WE TAKE CARE OF YOUR PERSONAL DATA
WHAT IS THIS POLICY ABOUT?
Our company – Tinqin AD, registered in the Bulgarian Commercial Register at the Registry Agency under UIC: 203482415, having its seat and registered address at the Republic of Bulgaria, Sofia (capital) Region, Sofia Municipality, city of Sofia, postal code 1784, Mladost District, 115D (In Bulgarian: 115Г) Tsarigradsko shose Blvd., building F (in Bulgarian: E), 5th floor; tel.: +359 2 805 68 98; email: firstname.lastname@example.org (hereinafter referred to as “TINQIN”, “we” or “us”), is a personal data controller within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”, and, as such, it is dedicated to implementing a solid IT security, e-mail and internet usage policy, so to achieve the following results:
If you are a job candidate, please note that the Policy on the Processing of Personal Data of Job Candidates is applicable.
The reason for incorporating within our internal rules, and presenting to your attention, this very Policy is that in today’s fast-moving, but inevitably technically fragile, business environment, it is of crucial importance to ensure that appropriate use is made of any IT resources, which lead to the processing of certain personal data. Failure to do so would in fact expose also staff members, our own company, its affiliates (which are entities under common ownership or control of TINQIN), and their property (including confidential data and information) to a number of risks, which may spoil our work environment, our assets and productivity, and most importantly – expose at risk your basic personal rights and freedoms. We are, therefore, committed to preventing this from happening. For this reason, we have adopted this Policy.
The protection of your personal data throughout the entire process of data processing, as well as the security of all business data, is important to us and is a part of our established corporate policies. We process personal data, which is collected automatically, when you visit our website, but also personal data provided otherwise, e.g. provided by you, when you enter into a contractual relationship with us – in strict privacy and in accordance with the national and European legislation.
This Policy aims to provide you in detail with information, in clear and plain language, about the actions, performed by us with respect to your personal data, processed by TINQIN, including inter alia:
WHAT IS PERSONAL DATA?
According to the GDPR, ‘personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
WHAT PERSONAL DATA DOES TINQIN COLLECT?
In order to run our business and provide effective access to our products and services, TINQIN needs to know at least a little about you.
Hereunder we outline what information TINQIN may collect for you:
A) Content we collect through our website:
Automatically collected information: You can get access to the website without filling in personal data. But even in this case, certain information is automatically processed, such as:
– log files: when you visit the website, our web server automatically stores the name of the domain or IP address of the requesting computer (usually a computer of your internet access provider), as well as the date, time, and duration of your visit, the visited subpages/URL addresses and information about the application(s) and terminal(s) you use to review our pages.
– Information processed in connection with the use of the Google Search Console tool. For more information please visit https://search.google.com/search-console/about and https://policies.google.com/?hl=en-GB&gl=el.
– Information processed in connection with the use of Google Analytics. For more information please visit https://analytics.google.com/analytics/web/provision/?hl=en#/provision and https://policies.google.com/?hl=en-GB&gl=el.
– Information processed in connection with the use of Facebook Pixel. For more information please visit https://www.facebook.com/business/help/742478679120153 and https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr/.
You can apply for a job with us through the “CAREERS” section of the website www.tinqin.com (this can also be made by sending an e-mail to email@example.com, or in another way specified by us). For information in relation to this processing of personal data please refer to Policy on the Processing of Personal Data of Job Candidates.
B) Information that we collect when entering into contracts:
When addressing you with offers for our products/services, as well as, when entering into contractual relationships with you or the organization that you are representing, we may need to collect certain specific information, such as name, family name, e-mail, organization, city/country, address, etc.
C) We also process other kinds of data, depending on the particular purpose of processing e.g. contact data and communication with you – when we process your data for marketing purposes or in other cases of communication with you even if this is not related to a contractual relationship, etc.
ON WHAT GROUNDS AND FOR WHAT PURPOSES DOES TINQIN PROCESS YOUR PERSONAL DATA?
We apply the following legal bases for processing your data:
– processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; (Article 6, paragraph 1, letter (b) of the GDPR);
– your consent to the processing of your personal data for one or more specific purposes (Article 6, paragraph 1, letter (a) of the GDPR);
– processing is necessary for compliance with a legal obligation to which the personal data controller is subject (Article 6, paragraph 1, letter (c) of the GDPR) – for example, our legal obligations under tax and accountancy legislation;
– processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child (Art. 6, paragraph 1, letter (f) of the GDPR) – if this legal basis is used, the description of the specific legitimate interests is the same as the description of the purposes of the data processing.
TINQIN collects and operates with your personal data, mainly in order to fulfill its contractual obligations under contracts concluded with you (in this case the basis for processing is “processing is necessary for the performance of a contract to which you are a party”) or your organization (in this case the basis for processing is “legitimate interest”) for the provision of products/services and to be able to accomplish to the fullest extent what you have assigned us to do for you.
If there is communication between us without the existence of contractual relation between TINQIN and you or your organization, we may process your data in order to reply to you and/or act on your request. In this case, the basis for processing is “in order to take steps at your request prior to entering into a contract” – if applicable, and in if not applicable – the basis for processing is ”legitimate interest”.
Where required by law or where we believe it is necessary, so to protect our legal rights, legitimate interests, and/or the interests of third parties, we might retain and use information about you in connection with legal claims, compliance, regulatory, and/or audit functions, and/or disclosures in connection with the acquisition, merger or sale of a business.
