Home › Privacy policy

Privacy policy

Last time updated: June 14, 2023

Privacy Policy is effective immediately after being posted on this Site and may be changed periodically without separate notice.

1. TO WHOM THIS POLICY APPLIES?

This Privacy Policy (“Policy“) sets out the terms and conditions for the collection and use of your personal data when you use Tinggly ("we or Tinggly") services and is applicable to visitors of www.tinggly.com website (“Site”), our customers and other individuals whose data we process in the course of our business. Please read this document carefully as it informs you about the processing of your personal data.

This Policy is subject to change without notice so please check each time you visit our Site. You will find the latest version of this Policy here: www.tinggly.com.

Tinggly acts as the Data Controller in respect of all personal data described in this Policy. Our contacts:

Tinggly
Registration code: 304410868

Please note that we use your personal data based on the following legal grounds according to the Regulation (EU) 2016/679 (the “EU GDPR”) or, where applicable, the “UK GDPR” as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 GDPR. In the table below we refer to both EU and UK GDPR as the “GDPR”.

2. WHAT PERSONAL DATA WE COLLECT AND WHY?

For what purpose do we collect personal data? What exactly data do we collect? What provision of the General Data Protection Regulation (GDPR) do we use to process your personal data? How long do we retain this data?
2.1. To conduct e-commerce (to enable you to shop on our Site)
Order details:
• Full name
• Delivery address
• Contact telephone number and contact email address. We use this data to fulfill our contractual obligations (e.g., to send eVoucher or to communicate our delivery delays) but not for direct marketing purposes.
• Receipt information upon your request: company name, company code, VAT code, address, city, country, ZIP/post code.
• Recipient information if you want to send it us a gift: recipient’s full name, email address and phone number, delivery address.
• Payment details (purpose, method and amount of payment). This data is required to perform payment of ordered goods through the external online payment provider. Our payment service providers (see Section 3 of this Policy) collect your credit or debit card data in a secure way (using encryption). This data (e.g., your card number, expiration date, security code) is not available to Tinggly.

Performance and conclusion of a contract (Article 6 (1) (b) of the GDPR)

We consider that we have a legitimate interest in accordance with the Article 6(1)(f) of GDPR to check for and prevent any potential fraud or misuse of our Site, especially when you make a purchase or return. It helps protect you from fraud attempts by others, helps us prevent unauthorized use of the Site, and safeguards the interests of all our customers by discouraging and detecting fraudulent activities.

Financial records are retained for 10 years after the purchase transaction.

We may continue to retain some information, even after this time if we are required to do so in order to comply with various laws or on the basis of justified interests (e.g. retention for asserting claims).

2.2. Creation and administration of your user profile on our Site. Once you create your profile, you will be able to view your order and payment details and avoid filling in your personal information every time you create a new order. If you have Facebook, Google or Apple account, you can sign up using them.
We collect:
• Email address

• Purchase history

Registration using Facebook, Google or Apple:

When you sign up with your Facebook, Google or Apple account, you will be transferred from Tinggly site to Facebook, Google or Apple and asked to enter your Facebook, Google or Apple account login information.

After entering your Facebook/Google/Apple login details, you will provide us with your name and email address.

When registering without Facebook / Google/Apple accounts, you will be asked to provide us with the following data:
• Email address (required)
• Password (stored in an encrypted form)
Your profile is created with your consent (Article 6 (1) (a) GDPR) We retain your profile data as long as you use our services. We may keep your consent and any details proving it for a longer period of time if necessary, on the basis of justified interests (e.g. retention for asserting claims).
2.3. To provide news and offers and ask for your feedback in a form of a newsletter (direct marketing)
We collect your email address.
Your consent (Article 6 (1) (a) GDPR) We will cease processing your data for marketing purposes once you have actively rejected further marketing communication from us.
2.4. If you communicate with us
We collect your full name, contact information (email address, telephone number) along with any communication and messages (including the time they were received / submitted) you send to us.
We have a legitimate interest to answer to your questions, requests and complaints in accordance with the Article 6(1)(f) of GDPR We retain this data for 5 years after your request is closed. We may continue to retain some information, even after this time if we are required to do so in order to comply with various laws or on the basis of justified interests (e.g., retention for asserting claims).
2.5. To manage our accounts on social networks
We collect your name, contact information (if you provide it), comments you leave under our posts, post shares, information about “like” and “follow” clicks on our profile, post reactions (including information about when you started following or liked our social network account), your photo, any feedback you left and your ratings of Tinggly.
Your consent (Article 6 (1) (a) GDPR) 10 years
2.6. To improve our Site, ensure its performance, increase its security and adapt both its content and form to the needs of our users

