Information about personal data processing
Declaration of Personal Data Processing
| National Electronic Tool (NEN) | |
|---|---|
| Data controller | Ministry of Regional Development Staroměstské náměstí 932/6, Staré Město, 110 00 Praha Organization ID Number: 66002222 Data Box: 26iaava Email: gdpr@mmr.cz |
| Scope of data processing | The IS NEN processes so-called structured data. Unstructured data in procurement documents, invitations to tender, tenderers' submissions etc. are no longer processed in IS NEN to the extent defined by the GDPR Regulation. This unstructured data is used exclusively by the contracting authority and is only being stored in the NEN. NEN shall ensure the security of these documents. It does not carry out any content processing on them. The information system stores the following structured data about the data subject (natural entrepreneur, private person, any system user):
|
| Purpose of data processing | Fulfillment of legislative requirements regarding public procurement according to Act 134/2016 Coll. on public procurement and related decrees to the Fulfillment of requirements for ensuring cyber security according to relevant legislation. |
| Lawful grounds for personal data processing |
|
| Recipient of personal data | Contracting Authorities
Registration of the Data Subjects in the NEN ISRegistration to IS NEN is carried out in the name of a legal entity or a natural entrepreneur..
Managing User AccountsThe accounts are managed by a natural person.
|
| Intention to transfer personal data to a third county or international organization | The data processor does not intend to transfer personal data to a third country or an international organization. |
| Storage duration of personal data | The storage duration of personal data is governed by Act No. 134/2016 Coll. - Act on Public Procurement and subsequently by the filing and shredding rules of each contracting authority. |
| Right to request access to personal data | The data subject can view their own processed personal data in the user account details. |
| Right to request correction of personal data | The data subject may correct its own personal data independently. |
| Right to request deletion of personal data | The right to data erasure does not apply to those data subjects who have implemented, administered or otherwise worked with a specific public procurement in the NEN. |
| Right to request restriction of processing of personal data | This right is not valid because the processing of personal data is based on a legal requirement. |
| Right to object to the processing of personal data | This right is not valid because the processing of personal data is based on a legal requirement. |
| Right to transferability of personal data | This right is not valid because the processing of personal data is based on a legal requirement. |
| Right to withdraw consent to the processing of personal data | Consent to the processing of personal data cannot be withdrawn. Personal data is processed on the basis of a legal requirement, not on the basis of consent given by the data subject. |
| Right to file a complaint with the supervisory authority | The data subject has the right to file a complaint with the Office for Personal Data Protection. |
| Obligation to provide personal data and consequences of failure to provide | The processing of personal data results from the legal requirement mentioned above, and is not subject to consent of the data subject. However, the data subject must provide some personal data himself in the context of his identification. In the event of failure to provide the relevant data and the resulting failure to identify the data subject, the data subject will not be allowed to log in as a user of the NEN IS. |
| Automated decision-making and profiling of personal data | There is no automated individual decision-making or profiling of personal data. |
| Other purposes for processing of personal data | Personal data are not processed for purposes other than the above-mentioned purpose of processing personal data. |
Cookies
In order for the site to function properly, it is sometimes necessary to place small data files, known as cookies, on your device.
What are cookies?
Cookies are small text files that websites store on your computer or mobile device when you start using the website. This way, the website remembers your preferences and actions you take on the website (such as login details, language, font size and other display preferences) so that you do not have to re-enter these details and jump from one page to another.
| Title | Recommendations | Expiration | Who has access to the information (us or a third party) | Description | Category |
|---|---|---|---|---|---|
| NEN.client.Session | Do not block, the page would not be functional | Session | NEN | Designed to store the session when working on the public part of the NEN. | Essential functional |
| BIGipServer* | Do not block, the page would not be functional | 8 hours | NEN | Specifies to which web server the communication will be routed. | Essential functional |
| XSRF-TOKEN | Do not block, the page would not be functional | Session | NEN | Cookie to prevent XSRF attack (cross site request forgery) | Essential functional |
| XSRF-TOKEN-Client | Do not block, the page would not be functional | Session | NEN | Cookie to prevent XSRF attack (cross site request forgery) | Essential functional |
| *MW-FARM* | Do not block, the page would not be functional | Session | NEN | Specifies the web server to which communication will be routed when working with the authorized part of NEN. | Essential functional |
| PRODMW* | Do not block, the page would not be functional | Session | NEN | Designed to save the session when logging in and working in the authorized part of NEN. | Essential functional |
| tSW.spu.NEN | Do not block, the page would not be functional | Session | NEN | A technical cookie that allows you to work with links to download a document. | Essential functional |
| ai_session | Blocking is possible | 30 minutes | Microsoft Azure | It is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits. | Statistical and performance |
| ai_user | Blocking is possible | 1 year | Microsoft Azure | It is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits. | Statistical and performance |
| tSW.lang.NEN | Blocking is not recommended | NEN | It is used to store the preferred language in the authorized part of NEN. | Preferences | |
| Language | Blocking is not recommended | 1 year | NEN | Automatically sets the language of the website according to the browser language settings, with the possibility to change it. | Preferences |
| UserCookiesSettings | Blocking is not recommended | 1 year | NEN | It is used to save the settings for the use of cookies. | Preferences |
| glide_session_store | Blocking is not recommended | 1 Hour | ServiceNow | To preserve the session when moving customers from one node to another, 'glide_session_store' has been added. Enabling this will ensure that its users will not be logged out when they are transfered from one datacenter to another. | Essential functional |
| glide_user_activity | Blocking is not recommended | Session | ServiceNow | This cookie prevents an active user, who has not signed up for the 'Remember Me' option, from logging out. It periodically refreshes when the user is active during the session. This cookie is not part of any authentication or login mechanism. Its presence is only to detect if there is any activity on the users side so that the session does not lock the user out during an active session. This will help the server to recover the session. This item does not present any security issue. | Essential functional |
| JSESSIONID | Blocking is not recommended | Session | ServiceNow | The 'JSESSIONID' cookie is a session created by the application when the user first logs into the application, and is created by the underlying server to preserve the attributes of the user session. | Essential functional |
| BIGipServerpool_mmrprod | Blocking is not recommended | Session | ServiceNow | The security attribute for this cookie has been implemented on the ServiceNow BigIP load balancing tools. The BigIP cookie is used for load balancing decisions and absolutely no customer data is published. | Essential functional |
| glide_user_route | Blocking is not recommended | 1 year | ServiceNow | The glide_user_route cookie defines which application server (or node) in the cluster you are going to so it remains consistent unless otherwise routed/redirected from the load balancer. In short, it controls the persistence of nodes. | Essential functional |
We use third party cookies to help us improve or promote the National Electronic Tool. At the same time, we do not send the content of the viewed pages to these parties in any way. Similarly, it is not technically possible to identify a specific user of the National Electronic Tool through any third-party cookies.
Application insights (cookie name: ai_user, ai_session) are used to collect statistical data about the use of the website. The cookie stores a unique identifier to recognize users on repeated visits (description of how Application insights works).
The NIPEZ Central ServiceDesk is used to display operational information and news content, FAQs, operating rules, manuals, the NEN chatbot, tutorial, registrations and the operational information subscription function.
Cookie settings
When you visit our website we use the following types of cookies. You can choose whether you consent to all of them or just a selection. You can change here your previously given consent at any time.