Company name: mytender.io
Date of issue: 20.02.2024
Last Revised: 18.07.2024
mytender.io operates in accordance with the European personal data protection regulations and ensures full compliance with the obligations set forth, as well as implementing the security measures detailed in the General Data Protection Regulation (GDPR) (EU) 2016/679, of 27th April, and Law 3/2018, of 5th December, on Data Protection and Digital Rights (LOPD and GDD, hereinafter LOPD), Service Organisation Control (SOC) 2 Report and ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements ( ISO 27001). Further to this, mytender.io's hosting is certified through Secure Sockets Layer (SSL) ensuring data encryption, and the containment of the website's public key and identity, along with related information. mytender.io employs a Data Protection Officer (DPO) with approved training from GDPR and accredited by the International Institute of Risk and Safety Management (IIRSM) and Continuing Professional Development (CPD).
At mytender.io we pledge to maintain the highest standards of data protection and to be transparent about our practices. Our Customers and partners trust not only to enhance their RFPs but also to protect their most sensitive information. We do not take this trust lightly. mytender.io is dedicated to upholding this trust every day, in every transaction, and throughout every aspect of our business.
At mytender.io the following information is collected: Names, Login Credentials, Contact information, Text input, Multimedia Files, Electronic Communications, Engagement Data, Device Identifiers, Professional and Employment related information
For mytender.io, the consent process for data collection is a cornerstone of our commitment to transparency, privacy, and user empowerment. As Users upload information to our database, we ensure the process is governed by clear, ethical, and legal standards that respect user autonomy and comply with GDPR.
Before users upload information, mytender.io provides detailed information about the types of data we collect, the purposes for which it is used, how it is stored and protected, and with whom it may be shared. This information is presented in clear, accessible language through our Privacy Policy.
mytender.io requires explicit consent from users before collecting any data. This consent is obtained through clear, affirmative action, such as checking a box or clicking a button that says "I agree" to the terms presented.
Users can easily withdraw their consent at any time through their account settings or by contacting mytender.io directly to which all user data will be erased within 7 days of contract expiry or termination.
Recognising the importance of protecting minors, only people over the age of 14 may provide personal data on this website. As required by the Organic Law on Data Protection and Guarantee of Data Rights, in the case of minors under 14 years of age, the consent of their parents or guardians will be a compulsory condition for us to process their personal data. On the other hand, only people over 18 years old can hire our services. In the case of minors under 18 years of age, the consent of their parents or legal guardians will be a mandatory condition for us to provide the services offered, unless the minor is emancipated.
The Consent Process and Privacy Policy explicitly state how mytender.io will use the collected data, including for improving our services, personalising user experiences, and other specified legitimate purposes. We also describe the circumstances under which data may be shared with third parties, ensuring it aligns with user consent and applicable laws.
mytender.io maintains open communication with users about any changes to our data collection practices or policies. Users are informed of significant changes and may be required to provide new consent if the nature of data collection or use changes substantially.
mytender.io employs state-of-the-art encrypted databases for secure storage solutions, ensuring that all user data uploaded to our platform is protected through advanced encryption techniques. This approach guarantees that sensitive information remains confidential and accessible only to authorised personnel, safeguarding user privacy and enhancing data security across our AI proposal writing services.
mytender.io, ensuring the security and integrity of our customer and partner data is paramount. To achieve this, we implement stringent data access controls within our encrypted database environment, focusing on role-based access control.
Access to data within mytender.io's systems is strictly managed based on the principle of least privilege. Employees and system users are granted access rights solely to the information necessary for their specific roles and responsibilities. This minimises potential internal threats and ensures that sensitive information is only accessible to authorised personnel.
Roles and permissions are regularly reviewed and adjusted to reflect changes in job functions or projects. This dynamic approach to access management ensures that access rights are always aligned with current needs and potential security risks are reduced.
myender.io uses the services of Salesforce to provide the contracted online software, Namecheap for web hosting, Calendly to arrange briefings, and Hubspot for customer management, all of which are based in the United States. Standard contractual clauses approved by the European Commission have been signed with these entities to ensure adequate safeguards for the processing of your personal data, under the criteria set out in the GDPR.
mytender.io utilises industry-leading encryption methods to secure user data, including Advanced Encryption Standard (AES) and Secure Sockets Layer (SSL) encryption. AES is employed to encrypt data at rest, providing a robust security layer to protect the stored information within our databases. For data in transit, SSL encryption ensures that any information transferred between users' devices and our servers is secure, preventing unauthorised access or interception.
