Privacy Policy.

Last updated: May 18, 2018.

01. Introduction

Welcome to www.tinkov.info (hereinafter referred to as "Web site" or "Website") which is operated by Radomir Tinkov and may be accessed worldwide.

By using this website you agree to the collection, use and disclosure of your personal data in compliance with this Privacy Policy.

Please read this Privacy Policy carefully before using this website and if you have any questions about this Privacy Policy, please contact us at radomir@tinkov.info. If you do not agree to any of the conditions contained in this Privacy Policy, you should not use this website.

Data controler — Radomir Tinkov (hereinafter referred to as “Provider”), is a Typeface and Graphic Designer, with address of the studio in Sofia, 17 Luben Karavelov Street., and website www.tinkov.info

Supervisory authority — Commission for Personal Data Protection

02. Purpose and scope of the privacy policy

2.1 — The Provider understands the privacy concerns of the visitors to this Website (hereinafter referred to as “individuals”) regarding the protection of personal data and is committed to protect their personal data by applying all the standards for protection of personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”). With this Privacy Policy, the Provider respects the privacy of individuals and undertakes every effort to protect the personal data of individuals against unlawful processing by applying technical and organizational measures, which measures are entirely consistent with state-of-the-art technological developments and provide a level of protection that corresponds to the risks associated with the processing and the nature of the data that should be protected.

2.2 — With this Privacy Policy and in compliance with the requirements of the GDPR, the Provider provides information on:

03. Definitions

For the purposes of the GDPR and this Privacy Policy, the following terms shall have the following meaning:

04. Principles relating to processing of personal data

The Provider observes the following principles relating to processing of personal data:

05. Personal data collected and processed by the provider

5.1Processing of special categories of personal data (“sensitive data”) — The provider does not collect and process special categories of personal data, such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Individuals shall not provide such sensitive data to the Provider. If the individual negligently or intentionally provides sensitive data to the Provider, the Provider undertakes to immediately delete such data.

5.2Processing of personal data of children — The Provider does not intentionally and knowingly collect and process personal data from people under 16 years of age. If the Provider receives personal data of people under the age of 16 by mistake or by fraud of a third party, the Provider shall get a parental consent. If is it not possible to obtain a parental consent, the Provider will delete the collected personal data of people under 16 years of age.

5.3Personal data collected directly from individuals when the Provider is contacted by e-mail — Individuals provide personal data to the Provider when they contact the Provider via e-mail. When the individual sends an e-mail to the Provider, the Provider collects and processes the e-mail address as well as the other information that the individual provides in the sent e-mail, such as name, telephone number, address. This data may be processed for the purposes of communicating with the individual and record-keeping. The lawful grounds for processing of the personal data are the legitimate interests pursued by the Provider, which legitimate interests are answering to received e-mails as well as maintaining records of received e-mails and responses sent by the Provider to such e-mails. The Provider uses an independent e-mail provider for storing the received e-mails, which provider is located in the USA. This means that the received by the Provider e-mails and the whole content of the e-mail will be transmitted outside the European Economic Area and stored on the servers of this independent e-mail provider in the USA. The transfers of the data are subject to appropriate safeguards. The e-mail provider has provided appropriate safeguards such as its adherence to the Privacy Shield Principles and compliance with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland.

5.4Personal data collected directly from individuals when the individual interacts with the Provider’s website — Individuals provide personal data to the Provider when they subscribe for the Provider’s newsletter via the newsletter subscription form available at: https://www.tinkov.info/subscribe.html. When the individual subscribes to receive newsletters containing publications and useful information about the products of the Provider and offers, the Provider collects and processes the e-mail address of the individual. This data may be processed for the purposes of sending newsletters. The lawful ground for processing of the personal data is the specific consent given by the individual. The Provider uses the services of MailChimp, that is an independent service provider located in the USA, for sending the newsletters and manage the list with e-mails. This means that the received by the Provider e-mail addresses will be transmitted outside the European Economic Area and stored on the servers of MailChimp in the USA. The transfers of the data are subject to appropriate safeguards. MailChimp has provided appropriate safeguards such as its adherence to the Privacy Shield Principles and compliance with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland.

MailChimp has its own Privacy Policy and individuals are recommended to familiarize themselves in order to obtain more information with that privacy policy at: https://mailchimp.com/legal/privacy/.

