TenderLift

Privacy Policy

Last updated: 10. September 2025

Data Controller

Ruzicic IT
Company ID: CHE-354.595.375
Via al Mulin 1
6803 Camignolo TI, Switzerland
Email: privacy@tenderlift.ch

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, password (encrypted), name
  • Company Information: Company name, UID from ZEFIX, canton, industry
  • Preferences: CPV codes, tender categories, notification settings
  • Communications: Support emails, feedback, feature requests

1.2 Information from Public Sources

  • ZEFIX Data: Company registration details, address, legal form
  • SIMAP Data: Public tender information relevant to your company

1.3 Automatically Collected Information

  • Usage Data: Features used, searches performed, tenders viewed
  • Technical Data: IP address (for security), browser type, device information
  • Essential Cookies: Session management, security tokens, language preference (see section 4)

2. Legal Basis for Processing

We process your data based on:

  • Contract Performance (Art. 31 para. 1 lit. a revFADP / Art. 6(1)(b) GDPR): To provide our tender matching services
  • Legitimate Interests (Art. 31 para. 1 lit. a revFADP / Art. 6(1)(f) GDPR): For security, fraud prevention, and service improvements
  • Consent (Art. 31 para. 1 lit. a revFADP / Art. 6(1)(a) GDPR): For marketing communications (if you opt-in)
  • Legal Obligations (Art. 31 para. 1 lit. b revFADP / Art. 6(1)(c) GDPR): Swiss accounting and tax requirements

3. How We Use Your Information

  • Match relevant tenders to your company profile
  • Send tender alerts and deadline reminders
  • Provide AI-powered tender summaries and analysis
  • Process payments and manage subscriptions
  • Send service updates and important notices
  • Send marketing communications (only with your consent)
  • Improve our services through aggregated analytics
  • Ensure platform security and prevent abuse
  • Comply with legal and regulatory requirements

4. Cookies and Tracking

We use only essential cookies required for functionality:

  • __cf_bm: Cloudflare bot protection (30 minutes)
  • __session: Authentication state (session only)
  • locale: Language preference (1 year)

We use Cloudflare Web Analytics for cookie-less, privacy-preserving analytics. No personal data is collected or stored through analytics.

5. Data Sharing

5.1 Service Providers

We share data with these processors under data processing agreements:

  • Cloudflare: Infrastructure, security, and analytics (EU/US)
  • PlanetScale: Database hosting (US, SOC 2 compliant)
  • Stripe: Payment processing (when implemented)

5.2 Legal Requirements

We may disclose data when required by law, court order, or Swiss authorities.

5.3 Business Transfers

In case of merger or acquisition, data may be transferred with appropriate protections.

6. International Data Transfers

For transfers outside Switzerland/EU:

  • EU: Adequacy decision ensures equivalent protection
  • US: Standard Contractual Clauses and additional safeguards
  • Data Privacy Framework certification for US processors

7. Data Retention

  • Account Data: Duration of account plus 30 days
  • Financial Records: 10 years (Swiss OR Art. 957)
  • Support Communications: 2 years
  • Technical Logs: 90 days
  • Marketing Consent: Until withdrawn or 3 years inactive

8. Your Rights

Under Swiss revFADP and EU GDPR, you have the right to:

  • Access: Request a copy of your personal data (Art. 25 revFADP / Art. 15 GDPR)
  • Rectification: Correct inaccurate data (Art. 32 para. 1 revFADP / Art. 16 GDPR)
  • Erasure: Delete your data where legally permitted (Art. 17 GDPR)
  • Restriction: Limit processing of your data (Art. 18 GDPR)
  • Portability: Receive your data in machine-readable format (Art. 28 revFADP / Art. 20 GDPR)
  • Object: Oppose processing for direct marketing (Art. 30 revFADP / Art. 21 GDPR)
  • Withdraw Consent: Revoke consent at any time

To exercise these rights, contact: privacy@tenderlift.ch

9. Data Security

We implement appropriate technical and organizational measures:

  • Encryption in transit (TLS 1.3) and at rest
  • Regular security assessments and updates
  • Access controls and authentication
  • Incident response procedures
  • Employee data protection training

10. Children's Privacy

Our services are not intended for individuals under 16. We do not knowingly collect data from children. If you believe we have collected data from a child, please contact us immediately.

11. Automated Decision-Making

We use AI for tender matching and summarization, but all significant decisions (like account suspension) involve human review. You can request human review of any automated decision affecting you.

12. Supervisory Authorities

You have the right to lodge a complaint with:

  • Switzerland: Federal Data Protection and Information Commissioner (FDPIC)
    Website: www.edoeb.admin.ch
  • EU: Your local data protection authority

13. Updates to This Policy

We will notify you of material changes via email or prominent notice on our platform. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy questions or to exercise your rights:
Email: privacy@tenderlift.ch
Response Time: Within 30 days