Data Controller

TedRadar is currently in pre-commercial phase. This privacy policy will be updated with full business registration details upon commercial launch.

Copyright Notice:
TedRadar reserves all copyrights for the use of published material, in accordance with the applicable legal regulations of the Republic of Croatia. Texts and other materials may not be published, sold, publicly or privately disclosed, or otherwise used without the prior consent of TedRadar.

Preamble

TedRadar respects your privacy and is committed to protecting your personal data. The collection and storage of data are performed in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Personal Data Protection Act of the Republic of Croatia.

Data Covered by This Privacy Policy

The following types of data may be collected and protected:

Name and surname
E-mail address
Other data you voluntarily provide and wish to keep confidential
Technical information collected automatically through analytics tools (see below)

Team and Collaboration Data

When you create or join teams, we collect:

Team membership information and roles (Owner, Admin, Member)
Team display names and descriptions
Company configuration data for AI features

Tender Monitoring Data

For providing our core services, we process:

Search profile configurations (industries, regions, value filters)
Tender match history and status tracking
Watchlist preferences and notifications
CPV (Common Procurement Vocabulary) code selections etc

Purpose of Data Collection

All data collected by TedRadar is used solely for the following purposes:

Responding to your inquiries as efficiently as possible
Providing the requested services
Internal statistical data processing and website performance monitoring
Sending publications, brochures, and other promotional materials

TedRadar guarantees that the collected data will be used exclusively for the purposes listed above. By providing your personal data through any form of communication, you give your explicit consent for TedRadar to contact you for the aforementioned purposes. If you do not wish to be contacted, you must inform TedRadar in writing.

Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract Performance (Article 6(1)(b))

Account creation and authentication
Providing tender monitoring services
Team management features
Processing search profiles and notifications
Delivering subscriptions and service features

Legitimate Interest (Article 6(1)(f))

Website analytics (Umami) - Our legitimate interest: improving service quality and user experience
Error monitoring (Sentry) - Our legitimate interest: maintaining service reliability and fixing bugs
Security and fraud prevention - Our legitimate interest: protecting our systems and users
Service optimization and performance monitoring

Consent (Article 6(1)(a))

Marketing communications and newsletters (you can unsubscribe anytime)
Non-essential email notifications
Optional features you explicitly opt into

Legal Obligation (Article 6(1)(c))

Tax and accounting records retention (when applicable)
Compliance with Croatian and EU data protection laws
Responding to lawful requests from authorities

You can object to processing based on legitimate interest at any time by contacting contact@tedradar.eu.

Data Provision Requirements

Mandatory Data (Required for Service)

The following data is mandatory to use our services:

Email address - Required for account creation, authentication, and important service notifications
Password - Required for account security
Search preferences - Required to provide relevant tender matches

If you do not provide this mandatory data, we cannot create your account or provide our core tender monitoring services.

Optional Data

The following data is optional and helps improve your experience:

Company name - Improves tender matching accuracy
Team display names - Helps organize your workspace
Industry preferences - Enhances AI-powered tender recommendations
Additional company details - Improves matching precision
Profile information - Personalizes your account

You can use our core services without providing optional data, though some features may be limited or less personalized.

Automated Decision-Making and Profiling

We use automated systems to enhance our services:

What We Do:

Tender matching: Our system automatically matches tenders to your search profiles and preferences
Relevance scoring: Algorithms rank tenders based on your configured criteria
Notification prioritization: Automated systems determine which tender notifications to send based on your settings

What We Don't Do:

No automated legal decisions: We do not make automated decisions that produce legal effects or similarly significantly affect you without human oversight
No profiling for marketing: We do not create detailed behavioral profiles of you for marketing purposes
Full user control: You maintain complete control over which tenders to pursue, ignore, or save
Human oversight: Critical account decisions (suspensions, payment disputes, access restrictions) always involve human review

Your Rights:

You can request human review of any automated matching decision
You can adjust or disable automated notifications in your account settings
You can contact us at contact@tedradar.eu with questions about how automated systems affect you

Our automated systems are designed to help you, not make decisions for you. You always have the final say.