5.5Personal data collected from third parties — The Provider usually does not obtain personal data for individuals from third parties. However, in some cases, if the Provider has a reasonable grounds to suspect any individual of infringing Provider’s legal or intellectual property rights, then the Provider will obtain personal data of the suspected individual from public registers or private sources. This data may be processed for the purposes of investigating the infringement and taking legal actions against the infringement. The lawful grounds for processing of the personal data are the legitimate interests pursued by the Provider, which legitimate interests are investigating the infringement and taking legal actions against the infringement.

5.6Data collected automatically — When an individual visits the Web site, the Provider automatically collects the following data, namely:

06. Use of Cookies

Individuals can obtain more information about how the Provider uses cookies on the Cookies Policy page at www.tinkov.info/cookies.html

07. Purposes of personal data processing

7.1 — The Provider collects and processes the personal data of individuals who are provided directly by them solely for the following purposes, namely:

7.2 — The Provider collects and processes the personal data of individuals who are automatically collected for the following purposes, namely:

The Provider may not use the personal data of individuals for purposes other than those specified in this section of this Privacy Policy. The Provider does not use and process the personal data of individuals for the purposes of profiling.

08. Period for which the personal data will be stored

8.1 — Period for which the personal data will be stored

8.2 — Criteria for determining the period for which the personal data will be stored

09. Mandatory and voluntary nature of provision of personal data

The personal data required to be provided by the individuals are in accordance with the services offered by the Provider. The provision of personal data by individuals is voluntary. In the event that the individual refuses to provide the personal data:

10. Processing of personal data

10.1 — The Provider processes the personal data of individuals through any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

10.2 — The Provider processes the personal data of individuals independently or by assigning the processing of personal data to data processors on behalf of the Provider, which are:

11. Protection of personal data

11.1 — The Provider undertakes the appropriate technical and organizational measures to protect the personal data against accidental or unlawful destruction, or against accidental loss, unauthorized access, alteration or dissemination, as well as against other unlawful forms of processing, including the following: - using only secure and protected servers for storing of the personal data; - verifying and confirming the identification of the individual inquiring access to his/her personal data before granting access to such personal data; - only granting access to the personal data of an individual to the minimal extent when needed and based on non-disclosure conditions when possible.

11.2 — If you would like to receive detailed information on the technical and organizational measures, please do not hesitate to contact the Provider at: 00359 882 308 670 or make an inquiry using the contact for of this website.

12. Recipients of personal data

12.1 — The Provider has the right to disclose the personal data processed to the following categories of persons, namely:

13. Rights of individuals

13.1Right to withdraw the given consent — The individual has the right to withdraw the given consent for processing of the provided personal data. The Provider collects and processes personal data, which is the e-mail of the individual only when the individual subscribes for the Provider’s newsletter via the newsletter subscription form. The individual can exercise this right by sending a written request as described below in the section “Procedure to exercise the rights” or by clicking the unsubscribe link contained at the bottom of the newsletter the Provider sends to the individual.

13.2Right of access by the individual — The individual has the right to obtain from the Provider confirmation as to whether or not personal data concerning him or her are being processed. If the Provider processes personal data of the individual the Provider shall provide a copy of the personal data undergoing processing.

13.3Right to rectification — The individual has the right to obtain from the Provider without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the individual has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

13.4Right to erasure (‘right to be forgotten’) — The individual has the right to obtain from the Provider the erasure of personal data concerning him or her without undue delay and the Provider has the obligation to erase personal data without undue delay where one of the stated in article 17 of the GDPR grounds applies.

13.5Right to restriction of processing — The individual has the right to obtain from the Provider restriction of processing where one of the stated in article 18 of the GDPR grounds applies. If the processing has been restricted, such personal data shall, with the exception of storage, only be processed with the individual's consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. The Provider informs the individual who has obtained restriction of processing before the restriction of processing is lifted.

13.6Right to data portability — The individual has the right to receive the personal data concerning him or her, which he or she has provided to the Provider, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the Provided to which the personal data have been provided, if the processing is based on consent or on a contract.

13.7Right to object — The individual has the right to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. According to Article 21, Paragraph 4 of the GDPR the right to object shall be explicitly brought to the attention of the individual and shall be presented clearly and separately from any other information. For compliance of this obligation, more information about the right to object, can be found in the section below titled “Right to object to processing of personal data”.

13.8Profiling rights — The individual has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

13.9Right to be informed about the personal data breach — The individual has the right to be informed without undue delay about the personal data breach when the personal data breach is likely to result in a high risk to the rights and freedoms of individual.

13.10Right to lodge a complaint with a supervisory authority — Without prejudice to any other administrative or judicial remedy, the individual has the right to lodge a complaint with the supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the individual considers that the processing of personal data relating to him or her infringes the GDPR.

