Privacy Policy

WE TAKE CARE OF YOUR PERSONAL DATA

WHAT IS THIS POLICY ABOUT?

Our company – Tinqin AD, registered in the Bulgarian Commercial Register at the Registry Agency under UIC: 203482415, having its seat and registered address at the Republic of Bulgaria, Sofia (capital) Region, Sofia Municipality, city of Sofia, postal code 1784, Mladost District, 115D (In Bulgarian: 115Г) Tsarigradsko shose Blvd., building F (in Bulgarian: E), 5th floor; tel.: +359 2 805 68 98; email: sofia@tinqin.com (hereinafter referred to as “TINQIN”, “we” or “us”), is a personal data controller within the meaning of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”, and, as such, it is dedicated to implementing a solid IT security, e-mail and internet usage policy, so to achieve the following results:

  • full protection of any data being under our supervision, control and operational management, as well as prevention of any misuse thereof;
  • providing all customers, counterparties, their employees, representatives and other natural persons related to them, persons using our website – www.tinqin.com and persons with which we communicate in other cases, with transparent and comprehensive information about how their personal data are being processed by us.

If you are a job candidate, please note that the Policy on the Processing of Personal Data of Job Candidates is applicable.

The reason for incorporating within our internal rules, and presenting to your attention, this very Policy is that in today’s fast-moving, but inevitably technically fragile, business environment, it is of crucial importance to ensure that appropriate use is made of any IT resources, which lead to the processing of certain personal data. Failure to do so would in fact expose also staff members, our own company, its affiliates (which are entities under common ownership or control of TINQIN), and their property (including confidential data and information) to a number of risks, which may spoil our work environment, our assets and productivity, and most importantly – expose at risk your basic personal rights and freedoms. We are, therefore, committed to preventing this from happening. For this reason, we have adopted this Policy.

The protection of your personal data throughout the entire process of data processing, as well as the security of all business data, is important to us and is a part of our established corporate policies. We process personal data, which is collected automatically, when you visit our website, but also personal data provided otherwise, e.g. provided by you, when you enter into a contractual relationship with us – in strict privacy and in accordance with the national and European legislation.

OUR PRIVACY POLICY AND CONFIDENTIALITY STATEMENT

This Policy aims to provide you in detail with information, in clear and plain language, about the actions, performed by us with respect to your personal data, processed by TINQIN, including inter alia:

  • What personal data do we collect for you and what are personal data after all?
  • What is the purpose of collecting those personal data?
  • What retention periods do we envisage for the collected personal data?
  • With whom do we share your personal data?
  • How would we inform you about any changes introduced to our Privacy Policy?
  • What are your rights regarding the personal data processed by us?

With this Privacy Policy TINQIN warrants that it applies all technical and organizational measures for the due protection of any personal data of individuals under its disposal, as statutory foreseen within the applicable national or European legislative framework on data protection, as well as the established good practices.

WHAT IS PERSONAL DATA?

According to the GDPR, ‘personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

WHAT PERSONAL DATA DOES TINQIN COLLECT?

In order to run our business and provide effective access to our products and services, TINQIN needs to know at least a little about you.

Hereunder we outline what information TINQIN may collect for you:

A) Content we collect through our website:

Automatically collected information: You can get access to the website without filling in personal data. But even in this case, certain information is automatically processed, such as:

– log files: when you visit the website, our web server automatically stores the name of the domain or IP address of the requesting computer (usually a computer of your internet access provider), as well as the date, time, and duration of your visit, the visited subpages/URL addresses and information about the application(s) and terminal(s) you use to review our pages.

– cookies – for more information, please see the Cookie Policy.

– Information processed in connection with the use of the Google Search Console tool. For more information please visit https://search.google.com/search-console/about and https://policies.google.com/?hl=en-GB&gl=el.

– Information processed in connection with the use of Google Analytics. For more information please visit https://analytics.google.com/analytics/web/provision/?hl=en#/provision and https://policies.google.com/?hl=en-GB&gl=el.

– Information processed in connection with the use of Google Ads. For more information please visit https://ads.google.com/intl/en_uk/getstarted/ and https://policies.google.com/?hl=en-GB&gl=el.

– Information processed in connection with the use of Facebook Pixel. For more information please visit https://www.facebook.com/business/help/742478679120153 and https://developers.facebook.com/docs/facebook-pixel/implementation/gdpr/.

