ECEPP Privacy Policy

Who we are

ECEPP is the EBRD E-Procurement Portal (ECEPP or ‘System’), a system of the European Bank for Reconstruction and Development (EBRD). EBRD is an international financial organisation ( BiP Solutions Ltd (BiP) are the service provider to EBRD of the ECEPP system (

EBRD is the data controller. Please read the EBRD Privacy Notice, ( which provides information on how personal data is processed by EBRD, your rights and obligations and contact details of the EBRD Data Controllers.

What information is collected

When you register for ECEPP, information is stored about you such as the following:

Information you provide to us on registering: Your name and organisation, email address, address and/or postal code, and telephone number and key data about the organisation you are registering.

Information we collect automatically: Information is collected about you and your use of our service, your interactions with us, as well as information regarding your computer or other device used to access our service (such as mobile devices, operating system, browser). This information includes:

  • Your activity on the System;
  • Details of your interactions with ECEPP Helpdesk such as date, time and reason for contacting us, transcripts of chat conversations and, if you call us, your phone number and call recordings;
  • Device IDs or other unique identifiers, device and software characteristics (such as type and configuration), connection information, statistics on page views, referral URLs, IP address (which may tell us your general location), browser and standard web server log information;
  • Information collected via the use of cookies and other technologies, including ad data (such as information on the availability and delivery of ads, the site URL, as well as the date and time). See our Cookies section for more details.

Why information is collected

Information is used to provide, facilitate, analyse, administer, enhance and personalize service delivery and support delivery efforts. For example, information is used to:

  • Process your registration;
  • Provide secure access to services, manage your account and support quality monitoring;
  • Prevent, detect and investigate potentially prohibited or illegal activities, including fraud, and enforcing the terms and conditions of service;
  • Analyse and understand users, improve the service (including user interface experiences) and optimize content selection, search and relevance algorithms, and delivery;
  • Communicate with you concerning the service and customer surveys;
  • Assist you with operational requests such as password reset requests and other matters relating to your use of the service.

How and where information is processed

The personal data that is collected from you and process in relation to the service is processed by BiP staff in the UK. For the purposes of IT hosting and maintenance, this information is located on servers within the European Union.

We do not undertake any automated decision making on the basis of your personal information and third parties do not have access to your personal data except as stated below.

How is information protected

We take the security of your information very seriously. To oversee the effective and secure processing of your personal information and to safeguard against its loss, theft, and unauthorized access, use and modification, BiP operate comprehensive data protection and information security policies and procedures, which are certified to the international standards ISO 9001 and ISO 27001, and use reasonable administrative, logical and managerial measures.

BiP use multiple layers of firewalls, specialist devices to detect and prevent intrusion attempts, and encryption systems to ensure data is scrambled while being transmitted from system to system. BiP employ strong physical security policies to prevent physical access to their data centres. BiP perform regular system patching and use independent security specialists to perform penetration tests to reveal vulnerabilities in their systems and to enable them to be fixed proactively.

Unfortunately, however, no measures can be guaranteed to provide 100% security. Accordingly, we cannot guarantee the security of your information.

Who it may be shared with

We disclose your information for certain purposes and to third parties, as described below:

EBRD and EBRD Clients: Data may be used when you apply or respond to any opportunities using ECEPP as part of the response process or viewed in respect of your responses by the EBRD client responsible for that opportunity or EBRD staff in the provision of services, reports or investigations.

Service Providers: We use other service providers (i.e. companies, agents or contractors) to perform services on our behalf or to assist us with the provision of services to you. For example, we engage service providers to provide infrastructure and IT services and to process and administer consumer surveys. In the course of providing such services, these service providers may have access to System information. We do not authorise them to use or disclose your personal information except in connection with providing their services to us.

Protection of BiP and others: BiP and its Service Providers may disclose and otherwise use your personal and other information, subject to notification to EBRD, where they reasonably believe such disclosure is needed to:

  • Satisfy any applicable law, regulation, legal process, or governmental request;
  • Enforce applicable terms of use, including investigation of potential violations thereof;
  • Detect, prevent, or otherwise address illegal or suspected illegal activities (including payment fraud), security or technical issues;
  • Protect against harm to the rights, property or safety of BiP, EBRD or the public, as required or permitted by law.

Business transfers: In connection with any reorganization, restructuring, merger or sale, or other transfer of assets, we will transfer information, including personal information, and will ensure that the receiving party agrees to respect your personal information in a manner that is consistent with this privacy policy.

How long is information held

EBRD is required to keep project and system data data for a minimum of 6 years plus the current year after which time it will be deleted unless required by the EBRD for archiving purposes.

