Chính sách bảo mật

1. Introduction

TNNT (“we”, “us”, or “our”) provides a marketing, social media and analytic platform through a Software as a Service (SaaS) model. At TNNT the privacy and security of our customers, third parties and visitors are of paramount importance. This Privacy Policy (“Policy”) explains how TNNT processes information that can be used to directly or indirectly identify the data subject through the use of its website and platform.

We at TNNT collect e-mail addresses and some personal information about clients who communicate with us via email or register with us to open an account (“Clients”). This Privacy Policy describes how we collect, process, use and share collected data and other useful information from our Clients and their Customers (“Customers’) when they use the Website https://tnntflow.com (“Website”) and our Subscription Service (“Subscription Service”). It also describes Client’s, and Customer’s choices regarding use, access and correction of their personal data. The use of information collected through our service shall be limited to the purpose of providing the service for which the client has engaged.

If you do not agree with the data practices described in this Policy, you should not use the Website or the Subscription Service.

For the purposes of this Policy, TNNT wants to introduce new GDPR key definitions:

Personal Data: any information relating to an identified or identifiable natural person (“Data Subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

Processing: any operation or set of operations performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Controller: the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of Personal Data; where the purposes and means of processing are determined by EU or Member State laws, the Controller (or the criteria for nominating the Controller) may be designated by those laws.

Processor: a natural or legal person, public authority, agency or any other body, which processes Personal Data on behalf of the Controller.

Any information stored on TNNT’s platform is treated as confidential. All information is stored securely and accessed by authorized personnel only. TNNT implements and maintains appropriate technical, security and organizational measures to protect Personal Data against unauthorized or unlawful processing and use, and against accidental loss, destruction, damage, theft or disclosure.

Identification of the controller and data processor

Current European Data Protection Law distinguishes between the Controller and the Processor of the information. In general, the Client is the Controller of the Customer Data. As a general rule, TNNT is the Client’s Processor which processes Customer’s Personal Data on behalf of the Client.

2. EU-US Privacy Shield and Swiss-U.S. Privacy Shield

TNNT (and its parent/subsidiary company(ies) [TNNT SAL.] participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield. We are committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on the Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List.

TNNT is responsible for the processing of personal data it receives, under the Privacy Shield Framework, and subsequently transfers to a third party acting as an agent on its behalf. TNNT complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions.

With respect to personal data received or transferred pursuant to the Privacy Shield Framework, TNNT is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
In certain situations, TNNT may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://www.jamsadr.com/submit/.

Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution proced

3. Legal Basis for Processing Personal Information (European Territory Visitors only)

If a visitor is from the European Territories (European Economic Area and Switzerland), our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from our Clients or their Customers where the processing is in our legitimate business interests to, for example, administer our platforms and services and fulfill our contractual obligations as a service provider. Personal Data is used to improve the content of our Web pages and the quality and maintenance of our Services in order to provide a tailored experience of our Website and Services.

Our legal basis for processing Personal Data in certain circumstances will also be based on the consent Data Subject to do so or where we need the Personal Data to perform a contract or enter into a contract with them. In some cases, we may also have a legal obligation to collect Personal Data from Data Subjects.

TNNT legitimate interest to process Personal Data is balanced against our Client’s and their Customer’s data protection rights and freedoms.

