actions and bear responsibility for failing to comply with this Privacy Policy.

3. Visitor – An adult individual visiting the Site for informational purposes without accepting the public offer.

4. eTender (“We”, “Us”) – The company eTender Solutions s.r.o., registered in Slovakia, keeps the responsibility for the Site e-tender.com and provides organizational, financial, and technical support for the site operations.

5. Parties – eTender and Users (Visitors).

6. eTender Services – A comprehensive suite of assets including the website with domains: e-tender.com, platform.e-tender.com and all related links, mobile and localized

site versions, other domains, and subdomains of eTender sites; all products, applications, and services currently and in the future provided to Users; all mobile apps

and services provided by eTender now and in the future.

7. Privacy Policy – A set of rules and provisions by eTender for processing User data and interactions between the parties during the use of eTender services, created according

to current legislation and the General Data Protection Regulation (“GDPR”).

8. Consent – A clear act of agreeing to the terms of this Privacy Policy, expressed by eTender through the publication of the Privacy Policy on the eTender site, and by the User in a form established by the provisions of this Privacy Policy.

9. General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and the free movement of such data.

10. Personal Data – Any information that allows identifying an individual, including but not limited to name, location, online identifier, IP address, cookies, request date and time, time zone, HTTP status code, data volume transferred, source site, browser, operating system and interface, language and version of browser software, email address, API tokens.

1. General provisions

1.1. This Privacy Policy defines the procedure for obtaining, storing, processing, using and protecting the User’s personal data, which may come into eTender’s disposal in the process of interaction by Users with the eTender Services.

1.2. In this Privacy Policy, as well as in our algorithm of interaction with Users, we take into account the requirements of the GDPR.

1.3. eTender provides its Services to Users who have reached the age of majority and are able to acquire civil rights for themselves and exercise them independently.

1.4. eTender includes two legal statuses defined by the GDPR:

• Data controller;

• Data processor.

1.5. With respect to Users of the eTender Services, we have the legal status of both a Data Controller and a Data Processor. Information about persons related to Users is collected and processed by eTender purely in the form of storage. Users of eTender act as Data Controllers for such persons.

1.6. In relations between Users and third parties where eTender Services are used, we have the legal status of Data Processor.

1.7. The purpose of this Privacy Policy is to protect Users’ data, including their personal data, from unauthorized access and disclosure.

1.8. Relations related to the collection, storage, distribution and protection of information provided to Users are governed by this Privacy Policy. We pay particular attention to data

protection.

1.9. We provide a Service Level Agreement (SLA) that contains a detailed description of the services provided, including a list of quality parameters, reliability of eTender services, methods and means of their management, eTender response time to a request from the user, as well as others material terms inherent in these agreements. Provided only upon user request sent via eTender chat or email (support@e-tender.com).

1.10. Visitors who use the eTender Services for the first time, including the test (trial) format, should first familiarize themselves with the provisions of this Privacy Policy.

1.11. The Company may periodically change these Terms and Conditions without prior notice. The current version of the Terms is always available at e-tender.com. If you continue to use the Services after the changes to the Terms, this will be interpreted as your agreement to the new version of the Terms.

1.12. Users and Visitors, including those mentioned in clauses 1.10., 1.11., are required to complete the Consent procedure and mark the appropriate mark (“V”) in the relevant area of the eTender Services.

1.13. In case of non-fulfillment of the obligation referred to in clause 1.12. Privacy Policy, it is considered that the User (Visitor) has not accepted the provisions of the Privacy Policy. In this case, the User (Visitor) is not allowed to use the eTender Services and the User (Visitor) is deprived of the opportunity to use the eTender Services. In the event of the conditions specified in this section of the Privacy Policy, we are obliged to delete personal data about such individual.

1.14. In case of disagreement with the provisions of the current document (in part or in full), the person who expressed disagreement has no right to use the eTender Services. In this case, the consequences specified in Clause 1.13 of the Privacy Policy appear for this Party.

2. What information and personal data may be collected

2.1. Name, surname, patronymic of the authorized person of the User, name of the User, all details of the User, contact numbers, email address, location of the User, registration number of the User’s tax payer’s account card;

2.2. Cookies files in order to identify the User’s browser and provide services dependent on it;

2.3. information about Platform errors initiated by the User;

2.4. information about the User’s behavior on the Platfrom, including, in the event that the User posts information of a harmful and offensive nature and information unrelated to the purchase, a decision may be made to remove such information from the public;

2.5. the User’s IP address for logging the User’s activity;

2.6. All information is collected “as is” and is not changed by eTender during the data collection process.

2.7. The company takes all measures in accordance with modern technical standards aimed at protecting the personal data of its users. Within the company, access to personal user data is granted only to those employees for whom this information is necessary to improve our services. eTender ensures that all such employees are bound by confidentiality obligations and will be subject to penalties in the event of breach of such obligations.

