TINQIN Privacy And Data Protection Policy

We take care of your personal data

What is this Policy about?

Our company – TINQIN AD, registered in the Commercial Register at the Registry Agency under UIC 203482415, having its seat and registered address at: Sofia 1000, 115G, Tsarigradsko shose str., building E, floor 5; tel.: +359 2 805 68 98; email: sofia@tinqin.com, is a personal data controller within the meaning of the Personal Data Protection Act and, as such, dedicated to implementing a solid IT security, e-mail and internet usage policy, so to achieve the following results:

  • full protection of any data being under our supervision, control and operational management, as well as prevention of any misuse thereof;
  • providing all customers and counterparties with transparent and comprehensive information about how their personal data are being processed by us.

The reason for incorporating within our internal rules, and presenting to your attention, this very Policy is that in today’s fast-moving, but inevitably technically fragile, business environment, it is of crucial importance to ensure that appropriate use is made of any IT resources, which lead to processing of certain personal data. Failure to do so would in fact expose also staff members, our own company, its affiliates and their property (including confidential data and information) to a number of risks, which may spoil our work environment, our assets and productivity, and most importantly – expose your basic personal rights and freedoms.

We are, therefore, committed to prevent the above from happening. For this reason, we have adopted this Policy, which is applicable also to all our foreign affiliates that might from time to time act as your data processor in our own name and under our instructions, or independently – as your data controller.

The protection of your personal data throughout the entire process of data processing, as well as the security of all business data is important to us and is a part of our established corporate policies. We process personal data, which is collected automatically, when you visit our website, but also personal data provided by you, when you enter into a contractual relationship with us – in strict privacy and in accordance with the national and European legislation.

Our Privacy Policy and confidentiality statement

This Policy aims to provide you in detail with comprehensive information, in clear and plain language, about the actions, performed by us with respect to your personal data, collected by TINQIN, including inter alia:

  • What personal data do we collect for you and what are personal data after all?
  • What is the purpose of collecting those personal data?
  • What retention periods do we envisage for the collected personal data?
  • With whom do we share your personal data?
  • How would we inform you about any changes introduced to our Privacy Policy?
  • What types of “cookies” do we use?
  • What are your rights regarding the personal data collected by us?

With this Privacy Policy TINQIN warrants that it applies all technical and organizational measures for the due protection of any personal data of individuals under its disposal, as statutory foreseen within the applicable national or European legislative framework on data protection, as well as the established good practices.

What is personal data?

All information and data that might directly or in the aggregate, or as a combination, identify an individual.

For instance the number of your mobile phone might serve as an indirect identifier. A unique number of yours, such as your Personal Identification Number, the personal number of a foreigner, the client’s code would, on the contrary, be a direct identifier.

What personal data does TINQIN collect for you?

In order to run our business and provide effective access to our products and services, TINQIN needs to know at least a little about you.

Hereunder we outline what information exactly TINQIN collects for you, how the said information is collected and what might and actually happens to it upon its collection:

A) Content we collect through our website:

We do not collect any contact data or personally identifiable information via our website; we further do not use any tracking or preference cookies, nor any similar tracking technologies to track the activity on our website, however, we use session cookies, so to operate our services, and security cookies for security purposes as the necessary minimum.

B) Information that we collect when entering into contracts with you:

When addressing you with offers for our products and services at your request, as well as, when entering into contractual relationships with you or the organization that you are representing, we would need to collect certain specific information, such as name, family name, e-mail, organisation, city/country, address, etc.;

On what grounds and for what purposes does TINQIN process your personal data?

TINQIN collects and operates with your personal data, mainly in order to fulfil its contractual obligations under contracts concluded with you or your organization for the provision of products and services and to be able to accomplish to the fullest extent what you have assigned us to do for you.

Where required by law or where we believe it is necessary, so to protect our legal rights, legitimate interests and the interests of third parties, we might retain and use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.

Of course, we also use your information, so to resolve technical issues that you encounter, to respond to your requests for assistance, to analyse crash information, and to repair and improve our services, provided by us to you.

TINQIN collects personal data upon receipt of explicit, clear, free and unambiguous consent, where such is needed, i.e. when the processing would not rely on any of the grounds pointed hereinabove. For instance for marketing purposes or receipt of advertisement or info newsletters issued by us.