Analytics and Cookies

We use limited cookies that are strictly necessary for the service to function, such as authentication/session cookies and the language preference cookie (NEXT_LOCALE). These cookies are required to provide the service and do not require consent.

Umami Analytics

We use Umami Analytics, a privacy-focused, GDPR-compliant analytics solution, to understand how visitors use our website. Umami collects only aggregated, non-personal data such as:

Pages visited and referrers
Browser type and version
Device type and operating system
Country-level location data
Website performance metrics

Privacy features:

No cookies: Umami does not use cookies or tracking technologies
No personal data: IP addresses are not stored; no personally identifiable data is collected
GDPR-aligned: Designed for GDPR, CCPA, and PECR compliance
Aggregated analytics: Data is anonymized and cannot be traced to individual users
EU hosting: Analytics data is stored on EU servers

Because Umami does not collect personal data or use cookies, consent is not required under GDPR Article 6(1)(f) (legitimate interest in improving our services).

More information: Umami Privacy Policy

Third-Party Service Providers (Data Processors)

Under GDPR Article 28, we are required to disclose third-party service providers (data processors) that process personal data on our behalf. We only work with processors that provide sufficient guarantees of GDPR compliance.

Stack Auth (Authentication)

We use Stack Auth for user authentication and account management. Stack Auth may collect:

Account creation and login data
Team membership information
Authentication tokens and session data

More information can be found in Stack Auth's documentation:

Stack Auth Privacy Policy

Sentry (Error Monitoring)

We use Sentry to monitor application errors and performance. This service collects:

Error logs and stack traces
Device and browser information
User interaction data related to errors

More information can be found in Sentry's policies:

Sentry Privacy Policy

Brevo (Email Communications)

We use Brevo for sending email notifications and communications. This service may process:

Email addresses for delivery
Email open and click tracking data
Delivery status information

More information can be found in Brevo's policies:

Brevo Privacy Policy

Hetzner (Hosting Provider)

Our application infrastructure is hosted on Hetzner servers located in Germany (EU). Hetzner processes technical data necessary for service delivery:

Server logs and access data
Backup and redundancy data
Network traffic data

More information: Hetzner Data Privacy

Data Security and Storage

TedRadar implements industry-standard security measures to protect your personal data:

Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
Access Controls: Data access is restricted to authorized personnel on a need-to-know basis
Regular Security Audits: We conduct periodic security assessments and penetration testing
Data Minimization: We collect only the minimum data necessary for our services
EU-based Hosting: Our services are hosted on Hetzner servers in Germany, ensuring compliance with EU data protection standards

International Data Transfers

When we transfer data outside the EU/EEA, we ensure adequate protection through:

Standard Contractual Clauses: Approved by the European Commission
Adequacy Decisions: For countries with adequate data protection levels
Your Consent: Where required for specific transfers

Our primary data processing occurs within the EU/EEA:

Hosting: Hetzner (Germany)
Analytics: Umami (EU servers)
Database: Within EU/EEA region

Data transfers to third-party service providers outside the EU (such as Stack Auth, Sentry, and Brevo) are protected by Standard Contractual Clauses and appropriate safeguards.

Data Retention

TedRadar:

Does not sell, rent, or disclose your e-mail address or other data to third parties without your consent
Adheres to a strict “no spam” policy
Is not liable for unintentional breaches due to force majeure or unforeseen circumstances but commits to remedy such situations as quickly as possible

Updating Your Data

You may contact us at any time to:

Access your personal data
Update or correct your data
Request deletion of your data

Until you notify us otherwise, we will continue to use the most recently provided data for the stated purposes.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Retained for the duration of your active account
Team Data: Retained while team exists and for 3 years after team dissolution
Search Profiles & Tender Data: Retained for service provision duration
Communication Data: Retained for up to 2 years after last interaction
Legal Requirements: Data may be retained longer if required by law or for legitimate business purposes

You may request deletion of your data at any time, subject to legal retention requirements.

