Our company – TINQIN AD, registered in the Commercial Register at the Registry Agency under UIC 203482415, having its seat and registered address at: Sofia 1000, 115G, Tsarigradsko shose str., building E, floor 5; tel.: +359 2 805 68 98; email: email@example.com, is a personal data controller within the meaning of the Personal Data Protection Act and, as such, dedicated to implementing a solid IT security, e-mail and internet usage policy, so to achieve the following results:
The reason for incorporating within our internal rules, and presenting to your attention, this very Policy is that in today’s fast-moving, but inevitably technically fragile, business environment, it is of crucial importance to ensure that appropriate use is made of any IT resources, which lead to processing of certain personal data. Failure to do so would in fact expose also staff members, our own company, its affiliates and their property (including confidential data and information) to a number of risks, which may spoil our work environment, our assets and productivity, and most importantly – expose your basic personal rights and freedoms.
We are, therefore, committed to prevent the above from happening. For this reason, we have adopted this Policy, which is applicable also to all our foreign affiliates that might from time to time act as your data processor in our own name and under our instructions, or independently – as your data controller.
The protection of your personal data throughout the entire process of data processing, as well as the security of all business data is important to us and is a part of our established corporate policies. We process personal data, which is collected automatically, when you visit our website, but also personal data provided by you, when you enter into a contractual relationship with us – in strict privacy and in accordance with the national and European legislation.
This Policy aims to provide you in detail with comprehensive information, in clear and plain language, about the actions, performed by us with respect to your personal data, collected by TINQIN, including inter alia:
All information and data that might directly or in the aggregate, or as a combination, identify an individual.
For instance the number of your mobile phone might serve as an indirect identifier. A unique number of yours, such as your Personal Identification Number, the personal number of a foreigner, the client’s code would, on the contrary, be a direct identifier.
In order to run our business and provide effective access to our products and services, TINQIN needs to know at least a little about you.
Hereunder we outline what information exactly TINQIN collects for you, how the said information is collected and what might and actually happens to it upon its collection:
A) Content we collect through our website:
We do not collect any contact data or personally identifiable information via our website; we further do not use any tracking or preference cookies, nor any similar tracking technologies to track the activity on our website, however, we use session cookies, so to operate our services, and security cookies for security purposes as the necessary minimum.
B) Information that we collect when entering into contracts with you:
When addressing you with offers for our products and services at your request, as well as, when entering into contractual relationships with you or the organization that you are representing, we would need to collect certain specific information, such as name, family name, e-mail, organisation, city/country, address, etc.;
TINQIN collects and operates with your personal data, mainly in order to fulfil its contractual obligations under contracts concluded with you or your organization for the provision of products and services and to be able to accomplish to the fullest extent what you have assigned us to do for you.
Where required by law or where we believe it is necessary, so to protect our legal rights, legitimate interests and the interests of third parties, we might retain and use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
Of course, we also use your information, so to resolve technical issues that you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve our services, provided by us to you.
TINQIN collects personal data upon receipt of explicit, clear, free and unambiguous consent, where such is needed, i.e. when the processing would not rely on any of the grounds pointed hereinabove. For instance for marketing purposes or receipt of advertisement or info newsletters issued by us.
Please, keep in mind that the consent you provide us with may be withdrawn at any time. For the withdrawal you could visit one of our offices and make it on site, or you could simply send us a written request to the following e-mail address: firstname.lastname@example.org.
All personal data obtained from you or concerning you shall be used, so to enable us to fulfil your requirements towards TINQIN, when it comes, including, but not limited, to:
Depending on the ground for processing your personal data, the retention period might differ.
We will retain and use your personal data to the extent needed, so to deliver our services, as required by you; to comply with our legal obligations (for example, if we are obliged or required on a case-by-case basis to withhold your data for a bit longer than needed for our services, in order to comply with applicable laws); to resolve litigation or out-of-court disputes; and to enforce our legal agreements and policies.
The exact criteria used to determine our retention periods in terms of timeframes include the length of time, for which we have an ongoing relationship with you and provide our services to you, respectively our legal obligations or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your personal data are kept with us for a period of 10 years upon termination of an existing contract, if the processing was initially based on fulfilment of contractual obligations towards you.