Please, keep in mind that the consent you provide us with may be withdrawn at any time. For the withdrawal you could visit one of our offices and make it on site, or you could simply send us a written request to the following e-mail address: sofia@tinqin.com.

What are the purposes, which we collect your personal data for?

All personal data obtained from you or concerning you shall be used, so to enable us to fulfil your requirements towards TINQIN, when it comes, including, but not limited, to:

  • Providing you with the services and products that we offer and you express interest in and/or commission;
  • Ensuring full access to our webpage;
  • Responding to any queries, opinions and recommendations you might address us with;
  • Sending you information related to special campaigns or new products or services.

How long do we keep and process your personal data before we destroy them?

Depending on the ground for processing your personal data, the retention period might differ.

We will retain and use your personal data to the extent needed, so to deliver our services, as required by you; to comply with our legal obligations (for example, if we are obliged or required on a case-by-case basis to withhold your data for a bit longer than needed for our services, in order to comply with applicable laws); to resolve litigation or out-of-court disputes; and to enforce our legal agreements and policies.

The exact criteria used to determine our retention periods in terms of timeframes include the length of time, for which we have an ongoing relationship with you and provide our services to you, respectively our legal obligations or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Your personal data are kept with us for a period of 10 years upon termination of an existing contract, if the processing was initially based on fulfilment of contractual obligations towards you.

After expiration of the retention period, we will either obliterate or anonymise your personal information, as well as any hard or soft copies made thereof or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further usage until permanent deletion is possible.

While being in hold of information that may contain personal data, we undertake significant, but nevertheless commercially acceptable to us measures to protect it. We seek to use reasonable organisational, technical, and administrative measures to protect your personal information within our organisation from its loss, misuse, unauthorised access to or disclosure, its unlawful alteration and/or destruction.

To whom may we transfer your personal data?

TINQIN obligates itself not to provide your personal data to third parties without your explicit consent, unless, when and to the extent necessary for fulfilment of any undertaken contractual obligations towards you.

In this connection we may share your information with the following third parties for the following purposes:

  • Companies within the TINQIN structure, situated on the territory of France and Tunisia (our related and affiliated companies): we may share your information with our affiliates, which are entities under common ownership or control of TINQIN AD, to provide our services in different countries and for the exact same purposes described in this Privacy Policy.
  • Our suppliers, subcontractors and business partners (“service providers”): we may share information about you with our service providers, who/which process information to provide services to us or on our behalf, for instance the company rendering hosting services related with this website.

Such third parties would then have access to your personal data, however, only to perform the tasks assigned to be performed by them on our behalf and are contractually obligated not to disclose or use the personal data for any other purpose whatsoever.

TINQIN is a global organisation with offices around the world (as pointed hereinabove), so your information may be transferred across borders, when you use our services, and may be maintained on computers located outside of your state or other governmental jurisdiction, where the data protection laws may be different than those from your jurisdiction. We have put in place measures to comply with laws, regulating cross-border transfers. In this respect we have also engaged into binding corporate rules pursuant to Regulation (EU) 2016/679 (GDPR) with our affiliates that may at certain point be in reach of personal data identifying you.

With our suppliers we do enter into separate data processing agreements, thus, guaranteeing for any third parties we connect with and assign to process some information, containing also personal data, to comply with the highest up-to-date technical and organizational measures regarding your data protection.

Are there any other cases, in which we may share and disclose your personal data?

We may use and disclose your personal information as appropriate, in the good faith belief that such action is necessary, especially when we have a legal obligation or legitimate interest to do so, in order to pursue one of the following:

  • Fraud prevention: we may use and disclose the information we collect from and about our customers as we believe necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or wrongdoing, or to protect the personal safety, privacy, rights, or property of TINQIN, our customers, or others.
  • Law enforcement purposes: if validly requested or required by any public authorities, such as law enforcement authorities, courts, government regulators, state agencies, etc., so to comply with the law and the mandatory orders and other legal obligations (which may include laws outside your country of residence).
  • Protect ourselves against legal liability.
  • Sale or merger of our company: we have no plans to sell our business. In this unlikely event, we may use, disclose, or transfer your personal information to a third party, if we or any of our company affiliates are involved in a corporate restructuring (e.g., a sale, merger, or other transfer of assets, including in connection with any bankruptcy or similar proceedings).

