Information about Personal Data Processing

Declaration on Personal Data Processing

National Electronic Tool (NEN)
Administrator of personal dataMinistry of Regional Development
Staroměstské náměstí 932/6, Staré Město, 110 00 Praha
Organization ID Number: 66002222
Data Box: 26iaava
Email: gdpr@mmr.cz
Scope of data processing

In the NEN system, so-called structured data are processed.

Unstructured data in procurement documents, invitations to tender, participants' submissions, etc. are no longer processed in the NEN system to the extent defined by the GDPR Regulation.

These unstructured data are used exclusively for contracting authorities, they are only stored in the NEN system. The NEN system shall ensure the security of these documents. No content processing is performed on them.

The following structured data about the data subject (self-employed individual, private individual, any system user) are stored in the information system:
  • Name
  • Surname
  • Title
  • Email
  • Phone number - employment
  • Address (only in the case of registration of a self-employed individual)
  • Username
  • VAT number (social security number)
Purpose of data processingFulfillment of legislative requirements regarding public procurement according to Act 134/2016 Coll. on public procurement and related decrees to the Fulfillment of requirements for ensuring cyber security according to relevant legislation.
Lawful grounds for personal data processing
  1. Act No. 134/2016 Coll. - on Public Procurement
  2. Decree No. 168/2016 Coll. - on publication of forms for the purposes of the Act on Public Procurement and elements of the contracting authority profile
  3. Decree No. 260/2016 Coll. - on determining detailed conditions relating to electronic tools, electronic actions in public procurement and the certificate of conformity
  4. Act No. 181/2014 Coll. - on Cyber Security and Change of Related Acts
  5. Decree No 316/2014 Coll. - on security measures, cyber security incidents and reactive measures
Recipient of personal data

Contracting authorities
Ministry of Regional Development
NEN System Operator – consortium of O2 Czech Republic a.s. and Tesco SW a.s.
The public and participants of procurement procedures

The NEN system collects personal data of the data subject in the following situations:
  1. registration of the data subject into the NEN system
  2. during administration of user accounts

Registration of Data Subjects into the NEN System

Registration to IS NEN is carried out in the name of a legal entity or Registration into the NEN system is performed by legal entities or self-employed individuals..
  • Personal data are obtained during registration from current data about the data subject in the Information System of Basic Registers - The Basic Register of Legal and Natural Persons.
  • Other data required for registration are to be filled in by the user or do not fall under personal data.
  • These data are stored in the NEN system and subsequently published on the website https://nen.nipez.cz
  • Contact details of the person designated as the contact person for the entity during registration are published on the same web address.
  • Creating an account for the entity gives the entity the right to create additional user accounts.
  • The data are also stored on the NEN system resources.

Administration of User Accounts

The accounts are managed by a natural person.
  • A user without an established account is not allowed to work in the NEN system (the authentication module does not allow the user to log in).
  • Once a natural person is entered into the NEN system by an authorized person (determined by the data subject), this person will receive a username. The user sets their password independently, through a message received at the email provided during account creation.
  • The NEN system further works with these user data - i.e., the user logs into the NEN system and the NEN system records the user's activities when working with public contracts.
  • Only selected users with appropriate permissions can see the association between the username and the user's "real" name. All user actions are recorded under their username.
  • Data regarding account administration are not published or sent to third parties. They serve only for contracting authorities for access management purposes in the NEN system, i.e., the pairing of a username and a specific natural person can only be made through special permissions within the system.
  • Access to personal data of any data subject is also granted to individuals in the role of Level 1 and Level 2 NEN System User Support and the NEN System Administrator.
Intention to transfer personal data to a third county or international organizationThe administrator of personal data does not intend to transfer personal data to a third country or international organization.
Storage duration of personal dataThe storage duration of personal data is governed by Act No. 134/2016 Coll. - Act on Public Procurement and subsequently by the filing and shredding rules of each contracting authority.
Right of access to personal dataThe data subject can view their own processed personal data in the user account details.
Right to rectification of personal dataThe data subject may correct their personal data independently.
Right to erasure of personal dataThe right of data erasure does not apply to those data subjects who have have performed or are performing public contract administration or have worked with a specific public contract in any logged manner within the NEN system.
Right to restriction of processing of personal dataThis right is not valid because the processing of personal data is based on a legal requirement.
Right to object to the processing of personal dataThis right is not valid because the processing of personal data is based on a legal requirement.
Right to personal data portabilityThis right is not valid because the processing of personal data is based on a legal requirement.
Right to withdraw consent to the processing of personal dataConsent to the processing of personal data cannot be withdrawn. Personal data is processed on the basis of a legal requirement, not on the basis of consent given by the data subject.
Right to lodge a complaint with a supervisory authorityThe data subject has the right to file a complaint with the Personal Data Protection Office.
Obligation to provide personal data and consequences of failure to provideThe processing of personal data results from the legal requirement mentioned above, and is not subject to consent of the data subject. However, the data subject must provide some personal data himself in the context of his identification. In the event of failure to provide the relevant data and the resulting failure to identify the data subject, the data subject will not be allowed to log in as a NEN System User.
Automated decision-making and profiling of personal dataThere is no automated individual decision-making or profiling of personal data.
Other purposes for processing of personal dataPersonal data are not processed for purposes other than the above-mentioned purpose of processing personal data.

