Privacy Policy

This Privacy Policy explains how Tenderax, a service operated by Klokk Nettablering ("Tenderax", "we", "us", or "our"), collects, uses, discloses, and safeguards information when you use the Tenderax public-procurement intelligence platform, its websites, application programming interfaces, and related services (collectively, the "Service"). We are committed to processing personal data lawfully, fairly, and transparently. By using the Service you acknowledge the practices described here.

1. Who is the data controller

The data controller responsible for your personal data is Klokk Nettablering. You can reach our privacy function at legal@tenderax.com. Where this policy refers to "applicable law", it includes the EU General Data Protection Regulation (GDPR), the United Kingdom GDPR and the Privacy and Electronic Communications Regulations (PECR), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and the Canadian Anti-Spam Legislation (CASL), and the United States CAN-SPAM Act of 2003.

2. What data we collect

• Account data — your name, work email address, hashed password, and the subscription plan associated with your account.
• Company / contractor data — the company name, registration identifiers (such as a UEI), classification codes, and jurisdiction associated with your organisation, where you provide them or where they are matched from public registries.
• Usage logs — request metadata, watchlist configurations, feature usage, timestamps, and diagnostic logs we generate to operate and secure the Service.
• Billing data — handled by our payment processor; we store a customer reference and your current plan, never your full card number.

The procurement opportunity, award, and contractor records surfaced inside the product are derived exclusively from public data sources — official government tender feeds, open-contracting (OCDS) releases, and public business registries. We do not scrape platforms with hostile terms of service to build this data.

3. How and why we use data

We process personal data to: provide and operate the Service; authenticate you; deliver your opportunity feed and relevance scoring; communicate service and security notices; process payments; prevent fraud and abuse; and comply with legal obligations. Our lawful bases under the GDPR are the performance of our contract with you, our legitimate interests in operating and improving the Service, your consent where required (for example, certain electronic communications), and compliance with legal obligations.

4. We do not sell your data

We do not sell your personal data to third parties, and we do not share it for third-party advertising. We use a limited set of processors (hosting, payment processing, email delivery, error monitoring) that act on our instructions under contractual confidentiality and data-protection terms.

5. Electronic communications and outreach

Any commercial email we send identifies Tenderax / Klokk Nettablering, includes a valid physical postal reference, and provides a clear, working unsubscribe mechanism that we honour promptly, in compliance with the CAN-SPAM Act. For recipients in Canada we observe CASL consent and identification requirements; for recipients in the United Kingdom and the European Union we rely on a legitimate-interest basis with a clear opt-out as required by PECR and the GDPR. An opt-out is permanent: we maintain a suppression list and will not re-contact an address that has unsubscribed.

6. Your rights, including GDPR Article 17 erasure

Subject to applicable law, you may request access to, rectification of, restriction of, or a portable copy of your personal data, and you may object to certain processing. Under Article 17 of the GDPR (the right to erasure / "right to be forgotten"), you may request deletion of your personal data. When you delete your account, we anonymise or remove the personal data that identifies you: your name and email are purged or replaced with a non-identifying placeholder, your authentication credentials are destroyed, and your contractor link is severed. Aggregate, public-source procurement records that do not identify you as an individual may be retained, as may records we are legally required to keep (for example, tax and transaction records). To exercise any right, contact legal@tenderax.com; we respond within the timeframes required by applicable law.

7. Data retention and security

We retain personal data only as long as necessary for the purposes described above or as required by law. We apply technical and organisational measures appropriate to the risk, including encryption in transit, hashed credentials, scoped access controls, and audited infrastructure. No method of transmission or storage is perfectly secure, but we work continuously to protect your data.

8. International transfers

Tenderax operates internationally. Where personal data is transferred across borders, we rely on appropriate safeguards such as adequacy decisions or standard contractual clauses where required.

9. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or the law. Material changes will be communicated through the Service. Continued use after an update constitutes acceptance of the revised policy. Questions may be directed to legal@tenderax.com.