Links to other websites and use of social media plug-ins Our websites contains links to other sites, such as for example Facebook and LinkedIn, which are not operated or hosted by us. If you click on a third party link, you will be directed to that third party's website. We strongly advise you to review the Privacy Policy of every such website you visit throughout our website.

We have no control over, and assume no responsibility for, the content, privacy policies or practices of any third party sites or services.

What are your rights regarding your own personal data?

In observance of the Bulgarian and European legislation, including Regulation (EU) 2016/679 (“General Data Projection Regulation” or “GDPR”) regarding the protection of personal data, you may exercise the following rights:

  • Right of access to personal data, which TINQIN processes for you and to receive a copy thereof;
  • Right to request from TINQIN rectification of your personal data, in case you identify some irregularities or outdated information about yourself;
  • Right to request restriction or limitation of the processing of your personal data, in the occasions, determined in the local law and in the GDPR;
  • Right to request erasure of your personal data by TINQIN, in the event certain conditions for such action are fulfilled;
  • Right, whenever you wish, to withdraw the consent rendered regarding the processing within the scope of the purposes, for which the consent was given, for instance for marketing purposes;
  • Right to request for portability of your personal data in a structured, machine-readable format, which is commonly used;
  • Right to file a complaint or application for protection of your rights before the Commission for Personal Data Protection.

You may exercise all of your rights at any time during the processing of your personal data.

Even if and when acting only in the capacity of a data processor and not a controller with respect to your personal data, you may address your requests to us, either by phone or via e-mail, using our contacts, specified at the beginning of this Privacy Policy, whereas we shall take any steps necessary and without undue delay, so to assess whether your specific request is technically and legally feasible and manageable for us, and to reply in a proper manner to your asking.

What does each of the above rights actually mean?

Right of access to personal data

This right provides you with the possibility to obtain, on a case-by-case basis, information regarding the data that identify the controller and its representative, the exact purposes of personal data processing, the recipients or categories of recipients, to whom the data has been disclosed, the obligatory or voluntary nature of providing the data and the consequences of the refusal for their provision, as well as information for the right of access and the right of rectification or even erasure of the collected data, the existence of eventual automated decision-making, incl. profiling, etc.

The data shall not be provided when the individuals they refer to already dispose with it or there is a specific legal ban for their provision in the respective case at hand.

Right of erasure, rectification, restriction and limitation of the processing

Those rights enable you to demand from us at any time, albeit subject to certain circumstances, to erase, correct or restrict, personal data, the processing of which does not respond to the requirements of the applicable Bulgarian or European Union legislation, as well as to request from us to further inform the third parties, whom/which the erased/ rectified/ updated personal data have been disclosed to, unless such actions would seem impossible or unfeasible, or related to excessive efforts and expenses for us.

Right to object

Right to object to the processing of personal data of the data subject against the processing and disclosing to third persons of your personal data for the purposes of direct marketing, as well as against automated decision-making and profiling. You have the right to be informed prior the first time disclosure of your personal data to third parties for direct marketing purposes, as well as the right to object to such disclosure or usage.

Right to data portability

When the processing of personal data is carried out by automated means, you have the right to receive the personal data referring to you, which you have provided to the controller, in a structured, commonly used and machine-readable format and have the right to request for its transmission to another controller.

This right should apply when the subject has provided personal data on the grounds of granted consent or on the basis of contractual relations. The right should not apply when the processing is based on any other legal ground. The right of the data subject to data portability does not create any obligation for the data controller to perceive or maintain technically compatible systems for the electronic processing.

Right to submit a complaint or an application with the supervisory authority

In the event that you deem your rights have been violated, you have the right to approach the local supervisory authority, being the Commission for Personal Data Protection for Bulgaria. Without prejudice to the said administrative approach, you also have the right to a judicial remedy against a controller or a processor, when you consider that your rights under the applicable privacy laws have been infringed.

Changes to the Privacy Policy

The most current Privacy Policy can be found on our web site. This policy may change over time and be updated from time to time as legislative progress does require so.

By looking through the Policy on our website, you will be provided with possibility to discontinue the use of some or all services and/or make use of you rights, part of them being explicitly pointed above.

In addition, we shall take all possible measures for informing you in the event of any substantial changes concerning the personal data protection by placing notices in the premises of our offices and on the web-portals of TINQIN.

This Privacy Policy is approved by TINQIN and is in force as of 25 May 2018.