After expiration of the retention period, we will either obliterate or anonymise your personal information, as well as any hard or soft copies made thereof or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further usage until permanent deletion is possible.
While being in hold of information that may contain personal data, we undertake significant, but nevertheless commercially acceptable to us measures to protect it. We seek to use reasonable organisational, technical, and administrative measures to protect your personal information within our organisation from its loss, misuse, unauthorised access to or disclosure, its unlawful alteration and/or destruction.
TINQIN obligates itself not to provide your personal data to third parties without your explicit consent, unless, when and to the extent necessary for fulfilment of any undertaken contractual obligations towards you.
In this connection we may share your information with the following third parties for the following purposes:
Such third parties would then have access to your personal data, however, only to perform the tasks assigned to be performed by them on our behalf and are contractually obligated not to disclose or use the personal data for any other purpose whatsoever.
TINQIN is a global organisation with offices around the world (as pointed hereinabove), so your information may be transferred across borders, when you use our services, and may be maintained on computers located outside of your state or other governmental jurisdiction, where the data protection laws may be different than those from your jurisdiction. We have put in place measures to comply with laws, regulating cross-border transfers. In this respect we have also engaged into binding corporate rules pursuant to Regulation (EU) 2016/679 (GDPR) with our affiliates that may at certain point be in reach of personal data identifying you.
With our suppliers we do enter into separate data processing agreements, thus, guaranteeing for any third parties we connect with and assign to process some information, containing also personal data, to comply with the highest up-to-date technical and organizational measures regarding your data protection.
We may use and disclose your personal information as appropriate, in the good faith belief that such action is necessary, especially when we have a legal obligation or legitimate interest to do so, in order to pursue one of the following:
We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.
In observance of the Bulgarian and European legislation, including Regulation (EU) 2016/679 (“General Data Projection Regulation” or “GDPR”) regarding the protection of personal data, you may exercise the following rights:
You may exercise all of your rights at any time during the processing of your personal data.
This right provides you with the possibility to obtain, on a case-by-case basis, information regarding the data that identify the controller and its representative, the exact purposes of personal data processing, the recipients or categories of recipients, to whom the data has been disclosed, the obligatory or voluntary nature of providing the data and the consequences of the refusal for their provision, as well as information for the right of access and the right of rectification or even erasure of the collected data, the existence of eventual automated decision-making, incl. profiling, etc.
The data shall not be provided when the individuals they refer to already dispose with it or there is a specific legal ban for their provision in the respective case at hand.
Those rights enable you to demand from us at any time, albeit subject to certain circumstances, to erase, correct or restrict, personal data, the processing of which does not respond to the requirements of the applicable Bulgarian or European Union legislation, as well as to request from us to further inform the third parties, whom/which the erased/ rectified/ updated personal data have been disclosed to, unless such actions would seem impossible or unfeasible, or related to excessive efforts and expenses for us.
Right to object to the processing of personal data of the data subject against the processing and disclosing to third persons of your personal data for the purposes of direct marketing, as well as against automated decision-making and profiling. You have the right to be informed prior the first time disclosure of your personal data to third parties for direct marketing purposes, as well as the right to object to such disclosure or usage.
When the processing of personal data is carried out by automated means, you have the right to receive the personal data referring to you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to request for its transmission to another controller.
This right should apply when the subject has provided personal data on the grounds of granted consent or on the basis of contractual relations. The right should not apply when the processing is based on any other legal ground. The right of the data subject to data portability does not create any obligation for the data controller to perceive or maintain technically compatible systems for the electronic processing.
In the event that you deem your rights have been violated, you have the right to approach the local supervisory authority, being the Commission for Personal Data Protection for Bulgaria. Without prejudice to the said administrative approach, you also have the right to a judicial remedy against a controller or a processor, when you consider that your rights under the applicable privacy laws have been infringed.
By looking through the Policy on our website, you will be provided with possibility to discontinue the use of some or all services and/or make use of you rights, part of them being explicitly pointed above.
In addition, we shall take all possible measures for informing you in the event of any substantial changes concerning the personal data protection by placing notices in the premises of our offices and on the web-portals of TINQIN.