3. Purposes of data collection and data processing

3.1 For what purpose we collect data:

3.1.1. The user’s name, surname, patronymic, email address, password on the Platform, registration number of the User’s tax payer registration card can be used to identify the User.

3.1.2. To send correspondence, the name, surname, patronymic, name of the User, details of the User, contact telephone numbers, email address, address of the User’s location on the Platform may be displayed.

3.1.3. Contact information may be used in mailings, for example: messages about Platform news, promotions or special offers from eTender. The user can always refuse to receive a mailing using his contact information in a written message or in the appropriate section of his personal account.

3.1.4. Information about the User, including personal data, is used for the purpose of ensuring the implementation of civil law, tax and accounting relations, the fulfillment of contractual obligations for the provision of services, for the identification of the User, for the purpose of providing services, processing payments, sending information by mail, email, settlement transactions, reporting, accounting and management accounting, improving the quality of service provision.

3.2 How we process data:

3.2.1. The processing of the user’s personal data is carried out by eTender only if the User has given his consent to the processing of his personal data for one or more specific purposes.

3.2.2. The processing of the user’s personal data is carried out only in those cases and for the purposes for which this data is collected.

3.2.3. The processing of the user’s personal data is carried out by eTender in order to:

(a) Identify the User in the relationship between eTender and the User;

(b) Provide the User with a number of services within the eTender Services;

(c) Conduct statistical and other research based on de-identified User data.

3.2.4. In cases where eTender acts as a Data Processor, the data of third parties who interact with the User are collected by eTender exclusively for the purposes of storage and processing (including, but not limited to, validation, sorting, summarization, aggregation, analysis, reporting, classification) .

3.2.5. We conduct regular audits and cleaning of our user database. We retain User information for a period justified by commercial or legal purposes.

3.2.6. We process personal data using appropriate technical or organizational measures to ensure adequate protection of personal data, including protection against unauthorized or unlawful processing, as well as in the event of loss, destruction or damage.

4. User Rights

4.1. Users have the right to obtain confirmation from eTender as to whether their personal data is being processed (“right to information”), and if so, access to their personal data and the following information:

(a) The purpose of processing;

(b) The categories of personal data;

(c) The recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in countries outside of the EU or international organizations;

(d) Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

(e) The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data;

(f) The right to lodge a complaint with supervisory authority;

(g) The existence of automated decision-making, including profiling, referred to in Articles 22(1) and (4) of the GDPR, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the User.

4.2. If personal data is transferred to a country outside of the EU or to an international organization, the User has the right to be informed of the appropriate safeguards pursuant to Article 46 GDPR related to the transfer.

4.3. Upon request by the user, we provide a copy of the personal data undergoing processing. For any further copies requested by the data subject, we may charge a reasonable fee based on administrative costs. If the data subject submits a request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form.

4.4. The User has the right to rectification, meaning the User has the right to have inaccurate personal data rectified by eTender without undue delay. Considering the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.5. The User has the right to erase data (“right to be forgotten”). We are obliged to erase personal data without undue delay if one of the following grounds applies:

(a) The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(b) The User withdraws consent on which the processing is based according to point (a) of Article 6(1) or point (a) of Article 9(2) GDPR, and where there is no other legal ground for the processing.

(c) The User objects to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to processing pursuant to Article 21(2) GDPR.

(d) The personal data has been unlawfully processed;

(e) The personal data must be erased for compliance with a legal obligation in Union or Member State law to which eTender is subject:

(f) The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

4.6. In cases where the controller has made the personal data public and is obliged pursuant to Article 17(1) GDPR to erase personal data, eTender, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, those personal data.

4.7. The User has the right to restrict processing of their personal data under the following conditions:

(a) The accuracy of the personal data is contested by the data subject, for a period enabling eTender to verify the accuracy of the personal data.

(b) The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.

(c) eTender no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise, or defense of legal claims.

(d) The User has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of eTender override those of the data subject.

