Privacy Policy
WHO ARE WE?
be ys Trusted Solutions Luxembourg, part of the BeYs Group (hereinafter the "Service Provider") a public limited company under Luxembourg law, whose registered office is at 17 rue Léon Laval - L-3372Leudelange registered with the Luxembourg Trade and Companies Register under number B226894.
The Service Provider acts as a data controller for users of the "KIPMI" mobile application(hereinafter the "User"), which collects and stores documents, allowing them to be shared with other service providers with whom the Service Provider has Software as a Service (SaaS) contract.
The Service Provider upholds the highest standards for security of the User’s data and does not share it without the knowledge of the User.
WHAT IS PERSONAL DATA?
According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
WHAT PERSONAL DATA WE PROCESS?
For the "KIPMI" mobile application, we collect the following personal data:
- Email address (for registration and verification)
- Phone number (for 2FA and verification upon registration)
- Password (for account security)
- Biometric data (for Face ID authentication, if opted by the User)
- National ID, Passport, or Residence permit details (for identity verification)
- Bank details (of your IBAN and BIC for payments)
- Messages (when you want to send us a message to contact us with questions)
- Adress (when you add personal address to your account)
- Personal details from identification documents, including:some text
- First name, Middle name, Last name
- Personal ID number
- Gender
- Nationality
- Document type and number
- Date of birth
- Country of issue
- Date of expiry and issue
- Place of birth
- MRZ code
- Other relevant information depending on the document you take picture of.
Information about family members (you may add information about your marital status, family members such as “spouse” and “child” – First name, Last name, gender, place of birth, date of birth, birth certificate number, etc.)
- Uploaded files and documents (from gallery or phone storage)
We also collect tracking information through Matomo Analytics, which is anonymized and used to optimize app performance and analyse User behaviour. More information about Matomo and its compliance with GDPR can be found here.
WHAT IS THE PURPOSE FOR PROCESSING?
The collection, storage, and processing of personal data by the Service Provider are carried out in accordance with the GDPR. As the data controller, the Service Provider uses personal data exclusively for the performance of the SaaS contract. The purposes of processing include:
- Creation and updating of customer accounts
- Collection and sharing of documents as authorized by the User
- Verification of document authenticity
- Storage of compliant documents in a secure digital vault
- Connecting users with service providers for remote signing and data sharing
WHAT ARE THE RECIPIENTS OF YOUR DATA?
We share your data exclusively with legal entities with whom you want to exchange information. We do not transfer data outside the EU/EEA, nor do we transfer your data without your knowledge.
The data is stored only on the BeYs Cloud, which is under the same control as of the Data Controller.
DATA PROCESSORS AND SUBCONTRACTORS:
Ø „TINQIN” АD, UIC: 203482415, having its seat and registered office in Bulgaria, Sofia, 115G Tsriogradsko Shossee Blvd., fl. 3, as company part of BeYs Group for the development and maintenance of the mobile application.
Ø BE YS TRUSTED SOLUTIONS FRANCE, a Simplified joint stock company under French law, whose registered office is at 46 rue du Ressort, 63000 Clermont-Ferrand, and which is registered with Clermont-Ferrand Trade and Companies Register under number 850 954 074, company part of the BeYs Group, for the certification of some functionalities included or to be included in the mobile application.
In the future, if subcontractors or another data processor are involved, we will update this section accordingly.
HOW LONG DO WE PROCESS YOUR DATA?
We will process your personal data only as long as necessary to fulfil the purposes mentioned above. Typically, data will be retained for up to 10 (ten) years following the termination of the contract, unless otherwise required by law.
Information collected and stored in connection with the provision of trust services, such as:
- Information contained in the client's account (all collected personal data from the client's registration, photo, etc.);
- Video session records (automatic and via operator) for the purposes of e- Identification;
- Information on signed electronic documents, incl. metadata/description of documents;
- History of signing;
- Information about documents sent and received;
- History of identification;
- Information contained in the communication with the clients in regards the services.
Information related to the use of the safe storage of document service (with depository): documents sent for signing or signed through the Application
Information related to the use of the qualified electronic signature storage service: Your private keys in encrypted form
Information related to using the sign-in service on websites without usernames and passwords (password-less login)
Financial and accounting documents; invoices; other information related to tax and social insurance control.
System logs of the application. Logs related to security, technical support, etc. (may contain information such as date and time, IP address, URL, browser and device version information)
Biometric data processed during automated or semi- automated identification in the process of registration and activation of the Application.
Data processed based on your explicit consent, except the biometric data (see above)
Data and records collected in an unsuccessful identification.
ARE YOU OBLIGATED TO PROVIDE US WITH YOUR DATA?
The provision of personal data is required by contractual provisions. By accepting the Terms & Conditions, you agree to provide us with your data. If you do not provide the necessary personal data, we cannot conclude the contract, and you will not be able to use the application.
AUTOMATED DECISION MAKING AND PROFILING?
Currently, the "KIPMI" application does not involve any automated decision-making or profiling that produces legal effects or significantly affects the user.
WHAT ARE YOUR RIGHTS?
You have the right to:
- Access your personal data
(you have the right to obtain confirmation as to whether or not personal data concerning you are being processed. If so, you have the right to obtain access to the data and certain information related to their processing, as well as the right to receive a copy of this data.) - Rectify inaccurate or incomplete personal data
(You may require from us the rectification of inaccurate personal data concerning you and/or completion of incomplete personal data concerning you (taking into account the purposes of the processing). - Request the erasure of your personal data
(This gives you an opportunity to ask us to erase/remove your personal data when there is no justifiable reason for the continuing of its processing by us. You have the right to ask us to erase or remove your personal information also in the event that you have exercised your right to object to the processing. ) - Object to the processing of your personal data
(You have the right, on grounds relating to your particular situation, at any time to object to processing of your personal data which is performed on the basis “legitimate interest”, including in cases of profiling on this basis. In order to continue processing, we shall demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.) - Exercise the right to data portability
(you may require from us to receive personal data in a structured, commonly used and machine-readable format and/or to transmit the personal data to another personal data controller.) - Withdraw your consent at any time (for data processed based on consent)
(If we process specific personal data on the basis of your consent or explicit consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.)
To exercise these rights, you can contact us via email at dpo@be-ys.com or by physical mail at the address provided at the beginning of this Privacy Policy. If you have concerns about how we handle your data, you have the right to lodge a complaint with the supervisory authority in your country.
For any technical questions or other concerns regarding the application please contact the company „TINQIN” АD : dpo@tinqin.com
YOU ARE IN CONTROL
You can use the settings within the application to control your privacy settings.
In next upcoming version of the mobile application, you will have the possibility to exercise your right directly within the application.
CHANGES TO THE PRIVACY POLICY
Any changes to this policy will be communicated in a timely manner. The current policy is in effect as of July 13, 2024.
The English version of this privacy policy prevails over any other language versions and will be the applicable version.