Information about personal data processing

Declaration of Personal Data Processing

National Electronic Tool (NEN)
Data controllerMinistry of Regional Development
Staroměstské náměstí 932/6, Staré Město, 110 00 Praha
Organization ID Number: 66002222
Data Box: 26iaava
Scope of data processing

The IS NEN processes so-called structured data.

Unstructured data in procurement documents, invitations to tender, tenderers' submissions etc. are no longer processed in IS NEN to the extent defined by the GDPR Regulation.

This unstructured data is used exclusively by the contracting authority and is only being stored in the NEN. NEN shall ensure the security of these documents. It does not carry out any content processing on them.

The information system stores the following structured data about the data subject (natural entrepreneur, private person, any system user):
  • Name
  • Surname
  • Title
  • Email
  • Phone number - employment
  • Address (only in case of a natural entrepreneur registration)
  • Username
  • Social Security Number
Purpose of data processingFulfillment of legislative requirements regarding public procurement according to Act 134/2016 Coll. on public procurement and related decrees to the Fulfillment of requirements for ensuring cyber security according to relevant legislation.
Lawful grounds for personal data processing
  1. Act No. 134/2016 Coll. - Public Procurement Act
  2. Decree 168/2016 Coll. - on the publication of forms for the purposes of the Public Procurement Act and the requirements of the contracting authority profile
  3. Decree 260/2016 Coll. - on the establishment of more detailed conditions concerning electronic tools, electronic acts in public procurement and the certificate of conformity
  4. Act 181/2014 Coll. on cyber security and amendments to related acts (Cyber Security Act)
  5. Decree 316/2014 Coll. on security measures, cyber security incidents, reactive measures and determining the formalities of submissions in the field of cyber security (the Cyber Security Decree)
Recipient of personal data

Contracting Authorities
Ministry of Regional Development
Provider NEN – consortium of O2 Czech Republic, s.r.o. and Tesco SW a.s.
The public and public contract tenderers

NEN receives personal data of the data subject in the following situations:
  1. registration/ data subject to the NEN IS
  2. when managing user accounts

Registration of the Data Subjects in the NEN IS

Registration to IS NEN is carried out in the name of a legal entity or a natural entrepreneur..
  • At registration, personal data are being taken from the current data of the data subject, in the Basic Registers Information System - register of persons.
  • Other data required for registration are to be filled in by the user or do not fall under personal data.
  • These data are stored in the NEN IS and subsequently published on the website
  • Contact information of the person, who is identified as the subject’s contact person during registration, is published on the same web address.
  • Creating an account gives the subject the right to create additional user accounts.
  • The data are also stored on the NEN IS resources.

Managing User Accounts

The accounts are managed by a natural person.
  • User without an account is not allowed to work in the system (the authentication module will not allow the user to log in)
  • When a natural person is entered into NEN by an authorized person (determined by the data subject), the person receives a username. The password is set by the user independently via a message, sent to the email address provided when the account was created.
  • The system further works with these user data - i.e. the user logs into the system and NEN records his activities when working with public procurement.
  • Only selected users with the appropriate authorization can see the link between the username and the 'real' name. All user actions are recorded under the user's username.
  • Data relating to the account management is not published or sent to third parties. It is only used by the contracting authorities for the purpose of controlling access to the NEN, i.e. the pairing of a username and a specific natural person is only possible via special permissions within the system.
  • Access to the personal data of any data subject is also available to persons in the role of Level 1 User Support, Level 2 User Support and System Administrator.
Intention to transfer personal data to a third county or international organizationThe data processor does not intend to transfer personal data to a third country or an international organization.
Storage duration of personal dataThe storage duration of personal data is governed by Act No. 134/2016 Coll. - Act on Public Procurement and subsequently by the filing and shredding rules of each contracting authority.
Right to request access to personal dataThe data subject can view their own processed personal data in the user account details.
Right to request correction of personal dataThe data subject may correct its own personal data independently.
Right to request deletion of personal dataThe right to data erasure does not apply to those data subjects who have implemented, administered or otherwise worked with a specific public procurement in the NEN.
Right to request restriction of processing of personal dataThis right is not valid because the processing of personal data is based on a legal requirement.
Right to object to the processing of personal dataThis right is not valid because the processing of personal data is based on a legal requirement.
Right to transferability of personal dataThis right is not valid because the processing of personal data is based on a legal requirement.
Right to withdraw consent to the processing of personal dataConsent to the processing of personal data cannot be withdrawn. Personal data is processed on the basis of a legal requirement, not on the basis of consent given by the data subject.
Right to file a complaint with the supervisory authorityThe data subject has the right to file a complaint with the Office for Personal Data Protection.
Obligation to provide personal data and consequences of failure to provideThe processing of personal data results from the legal requirement mentioned above, and is not subject to consent of the data subject. However, the data subject must provide some personal data himself in the context of his identification. In the event of failure to provide the relevant data and the resulting failure to identify the data subject, the data subject will not be allowed to log in as a user of the NEN IS.
Automated decision-making and profiling of personal dataThere is no automated individual decision-making or profiling of personal data.
Other purposes for processing of personal dataPersonal data are not processed for purposes other than the above-mentioned purpose of processing personal data.


