Privacy Policy

Effective date: September 2024.

1. Who we are and what we do

Who we are

We are TendableLtd (“Tendable”, “us”, “we”, “our”). We are a limited company registered in England and Wales under registration number 09954491 and we have our registered office at 4th floor Aldgate Tower, 2 Leman Street, London E1 8FA. We are registered with the UK supervisory authority, Information Commissioner’s Office(“ICO”), in relation to our processing of Personal Data under registration number ZA226407.

We are committed to protecting the privacy and personal information of all users of our websites, mobile and web applications, features or other services (together, the “Services”) in accordance with UK GDPR requirements 2018.

Please read the following privacy policy carefully as it is meant to give you a clear view of how we collect, use and protect your information, as well as your rights under current laws and regulations. It also describes your data protection rights, including a right to object to some of the processing which Tendable carries out. More information about your rights, and how to exercise them, is set out in the “your rights” section below.

What we do

We are in the business of providing a cloud-based platform that allows healthcare professionals to conduct real-time inspections and audits.  We and our affiliates, subsidiaries and related entities are committed to protecting the privacy and security of the Personal Data we process about you.

Controller

Unless we notify you otherwise, we are the controller of the Personal Data we process about you. This means that we decide what Personal Data to collect and how to process it.

Where we provide our Services to your employer (such as a hospital or care home), your employer will be the data controller for the personal data which Tendable, as part of its Services, host on your employer's behalf. For more information on how this personal data is processed, please speak to your employer or refer to their privacy notice.

2. Purpose of this privacy notice

The purpose of this privacy notice is to explain what Personal Data we collect about you and how we process it. This privacy notice also explains your rights, so please read it carefully. If you have any questions, you can contact us using the information provided below under the ‘How to contact us’ section.

3.Who this privacy notice applies to

This privacy notice applies to you if:

1. You visit our website

2. You use our services

3. You enquire about our products and/or services

4. You use our App

5. You sign up to receive newsletters and/or other promotional communications from us

4. What Personal Data is

‘Personal Data’ means any information from which someone can be identified either directly or indirectly. For example, you can be identified by your name or an online identifier.

5. Personal Data we collect

The type of Personal Data we collect about you will depend on our relationship with you. For the type of Personal Data we collect see the table below in the section entitled ‘Purposes, lawful bases and retention periods’.

6. How we collect your Personal Data

We collect most of the Personal Data directly from you in person, by telephone, text or email and/or via our website or app.

However, we may also collect your Personal Data from third parties such as:

· Reputable companies who provide lead generation contact lists

·  Others to whom you have provided consent

· Publicly available sources such as social media platforms

7. Purposes, lawful bases and retention periods

We will only use your Personal Data when the law allows. Most commonly, we will use your Personal Data in the following circumstances:

Categories of Individuals Categories of Personal Data Purpose of Processing Lawful Basis Retention Period
Service User Device information, Location Data, Weblogs, IP address, Date or time stamps, Viewed and exit pages, Unique application number, Browser type, Clickstream data, Username, Password To provide our Services, including ancillary services such as customer support. To ensure our Services are working as intended, such as tracking outages or troubleshooting issues that you report to us. To enhance the safety and security of our Services - using device, location, profile, usage and other information to detect any unusual patterns and protect security. Legitimate interests Six months after the end of the contract
Clients Name, Contact Details, Job title To send you service, technical and other administrative emails relating to our Services, messages and other types of communications Legitimate interests Six months after the end of the contract
Suppliers Name, Contact Details, Job title To send you service, technical and other administrative emails relating to our Services, messages and other types of communications Legitimate interests Six months after the end of the contract
Business Associate Name, job title, work email address, work phone number, company you work for, marketing preferences, Social media profile To send you newsletters and other promotional material Legitimate interests 2 years following last meaningful contact
Website visitor IP Address, Cookie preferences, Location To access and store cookies that are essential and support the functioning of our website. You can find more information on how we use cookies on our Cookie policy page. Consent 1 year after inactivity

Where Personal Data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

8. Sharing your Personal Data

We share information with our service providers. This includes for example cloud storage providers, vendors providing technical support, marketing providers, accountants and other professional services providers.