Your rights

You can access your registration information in ECEPP at any time to correct or update inaccurate or out-of-date personal information held in System. You can do this by visiting your account settings pages where you can access and update a range of information about your account. You must be signed in to access this feature. Alternatively, where this feature is not available, you can contact

You may also request via that BiP delete personal information held in ECEPP, except where this is required in connection with a response that you have submitted in ECEPP. If you delete your registration data you will no longer be able to access the System or your previous responses to any opportunity.

To make requests, or if you have any other question regarding our privacy practices or wish to raise a complaint about how your data is handled, please contact us at

Other websites

Our websites may contain links to websites belonging to other organisations. This privacy policy only applies to ECEPP only, so when you link to other websites you should read their privacy policies and terms and conditions. We cannot accept responsibility for your use of these websites.


What are cookies?

Cookies are small data files containing alphanumeric identifiers commonly transferred to and stored on your device when you browse and use websites and online services. They are widely used to make websites work, or work more efficiently, as well as to provide reporting information and assist with service or advertising personalization.

Why does BiP use cookies?

We use cookies for various reasons. For example, we use cookies to enable our systems to recognise your browser and to provide personalised information. We also use cookies to make it easy to access our services by remembering you when you return, to provide and analyse our services, to learn more about our users and how they use the service, and to deliver and tailor marketing or advertising. We want you to be informed about our use of these technologies, so this notice explains the types of technologies we use, what they do and your choices regarding their use.

What cookies do we use?

We may use the following types of cookies:

Essential cookies: These cookies are strictly necessary to provide our website or online service. For example, we or our Service Providers may use these cookies to authenticate and identify our members when they use our websites and applications so we can provide our service to them. They also help us to enforce our Terms of Use, prevent fraud and maintain the security of our service.

Our website sets a cookie that stores a unique identifier for your session:
Name: <service>_signon or JSESSIONID
Typical content: randomly generated alpha-numeric value
Expires: After 4 hours of user inactivity or upon closing the browser

Our website sets a cookie that stores your username if you set remember me to true to keep you signed in to your computer:
Name: username
Typical content: username of user who has signed on
Expires: 1 month after sign in

Our website sets a cookie that stores an encrtyped security string if you set remember me to true to keep you signed in to your computer securely:
Typical content: encrypted security ID string
Expires: Immediately

Cookies for improving services: These cookies are not essential, but help us to personalize and enhance your user experience. For example, they help us to remember your preferences and prevent you from needing to re-enter information you previously provided (for example, during member sign up). We also use these cookies to collect information (such as popular pages, site usage patterns, click-through and other information) about our visitors’ use of the service so that we can enhance and personalize the service. Deletion of these types of cookies may result in limited functionality of our service.

Our website uses Google Analytics cookies to help us accurately trend user activity and page requests. This ensures that the service offers the most user-friendly journey through the application:

Name: __utma
Typical content: alpha-numeric value
Expires: when user exits the browser

Name: __utmb
Typical content: alpha-numeric value
Expires: when user exits the browser

Name: __utmc
Typical content: alpha-numeric value
Expires: when user exits the browser

Name: __utmd
Typical content: alpha-numeric value
Expires: when user exits the browser

How can I exercise choice regarding cookies and other types of online tracking?

The help menu on most browsers will tell you how to prevent your browser from accepting new cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons. However, because cookies allow you to take advantage of our website features, we recommend that you leave them turned on. If you do leave cookies turned on, be sure to sign off any logged-in service when you finish using a shared computer.

Does BiP use other technologies?

We sometimes use other technologies similar to cookies, such as browser storage and plugins (e.g. HTML5 and WebSQL). Like cookies, some of these technologies may store small amounts of data on your device. We may use these and various other technologies for similar purposes as cookies, such as to enforce our terms, prevent fraud, and analyse the use of our service. There are a number of ways to exercise choice regarding these technologies. For example, many popular browsers provide the ability to clear browser storage, commonly in the settings or preferences area – see your browser’s help function or support area to learn more.

Changes to this privacy policy

We will update this privacy policy from time to time in response to changing legal, regulatory or operational requirements. Your continued use of the service after any such updates take effect will constitute acceptance of those changes. If there is a material change that could have a detrimental effect on you, we will notify you by placing a prominent announcement on our web pages. If you do not wish to accept updates to this privacy policy, you may cancel your use of the service in accordance with our terms and conditions and of course exercise your rights under privacy law as noted above.

This privacy policy was last updated on: 3rd November 2021 version 3.0