In order for the site to function properly, it is sometimes necessary to place small data files, known as cookies, on your device.

What are cookies?

Cookies are small text files that websites store on your computer or mobile device when you start using the website. This way, the website remembers your preferences and actions you take on the website (such as login details, language, font size and other display preferences) so that you do not have to re-enter these details and jump from one page to another.

TitleRecommendationsExpirationWho has access to the information (us or a third party)DescriptionCategory
NEN.client.SessionDo not block, the page would not be functionalSessionNENDesigned to store the session when working on the public part of the NEN.Essential functional
BIGipServer*Do not block, the page would not be functional8 hoursNENSpecifies to which web server the communication will be routed.Essential functional
XSRF-TOKENDo not block, the page would not be functionalSessionNENCookie to prevent XSRF attack (cross site request forgery)Essential functional
XSRF-TOKEN-ClientDo not block, the page would not be functionalSessionNENCookie to prevent XSRF attack (cross site request forgery)Essential functional
*MW-FARM*Do not block, the page would not be functionalSessionNENSpecifies the web server to which communication will be routed when working with the authorized part of NEN.Essential functional
PRODMW*Do not block, the page would not be functionalSessionNENDesigned to save the session when logging in and working in the authorized part of NEN.Essential functional
tSW.spu.NENDo not block, the page would not be functionalSessionNENA technical cookie that allows you to work with links to download a document.Essential functional
ai_sessionBlocking is possible30 minutesMicrosoft AzureIt is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits.Statistical and performance
ai_userBlocking is possible1 yearMicrosoft AzureIt is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits.Statistical and performance
tSW.lang.NENBlocking is not recommendedNENIt is used to store the preferred language in the authorized part of NEN.Preferences
LanguageBlocking is not recommended1 yearNENAutomatically sets the language of the website according to the browser language settings, with the possibility to change it.Preferences
UserCookiesSettingsBlocking is not recommended1 yearNENIt is used to save the settings for the use of cookies.Preferences
glide_session_storeBlocking is not recommended1 HourServiceNowTo preserve the session when moving customers from one node to another, 'glide_session_store' has been added. Enabling this will ensure that its users will not be logged out when they are transfered from one datacenter to another.Essential functional
glide_user_activityBlocking is not recommendedSessionServiceNowThis cookie prevents an active user, who has not signed up for the 'Remember Me' option, from logging out. It periodically refreshes when the user is active during the session. This cookie is not part of any authentication or login mechanism. Its presence is only to detect if there is any activity on the users side so that the session does not lock the user out during an active session. This will help the server to recover the session. This item does not present any security issue.Essential functional
JSESSIONIDBlocking is not recommendedSessionServiceNowThe 'JSESSIONID' cookie is a session created by the application when the user first logs into the application, and is created by the underlying server to preserve the attributes of the user session.Essential functional
BIGipServerpool_mmrprodBlocking is not recommendedSessionServiceNowThe security attribute for this cookie has been implemented on the ServiceNow BigIP load balancing tools. The BigIP cookie is used for load balancing decisions and absolutely no customer data is published.Essential functional
glide_user_routeBlocking is not recommended1 yearServiceNowThe glide_user_route cookie defines which application server (or node) in the cluster you are going to so it remains consistent unless otherwise routed/redirected from the load balancer. In short, it controls the persistence of nodes.Essential functional

We use third party cookies to help us improve or promote the National Electronic Tool. At the same time, we do not send the content of the viewed pages to these parties in any way. Similarly, it is not technically possible to identify a specific user of the National Electronic Tool through any third-party cookies.

Application insights (cookie name: ai_user, ai_session) are used to collect statistical data about the use of the website. The cookie stores a unique identifier to recognize users on repeated visits (description of how Application insights works).

The NIPEZ Central ServiceDesk is used to display operational information and news content, FAQs, operating rules, manuals, the NEN chatbot, tutorial, registrations and the operational information subscription function.

Cookie settings

When you visit our website we use the following types of cookies. You can choose whether you consent to all of them or just a selection. You can change here your previously given consent at any time.