We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries. We have subsidiaries based out of Australia and Canada. Personal data may also be shared with our investors as well.

Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).

Our Services, from time to time, contain links to and from websites of our partner networks and affiliates. Please note that these websites and any services that may be accessible through them have their own privacy policies and are not covered under this policy.

Certain Services may also include features which allow you to share content you have posted with other users. It is your responsibility to ensure when using these features that you do not submit any personal data or content that you do not want to be seen, collected or used by other users.

Tendable does not sell data to third parties.

9. International Transfers

Your Personal Data may be processed outside of the UK. This is because the organisations we use to provide our service to you are based outside the UK.

We have taken appropriate steps to ensure that the Personal Data processed outside the UK has an essentially equivalent level of protection to that guaranteed in the UK. We do this by ensuring that:

●       Your Personal Data is only processed in a country which the Secretary of State has confirmed has an adequate level of protection (an adequacy regulation), or

●       We enter into an International Data Transfer Agreement (“IDTA”) with the receiving organisation and adopt supplementary measures, where necessary. (A copy of the IDTA can be found here international-data-transfer-agreement.pdf(ico.org.uk)).

10. Your rights and how to complain

You have certain rights in relation to the processing of your Personal Data, including to:

· Right to be informed

You have the right to know what personal data we collect about you, how we use it, for what purpose and in accordance with which lawful basis, who we share it with and how long we keep it. We use our privacy notice to explain this.

· Right of access (commonly known as a “Subject Access Request”)

You have the right to receive a copy of the Personal Data we hold about you.

· Right to rectification

You have the right to have any incomplete or inaccurate information we hold about you corrected.

· Right to erasure (commonly known as the right to be forgotten)

You have the right to ask us to delete your Personal Data.

· Right to object to processing

You have the right to object to us processing your Personal Data. If you object to us using your Personal Data for marketing purposes, we will stop sending you marketing material.

· Right to restrict processing

You have the right to restrict our use of your Personal Data.

· Right to portability

You have the right to ask us to transfer your Personal Data to another party.

· Automated decision-making.

You have the right not to be subject to a decision based solely on automated processing which will significantly affect you. We do not use automated decision-making.  

· Right to withdraw consent

If you have provided your consent for us to process your Personal Data for a specific purpose, you have the right to withdraw your consent at any time. If you do withdraw your consent, we will no longer process your information for the purpose(s) you originally agreed to, unless we are permitted by law to do so.

· Right to lodge a complaint

You have the right to lodge a complaint with the relevant supervisory authority, if you are concerned about the way in which we are handling your Personal Data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Contact us | ICO

Or by telephone on 0303 123 1113

How to exercise your rights

You will not usually need to pay a fee to exercise any of the above rights. However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

If you wish to exercise your rights, you may contact us using the details set out below within the section called ‘How to contact us and our Data Protection Officer’. We may need to request specific information from you to confirm your identity before we can process your request. Once in receipt of this, we will process your request without undue delay and within one month. In some cases, such as with complex requests, it may take us longer than this and, if so, we will keep you updated.  

11. Children’s Privacy

We do not offer our products and services to children and we do not knowingly collect Personal Data of children without parental consent, unless permitted by law. If you are a child, you must have your parent’s permission to use our services. If you learn that a child has provided us with their Personal Data without parental consent, you may contact us, as described below, and if appropriate, we will securely and permanently delete it, in accordance with applicable law.

12. How to contact us and our Data Protection Officer

If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights outlined above, please contact us as follows:

Email: info@tendable.com

Phone: +44 (0) 207 420 9378

We have also appointed a Data Protection Officer (“DPO”). Our DPO is Evalian Limited and can be contacted at dpo@evalian.co.uk.

Please mark your communications FAO the ‘Data Protection Officer’.

13. Changes to this privacy notice

We may update this notice (and any supplemental privacy notice), from time to time as shown below. We will notify of the changes where required by applicable law to do so.

Last modified: September 2024