Thunes has aligned its approach to data protection with the highest applicable standards. As such, Thunes applies the guidelines and protocols stipulated by the General Data Protection Regulation EU 679/2016 (hereinafter the “GDPR”) in relation to Personal Data collected or processed or dealt with in any manner by Thunes. Personal Data is defined in data protection laws applicable to the Personal Data you provide but typically includes any information about a living individual from which they can be identified (“Personal Data”).
Under the GDPR, Thunes is entitled to process Personal Data if you have given your consent for the processing of such data. The processing is necessary to perform a contract with you or perform a legal obligation, and there is a legitimate interest in the collection of Personal Data. As such, you will be asked to provide consent for your data to be used accordingly.
We do not endorse other company’s policies and practices when we provide a link to a website. We do not knowingly attempt to solicit or receive information from children or minors per applicable local laws.
- Data Collection
- Data Uses
- Data Retention
- Data Sharing
- Cookies and Tracking Technologies
- Data Subject Rights
3. Why We Collect and Process Personal Information
In short, we collect and process personal information so we can interact with you.
We collect and process personal and other information so we can operate our business and provide our Services, to interact with our consumers, employees and agents and to answer inquiries. We collect and process some information because we are required to do so by law. You are not required to provide personal information to us, but if you do not, we may not be able to provide you with our Services, answer your inquiries, or process your applications.
We also process Personal Data for the purpose of evaluating your company as a prospective company to be onboarded to our Services. The required Personal Data is collected from prospective companies and evaluated to ensure only companies that meet the necessary standards are onboarded, with the view of ensuring our services are conducted in accordance with good industry practices and applicable laws and regulations.
4. What are the Legal Bases for Processing the Personal Data you Provide
The processing is legally based on the following provisions:
- the processing is necessary for the fulfillment of legal requirements and obligations;
- the processing is necessary for pursuing our legitimate interests;
- consent was given for a specific purpose.
We will only use the Personal Data you provide for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason being compatible with the purpose for which they were initially collected or for which we have a legitimate interest. If we need to use the Personal Data you provide for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
5. Personal Information We May Collect
The exact Personal Information which we may collect from you will differ depending on if you are visiting a Thunes website/social media account, or if you are onboarded or in the process of being onboarded for the use of our Services. Some of the Personal Data which we may collect through your interaction with us, depending on the mode of interaction, may include your/the:
- First and last name;
- Country and city of residence;
- Location data;
- Job title;
- Nationality of legal representatives and senior management members;
- % shares/voting rights in the company;
- Phone number;
- ID number;
- Date of birth;
- Date of birth and nationality of individuals owning or controlling directly and indirectly more than 10% in the company;
- Any online identifier; and
- Any factors that may be used to identify you.
This is not an exhaustive list. Depending on how you interact with us, we may collect additional information, as required.
In case Personal Data that you provide to us or we collect is considered special categories of Personal Data or judicial data under applicable data protection laws, we only process them to the extent permitted by applicable law. Special categories of Personal Data may include Personal Data from which we can determine or infer an individual’s racial or ethnic origin, political opinions, religious or, trade union membership, genetic data, data concerning health, sexual life or sexual orientation. Judicial data may include data relating to criminal convictions and offences, including information concerning the commission or alleged commission of a criminal offence
Personal Data does not include data where any potential identifiers have been irreversibly removed (anonymous data).
6. How we collect Personal Information
Information you provide to us directly
If you are onboarded to our Services, we collect Personal Data directly from you during the onboarding process. The provision of the Personal Data you provide is mandatory and necessary for the purpose of onboarding your company to our services. If you do not provide the required Personal Data to us, we will not be able to complete the onboarding process.
Through your interactions with us, we may collect Personal Data from your use of our services, contacting our support team or any application to become an agent. If you provide information about someone else, you represent that you have permission to do so. You may request in writing to not have your information displayed publicly in any manner.
Information we get from your use of our Services indirectly from other sources.
This may include information gathered from public databases, joint marketing partners, social media platforms (including from people with whom you are friends or otherwise connected), and from other third parties. We may collect information about the additional services that you use and how you use them, as it applies to advertising and content specific promotions. The information we collect includes, but is not limited to the following:
- Details of how you used our Service,
- Search queries,
- Telephone log information, or
- SMS routing
To reiterate, this is a sampling of the information we may collect, and is not an exhaustive list.