When you visit our Site, we collect the following data from you automatically:

IP address, operating system, user ID and other information about your activities on our and other websites. We collect and store this information as part of log entries or through the use of cookies. Read more about the use of cookies in the Section 7 of this Policy.

Personal data collected with cookies is processed on the basis of our legitimate interest (Article 6 (1) (f) GDPR) while we set up cookies on your device only with your consent (Article 6(1)(a) GDPR) Read more about the retention periods in the Section 7 of this Policy

3. WHO DO WE DISCLOSE YOUR PERSONAL DATA TO?

Where necessary, Tinggly may transfer and/or otherwise disclose your personal data to the law enforcement authorities, courts and other authorised governmental bodies.

To the extent necessary to ensure the proper provision of our services, Tinggly also may transfer and/or otherwise disclose personal data to third parties involved in the processing activities – partners and external service providers:

  • Parcel delivery service providers;
  • Our partners providing services or goods (gifts) ordered by you, or other services related to the services/goods you have ordered.
  • Payment service provider of your choice (e.g., Stripe, Paypal).
  • Klaviyo (newsletter services provider) (USA). Please find the respective data protection policy here. For transfers of personal data outside the EEA, TikTok uses the the EU Commission’s approved Standard Contractual Conditions (SCC).
  • Facebook, Inc. (USA). Please find the respective data protection policy here. Facebook no longer relies on the Privacy Shield as a transfer mechanism for the EU as a result of the Schrems II decision but continues to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA. Facebook’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers.
  • Google LLC (USA). Please find the respective data protection policy here. We use Google cookies. Google no longer relies on the Privacy Shield as a transfer mechanism for the EU as a result of the Schrems II decision but continues to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA. Google’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers.
  • Twitter. Inc. (USA). Please find the respective data protection policy here. Twitter no longer relies on the Privacy Shield as a transfer mechanism for the EU as a result of the Schrems II decision but continues to have appropriate safeguards and compliance measures to ensure an adequate level of protection of personal data transferred outside the EEA. Twitter’s existing measures include the EU Commission’s approved Standard Contractual Clauses (SCCs) to accommodate international data transfers.
  • TikTok Pte. Ltd (Singapore, USA). Please find the respective data protection policy here. For transfers of personal data outside the EEA, TikTok uses the the EU Commission’s approved Standard Contractual Conditions (SCC).
  • Software, IT infrastructure maintenance and/or cloud service providers.
  • Web hosting and web support service providers.
  • Servers rent and maintenance service providers.
  • Electronic communications service providers.
  • Accounting, archiving, legal and/or marketing service providers.

For all of these service providers, we will only provide as much data as is necessary to perform a particular service.

When you communicate with us via social networks, you should inquire about their applicable data protection terms and conditions and read their privacy policy. All personal information you provide to us via social networks is controlled and managed by that particular social network (e.g., Facebook (Meta), TikTok, Twitter).

Sale or merger. We may also disclose your personal data to third parties in the event that we sell or buy any business or assets (due to liquidation, bankruptcy or otherwise), or merge with another company or business. In this case we may transfer your data to a prospective seller or buyer of such business or assets as user information may be among the transferred assets in said transactions.

