Privacy Policy

If the Disclosing Party authorises the Receiving Party to disclose its Confidential Information to someone other than the Receiving Party’s own employees, the Receiving Party will take all necessary action to ensure that the Confidential Information is kept confidential, including, but not limited to, requiring that the recipient agrees to be bound by the provisions of this Policy For the avoidance of doubt, the provisions of this clause shall apply to disclosures that are made by the Receiving Party to consultants, agents and to any parent or affiliate company of the Receiving Party.

Confidential Information will not include:

(a) information that was in the Receiving Party’s lawful possession before it was disclosed, without confidentiality restrictions;

(b) information that the Receiving Party obtains from a third party on an unrestricted basis without breach of this Policy or any other obligation of confidentiality by the Receiving Party or the third party;

(c) information that is developed by the Receiving Party independently of both the Disclosing Party and any information received by the Receiving Party from the Disclosing Party;

(d) information which the Receiving Party is required to disclose by any court order or government action, provided that the Receiving Party gives the Disclosing Party as much advance written notice of such order or action as is reasonably practicable in the circumstances.

It is agreed that due to the nature, extent and type of the services being rendered by our Company, We will have direct or indirect access to your Personal data. ‘Personal Data’ shall refer to all data, information, text, drawings, and other materials which are embodied in any electronic, optical, magnetic, or tangible medium and which are supplied to Us by You and/or which We are required to generate, collect, process, store or transmit in connection with the provision of our services.  

The Parties agree that any processing of Data, shall comply with the Data Protection Act (Chap 586 of the Laws of Malta) (‘GDPR’) and EU General Data Protection Regulation (Regulation 2016/679) as amended and updated from time to time. Processing shall mean “Processing” any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

​

By signing a Contract with Us, You are hereby agreeing and accepting that we will have such access and may henceforth act as a Processor in relation to your Personal Data. On our part, we undertake to process such data in terms of law and this Policy.

​

In terms of the GDPR as a data subject, you have the right to be informed of and request access to the personal data that tenderspace processes about you, the right to request that we amend or update your personal data where it is inaccurate or incomplete, request a copy of your personal data in electronic format and the right to transmit that personal data for use in another party’s service and the right to request that we delete your personal data subject to any such legal obligations of tenderspace to hold your personal data as a client of tenderspace Services, for such period stipulated at law, after the termination of our relationship. In addition, you have the right to restrict that we temporarily or permanently stop processing all or some of your personal data in which case, tenderspace will no longer process your personal data unless there is a compelling legitimate ground.  You have the right, at any time, to object to us processing your personal data on grounds relating to your particular situation and the right to object to your personal data being processed for direct marketing purposes. Moreover, you have the right not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect.

​

You confirm and warrant that you are duly empowered to appoint us to carry out the Services envisaged herein and to entrust us to act, directly or indirectly as a processor, of any data you may hold, in terms of data protection law.

​

You further confirm and warrant that, if you are or will be processing any Personal Data, then you will yourself comply with all Data Protection laws and regulations in relation to the Personal Data, and specifically that you will have attained consent from the data subjects on the processing of the data and have informed them on the possibility that their data will be entrusted to and/or processed by a third party processor or sub-processor, such as tenderspace.

​

You also confirm and warrant that, if you are processing any Personal Data, then you have a proper internal data protection policy in place and in conformity to the law, and you will only process data in terms of such policy and prevailing legislation.

​

We warrant and undertake that your personal data will be processed fairly and lawfully and will not be processed for any purpose that is incompatible with the services being provided herein and processed in terms of the written instructions given by yourself.

​

We confirm that we have proper data protection policies to ascertain that we comply with data protection obligations in terms of law and furthermore we confirm that our employees and agents who may have access to your personal data are subject to confidentiality undertakings and obligations in terms of their engagements.

​

It is further agreed that we may have independent sub-contractors or other service providers that may have general access to our general data, henceforth indirectly to your personal data, and therefore you are hereby consenting to the use of such sub-contractors or service providers and such access as long as this is ancillary to the services being provided by the said sub-contractors or services providers.

​

In the event that we decide to appoint sub-processors dealing specifically with your personal data then we shall provide you with a prior written notice of one (1) month prior to the appointment of such sub-processor, including details of the processing to be undertaken by the sub-processor. You have ten (10) working days from the receipt of that notice to notify us in writing of any objections to the proposed appointment.

​

The arrangement between us and its sub-processor will be regulated by means of a contract to ensure that sub-processor performs its obligations and that an adequate level of protection is provided to your personal data.  A “sub-processor" means any person (including any third party but excluding an employee of tenderspace) appointed by or on behalf of tenderspace to process personal data on behalf of tenderspace in connection with the provision of our service.

​

In case of any personal data breach, we will notify you without undue delay upon such time that we or our sub-processor become aware of a personal data breach with a description of the nature of the personal data breach and shall provide assistance as may be required in terms of law. “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

​

It is being agreed that we shall allow and contribute to audits and, make available information to yourself within one (1) month following a written request by yourself on such date and time provided by us, for the purposes of demonstrating compliance in relation to the processing of your personal data by us.

​

In furtherance of such legal obligations, and within the strict limitations and scope of the Data Protection Act and EU General Data Protection Regulation (Regulation 2016/679), we may process personal data not obtained from yourself.