At mytender.io, we leverage sophisticated anomaly and intrusion detection systems to safeguard our encrypted databases and ensure the security of user data. These systems continuously monitor our network and databases for unusual activities or potential breaches, using advanced algorithms and machine-learning techniques to identify and alert our security team to any irregularities. This proactive approach allows us to swiftly respond to and mitigate potential threats, maintaining the integrity and confidentiality of our users' information within our software.
Regular security assessments and penetration testing will take place on a monthly basis with quarterly penetration testing.
The legal basis for this processing is the performance of a contract. mytender.io will not transfer or communicate your data to any third parties unless legally obliged to do so or when the provision of a service involves the need for a contractual relationship with a Data Processor.
mytender.io has an established comprehensive framework for evaluating third-party security practices, incorporating thorough due diligence and risk assessment procedures. This framework should be regularly reviewed and updated to ensure alignment with industry best practices and evolving security threats.
Disclosure practices in case of legal requests.
At mytender.io user data will be erased within 7 days of contract expiry or termination.
The User must exercise these rights himself/herself. However, they may also be exercised by a person Amazon EBS infrastructure which ensures that the devices are logically empty (that is, the raw blocks are zeroed or they contain cryptographically pseudorandom data) before any use or re-use by a customer. If you have procedures that require that all data be erased using a specific method, either after or before use (or both), such as those detailed in DoD 5220.22-M (National Industrial Security Program Operating Manual) or NIST 800-88 (Guidelines for Media Sanitization), expiry and/or cancellation.
Requested information of Users' personal data collected by contact form or by email will only be used strictly during the time necessary to fulfil the request for information, or until consent is withdrawn.
Customers' personal data will be processed until the end of the contractual relationship. The particular data retention period shall be the minimum necessary, and it may be maintained for:
Incident response, when an incident report has been submitted all directors will be informed and an intensive breakdown of the incident will be analysed, along with the use of industry specialists to resolve and prevent.
All affected and required to know via incidents or data breaches will be informed within 24 hours of the reported incident/breach.
Regular review and testing of the incident response plan will be carried out by our CPO, Josh Aaron, and our CTO, Jamie Horsnell.
mytender.io is compliant and acting in accordance with GDPR, DPA 2018, EEA, SOC2, and ISO 27001
All employees receive monthly checks and talks on data protection, cyber security, and best-use policies instructed by the CPO and training accredited by CPD (Continuing Professional Development) and IIRSM (International Institute of Risk and Safety Management)
The right to access personal data, which is the right to obtain information on whether their data is being processed, the purpose of any processing that is being developed, as well as the information available on the origin of such data and the communications made or planned thereof.
The right to rectification, where personal data are incorrect or inaccurate. The User may also request that data found to be inadequate or excessive be erased.
The right to request a restriction of processing their data, in which case said data will only be retained by mytender.io to exercise or defend claims.
The right to object: Users have the right to request that their data not be processed or that processing be ceased in cases where their consent is not necessary for processing. Users may oppose commercial prospecting files or decisions related to the person concerned that are based solely on the automatic processing of their data unless further processing is required for legitimate reasons or to exercise or defend potential claims.
The right to data portability: if the User would like their data to be processed by another company, mytender.io will provide the User with a portable copy of their data in an exportable format.
If the User grants consent for a specific purpose, they have the right to withdraw this consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Contact information for a data protection officer is Josh Aaron our CPO, josh@mytender.io
Process for submitting privacy-related requests and complaints are addressed via email to info@mytender.io
The process for updating this data sheet will be in accordance with changes in legislation and compliance. It will also be updated on a best-fit policy agreed by the company's directors. These updates will be provided to shareholders in the form of a meeting and via an email exchange.
For more understanding of our data and security policies email: josh@mytender.io
Document owner CPO Joshua Aaron
A change of history log will be stored in mytender.io's secure server