Privacy Policy
tendre Privacy Policy
Last updated: 8 June 2026 (v1.6)
1. Introduction
tendre ("we", "us", "our") is committed to protecting your privacy and handling your personal data responsibly.
This Privacy Policy explains how we collect, use, store, and share personal data when you use www.tendre.com (the "Platform"), and sets out your rights under applicable data protection law, including UK GDPR and EU GDPR.
By using the Platform, you agree to the collection and use of your personal data as described in this policy.
2. Who We Are
tendre operates as a digital marketplace connecting occupiers, property owners, and suppliers within the commercial real estate, workplace, and office procurement sector.
For the purposes of data protection law, tendre acts as a Data Controller in respect of personal data collected through the Platform, and as a Data Processor where we process personal data on behalf of our users in accordance with our Data Processing Agreement.
Contact for data protection matters:
Email: legal@tendre.com
Website: www.tendre.com
3. Personal Data We Collect
3.1 Information You Provide to Us
When you register and use the Platform, we collect:
- Name, job title, and department
- Business email address and phone number
- Company name, type, and location
- Profile information, credentials, and case studies (for suppliers)
- Project information (for occupiers)
- Payment information (processed securely via our payment provider; we do not store card details)
- Message content and communication records, retained solely to operate the Platform's messaging service
- Staff postcodes and location data submitted via the Staff & Commute Analysis tool
- Files, documents, and data you upload to the Platform
- Video meeting session data (where you use the Meeting Request feature)
3.2 Information Collected Automatically
When you use the Platform, we automatically collect:
- IP address and device information
- Browser type and operating system
- Pages visited, features used, and time spent on the Platform
- Referral sources and search terms
- Session data and cookies (see our Cookie Policy)
3.3 Information from Third Parties
We may receive information about you from:
- Your organisation (where your account is set up by an account administrator)
- Third-party analytics and marketing partners
- Publicly available sources (for example, company registration data)
4. How We Use Your Personal Data
We use your personal data for the following purposes:
4.1 Providing and Operating the Platform
- Creating and managing your account
- Enabling supplier discovery, matching, and communication
- Managing projects and procurement workflows
- Processing subscription payments and managing access
- Providing AI-powered features, benchmarking, and analytics tools
- Operating the Staff & Commute Analysis tool
- Hosting video meetings via the Meeting Request feature (processed via Daily.co)
Lawful basis: Contract (processing necessary to perform our agreement with you); Legitimate interests
4.2 Improving the Platform
- Analysing usage patterns to improve features and performance
- Conducting internal research and product development
- Generating anonymised, aggregated insights and benchmarking data
Lawful basis: Legitimate interests
4.3 Communications
- Sending account-related notifications and updates
- Responding to enquiries and support requests
- Sending marketing communications (where you have opted in or we have a legitimate interest)
Lawful basis: Consent (for marketing); Contract and Legitimate interests (for service communications)
4.4 Safety, Security, and Compliance
- Detecting and preventing fraud, abuse, and misuse of the Platform
- Enforcing our Terms of Use and policies
- Complying with legal obligations
Lawful basis: Legal obligation; Legitimate interests
4.5 AI-Powered Features
Where you use AI-powered features on the Platform (including AI brief generation), content you submit may be processed by our AI service provider OpenAI. This processing is governed by OpenAI's data processing agreement. Content submitted to AI features should not include sensitive personal data beyond what is necessary for the stated purpose.
Lawful basis: Legitimate interests (providing AI-enhanced platform features you have chosen to use)
5. Staff and Commute Data
Where you submit staff postcode data via the Staff & Commute Analysis tool, you confirm that:
- You have a lawful basis for processing this data under applicable data protection law
- You have provided appropriate notices to the relevant individuals (your employees or staff)
- The data is used solely for the purpose of generating commute analysis results
We process postcode-level location data to generate routing and commute estimates. This data is not used for any other purpose and is not shared with third parties, except where necessary to generate routing results via mapping service providers.
Detailed results are accessible only to you and, where applicable, to tendre administrators for platform support purposes.