4. HOW DO WE PROTECT YOUR PERSONAL DATA?

When processing and storing your personal data, we implement organisational and technical measures to ensure that personal data is protected against accidental or unlawful destruction (e.g., backups on a regular schedule), alteration, disclosure, and any other unlawful processing. Secure use of our Site is ensured by the SSL (Secure Socket Layer) certificate. With an SSL certificate, the information sent between the user’s browser and our server is encrypted. Details of the certificate can be found at www.ssls.com.

5. YOUR RIGHTS IN RESPECT OF YOUR PERSONAL DATA

Each data subject has the following rights:

  • Know (be informed) about the processing of your personal data (Articles 12-14 of the GDPR);
  • Access your personal data that is being processed (Article 15 of the GDPR);
  • Request the correction of inaccurate personal data relating to you (Article 16 of the GDPR);
  • Request the deletion of personal data relating to you (“the right to be forgotten”) (Article 17 of the GDPR). Please note! You have the right to be forgotten only if it can be justified by one of the following reasons: (i) personal data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) you do not consent to the processing under Article 21 (1) of the GDPR and there are no overriding legitimate reasons for processing.
  • Restrict data processing (Article 18 of the GDPR). Please note! You have the right to restrict the processing of your data only if: (i) personal data is inaccurate; (ii) the processing of personal data is unlawful, but you do not consent to the erasure of the data; (iii) Tinggly no longer needs personal data to fulfil our purpose, but it is necessary for you to assert, enforce or defend legal requirements; (iv) you object to the processing under Article 21 (1) of the GDPR unless the legitimate reasons of Tinggly override your own.
  • Transfer your personal data when the processing is based on consent or contract and the data is processed by automated means (Article 20 of the GDPR);
  • Object to the processing of personal data for reasons specific to your case where the processing is in the legitimate interests of Tinggly or of a third party, unless we prove that the processing is for compelling legitimate reasons overriding your interests, rights and freedoms, or for the purpose of asserting, enforcing or defending legal requirements (Article 21 of the GDPR).

If you believe that Tinggly is unlawfully processing your personal data or is not implementing your rights, you have the right to file a complaint with the competent Data Protection Authority or to make a claim against Tinggly with a competent court (either in the country where you live, the country where you work or the country where you deem that data protection law has been infringed).

If you are based in the EU, information about how to contact your local data protection authority is available here. If you are based in the UK or Switzerland, your local data protection authorities are the UK Information Commissioner’s Office (https://ico.org.uk/global/contact-us/) and the Swiss Federal Data Protection and Information Commissioner (https://www.edoeb.admin.ch/edoeb/en/home/the-fdpic/contact/address.html).

You can exercise rights over your data by reaching out to [email protected].

6. THIRD-PARTY ADVERTISING AND ANALYTICS

Our Site may contain links to other websites. If you click on a third-party link, you will be directed to that site. Please note that we are not responsible for the content of such websites or the privacy policies they use. If you decide to visit them, you should look separately at their Privacy Policy.

7. COOKIES

This website uses strictly necessary, functional, analytical and marketing cookies. These cookies present our Site in an attractive way, ensure its functionality and convenient navigation. More information on how cookies work may be found at www.cookiecentral.com.

Information related to cookies is not used to personally identify you and the collected data is controlled by us. We do not associate the visitor's IP address and/or email address with data that identifies the visitor. This means that the visit session of each visitor will be registered, but the visitor of our Site will remain anonymous.

Cookies used on our Site

CONTACT US

If you have any questions regarding your personal data, please contact us via [email protected].

ADDITIONAL DISCLOSURES FOR CALIFORNIA, VIRGINIA, CONNECTICUT, COLORADO, AND UTAH RESIDENTS (UNITED STATES)

These additional disclosures (Supplemental Disclosures) serve as an extension to the information provided in our Privacy Policy and exclusively apply to individual residents of the States of California, Virginia, Connecticut, Colorado, and Utah ("consumers" or "you").

The purpose of these Supplemental Disclosures is to offer supplementary information regarding the collection, utilization, disclosure, and processing of personal information belonging to individual residents of California, Virginia, Connecticut, Colorado, and Utah both through online and offline means, in accordance with the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (collectively referred to as the "CCPA"), the Virginia Consumer Data Protection Act, the Connecticut Data Privacy Act, the Colorado Privacy Act, or the Utah Consumer Privacy Act (the "State Privacy Laws").