4.10. If processing has been restricted under Article 18(1) GDPR pending the verification whether the legitimate grounds of eTender override those of the data subject, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

4.11. A User who has obtained restriction of processing pursuant to Article 18(1) GDPR shall be informed by eTender before the restriction of processing is lifted.

5. Conditions for providing access to personal data of Users and their transfer to third parties

5.1. We take all necessary measures to protect the User’s personal data from unauthorized access, modification, disclosure or destruction.

5.2. We provide access to personal data about Users to third parties only when this information is necessary to ensure the functioning of the eTender Services and to provide services to the User.

5.3. Personal data about Users is encrypted using Transport Layer Security (TLS) technology to protect transactions and prevent unauthorized access to personal information.

5.4. We reserve the right to use the information provided to Users, including personal data, to ensure compliance with the requirements of applicable European Union legislation (as well as to prevent and/or stop illegal and/or improper actions by Users). Disclosure of information provided to Users may be carried out only in accordance with the current legislation of the European Union at the request of a court, law enforcement agencies, as well as in other cases as required by the law of the European Union.

5.5. In case of leakage/unauthorized access/discrediting of personal data, we are obliged to bring this fact to the attention of the relevant authorities no later than 72 hours after we become aware of this leakage/unauthorized access/discrediting.

5.6. The transfer of personal data to a third country or international organization is possible and permitted if the European Commission (“Commission”) has decided that the third country, territory or one of several of these sectors within that third country or international organization provides an adequate level of personal data protection (here and further – “Decision on sufficiency”).

5.7. In the absence of a Sufficiency Decision, we must take measures to compensate for the lack of data protection in the third country by providing appropriate guarantees to Users, provided that effective methods of legal protection of Users’ rights are available, including:

(a) A legally binding and enforceable document between the state bodies of the respective countries.

(b) Mandatory corporate rules approved by the competent supervisory body.

(c) Provisions on standard data protection adopted by the Commission.

(d) Regulations on standard data protection adopted by the supervisory authority and approved by the Commission.

(e) The approved code of conduct, together with the mandatory and legally binding duties of the controller in the third country, will take appropriate security measures, including regarding the rights of Users.

(f) An approved certification mechanism, compiled with mandatory and legally binding obligations of the controller in the third country, to apply the relevant guarantees, including regarding the rights of Users.

5.8. In the absence of a decision on sufficiency or an adequate guarantee, the transfer of personal data between states may be carried out only under one of the following conditions:

(a) The user directly agreed to the proposed transfer after being informed about the possible risks of such transfers for the data subject in connection with the absence of the Sufficiency Decision and the corresponding guarantees.

(b) The transfer is necessary for the contract between the User and the Controller or the implementation of pre-contractual measures taken at the request of the data subject.

(c) The transfer is necessary for the conclusion or implementation of an agreement concluded in the interests of the User between the Controller and another natural or legal person.

(d) The transfer is necessary for important reasons in public interest;

(e) The transfer is necessary for the establishment, implementation or defense of legal claims.

(f) The transfer is necessary to protect the essential interests of the User or other persons, if the User is physically or legally unable to give consent

5.9. eTender does not transfer personal data of Users to third parties, except for the cases provided below.

5.10. eTender guarantees protection of procurement information and protection of confidential information from unauthorized access. Protection is ensured by impossibility

of leakage, destruction and blocking of information, violation of the integrity and regime of access to information.

5.11. During the opening of tenders/price offers, all information specified in the offers is automatically disclosed, and a list of participants is formed in the order from the lowest to the highest (for procurement procedures) and from the highest to the lowest (for the auction procedure) of their proposed price / quoted price. Information that is reasonably determined by the participant to be confidential shall not be disclosed. Information about the proposed price, other evaluation criteria, technical conditions, technical specifications and documents confirming compliance with the qualification criteria cannot be classified as confidential.

5.12. The user has no right to apply a discriminatory approach to different users and to disclose to other users proposed solutions or other confidential information received from the user without his consent.

5.13. Disclosure of personal data without the consent of the User or a person authorized by him is allowed in cases defined by law, and only in the interests of national security, economic well-being and human rights, in particular, but not limited to justified requests of government bodies that have the right to submit applications and receive such data .

5.14. The disclosure of personal data, including the transfer of such data to third parties, is possible and will be carried out only with the consent of the User. Such consent of the User may be expressed by him both during a direct written request and by actions aimed at granting such permission. For example, ordering third-party services using the functionality of the Electronic Platform to form such an order.