13.11Right to an effective judicial remedy against a supervisory authority — Without prejudice to any other administrative or non-judicial remedy, the individual or legal person has the right to an effective judicial remedy against a legally binding decision of a supervisory authority concerning them. Proceedings against a supervisory authority shall be brought before the courts of the Member State where the supervisory authority is established.

13.12Right to an effective judicial remedy against the Provider or processor — Without prejudice to any available administrative or non-judicial remedy, including the right to lodge a complaint with a supervisory authority, the individual has the right to an effective judicial remedy where he or she considers that his or her rights under the GDPR have been infringed as a result of the processing of his or her personal data in non-compliance with the GDPR. Proceedings against the Provider or a processor shall be brought before the courts of the Member State where the Provider or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the individual has his or her habitual residence.

13.13Right to compensation and liability — Individual who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the Provider or processor for the damage suffered. Court proceedings for exercising the right to receive compensation shall be brought before the courts of the Member State where the Provider or processor has an establishment. Alternatively, such proceedings may be brought before the courts of the Member State where the individual has his or her habitual residence.

14. Procedure to exercise the rights

14.1 — The individual exercises his or her right to withdraw the given consent, right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object and profiling rights, by submitting a written request to the Provider (either by post at the address specified in the identification of the Provider above or by e-mail), which should contain the following information:

14.2 — The request shall be filed personally by the individual. The Provider keeps the requests filed by the individuals in a separate register.

14.3 — When the individual exercises the right of access to the personal data relating to him or her the Provider shall verify the identity of the individual before responding to the request. This is necessary to minimize the risk of unauthorized access and identity theft. If the Provider cannot identify the individual from the collected information, then the Provider has the right to require a copy of individual’s documentation (such as ID card, driving license, other documents containing personal data that identify the individual) in order to verify the individual’s identity.

14.4 — The Provider considers the request and provides the information on action taken on the request of the individual within one month of receipt of the request. This period may be extended by two further months where necessary, taking into account the complexity and number of the requests.

14.5 — The Provider informs the individual of any such extension within one month of receipt of the request, together with the reasons for the delay. Where the individual makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the individual.

14.6 — In case the Provider does not take action on the request of the individual, the Provider informs the individual without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.

14.7 — The Provider shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Provider informs the individual about those recipients if the individual requests it.

15. Right to object to processing of personal data

15.1 — The individual has the right to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. According to Article 21, Paragraph 4 of the GDPR the right to object shall be explicitly brought to the attention of the individual and shall be presented clearly and separately from any other information. For compliance of this obligation, more information about the right to object, will be provided in this section of the Privacy Policy.

15.2 — The individual has the right to object on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Provider or processing is necessary for the purposes of the legitimate interests pursued by the Provider or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual which require protection of personal data, in particular where the individual is a child, including profiling based on any of these provisions. The Provider shall no longer process the personal data unless the Provider demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the individual or for the establishment, exercise or defense of legal claims. The individual can exercise this right by submitting a written request to the Provider, either by post at the address specified in the identification of the Provider above or by e-mail.

15.3 — Where personal data are processed for direct marketing purposes, the individual has the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where the individual objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes. The individual can exercise this right by submitting a written request to the Provider, either by post at the address specified in the identification of the Provider above or by e-mail requiring to stop sending him or her marketing information or by clicking the unsubscribe link contained at the bottom of the e-mail the Provider sends to the individual.

16. Buttons, tools and content from other companies

The Website contains buttons, which connect to other third party websites such as „Facebook“ button, „Twitter” button, “Tumblr” button, “Behance” button, “Dribble” button, “My Fonts” button, “Fontspring” button. These third party websites have their own Cookies Policies and Privacy Policies and individuals are recommended to familiarize themselves with the relevant privacy policy and cookies policy of the third party in order to obtain more information. Individuals use such third party websites at their own risk and the Provider of this Website is not liable for the privacy practices of the third party websites.

17. Changes to the privacy policy

This Privacy Policy may be updated at any time in the future. When this happens, the revised Privacy Policy will be posted on this Website with a new "Last Updated" at the top of this Privacy Policy and will be in force from the date of publication. It is therefore advisable to periodically check this Privacy Policy to make sure that you are familiar with any changes. Using the Website after publishing the updated Privacy Policy, you will be deemed to agree with the changes made.

18. Contacts

If you have additional questions about this Privacy Policy, please do not hesitate to contact us at radomir@tinkov.info