You can apply for a job with us through the “CAREERS” section of the website www.tinqin.com (this can also be made by sending an e-mail to careers@tinqin.com, or in another way specified by us). For information in relation to this processing of personal data please refer to Policy on the Processing of Personal Data of Job Candidates.

B) Information that we collect when entering into contracts:

When addressing you with offers for our products/services, as well as, when entering into contractual relationships with you or the organization that you are representing, we may need to collect certain specific information, such as name, family name, e-mail, organization, city/country, address, etc.

C) We also process other kinds of data, depending on the particular purpose of processing e.g. contact data and communication with you – when we process your data for marketing purposes or in other cases of communication with you even if this is not related to a contractual relationship, etc.

ON WHAT GROUNDS AND FOR WHAT PURPOSES DOES TINQIN PROCESS YOUR PERSONAL DATA?

We apply the following legal bases for processing your data:

– processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; (Article 6, paragraph 1, letter (b) of the GDPR);

– your consent to the processing of your personal data for one or more specific purposes (Article 6, paragraph 1, letter (a) of the GDPR);

– processing is necessary for compliance with a legal obligation to which the personal data controller is subject (Article 6, paragraph 1, letter (c) of the GDPR) – for example, our legal obligations under tax and accountancy legislation;

– processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data, in particular where you are a child (Art. 6, paragraph 1, letter (f) of the GDPR) – if this legal basis is used, the description of the specific legitimate interests is the same as the description of the purposes of the data processing.

TINQIN collects and operates with your personal data, mainly in order to fulfill its contractual obligations under contracts concluded with you (in this case the basis for processing is “processing is necessary for the performance of a contract to which you are a party”) or your organization (in this case the basis for processing is “legitimate interest”) for the provision of products/services and to be able to accomplish to the fullest extent what you have assigned us to do for you.

If there is communication between us without the existence of contractual relation between TINQIN and you or your organization, we may process your data in order to reply to you and/or act on your request. In this case, the basis for processing is “in order to take steps at your request prior to entering into a contract” – if applicable, and in if not applicable – the basis for processing is ”legitimate interest”.

Where required by law or where we believe it is necessary, so to protect our legal rights, legitimate interests, and/or the interests of third parties, we might retain and use information about you in connection with legal claims, compliance, regulatory, and/or audit functions, and/or disclosures in connection with the acquisition, merger or sale of a business.

Of course, we also use your information, so to resolve technical issues that you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve services, provided by us.

TINQIN collects personal data upon receipt of clear, free, and unambiguous consent, where such is needed. For instance, for marketing purposes or receipt of advertisement or info newsletters issued by us, we may request from you to give your consent (in such cases you will be entirely free to decide whether or not to give your consent).

Please, keep in mind that the consent you provide us with may be withdrawn at any time, without affecting the lawfulness of processing based on consent before its withdrawal. For the withdrawal, you could visit one of our offices and make it on-site, or you could simply send us a request to the following e-mail address: dpo at tinqin dot com In addition, with regard to marketing/advertising messages – you can follow the link/address for refusal to receive messages, placed in marketing/advertising messages that we send you.

Some personal data shall be used, so to enable us to fulfill your requirements towards TINQIN, when it comes, including, but not limited, to:

  • Providing you with the services and products that we offer and you express interest in and/or commission;
  • Ensuring full access to our webpages;
  • Responding to any queries, opinions and recommendations you might address us with;
  • Sending you information related to special campaigns or new products or services

ARE YOU OBLIGED TO PROVIDE US WITH YOUR DATA AND WHAT ARE THE CONSEQUENCES IF YOU DO NOT DO IT?

In most cases, you are not obliged to provide us with your personal data. If otherwise, we will inform you in the particular case. There are cases in which the provision of some of your personal data is a statutory requirement and/or a contractual requirement and/or a requirement necessary to enter into a contract, as in such cases we will inform you of this. If you do not provide us with your personal data, we may not be able to enter into or perform a contract or fulfill any of our other purposes for processing your data.

HOW LONG DO WE KEEP AND PROCESS YOUR PERSONAL DATA?

Depending on the ground for processing your personal data, the retention period might differ.

We will retain and use your personal data to the extent needed, so as to deliver our services, as required by you; to comply with our legal obligations (for example, if we are obliged or required on a case-by-case basis to withhold your data for a bit longer than needed for our services, in order to comply with applicable laws); to resolve litigation or out-of-court disputes; to enforce our legal agreements and policies.