6. User agreement

6.1 By using eTender services, Users confirm that:

(a) They have all the necessary rights that allow them to acquire civil rights for themselves and independently exercise them, as well as the ability to create civic duties for themselves, perform independently and bear responsibility for their nonfulfillment;

(b) They provide correct information about themselves in the appropriate form for using the eTender Services; Mandatory fields for the further provision of eTender Services are marked in a special way – with the symbol “*”, any other information is provided to Users at their discretion.

(c) They have familiarized themselves with the terms of the current Privacy Policy, express their agreement with it and assume the rights and obligations specified in it. Acquaintance with the terms of the current Privacy Policy and checking the appropriate box under the link to this Policy is the User’s written consent to the collection, storage, processing and transfer to third parties of personal data provided by the User;

(d) eTender is not obliged and does not verify the accuracy of the received (collected) information about the Users, except when such verification is necessary for the fulfillment of obligations to the Users, as well as in other cases that are not specified in the provisions of the Privacy Policy, but established by the laws of the current EU legislation;

(e) By using eTender Services, they agree to receive periodic email notifications about eTender updates.

6.2. eTender provides services based on the SaaS (software as a service) model. Accordingly, users agree to monthly/annual recurring payments and use of the eTender Services until account deletion/cancellation.

6.3. Users have the right to receive personal data about themselves, which they have provided to eTender, and also have the right to transfer this data to other persons without intervention on the part of eTender.

6.4. Users have the right to object to certain types of processing of their personal data – direct marketing, processing for the protection of legitimate interests, as well as data processing for research or statistical purposes.

6.5. Please review our Terms of Use that apply to your use of the eTender Services.

7. Change and deletion of personal data

7.1. Users are allowed to change (update, supplement) their personal information or a part of it at any time, as well as privacy settings, by sending a request to eTender via chat or by email (support@e-tender.com).

7.2. Users are allowed to delete their personal information or part of it at any time to avoid its distribution or transmission to third parties.

7.3. We reserve the right to delete any User’s personal information if it is no longer needed for the purposes for which it was collected and if there are no other grounds for its retention after a certain period of time after such grounds arise.

7.4. We use cookies and/or localStorage/sessionStorage. A cookie is a small amount of data, often including an anonymous unique identifier, that is sent to the user’s browser from the site’s computers and stored on the user’s computer’s hard drive. localStorage and sessionStorage allow you to store key/value pairs in a web browser. The localStorage object stores data without expiration. Cookies and/or localStorage/sessionStorage files are required to use the eTender Services for unique browser identification and user settings during login. Users can manage and/or delete cookies and localStorage/sessionStorage at their discretion through their browser settings. Users can manage and/or delete cookies and localStorage/sessionStorage already on their сomputers, and prevent their use in most browsers. However, if users choose to do so, they may have to manually configure certain custom settings each time they access eTender, and some services and features may not work.

7.5 You can send a request to delete your personal data (including email, mobile number) at any time by contacting the email address: support@e-tender.com. Your application will be processed within 10 (ten) working days from the moment of its receipt, and your data will be deleted. However, we may retain some of your personal data for as long as it is reasonably necessary for our legitimate business interests or other lawful purposes, including fraud detection and prevention, and to comply with our legal obligations, including tax, legal reporting and auditing.

7.6. Users can change/delete personal information or opt-out of mailing at any time by using their personal account settings. The work of the Platform for providing services to the User may be suspended from the moment of changing/deleting the User’s information.

7.7. A letter (information) sent to the email address specified by the User will be sufficient notification to the User about the deletion or other processing of personal data.

8. Changes to the Privacy Policy

8.1. We reserve the right to update the Privacy Policy at any time and for any reason. In this case, eTender will publish an updated version of the Privacy Policy on the same page.

8.2. eTender change the terms of the Privacy Policy by making changes to the Platform at https://platform.e-tender.com

8.3. Users undertake to periodically review these terms and conditions to be informed about how eTender protects information about Users on the Platform.

8.4. eTender is not responsible for damage or losses suffered by the User or third parties as a result of misunderstanding or misunderstanding of the terms of this Privacy Policy, instructions or instructions on the procedure for using the Platform, regarding the procedure for posting data and other technical issues.

9. Contacts

9.1 eTender constantly monitors compliance with the rules described in this Policy. If you have any questions about this Policy or the details of its implementation, you can contact us via the email address: support@e-tender.com.