Your Data Subject Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we process your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at contact@tedradar.eu. We will respond within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Croatian Data Protection Authority (AZOP)

Agencija za zaštitu osobnih podataka
Selska cesta 136
10000 Zagreb, Croatia

Phone: +385 1 4609 000
Email: azop@azop.hr
Website: https://azop.hr

EU Data Protection Authorities

If you're in another EU country, you can contact your local data protection authority. A complete list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Exercising Your Data Subject Rights

You can exercise your GDPR rights through our application:

Access & Portability: Download your data via account settings
Rectification: Update your profile information directly
Erasure: Delete your account and associated data
Restriction: Pause data processing by disabling notifications
Objection: Opt-out of marketing communications

For rights requiring manual processing, contact us at contact@tedradar.eu with "GDPR Request" in the subject line.

Data Breach Notification

In the event of a data breach affecting your personal data, we will:

Notify you within 72 hours of becoming aware of the breach
Provide information about the nature of the breach and potential impacts
Recommend protective measures you can take
Report the breach to relevant supervisory authorities as required by law

Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for website functionality, authentication, and security (including Stack Auth session cookies and Next.js functional cookies)
No Analytics Cookies: We use Umami Analytics which does not require cookies
Marketing Cookies: Not currently used (future use would require consent)

We use privacy-friendly tracking technology:

Umami Analytics: Cookie-free, GDPR-compliant analytics that collects only aggregated, non-personal data for website performance monitoring

You can manage your essential cookie preferences through your browser settings. Note that disabling essential cookies may affect website functionality.

Privacy Policy Scope

TedRadar:

Does not sell, rent, or disclose your e-mail address or other data to third parties without your consent
Adheres to a strict "no spam" policy
Is not liable for unintentional breaches due to force majeure or unforeseen circumstances but commits to remedy such situations as quickly as possible

Updating Your Data

By completing any form on this website, you confirm that:

The submitted data is accurate
You are legally capable of entering into contracts
You are authorized to share the provided data
You consent to the use and collection of your data in accordance with this Privacy Policy and applicable laws

Transparency

If we make any changes to this Privacy Policy, they will be published on this page to ensure continuous access and transparency.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information)
Right to Non-Discrimination: Protection against discriminatory treatment for exercising your CCPA rights

To exercise these rights, contact us at contact@tedradar.eu with "CCPA Request" in the subject line.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete such information promptly.

Additional Information

By using our website, you confirm that you have read and agreed to this Privacy Policy.

If you have any questions, concerns, or comments regarding our policy, please contact us at:
📧 contact@tedradar.eu

Data Controller

TedRadar
Email: contact@tedradar.eu

TedRadar is currently in pre-commercial phase. This privacy policy will be updated with full business registration details upon commercial launch.

Preamble

Data Covered by This Privacy Policy

The following types of data may be collected and protected:

Name and surname
E-mail address
Other data you voluntarily provide and wish to keep confidential
Technical information collected automatically through analytics tools (see below)

Team and Collaboration Data

When you create or join teams, we collect:

Team membership information and roles (Owner, Admin, Member)
Team display names and descriptions
Company configuration data for AI features

Tender Monitoring Data

For providing our core services, we process:

Search profile configurations (industries, regions, value filters)
Tender match history and status tracking
Watchlist preferences and notifications
CPV (Common Procurement Vocabulary) code selections etc

Purpose of Data Collection

All data collected by TedRadar is used solely for the following purposes:

Responding to your inquiries as efficiently as possible
Providing the requested services
Internal statistical data processing and website performance monitoring
Sending publications, brochures, and other promotional materials

Legal Basis for Data Processing

We process your personal data based on the following legal grounds under GDPR Article 6:

Contract Performance (Article 6(1)(b))

Account creation and authentication
Providing tender monitoring services
Team management features
Processing search profiles and notifications
Delivering subscriptions and service features

Legitimate Interest (Article 6(1)(f))

Website analytics (Umami) - Our legitimate interest: improving service quality and user experience
Error monitoring (Sentry) - Our legitimate interest: maintaining service reliability and fixing bugs
Security and fraud prevention - Our legitimate interest: protecting our systems and users
Service optimization and performance monitoring

Consent (Article 6(1)(a))

Marketing communications and newsletters (you can unsubscribe anytime)
Non-essential email notifications
Optional features you explicitly opt into

Legal Obligation (Article 6(1)(c))

Tax and accounting records retention (when applicable)
Compliance with Croatian and EU data protection laws
Responding to lawful requests from authorities

You can object to processing based on legitimate interest at any time by contacting contact@tedradar.eu.