The exact criteria used to determine our retention periods in terms of timeframes include the length of time, for which we have an ongoing relationship with you and provide our services to you, respectively our legal obligations, or whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Your personal data are kept with us for a period of 10 years upon termination of an existing contract if the personal data is processed in connection with such contract (concluded with you or with a person/organization related to you). In the cases where the law provides periods for keeping documents/information (e.g. under tax/accountancy legislation), we will comply with those periods. When we use your information, so to resolve technical issues that you encounter, to analyze crash information, and to repair/improve our services, we will keep your data maximum up to 12 months depending on the requirements for keeping the respective technical/audit/crash logs of the site and the webserver. In all other cases (not listed above) we will keep your personal data for a period of 6 years.

The above periods apply unless we are obliged to stop keeping the data before the expiry of those periods (e.g. if we shall comply with your objection to data processing or withdrawal of consent or request for the erasure of data, etc.) or unless we inform you that we will keep your data for another period.

After the expiration of the retention period, we will either obliterate or anonymize your personal information, as well as any hard or soft copies, made thereof.

While being in the hold of information that may contain personal data, we undertake significantly, but nevertheless commercially acceptable to us measures to protect it. We seek to use reasonable organizational, technical, and administrative measures to protect your personal information within our organization from its loss, misuse, unauthorized access to or disclosure, unlawful alteration, and/or destruction.

TO WHOM MAY WE TRANSFER YOUR PERSONAL DATA? DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU/EEA OR TO INTERNATIONAL ORGANISATIONS?

We may share your information with the following third parties for the following purposes:

  • Companies within the TINQIN structure, situated on the territory of France (our related and affiliated companies): we may share your information with our affiliates, which are entities under common ownership or control of TINQIN, to provide our services in different countries and for the exact same purposes described in this Privacy Policy.
  • Our suppliers, subcontractors and business partners (“service providers”): we may share information about you with our service providers, who/which process information to provide services to us or on our behalf, for instance the company rendering hosting services related with this website.

Such third parties would then have access to your personal data, however, only to perform the tasks assigned to be performed by them and are contractually obligated not to disclose or use the personal data for any other purpose whatsoever.

Our use of the platforms/tools/services Google Search Console tool, Google Analytics, Google Ads, and Facebook Pixel may be related to the transfer of data outside the European Union (EU) and European Economic Area (EEA). Such data transfers are based on adequacy decisions, standard contractual clauses, as well as possible on your explicit consent (according to Article 49, paragraph 1, letter (a) of the GDPR) and/or on another basis if such is specified in the Privacy Policies of those platforms/tools/services. For more information on this, you should read the relevant Privacy Policies (for Facebook Pixel – please visit https://www.facebook.com/privacy/explanation; for Google Search Console tool, Google Analytics and Google Ads – please visit https://policies.google.com/privacy?hl=en-GB, and you can also turn for help to us using the contact details specified at the beginning of this Privacy Policy.

With our contractors to which we entrust to process some information, containing also personal data, we do enter into data processing agreements, thus, guaranteeing that those contractors comply with appropriate technical and organizational measures regarding your data protection.

We do not intend to transfer your data to international organizations.

In addition, we may use and disclose your personal information as appropriate, in the good faith belief that such action is necessary, e.g. when we have a legal obligation or legitimate interest to do so, in order to pursue one of the following:

  • We may use and disclose the information we collect from and about our customers as we believe necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or wrongdoing, or to protect the personal safety, privacy, rights, or property of TINQIN, our customers, or others. In such cases we may transfer your data to authorities, lawyers, consultants, notaries, enforcement agents, experts and/or if provided by law – to other recipients.
  • If validly requested or required by any public authorities, such as law enforcement authorities, courts, government regulators, state agencies, etc., so to comply with the law and/or the mandatory orders and/or other legal obligations (which may include laws outside your country of residence).
  • Protect ourselves against legal liability. In such cases we may transfer your data to authorities, lawyers, consultants, notaries, enforcement agents, experts and/or if provided by law – to other recipients.
  • We have no plans to sell our business. In this unlikely event, we may use, disclose, or transfer your personal information to a third party, if we or any of our company affiliates are involved in a corporate restructuring (e.g., a sale, merger, or other transfer of assets, including in connection with any bankruptcy or similar proceedings). In such cases we may transfer your data to authorities, lawyers, consultants, notaries, enforcement agents, potential or actual buyers/contractors, experts, liquidators, bankruptcy trustees and/or if provided by law – to other recipients.