4. Information we Collect and Receive

TNNT may collect and receive Client or Customer Data in several ways:
Visitors’ Data: Customers and individuals to whom a Client grants access to a Website embedded with our Marketing Software routinely send Customer Data to TNNT when using the Services.
Customers’ Data: Customer who may decide to sign for Client services or newsletter or products provides TNNT with an email address, a phone number, a password, a domain and/or any other details of similar accounts. Furthermore, Clients who purchase our Services will provide us with billing information, home or working address as well as credit card and banking information.
In such cases, TNNT servers collect information automatically when Customers access or use the Website or Services and collect them in log file format. Information may include the Internet Protocol (IP) address, the address of the web page Customers has visited before using the Website or Services, the type of browser and its configuration, the date and time they used the Services, information about browser settings and plugins, as well as language preferences and cookie information.
How We Use Personal Information
We use the personal information we collect to, among other things, anticipate and resolve problems with the Site, personalize your service, investigate misuse of Site and develop and market products and services that may be of interest to you.
TNNT collects information about the devices that access the Services, including the type of device, operating system used, device configuration, application IDs, unique device identifiers, and failure data. Whether or not all or part of this information is collected often depends on the type of device used and its configuration.
TNNT receives information that helps us estimate Customer’s location. We can use an IP address received through the Customer’s browser or device to determine their approximate location. TNNT may also collect information on the location of devices according to the consent process provided by the Customer’s device.
Cookies are small text files that we send to Customer’s computer or mobile device. They are unique to their account or their browser. TNNT uses sessions cookies to improve the overall experience of the user by memorizing their login credentials or tracking the pages throughout the duration of time the user spends on the website. TNNT and our partners use cookies and similar technologies on our Websites and Services that help us collect information, to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our use base as a whole. You can control the use of cookies at the individual browser level, but if ou choose to disable cookies, it may limit your use of certain features or functions on our website. The Websites and Services may also include cookies and similar tracking technologies from Third Parties, which may collect other information about Customers through the Websites and Services, as well as through other websites and online services.
TNNT contracts with Third Parties (companies and people) to provide services to our Clients and their Customers and may need to share information with them to provide information, products or services to them. In general, Third Party Services are software that integrates with our Services and they may share information with TNNT. For example, if a cloud storage application has been activated to import files into a Landing Page, TNNT may receive the username and email address of the user.
Third Party may also receive information from organizations, industries, website visitors, marketing campaigns, affiliates, and subsidiaries. TNNT may combine data collected with the previous information and collect new information about the relationship between IP addresses and postal codes or countries.

5. Sharing and Using Personal Information

Sharing Personal Information
Personal Data is not shared with or sold to other organizations for commercial purposes, except to provide products or services Clients or Customers have requested. However, under the following circumstances, it might be possible to share Personal Data:
• In order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of Terms of Service, or as otherwise required by law.
• To comply with applicable legislation. If we receive a request for information, we may disclose Information if we believe it is reasonable to disclose this information in accordance with the requirements of applicable legislation, regulations and legal procedures.
• During a change in TNNT activity. TNNT may participate in a merger, acquisition, bankruptcy, dissolution, reorganization, financing, a public offering of securities, acquisition of all or part of our company. Then, in measures that contemplate such activities (for example, due diligence), some or all of Personal Data may be shared or transferred, in accordance with standard confidentiality agreements.
Using Personal Information
• The Website is not intended for or targeted at children under 13 and we do not knowingly or intentionally collect information about children under 13. If you believe that we have collected information about a child under 13, please contact us at info@tnntflow.com, so that we may delete the information.
• Client’s and Customer’s testimonials on our Website are pre-approved by them as they might contain personal information. We obtain each Client’s or Customer’s consent via email prior to posting their names and testimonials.
• TNNT Clients use the Subscription Service to build webpages that their Customers can visit to learn more about their business. TNNT does not control the content of these webpages or the information that is gathered and managed by its Customers. That information belongs to them and is used, disclosed and protected by them according to their own privacy policies which are independent of TNNT’s Policy.
• TNNT acknowledges the right of its Clients’ and their Customers to access their Personal Data stored on its platform, which can be amended, deleted or updated at any time.
Additional Limits on Use of Your Google User Data
Additional Limits on Use of Your Google User Data: Notwithstanding anything else in this Privacy Policy, if you provide the App access to the following types of your Google data, the App’s use of that data will be subject to these additional restrictions:
• The App will only use access to read, write, modify or control Gmail message bodies (including attachments), metadata, headers, and settings to provide a web email client that allows users to compose, send, read, and process emails and will not transfer this Gmail data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets.
• The App will not use this Gmail data for serving advertisements.
• The App will not allow humans to read this data unless we have your affirmative agreement for specific messages, doing so is necessary for security purposes such as investigating abuse, to comply with applicable law, or for the App’s internal operations and even then only when the data have been aggregated and anonymized.