Data Provision Requirements

Mandatory Data (Required for Service)

The following data is mandatory to use our services:

Email address - Required for account creation, authentication, and important service notifications
Password - Required for account security
Search preferences - Required to provide relevant tender matches

If you do not provide this mandatory data, we cannot create your account or provide our core tender monitoring services.

Optional Data

The following data is optional and helps improve your experience:

Company name - Improves tender matching accuracy
Team display names - Helps organize your workspace
Industry preferences - Enhances AI-powered tender recommendations
Additional company details - Improves matching precision
Profile information - Personalizes your account

You can use our core services without providing optional data, though some features may be limited or less personalized.

Automated Decision-Making and Profiling

We use automated systems to enhance our services:

What We Do:

Tender matching: Our system automatically matches tenders to your search profiles and preferences
Relevance scoring: Algorithms rank tenders based on your configured criteria
Notification prioritization: Automated systems determine which tender notifications to send based on your settings

What We Don't Do:

No automated legal decisions: We do not make automated decisions that produce legal effects or similarly significantly affect you without human oversight
No profiling for marketing: We do not create detailed behavioral profiles of you for marketing purposes
Full user control: You maintain complete control over which tenders to pursue, ignore, or save
Human oversight: Critical account decisions (suspensions, payment disputes, access restrictions) always involve human review

Your Rights:

You can request human review of any automated matching decision
You can adjust or disable automated notifications in your account settings
You can contact us at contact@tedradar.eu with questions about how automated systems affect you

Our automated systems are designed to help you, not make decisions for you. You always have the final say.

Analytics and Cookies

Umami Analytics

We use Umami Analytics, a privacy-focused, GDPR-compliant analytics solution, to understand how visitors use our website. Umami collects only aggregated, non-personal data such as:

Pages visited and referrers
Browser type and version
Device type and operating system
Country-level location data
Website performance metrics

Privacy features:

No cookies: Umami does not use cookies or tracking technologies
No personal data: IP addresses are not stored; no personally identifiable data is collected
GDPR-aligned: Designed for GDPR, CCPA, and PECR compliance
Aggregated analytics: Data is anonymized and cannot be traced to individual users
EU hosting: Analytics data is stored on EU servers

Because Umami does not collect personal data or use cookies, consent is not required under GDPR Article 6(1)(f) (legitimate interest in improving our services).

More information: Umami Privacy Policy

Third-Party Service Providers (Data Processors)

Stack Auth (Authentication)

We use Stack Auth for user authentication and account management. Stack Auth may collect:

Account creation and login data
Team membership information
Authentication tokens and session data

More information can be found in Stack Auth's documentation:

Stack Auth Privacy Policy

Sentry (Error Monitoring)

We use Sentry to monitor application errors and performance. This service collects:

Error logs and stack traces
Device and browser information
User interaction data related to errors

More information can be found in Sentry's policies:

Sentry Privacy Policy

Brevo (Email Communications)

We use Brevo for sending email notifications and communications. This service may process:

Email addresses for delivery
Email open and click tracking data
Delivery status information

More information can be found in Brevo's policies:

Brevo Privacy Policy

Hetzner (Hosting Provider)

Our application infrastructure is hosted on Hetzner servers located in Germany (EU). Hetzner processes technical data necessary for service delivery:

Server logs and access data
Backup and redundancy data
Network traffic data

More information: Hetzner Data Privacy

Data Security and Storage

TedRadar implements industry-standard security measures to protect your personal data:

Encryption: All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption
Access Controls: Data access is restricted to authorized personnel on a need-to-know basis
Regular Security Audits: We conduct periodic security assessments and penetration testing
Data Minimization: We collect only the minimum data necessary for our services
EU-based Hosting: Our services are hosted on Hetzner servers in Germany, ensuring compliance with EU data protection standards

International Data Transfers

When we transfer data outside the EU/EEA, we ensure adequate protection through:

Standard Contractual Clauses: Approved by the European Commission
Adequacy Decisions: For countries with adequate data protection levels
Your Consent: Where required for specific transfers

Our primary data processing occurs within the EU/EEA:

Hosting: Hetzner (Germany)
Analytics: Umami (EU servers)
Database: Within EU/EEA region

Data transfers to third-party service providers outside the EU (such as Stack Auth, Sentry, and Brevo) are protected by Standard Contractual Clauses and appropriate safeguards.