Cookies

In order for the site to function properly, it is sometimes necessary to place small data files, known as cookies, on your device.

What are cookies?

Cookies are small text files that websites store on your computer or mobile device when you start using these sites. This way, the website remember your preferences and actions you have taken on them for a certain period (e.g., login details, language, font size, and other display preferences), so you do not have to enter this data again and skip from one page to another.

TitleRecommendationsExpirationWho has access to the information (us or a third party)DescriptionCategory
NEN.client.SessionDo not block, the page would not be functionalSessionNENDesigned to store the session when working on the public part of the NEN system.Essential functional
BIGipServer*Do not block, the page would not be functional8 hoursNENSpecifies to which web server the communication will be routed.Essential functional
XSRF-TOKENDo not block, the page would not be functionalSessionNENCookie to prevent XSRF attack (cross site request forgery)Essential functional
XSRF-TOKEN-ClientDo not block, the page would not be functionalSessionNENCookie to prevent XSRF attack (cross site request forgery)Essential functional
*MW-FARM*Do not block, the page would not be functionalSessionNENSpecifies to which web server the communication will be routed when working with the authorized part of the NEN system.Essential functional
PRODMW*Do not block, the page would not be functionalSessionNENDesigned to save the session when logging in and working in the authorized part of the NEN system.Essential functional
tSW.spu.NENDo not block, the page would not be functionalSessionNENTechnical cookie enabling working with links to download documents.Essential functional
ai_sessionBlocking is possible30 minutesMicrosoft AzureIt is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits.Statistical and performance
ai_userBlocking is possible1 yearMicrosoft AzureIt is used to collect statistical data about the use of the website. The cookie stores a unique anonymous identifier to recognize users on repeated visits.Statistical and performance
tSW.lang.NENBlocking is not recommendedNENIt is used to store the preferred language in the authorized part of the NEN system.Preferences
LanguageBlocking is not recommended1 yearNENAutomatically sets the language of the website according to the browser language settings, with the possibility to change it.Preferences
UserCookiesSettingsBlocking is not recommended1 yearNENIt is used to save the settings for the use of cookies.Preferences
glide_session_storeBlocking is not recommended1 HourServiceNowTo preserve the session when moving customers from one node to another, 'glide_session_store' has been added. Enabling this will ensure that its users will not be logged out when they are transfered from one datacenter to another.Essential functional
glide_user_activityBlocking is not recommendedSessionServiceNowThis cookie prevents an active user, who has not opted for the 'Remember Me' option, from being logged out. It refreshes periodically when the user is active during the session. This cookie is not part of any authentication or login mechanism. Its presence is solely to detect if there is any activity on the user's side so that the session does not lock the user out during an active session. This helps the server to recover the session. This item does not pose any security issues.Essential functional
JSESSIONIDBlocking is not recommendedSessionServiceNowThe 'JSESSIONID' cookie is a session created by the application when the user first logs into the application, and is created by the underlying server to preserve the attributes of the user session.Essential functional
BIGipServerpool_mmrprodBlocking is not recommendedSessionServiceNowThe security attribute for this cookie has been implemented on the ServiceNow BigIP load balancing tools. The BigIP cookie is used for load balancing decisions and absolutely no customer data is published.Essential functional
glide_user_routeBlocking is not recommended1 yearServiceNowThe glide_user_route cookie defines which application server (or node) in the cluster you are going to so it remains consistent unless otherwise routed/redirected from the load balancer. In short, it controls the persistence of nodes.Essential functional

We use third party cookies to help us improve or promote the National Electronic Tool. At the same time, we do not send the content of the viewed pages to these parties in any way. Similarly, it is not technically possible to identify a specific user of the National Electronic Tool system through any third-party cookies.

Application insights (cookie name: ai_user, ai_session) are used to collect statistical data about the use of the website. The cookie stores a unique identifier to recognize users on repeated visits (description of how Application insights works).

The NIPEZ Central ServiceDesk is used to display operational information and news content, FAQs, operating rules, manuals, the NEN chatbot, tutorial, registrations and the operational information subscription function.

Cookie settings

During your visits to our website, we use the following types of cookies. You can grant us consent to use all or only selected types. You can adjust your previously granted consents here.

Can we store some cookies?

What does is it mean? Cookies are small data files that are used, for example, to remember your settings and interests on our website, or to improve it. We need your consent to store various types of cookies. The website will function even without your consent, but with it, it will work slightly better.