Links to other websites and use of social media plug-ins:

Our website contains links to other websites, such as for example Facebook and LinkedIn, which are not operated and hosted by us. If you click on a third-party link, you will be directed to that third party’s website. We strongly advise you to review the Privacy Policy of every such website you visit throughout our website. We have placed these links to make our website more functional for visitors, as well as to develop/promote our business, goods, and services (including if you voluntarily share our content on relevant third-party websites).

We have no control over and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services.

WHAT ARE YOUR RIGHTS RELATED TO YOUR PERSONAL DATA?

According to the legislation, you have certain rights, including (but not limited to) the right to:

  • Request access to your personal data. You have the right to obtain confirmation as to whether or not personal data concerning you are being processed. If so, you have the right to obtain access to the data and certain information related to their processing, as well as the right to receive a copy of this data.
  • Request a rectification of your personal data. You may require from us the rectification of inaccurate personal data concerning you and/or completion of incomplete personal data concerning you (taking into account the purposes of the processing).
  • Request the erasure of your personal data. This gives you an opportunity to ask us to erase/remove your personal data when there is no justifiable reason for the continuing of its processing by us. You have the right to ask us to erase or remove your personal information also in the event that you have exercised your right to object to the processing (please see below).
  • Object to the processing of your personal data. You have the right, on grounds relating to your particular situation, at any time to object to processing of your personal data which is performed on the basis “legitimate interest”, including in cases of profiling on this basis. In order to continue processing, we shall demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Also, you have the right to object in the following cases:

– You have the right at any time to object to the processing of personal data concerning you when we process them for the purposes of direct marketing, including in cases of profiling related to direct marketing. When you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

– Where personal data are processed for scientific or historical research purposes or statistical purposes, you, on grounds relating to your particular situation, shall have the right to object to the processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

  • Request a restriction of processing of your personal data. This gives you an opportunity to ask us to stop processing (except for certain processing activities provided in applicable legislation) personal information about you in the following cases:

– the accuracy of the personal data is contested by you, as the restriction of processing shall be applied for a period enabling us to verify the accuracy of the personal data;

– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

– we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;

– you have objected to processing pursuant to Article 21(1) of the GDPR pending the verification of whether our legitimate grounds override yours.

  • Exercise the right to portability of your personal data. If we process personal data on the basis “performance of a contract to which the data subject is party” or on the basis “consent”, you may require from us to receive personal data in a structured, commonly used and machine-readable format and/or to transmit the personal data to another personal data controller.
  • Withdraw your consent – in the event that we process personal data on the basis of your consent or explicit consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can also see more about the above-mentioned rights on the website of the Commission for Personal Data Protection: https://www.cpdp.bg/?p=element&aid=1045.

You may address your requests to us and exercise your rights related to your personal data, either via e-mail or at our physical address, using our contact details, specified at the beginning of this Privacy Policy. We shall take any steps necessary and without undue delay, so to assess whether your specific request corresponds to the law, and to reply in a proper manner to your asking. You can address a request to us, related to your personal data, even if we are acting only in the capacity of a data processor and not a controller with respect to your personal data.

RIGHT TO SUBMIT A COMPLAINT WITH THE SUPERVISORY AUTHORITY

If you are not satisfied with any aspects of how we collect and use your data, you have the right to lodge a complaint with the respective competent supervisory authority. The Commission for Personal Data Protection is the supervisory authority for the Republic of Bulgaria, determined with the Personal Data Protection Act. Its contact details are the following: address – city of Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., GPS coordinates – N 42.668839 E 23.377495, tel. +3592/91-53-555, e-mail –  kzld@cpdp.bg, website – www.cpdp.bg.

We would be grateful if you contact us first, in case of dissatisfaction, so that we try to help you.

CHANGES TO THE PRIVACY POLICY

The most current Privacy Policy can be found on our website www.tinqin.com. This Policy may change over time and be updated from time to time.

In addition, we shall take all possible measures for informing you in the event of any substantial changes concerning personal data protection by placing notices in the premises of our offices and/or on the website(s) of TINQIN. This Privacy Policy is approved by TINQIN and is in force as of 25 May 2018. Amendments were made in this Privacy Policy and they are in force of 12.10.2021.