Referrals
If you choose to use our referral service to tell a friend about our website, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the website. TNNT [stores] this information for the sole purpose of sending this one-time email [and tracking the success of our referral program]. Your friend may contact us at info@tnntflow.com to request that we remove this information from our database.

 

6. Data Transfer and Transfer Mechanisms

TNNT is committed to provide the highest degree of security to data processing. For these reasons, in the context of data transferring with countries outside EEA, it is paramount that controller and processors undertake adequate organizational and technical measures for data processing. TNNT uses the following transferring instrument:
• Standard Contractual Clause (“SCCs”): Set of data protection clauses adopted by the Commission
These are known as the ‘standard contractual clauses’ (sometimes as ‘model clauses’). There are four sets that Commission adopted under the Directive. They must be implemented by the data exporter (based in the EEA) and the data importer (outside the EEA).
The clauses contain contractual obligations on the data exporter and the data importer, and rights for the individuals whose personal data is transferred. Individuals can directly enforce those rights against the data importer and the data exporter. Within this context, TNNT acts as data importer. Specifically, data importer means:
“the processor who agrees to receive from the data exporter personal data intended for processing on his behalf after the transfer in accordance with his instructions and the terms of the Clauses and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC”
In the context of SCCs, TNNT is committed to
• Ensure personal data should be collected only for specified, explicit and legitimate purposes;
• Recognizing data access to any concerned data subject while providing the opportunity to change or delete data;
• Providing data subjects with adequate and appropriate remedies including compensation or damages through the competent court.
SCC’s provide adequate security in relation to data transfer establishing a legal framework towards:
• Obligation of data exporter;
• Obligations of data importer;
• Third-party beneficiary clause;
• Cooperation with Data Protection Authority;
• Liability
When operating as data importer, TNNT is free to include any other clauses on business related issues which they consider as being pertinent for the contract as long as they do not contradict the standard contractual clauses.
For further information about how TNNT is implementing SCCs please check the Data Protection Agreement.

 

7. Sub-processors

Sub-processor(s): a natural or legal person, public authority, agency or any other body hired by TNNT to process Personal Data on behalf of the Controller.
Client agrees that TNNT may engage Sub-processors to process Personal Data on its behalf.
TNNT will notify the Client if it adds or removes Sub-processors 10 days prior to any such changes.
Where TNNT enters into an agreement with Sub-processors, TNNT will ensure that equivalent data-protection terms are transferred to the Sub-processors which provides at least the same level of protection for the Client and its Customers’ Personal Data as those set-out in this Privacy Policy, to the extent applicable to the nature of the services provided by such Sub-processors.
TNNT will remain responsible for each Sub-processor’s compliance with the obligations under this Privacy Policy and for any acts or omissions of such Sub-processor that causes TNNT to breach any of its obligations under this Privacy Policy.

Entity NamePurposeApplicable ServicesEntity Country
Intercom Inc.TNNT Live Chat Agent runs over Intercom, Inc (“Intercom”). Intercom has access to TNNT Client’s basic information which are: Name, email, phone, company, Ip address, website visits and user agent. Intercom also processes communications contained in the messages and the ticket requests between TNNT users and TNNT’s support team.TNNT SupportUnited States
Cloudflare, Inc.Cloudflare, Inc. (“Cloudflare”) provides content distribution, security and DNS services for web traffic transmitted to and from the Services. This allows TNNT to efficiently manage traffic and secure the Services. The primary information Cloudflare has access to is information in and associated with the TNNT website URL that the End-User is interacting with (which includes End-User IP address). All information (including Service Data) contained in web traffic transmitted to and from the Services is transmitted through Cloudflare’s systems, but Cloudflare does not have access to this information.AllUnited States
WoopraWoopra, Inc. (“Woopra”) is a third-party analytics provider that TNNT uses to capture how users interact with the Service. TNNT uses this information to analyze and improve the Services. The primary information Woopra has access to is information in and associated with the TNNT website URL that the Client and End-User is interacting with, such as time spent on page, items clicked (including Service Data contained in those items), Client email addresses, End-User email addresses, etc.AllUnited States
PipedrivePipedrive is a cloud-based sales software company accessible as a web application and mobile app. It is considered a customer relationship management tool (CRM) for salespeople in scaling companies.Main User AccountsUnited States
ZapierZapier is an American for-profit corporation and a web-based service that allows end users to integrate the web applications they use.AllUnited States
Authorize.NetAuthorize.Net is a United States-based payment gateway service provider, allowing merchants to accept credit card and electronic check payments through their website and over an Internet Protocol connection. Founded in 1996, Authorize.Net is now a subsidiary of Visa Inc.Main User AccountsUnited States