7. Other Information We May Collect
We may also collect other information that by itself doesn’t identify you. Other information we collect may include:
- Browser and device information;
- Information collected through cookies, pixel tags and other technologies;
- Demographic information and other information provided by you that does not reveal your specific identity; and
- Information that has been aggregated in a manner that it no longer reveals your specific identity.
We may merge personal information and other information. We will treat this information as personal information if we are required to by law.
8. How We May Collect Other Information
We may collect other information in a variety of ways, including:
- Through your browser or device: most browsers collect certain information automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, or internet browser. We may use this information to ensure that the Services we provide function properly.
- Through your IP address: An IP (Internet Protocol) address is a unique identifier that electronic devices used to identify and communicate with each other on the internet. We may identify your IP address and log it into our server log files when you access our websites or mobile applications, along with the time and page(s) you visit. When you visit our website, we may view the IP address of the computer or device you use to connect to the internet. Collecting IP addresses is standard practice and is done automatically by many websites, applications and other services. We use IP addresses for a variety of reasons, such as calculating usage levels, diagnosing server problems and administering the services.
- From your physical location: we may collect the physical location of your device by, for example, using satellite, cell phone tower or Wi-Fi signals. We may use your device’s physical location to provide you with personalised location-based services and content. We may also share your device’s physical location, combined with information about advertisements you view and other information we collect, with our marketing partners to enable them to provide you with more personalised content and to study the effectiveness of advertising campaigns. You may be able to allow or deny such uses and/or sharing of your device’s location, but if you do, we and/or our marketing partners may not be able to provide you with personalised services and content.
9. How We Use Personal and Other Information
When you upload or otherwise submit content to our Services, you give Thunes (and the partners and affiliates that we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services. Nonetheless, Personal Data may also be used, to the extent necessary, to comply with applicable laws or any court order.
We may use personal and other information for our legitimate business interests, to the extent permitted by applicable law, including but not limited to:
- Complete your transactions, respond to your questions, and provide you with customer service;
- Send you transactional and other administrative messages;
- Personalise your experience when you use our services;
- Invite you to participate in sweepstakes, contests and similar promotions, and to administer these activities, which may have additional notices about how we use and disclose your information;
- Operate and grow our business (e.g., conduct data analysis; audit our activities; develop new products; enhance, improve and modify our services; identify usage trends; determine the effectiveness of our promotional campaigns);
- Monitor and prevent fraud, money laundering, abuse, and other actual and potential prohibited or illegal activities;
- Meet legal, auditing, regulatory, insurance, security and processing requirements;
- Report to credit bureaus;
- Respond to court orders and legal investigations;
- Deliver marketing communications to you about our services and other companies’ services, including offers, coupons or incentives we believe may be of interest to you. These marketing communications may come from us directly, or through our affiliates or third parties, including our agents who facilitate transactions on our behalf;
- Comply with applicable laws, which may include laws outside your country of residence;
- Respond to requests from public and government authorities, which may include authorities outside your country of residence;
- Cooperate with law enforcement, or for other legal reasons
- Enforce our terms and conditions; and
- Protect our rights, privacy, safety or property, and/or that of our affiliates, you or others. We may also use information in other ways with your consent or as required by applicable law.
10. How We Share and Disclose Personal and Other Information
We share and disclose information with:
- Our internal departments, in order to carry out the purposes outlined above, Personal Data you provide shall be disclosed to our compliance team and other internal functions on a need to know basis or where we have a legitimate interest in doing so;
- Our subsidiaries and affiliated entities. Like most international businesses, we have centralised certain aspects of our data processing in order to allow us to better manage our business and share the Personal Data you provide accordingly if required and needed in this context. We may also share the Personal Data you provide with recipients in other Thunes entities if this is necessary to the onboarding process. Please note that the Thunes Group is responsible for the management of jointly-used personal information;
- Our vendors that provide us with services related to information technology, such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, and email delivery;
- Our vendors that provide us with services related to our marketing communications and campaigns, consistent with your choices, including any applicable choices we provide for you to opt into such sharing;
- Our vendors that assist us with sweepstakes, contests and other promotions;
- Your social media connections, other website users and your social media account providers;
- Other third parties in the event of a reorganisation, merger, sale, joint venture, assignment, transfer or other disposition of our business, assets or stock, or in any bankruptcy or similar proceedings; and
- Others as required by law. We reserve the right to disclose any Personal Data you have provided if we are compelled to do so by a court of law or requested to do so by a governmental entity or if we determine it is necessary or desirable to comply with the law or to protect or defend our rights or property in accordance with applicable laws. We also reserve the right to retain to comply with any specific record retention laws that apply.
