Privacy Policy

Purpose

The purpose of this procedure is to clarify the measures implemented to ensure the protection of personal data.

Scope of Application

This procedure applies to all event-related activities of Impressive Tunisia and all activities of Kyranis Travel.

Responsibilities

This procedure falls under the responsibility of the entire Kyranis Travel team.

References

List of associated Tunisian regulatory texts:

  • Circular No. 17 of October 12, 2016, relating to the protection of personal data.

  • Organic Law No. 2004-63 of July 27, 2004, on the protection of personal data.

  • Decree No. 2007-3004 of November 27, 2007, establishing the conditions and procedures for declaration and authorization of personal data processing.

  • Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (General Data Protection Regulation – GDPR).

  • Corrigendum to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data (GDPR) dated 23/05/2018.

Website of the National Institute for the Protection of Personal Data (Tunisia): http://www.inpdp.nat.tn/Presentation.html

Definitions

Personal Data:

“Personal data” means any information relating to an identified or identifiable natural person.

A person can be identified:

Data Subject:

Refers to a natural person who can be directly or indirectly identified, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more elements specific to that person’s physical, physiological, genetic, mental, economic, cultural, or social identity.

Principles

1. Types of Data Collected

Different categories of personal data may be collected, including but not limited to:

  • Data used to identify clients (name, surname, department, company) or individuals acting on their behalf, as well as suppliers, partners, institutional contacts, or prospects (technical or commercial contacts).

  • Data such as phone numbers (landline and mobile), fax numbers, and email addresses.

  • Data collected via our website through the contact email address.

  • Photographs, videos, and others shared within the framework of communication between business partners via paper materials, internet, Skype, social networks, and other communication supports.

  • Photographs, videos, and others collected within the framework of our event management activities.

  • Data related to the implementation of our ISO 9001 Quality Management process (satisfaction surveys, non-conformity management, performance indicators, submission of supporting documents, quality audits, etc.).

  • Data required to create and manage the online “Client” account.

2. Purpose of Data Processing

All data collected is used for the following purposes:

  • Carrying out operations related to the management of clients and business partners, including:

    • Contracts

    • Orders

    • Invoices

    • Management of “Client” and “Supplier” accounts

    • Customer relationship management, performance monitoring, and measurement of customer satisfaction as part of our ISO 9001 Quality approach

  • Conducting commercial prospecting operations and preparing quotations and pro forma invoices.

  • Preparing offers following client requests.

  • Ensuring compliance with internal procedures, client procedures, and regulatory procedures, particularly regarding data security and access to client online portals or services.

  • Managing and processing requests related to the exercise of personal data protection rights.

  • Managing invoice payments.

3. Data Retention Period

Collected data is retained only for the time strictly necessary for the purposes for which it is processed, specifically:

  • Current data retention for the duration of the commercial relationship.

  • 5 years after the end of the commercial relationship for contracts.

  • 10 years for documents related to commercial correspondence (purchase orders, delivery notes, etc.).

  • 10 years for billing-related documents.

  • 3 years for data related to the management of a prospect database.

4. Data Security

We implement technical and organizational measures to ensure the security and confidentiality of client data against accidental loss, alteration, unauthorized access, use, modification, or disclosure.

We pay particular attention to the secure and periodic renewal of access codes to client or service provider online platforms for order execution and client relationship management.

We emphasize that all our employees and subcontractors are bound by strict confidentiality obligations and respect for the rights and freedoms arising from the General Data Protection Regulation (GDPR).

5. Rights of Data Subjects

In accordance with the provisions of the General Data Protection Regulation (GDPR – EU 2016/679 of 27/04/2016) and the amended Data Protection Act (Law of 20/06/2018), data subjects may at any time request access to, rectification of, or deletion of their personal data, or object to its processing for legitimate reasons.