Data Protection Policy
Version: May 2018 – 3.1
TinQwise handles, stores and deletes lots of data. Data of our employees, data of our clients and data of our partners. We also handle and store data within the services that we provide to our customers on our website (initial customer data), such as contact details you might fill in when signing up for our newsletter. In this statement we describe the policies of TinQwise on who should have access to this data, where to store this data and how to retain and dispose this data in a proper and consistent way. The so-called Data Protection Policy or better The Data Storage, Protection, Retention and Disposal policy.
How TinQwise Classifies its data?
Within TinQwise we classify our data in 5 categories. All data can be classified by one or more categories.
- Sensitive TinQwise data: all data created and collected within TinQwise premises that is obliged not to be read or copied by people outside TinQwise, without permission. This includes personal data of TinQwise employees and financial statements.
- Vital TinQwise data: all data created or collected within TinQwise premises that is vital to the operation of TinQwise. If data in this category is lost, sound operation of TinQwise is jeopardized.
- Non sensitive, non-vital TinQwise data: all data created or collected within TinQwise premises that those not belong to categories 1 or 2.
- Initial customer data: all data provided by (potential) customers of TinQwise to TinQwise in order to be able to create and provide services by TinQwise to that customer, such as plans, strategies, policies, learning goals, surveys, examples and test results.
- Operational customer data: all data created or provided by customers of TinQwise within the operation of the services, such as user data.
Data that is handled and stored within the services that we provide to our customers on our website is classified as category 4. This document focuses on that category. If other categories become applicable for you (for example when you become a TinQwise employee or operational customer data is created) we will provide you with our specific data protection policy for those categories.
What data does TinQwise store and with what purpose?
An overview of the data we store with your consent:
- Phone number
- Other data you actively share with us, for example when subscribing to our newsletter, emailing or calling TinQwise.
- Data on your activities on our website and connected websites.
When you first visited our website we informed you about these cookies and we asked for your consent. However, if you wish to restrict or block the cookies which are set by our websites, or indeed any other website, you can do this through your browser settings. The 'Help' function within your browser should tell you how. Alternatively, you may wish to visit www.aboutcookies.org/ which contains comprehensive information on how to do this on a wide variety of browsers. You will also find details on how to delete cookies from your machine as well as more general information about cookies. Please be aware that restricting cookies may impact the functionality of our website.
Our website / service does not collect sensitive data.
TinQwise stores your data with the following purposes:
- to be able to send you our newsletter (only after subscription);
- to be able to contact you (phone/email) to provide our services;
- to be able to inform you when our products or services change;
- to analyze your online behavior, to improve our website/marketing and align our products and services with your preferences.
Automated data processing
TinQwise does not make automated decisions based on automated data processing, that can have (substantial) consequences for the owner of this data. With automated decisions we refer to decisions that are made by computer software, without interference of a human being (for example a TinQwise employee).
Where does TinQwise store category 4 data?
TinQwise recognizes 2 different types of storage on which all initial customer data is stored.
- Centralized general disk storage TinQwise: Local arranged general disk storage, which is only accessible within TinQwise premises or through TinQwise VPN.
- Hosting storage CRM Hubspot: All (virtual) storage provided by our CRM system, Hubspot, based on the contract between TinQwise and Hubspot. Note that by working together with Hubspot, TinQwise is subjected to the storage and privacy policies of Hubspot and the Data protection responsibility is with Hubspot itself.
Who has access to which storage as a user and as an administrator?
TinQwise has defined the following administrator roles for the various types of storage.
|Storage type||Administrator(s) *)|
|Central disk storage TinQwise||Data Security Officer; Systems Operator|
|Hubspot||Data Security Officer; Systems Operator; MarCom specialist; Business Development Coordinator|
|*) Please find contact details in last section of this document|
The following users have access to the various types of storage.
|Storage type||User Group(s) **)|
|Central disk storage TinQwise||All TinQwise Employees|
|Hubspot||All TinQwise Employees|
|**) When TinQwise Employees get their first contract they obtain a user id and password to enter the TinQwise Office environment and applicable storage types. All passwords are forced to be changed once a year.|
How TinQwise retains Category 4 data?
The following users have access to the various types of storage.
|Storage type||Retain procedure|
|Central disk storage TinQwise||Daily backup procedure and retaining procedure based on incidental request as defined with Systems Operator (with a life time of 4 weeks)|
|Hubspot||Possible backup procedure and retaining procedure based on incidental request as defined by Hubspot (with a maximum recovery of 90 days).|
How TinQwise disposes Category 4 data?
Initial customer data is not deleted, but archived, unless on specific request of the Customer. On request our Data Security Officer is responsible for the disposal.
TinQwise does not sell your data to third parties and will only provide third parties with your data when this is necessary to execute the contract we have with you, or because we are legally obliged.
What is TinQwise’s general data protection policy?
TinQwise believes that implementing and maintaining the procedures and rules as set out in this document provides a good basis for a healthy data protected environment. Next to this we keep up a couple of extra policies to strengthen the protection of our data environment
- To offer TinQwise, its employees and its customers maximum security TinQwise wants to use a two-step authentication for all its login procedures. It also wants to implement this two-step authentication, whenever it is not strictly forbidden / denied by the customer, within its customer solutions. Both for the end-users as for the administrator roles. TinQwise strives to have this implemented no later than September 1st 2018 for all new projects.
- All employees have to sign a contract with the following confidentiality clause (in Dutch): “Gebruik je gezonde verstand alsjeblieft. Als je aan iets werkt dat vertrouwelijk is, ga er dan niet over opscheppen in bijvoorbeeld de kroeg. Dat kan ons op dure boetes komen te staan. Wij rekenen op jouw discretie. Besef dat wij als TinQwise vaak geheimhoudingsverklaringen tekenen met onze klanten en die gelden dan voor alle TinQers. We hebben het dan over alle informatie die niet algemeen bekend is bij de gemiddelde Nederlander.”
- External resources sign a separate contract “Geheimhoudingsverklaring” (version 2.0 d.d. October 27, 2017) and Inkoopvoorwaarden 5.0 d,d, October 27, 2017) in which this Data Protection Policy is also covered.
- All suppliers who supply data storage applications / software have to fill in the “Quality Assurance Checklist” (version 1.0.0).
- All TinQwise employees use the security code, which is needed to shut of the security / alarm system when entering the TinQwise premises. Entering those premises also does not give access to the type A storage (Central disk storage TinQwise). This is stored on a separate location. The central code is changed on a yearly basis.
Who looks after the data policies within TinQwise?
TinQwise has appointed a so-called Data Security officer which is involved in monitoring and improving the way TinQwise, the TinQwise employees and all other involved persons handle all data within TinQwise. He looks after our way of working to make sure we work according to the latest applicable privacy laws. This person will attend a Data & Privacy training on a regular basis.
Some general contact information
If you have any questions regarding your data our this policy, please do not hesitate to contact us.