11. We May Use Third Parties to Deliver Advertising
We may rely on third parties to deliver advertisements about goods and services that may be of interest to you. These companies may place or recognise a unique cookie on your browser (including pixel tags). They may also use these technologies, along with information they collect about your online use, to recognise you across the devices you use, such as a mobile phone and a laptop.
12. Our Information Security
We are committed to using reasonable organisational, technical and administrative measures to protect personal and other information.
We use reasonable organisational, technical and administrative measures to protect personal and other information. Please know, however, that no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please contact us immediately.
13. Automated Decision Making/Profiling
We do not take decisions which have a significant impact on you based only on using automated means. There is always human intervention into decisions based on automated processing.
14. Your Marketing Choices
You can opt out from receiving marketing communications from us by:
- Clicking on the “unsubscribe” link at the bottom of a Thunes marketing email; or
- Contacting us at: email@example.com
We will respond to your request as soon as reasonably practicable. Please note that if you opt-out of receiving marketing-related emails from us, we may still send you transactional or administrative messages.
15. Accessing Your Personal Information
You can review, correct, update, suppress, restrict or delete personal information that you have given to us, or receive an electronic copy of your personal information to transmit it to another company (to the extent provided to you by applicable law), by contacting us at: firstname.lastname@example.org
We will respond to your request as soon as reasonably practicable. For your protection, we may need to verify your identity before implementing your request.
Please note that we may need to keep certain information for recordkeeping purposes or for regulatory compliance. There may also be residual information that will remain within our databases and other records, which will not be removed.
16. How Long We Keep Information
We keep information if necessary, for the purpose it was collected, or for a longer retention period as required or permitted by law. Once information is no longer needed for its initial purpose, unless required to retain it under applicable law, it is deleted in accordance with our policies and procedures.
Please contact us at email@example.com, if you would like to receive specific retention schedules related to the Personal Data you provide.
17. Jurisdiction and Cross-Border Data Transfers
Due to our global presence, working with us may involve an international transfer of the Personal Data you provide to recipients located in countries outside the European Union/European Economic Area, Thunes secures that such transfer is subject to appropriate safeguards which ensure rights are protected in line with applicable data protection law.
Appropriate safeguards for data transfers from the European Union are in particular Standard Contractual Clauses as adopted by the EU Commission, but in general we may also rely on other transfer mechanisms acknowledged under applicable data protection laws such as an adequacy decision by the EU Commission or derogations applicable for specific situations such as consent provided or where the transfer is necessary for us to establish or defend a legal claim or perform a contract. You can obtain a copy of the appropriate or suitable safeguard by contacting us at: firstname.lastname@example.org.
18. What Are The Rights of Data Subjects
Applicable data protection laws may allow Data Subjects certain rights in respect of their Personal Data that Thunes process.
- Right to access: Data Subjects have the right to demand access to their Personal Data processed by us and to request a copy of their Personal Data being processed by us.
- Right to rectification: Data Subjects have the right to have incorrect or incomplete Personal Data corrected.
- Right to erasure: where legally envisaged Data Subjects have the right to have their Personal Data deleted under certain circumstances. In the individual case, the right to deletion may be excluded.
- Right to restriction of the processing: under certain conditions, Data Subjects have the right to demand a restriction of the processing of their Personal Data.
- Right to data portability: under certain circumstances, Data Subjects have the right to get the Personal Data that was provided to us by you free of charge in a readable format.
- Right to object: where Data Subjects’ Personal Data is processed on the legal basis of our legitimate interest, they can object processing on grounds relating to their particular situation.
- Right to lodge a complaint with the supervisory authority: Data Subjects have the right to appeal to a competent supervisory authority against the method of the processing of their Personal Data.
- Right to withdraw consent: Data Subjects have the right to revoke their consent at any time, without affecting the lawfulness of processing based on their consent before the withdrawal.
Data Subjects can exercise their rights by writing to us at email@example.com.
19. Contact us
Email us at: firstname.lastname@example.org
You also have the right to lodge a complaint with a supervisory authority competent for your country or region. The UK’s supervisory authority is the Information Commissioner’s Office (ICO). For more details, you can visit their website at ico.org.uk.