 

8. Data Subject’s Rights (European Territory Visitors Only)

Clients and Customers who provide us with their personal information should be informed of the following rights that they may exercise at any time:
Right of access – The right to obtain from the Controller confirmation as to whether or not their Personal Data is being processed.
Right of rectification – The right to obtain from the Controller, without undue delay, the rectification of inaccurate Personal Data concerning them.
Right to erasure – The right to obtain from the Controller the erasure of their Personal Data without undue delay.
Right to the restriction of processing – The right to obtain from the Controller restriction of processing their Personal Data.
Right to object – The right to object at any time to the processing of their Personal Data.
The aforementioned rights are not absolute. The exercise of Data Subject rights must meet precise conditions included in the General Data Protection Regulation.
In order to exercise the previous rights, requests must be sent directly to the Controller. Once it receives the request, TNNT will process the request on behalf of the Controller.
Upon request TNNT will provide you with information about whether we hold any of your personal information. You may access, correct, or request deletion of your personal information by logging into your account, contacting us at support@TNNT.com. We will respond to your request within a reasonable timeframe. TNNT acknowledges that you have the right to access your personal information. TNNT has no direct relationship with the individuals whose personal data it processes. An individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the TNNT Client (the data controller). If requested to remove data we will respond within a reasonable timeframe.

9. Important Information for California Residents

This section applies only to California residents. It describes how we collect, use and share Personal Information of California residents in operating our business, and their rights with respect to that Personal Information. For purposes of this section, “Personal Information” has the meaning given in the California Consumer Privacy Act of 2018 (“CCPA”) but does not include information exempted from the scope of the CCPA.
Your California privacy rights.
You have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.
Information. You can request the following information about how we have collected and used your Personal Information during the past 12 months:
• The categories of Personal Information that we have collected.
• The categories of sources from which we collected Personal Information.
• The business or commercial purpose for collecting and/or selling Personal Information.
• The categories of third parties with whom we share Personal Information.
• Whether we have disclosed your Personal Information for a business purpose, and if so, the categories of Personal Information received by each category of third party recipient.
• Whether we’ve sold your Personal Information, and if so, the categories of Personal Information received by each category of third party recipient.
Access. You can request a copy of the Personal Information that we have collected about you during the past 12 months.
Deletion. You can ask us to delete the Personal Information that we have collected from you.
Nondiscrimination. You are entitled to exercise the rights described above free from discrimination. This means that we will not penalize you for exercising your rights by taking actions such as denying your services; increasing the price/rate of services; decreasing service quality; or suggesting that we may penalize you as described above for exercising your rights.
How to exercise your information, access and deletion rights.
You may submit a request to exercise your information, access or deletion rights by emailing us at support@TNNT.com. We will need to verify your identity to process your information, access and deletion requests and we reserve the right to confirm your California residency. Government identification may be required. If you wish to designate an authorized agent to make a request on your behalf, we will need to verify both your and your agent’s identities and your agent must provide valid power of attorney or other proof of authority acceptable to us in our reasonable discretion. We cannot process your request if you do not provide us with sufficient detail to allow us to understand and respond to it. In certain cases, we may be required or permitted by law to deny your request.
Personal Information that we collect, use and disclose. The list below describes the categories of Personal Information we collect by reference to the categories specified in the CCPA:
• Identifiers, such as Registration and Contact Information, including your real name, email address, postal address, account name, and other similar identifiers.
Commercial information, such as Payment Information, including the record of purchase of the Services.
• Financial information, such as Payment Information, including your credit card and other billing information.
• Online identifiers, such as Technical, Usage and Location Information, including Internet Protocol address, cookie identifiers, and computer or device identifiers.
Internet or network information, such as Technical, Usage and Location Information and Third Party Platform Information, including the pages you view, items you click, advertisements you interact with, and social media content you engage with.
• Geolocation data, such as your device’s precise location when you choose to share it and the approximate location associated with your IP address.
• Professional or employment information, such as Registration and Contact Information, Payment Information and Customer Data, including your People’s title and organizational affiliation.
• Sensory information, such as photos of yourself or of People in Customer Data that you submit.
• Inferences drawn from any of the above information to create a profile reflecting your preferences, characteristics, and behavior.
The sources from which we collect these categories of Personal Information are described in the section above entitled how we obtain information, the business/commercial purposes for which we use these categories of Personal Information are described in the section above entitled Sharing and Using Personal Information. The categories of third parties to which we disclose these categories of Personal Information for business purposes are described in the section above entitled How We Use Personal Information. Based on our understanding of the term “sell” under the CCPA, we do not “sell” your Personal Information.