6. Sharing Your Personal Data
We do not sell your personal data. We may share it with:
6.1 Other Platform Users
Supplier Profiles: Supplier profile information — including company name, contact details, service descriptions, case studies, and other published content — is visible to Occupiers, Owners, and other Platform users as part of its core marketplace functionality.
Occupier Accounts: Occupier visibility is user-controlled. Occupier account information is used to facilitate Platform services (including project creation, supplier matching, and communications) and is not publicly displayed by default. Occupiers control how much information is visible to suppliers and may keep their identity, company name, and project details entirely confidential until they choose to disclose them.
Where an Occupier participates in ORION, their member profile is visible to other verified ORION members only, subject to the content they choose to share on their profile.
6.2 Service Providers and Sub-processors
We use third-party service providers to support the operation of the Platform, including:
- Cloud hosting and infrastructure providers
- Analytics and performance monitoring tools
- Email and communication services
- Payment processing providers
- Google LLC (Google Maps Platform) — routing and commute estimates via the Staff & Commute Analysis tool
- Artificial intelligence services (OpenAI for AI-assisted brief generation)
- Daily.co — video meeting infrastructure for the Meeting Request feature
- Payment processing (Stripe, Inc.) for subscription and payment management
All service providers are bound by data processing agreements and are required to handle your data in accordance with applicable law.
6.3 Legal and Regulatory Requirements
We may disclose your personal data where required by law, regulation, or court order, or where necessary to protect the rights and safety of tendre, its users, or the public.
6.4 Business Transfers
In the event of a merger, acquisition, or sale of all or part of tendre's business, your personal data may be transferred to the relevant third party, subject to appropriate protections.
7. International Data Transfers
tendre may transfer personal data outside the UK or EEA. Where this occurs, we ensure that appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the relevant regulatory authority
- Transfers only to countries deemed to provide adequate protection under UK or EU law
- Other lawful transfer mechanisms as required
You can request further information about international transfer safeguards by contacting us at legal@tendre.com.
8. Data Retention
We retain your personal data for as long as necessary to provide the Platform and fulfil the purposes described in this policy, and in accordance with applicable legal requirements.
In general:
- Account data is retained for the duration of your active account and deleted within 30 days of account closure upon verified request
- Usage and analytics data is retained in anonymised or aggregated form for up to 24 months
- Postcode and commute analysis data is retained only as long as needed to provide results and support your account
- Payment and transaction records are retained for 7 years in accordance with HMRC financial record-keeping requirements
You may request deletion of your personal data at any time (see Section 10).
9. Cookies
We use cookies and similar technologies on the Platform. For full details, please see our Cookie Policy.
10. Your Rights
Under UK GDPR and EU GDPR, you have the following rights in respect of your personal data:
- Right of access: to request a copy of the personal data we hold about you
- Right to rectification: to request correction of inaccurate or incomplete data
- Right to erasure: to request deletion of your personal data, subject to applicable legal obligations
- Right to restriction: to request that we restrict processing in certain circumstances
- Right to data portability: to receive your data in a structured, machine-readable format
- Right to object: to object to processing based on legitimate interests or for direct marketing purposes
- Rights in relation to automated decision-making: to not be subject to solely automated decisions that significantly affect you
To exercise any of these rights, please contact us at:
Email: legal@tendre.com
We will respond to all requests within one calendar month. We may need to verify your identity before processing your request.
If you are dissatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk (UK) or your local supervisory authority (EU).
11. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or alteration, including:
- Encryption of data in transit (TLS)
- Encryption of sensitive data at rest where appropriate
- Role-based access controls
- Regular security monitoring and review
- Secure cloud infrastructure
No system is completely secure. If you become aware of any security vulnerability or incident, please contact us immediately at legal@tendre.com.
12. Children
The Platform is intended for use by businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe a minor has submitted data to us, please contact us and we will take appropriate steps to delete it.
13. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this document indicates when it was last revised. Where changes are material, we will notify you via the Platform or by email.
Continued use of the Platform following any update constitutes your acceptance of the revised policy.
14. Contact
For any privacy-related questions, requests, or concerns:
Email: legal@tendre.com
Website: www.tendre.com