Of course, we also use your information, so to resolve technical issues that you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve services, provided by us.
TINQIN collects personal data upon receipt of clear, free, and unambiguous consent, where such is needed. For instance, for marketing purposes or receipt of advertisement or info newsletters issued by us, we may request from you to give your consent (in such cases you will be entirely free to decide whether or not to give your consent).
Please, keep in mind that the consent you provide us with may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For the withdrawal, you could visit one of our offices and make it on-site, or you could simply send us a request to the following e-mail address: firstname.lastname@example.org. In addition, with regard to marketing/advertising messages – you can follow the link/address for refusal to receive messages, placed in marketing/advertising messages that we send you.
Some personal data shall be used, so to enable us to fulfill your requirements towards TINQIN, when it comes, including, but not limited, to:
ARE YOU OBLIGED TO PROVIDE US WITH YOUR DATA AND WHAT ARE THE CONSEQUENCES IF YOU DO NOT DO IT?
In most cases, you are not obliged to provide us with your personal data. If otherwise, we will inform you in the particular case. There are cases in which the provision of some of your personal data is a statutory requirement and/or a contractual requirement and/or a requirement necessary to enter into a contract, as in such cases we will inform you of this. If you do not provide us with your personal data, we may not be able to enter into or perform a contract or fulfill any of our other purposes for processing your data.
HOW LONG DO WE KEEP AND PROCESS YOUR PERSONAL DATA?
Depending on the ground for processing your personal data, the retention period might differ.
We will retain and use your personal data to the extent needed, so as to deliver our services, as required by you; to comply with our legal obligations (for example, if we are obliged or required on a case-by-case basis to withhold your data for a bit longer than needed for our services, in order to comply with applicable laws); to resolve litigation or out-of-court disputes; to enforce our legal agreements and policies.
The exact criteria used to determine our retention periods in terms of timeframes include the length of time, for which we have an ongoing relationship with you and provide our services to you, respectively our legal obligations, or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Your personal data are kept with us for a period of 10 years upon termination of an existing contract if the personal data is processed in connection with such contract (concluded with you or with a person/organization related to you). In the cases where the law provides periods for keeping documents/information (e.g. under tax/accountancy legislation), we will comply with those periods. When we use your information, so to resolve technical issues that you encounter, to analyze crash information, and to repair/improve our services, we will keep your data maximum up to 12 months depending on the requirements for keeping the respective technical/audit/crash logs of the site and the webserver. In all other cases (not listed above) we will keep your personal data for a period of 6 years.
The above periods apply unless we are obliged to stop keeping the data before the expiry of those periods (e.g. if we shall comply with your objection to data processing or withdrawal of consent or request for the erasure of data, etc.) or unless we inform you that we will keep your data for another period.
After the expiration of the retention period, we will either obliterate or anonymize your personal information, as well as any hard or soft copies, made thereof.
While being in the hold of information that may contain personal data, we undertake significantly, but nevertheless commercially acceptable to us measures to protect it. We seek to use reasonable organizational, technical, and administrative measures to protect your personal information within our organization from its loss, misuse, unauthorized access to or disclosure, unlawful alteration, and/or destruction.
TO WHOM MAY WE TRANSFER YOUR PERSONAL DATA? DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EEA OR TO INTERNATIONAL ORGANISATIONS?
We may share your information with the following third parties for the following purposes:
Such third parties would then have access to your personal data, however, only to perform the tasks assigned to be performed by them and are contractually obligated not to disclose or use the personal data for any other purpose whatsoever.
With our contractors to which we entrust to process some information, containing also personal data, we do enter into data processing agreements, thus, guaranteeing that those contractors comply with appropriate technical and organizational measures regarding your data protection.
We do not intend to transfer your data to international organizations.
In addition, we may use and disclose your personal information as appropriate, in the good faith belief that such action is necessary, e.g. when we have a legal obligation or legitimate interest to do so, in order to pursue one of the following:
Links to other websites and use of social media plug-ins:
We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.
WHAT ARE YOUR RIGHTS RELATED TO YOUR PERSONAL DATA?
According to the legislation, you have certain rights, including (but not limited to) the right to:
Also, you have the right to object in the following cases:
– You have the right at any time to object to the processing of personal data concerning you when we process them for the purposes of direct marketing, including in cases of profiling related to direct marketing. When you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
– Where personal data are processed for scientific or historical research purposes or statistical purposes, you, on grounds relating to your particular situation, shall have the right to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
– the accuracy of the personal data is contested by you, as the restriction of processing shall be applied for a period enabling us to verify the accuracy of the personal data;
– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
– we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
– you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate grounds override yours.
You can also see more about the above-mentioned rights on the website of the Commission for Personal Data Protection: https://www.cpdp.bg/?p=element&aid=1045.
RIGHT TO SUBMIT A COMPLAINT WITH THE SUPERVISORY AUTHORITY
If you are not satisfied with any aspects of how we collect and use your data, you have the right to lodge a complaint with the respective competent supervisory authority. The Commission for Personal Data Protection is the supervisory authority for the Republic of Bulgaria, determined with the Personal Data Protection Act. Its contact details are the following: address – city of Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., GPS coordinates – N 42.668839 E 23.377495, tel. +3592/91-53-555, e-mail – email@example.com, website – www.cpdp.bg.
We would be grateful if you contact us first, in case of dissatisfaction, so that we try to help you.