 

10. Changes

TNNT may modify this Policy at any time. Legislation, regulations and industry standards evolve, so these changes may be necessary; or maybe they could be due to changes in our activity. We will post the changes on this page and encourage you to review our Policy to stay informed. Should we implement changes that substantially alter your privacy rights, TNNT will provide additional notice. If you do not agree with the changes in this Policy, you will be unable to properly use TNNT Services and Website.

11. Security

TNNT takes the security of its Clients and Customers’ data very seriously. TNNT strives to protect the other information that they provide us with loss and misuse, as well as against unauthorized disclosure or access. These measures take into account the sensitivity of information we collect, process and store, as well as the state of current technology. TNNT uses industry leading 256-bit SSL encryption to keep any information collected and/or transmitted to our Website or Third-Party apps secure. Furthermore, Personal Data we collect are anonymized or at least pseudonymized.

12. Data Retention

TNNT will keep the Client Data in accordance with the Client’s instructions, including any terms applicable in the Agreement with the Customer and in the use of the functionality of the Services by the Client, as well as in accordance with the provisions of the applicable legislation.

We will retain any Personal Data and data we collect in behalf of our clients for as long as the account is active and for a period of time consistent with the original purpose of collection, including to pursue our legitimate business interests, comply with our legal obligations, resolve disputes and enforce applicable agreements.

The Controller has the duty of limiting the period for which Personal Data is stored. The Controller will periodically review and evaluate that time period in order to respect data privacy expectations.

13. Payment Information

When you make a purchase on the Offerings, any credit card information you provide as part of your Payment Information is collected and processed directly by our payment processor Authorize.net. We never receive or store your full credit card information. Authorize.net commits to complying with the Payment Card Industry Data Security Standard (PCI-DSS) and using industry standard security. Authorize.net may use your Payment Information in accordance with their own Privacy Policy here: https://usa.visa.com/legal/global-privacy-notice.html

14. Account Removal

If you want to remove your account from our database, please fill out this form.

You need to provide a valid ID in order for this to be processed.

15. Report System Abuse

TNNT serves thousands of businesses and digital agencies. While we work hard on vetting each business that uses our platform, abuse can be inevitable.

To report system abuse, please follow the following instructions:

To report email send abuse, please forward the email, along with the email header to info@tnntflow.com.
To report landing page abuse, please email info@tnntflow.com with the direct page link.
To report other messaging abuse, please send a snapshot of the message and the hyperlink used
To report page compromises or other security issues, please email info@tnntflow.com with the page link.

16. Questions

Any questions, concerns, or complaints regarding this Privacy Notice or the way we collect and handle your information as a Processor, please contact our Data Protection Officer (DPO) by email at info@tnntflow.com.

TNNT will take any privacy complaint seriously and any complaint will be assessed by an appropriate person with the aim of resolving any issue in a timely and efficient manner.

Contact Number +84 6202 7770

Email : info@tnntflow.com