Data Retention

TedRadar:

Does not sell, rent, or disclose your e-mail address or other data to third parties without your consent
Adheres to a strict “no spam” policy
Is not liable for unintentional breaches due to force majeure or unforeseen circumstances but commits to remedy such situations as quickly as possible

Updating Your Data

You may contact us at any time to:

Access your personal data
Update or correct your data
Request deletion of your data

Until you notify us otherwise, we will continue to use the most recently provided data for the stated purposes.

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

Account Data: Retained for the duration of your active account
Team Data: Retained while team exists and for 3 years after team dissolution
Search Profiles & Tender Data: Retained for service provision duration
Communication Data: Retained for up to 2 years after last interaction
Legal Requirements: Data may be retained longer if required by law or for legitimate business purposes

You may request deletion of your data at any time, subject to legal retention requirements.

Your Data Subject Rights (GDPR)

Under GDPR, you have the following rights regarding your personal data:

Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate or incomplete data
Right to Erasure: Request deletion of your data ("right to be forgotten")
Right to Restrict Processing: Limit how we process your data
Right to Data Portability: Receive your data in a structured format
Right to Object: Object to processing based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us at contact@tedradar.eu. We will respond within 30 days.

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Croatian Data Protection Authority (AZOP)

Agencija za zaštitu osobnih podataka
Selska cesta 136
10000 Zagreb, Croatia

Phone: +385 1 4609 000
Email: azop@azop.hr
Website: https://azop.hr

EU Data Protection Authorities

If you're in another EU country, you can contact your local data protection authority. A complete list is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Exercising Your Data Subject Rights

You can exercise your GDPR rights through our application:

Access & Portability: Download your data via account settings
Rectification: Update your profile information directly
Erasure: Delete your account and associated data
Restriction: Pause data processing by disabling notifications
Objection: Opt-out of marketing communications

For rights requiring manual processing, contact us at contact@tedradar.eu with "GDPR Request" in the subject line.

Data Breach Notification

In the event of a data breach affecting your personal data, we will:

Notify you within 72 hours of becoming aware of the breach
Provide information about the nature of the breach and potential impacts
Recommend protective measures you can take
Report the breach to relevant supervisory authorities as required by law

Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

Essential Cookies: Required for website functionality, authentication, and security (including Stack Auth session cookies and Next.js functional cookies)
No Analytics Cookies: We use Umami Analytics which does not require cookies
Marketing Cookies: Not currently used (future use would require consent)

We use privacy-friendly tracking technology:

Umami Analytics: Cookie-free, GDPR-compliant analytics that collects only aggregated, non-personal data for website performance monitoring

You can manage your essential cookie preferences through your browser settings. Note that disabling essential cookies may affect website functionality.

Privacy Policy Scope

TedRadar:

Does not sell, rent, or disclose your e-mail address or other data to third parties without your consent
Adheres to a strict "no spam" policy
Is not liable for unintentional breaches due to force majeure or unforeseen circumstances but commits to remedy such situations as quickly as possible

Updating Your Data

By completing any form on this website, you confirm that:

The submitted data is accurate
You are legally capable of entering into contracts
You are authorized to share the provided data
You consent to the use and collection of your data in accordance with this Privacy Policy and applicable laws

Transparency

If we make any changes to this Privacy Policy, they will be published on this page to ensure continuous access and transparency.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know: Request information about the categories and specific pieces of personal information we collect, use, and disclose
Right to Delete: Request deletion of your personal information
Right to Opt-Out: Opt-out of the sale of your personal information (we do not sell personal information)
Right to Non-Discrimination: Protection against discriminatory treatment for exercising your CCPA rights

To exercise these rights, contact us at contact@tedradar.eu with "CCPA Request" in the subject line.

Children's Privacy

Additional Information

By using our website, you confirm that you have read and agreed to this Privacy Policy.

If you have any questions, concerns, or comments regarding our policy, please contact us at:
📧 contact@tedradar.eu