Unless explicitly stated otherwise, the terms used in these Supplemental Disclosures carry the same definitions as provided in our Privacy Policy or as defined within the respective State Privacy Laws. When we refer to "personal information" in these Supplemental Disclosures, we are specifically referring to information that can identify, relate to, describe, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to a particular consumer or household.

1. COLLECTION AND USE OF PERSONAL INFORMATION

We collect personal information from and about you for a variety of purposes, as described in the What Personal Data We Collect and Why section of the Privacy Policy. The same section of the Privacy Policy describes which categories of personal data we have collected about you in the last 12 months. We collect this information from the following sources: directly from you, from your browser or device when you visit our Site or use our services, or from third parties that you permit to share information with us.

2. DISCLOSURE AND SALE OF PERSONAL INFORMATION

In accordance with the disclosure requirements under applicable State Privacy Laws, Tinggly does not sell or share your personal data. In the course of our business activities we may share personal data with third parties, or permit third parties to collect data across our websites in accordance with the Who Do We Disclose Your Personal Data To section of our Privacy Policy.

3. YOUR PRIVACY RIGHTS

As a California, Virginia, Connecticut, Colorado, or Utah resident, you may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations under applicable State Privacy Laws):

  • to request from Tinggly access to your personal data that we have collected and disclosed in the last 12 months, upon verification of your identity;
  • to request the deletion of personal data we have collected from you, subject to certain exceptions;
  • to request that any inaccuracies in your personal data be corrected, taking into account the nature of the personal data and the purposes of the processing of your personal information;
  • to opt-out of the use or disclosure of your sensitive personal data. Please note, that at this time we do not collect any sensitive personal data about you;
  • you have the right to opt-out of sharing your personal information with third parties for some purposes, including sharing that may be defined as a sale under applicable laws. Please note, that at this time we do not sell any personal data about you.
  • to non-discriminatory treatment for exercise of any of your data protection rights. Unless permitted by the applicable State Privacy Law, we will not deny you goods or services, charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, provide you with a different level or quality of goods or services, or suggest that you receive a different price or rate for goods or services or a different level or quality of goods or services.
  • California residents that have an established business relationship with us have rights to know how their information is disclosed to third parties for their direct marketing purposes under California’s “Shine the Light” law, or the right to opt out of such practices (Civ. Code §1798.83).

4. HOW TO EXERCISE YOUR PRIVACY RIGHTS

We receive Privacy Rights requests from across the globe and work to ensure all valid requests where Tinggly is the Controller are responded to within the appropriate timeframe. In accordance with the verification process set forth in the applicable State Privacy Laws, we will require a more stringent verification process for deletion requests, or for personal data that is considered sensitive or valuable, to minimize the harm that might be posed to you by unauthorized access or deletion of your personal data.

If we must request additional information from you outside of information that is already maintained by us, we will only use it to verify your identity so you can exercise your data protection rights, or for security and fraud-prevention purposes.

You may exercise your rights as follows:

  • You can submit your request via [email protected].
  • California residents can also designate an authorized agent to submit requests to exercise your data protection rights to Tinggly. Such authorized agent must be registered with the California Secretary of State and submit proof that you have given authorization for the agent to act on your behalf.

5. MINORS

Tinggly does not knowingly collect the personal data of children under the age of 13. If you are a parent or guardian and believe Tinggly collected information about a child, please contact us as described in this Privacy Policy. We will take steps to delete the information as soon as possible. Given that our Site and online services are not directed to users under 16 years of age and in accordance with the disclosure requirements of the applicable State Privacy Laws, Tinggly does not sell the personal data of any minors under 16 years of age.

ADDITIONAL DISCLOSURES FOR NEVADA RESIDENTS (UNITED STATES)

If you are a resident of the State of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. Please note, that at this time we do not sell any personal data about you. To opt out of this kind of future sales, please submit a request via [email protected].