Preamble 

be ys Trusted Solutions Luxembourg, part of the BeYs Group (hereinafter the "Service Provider") a public limited company under Luxembourg law, whose registered office is at 17 rue Léon Laval - L-3372 Leudelange registered with the Luxembourg Trade and Companies Register under number B226894. 

The Service Provider publishes a Mobile Application so called "KIPMI" for collecting and storing documents so that they can be shared with others service providers with whom the Service Provider has Software as a Service (SaaS) contract.  

The purpose of these General Terms and Conditions of Use for the Mobile Application (hereinafter referred to as the "GTCU") is to determine the rules for use of the Application published by the Service Provider and the related Services. 

By installing the Application on a terminal and/or accessing the Application, the User unconditionally and unreservedly accepts all these GTCU.  

Any visit to and/or use of the Mobile Application must comply with these GTCU. 

The Service Provider reserves the right to modify these GTCU at any time, in whole or in part, in order to adapt them to changes in the Services, to technical, legal or jurisprudential developments or when new services are introduced. The applicable GTCU are those in force on the date of connection to and use of the Application by the User. 

The User acknowledges that the access to additional functionalities and/or services to be included in KIPMI Mobile Application may require additional contractualization (hereinafter referred to as the "Additional Contractualization") between the Service Provider and the User (e.g. by Contract signing or by acknowledgment and acceptance of an updated version of the GTCU). The User has the possibility to refuse Additional Contractualization. Because of any User refusal, the access to the Mobile Application may be restricted. 

The Service Provider therefore invites the User to regularly refer to the latest version of the GTUs available in the Application and on the Provider's Website. In the event of disagreement with the new provisions, the User will be entitled to terminate these GTCU in accordance with the "Termination" article. 

‍

Article 1: DEFINITION 

Terms beginning with a capital letter in these GTCU, whether used in the singular or plural, shall have the meaning given to them below: 

"Application and/or Mobile Application" means the software application published and supplied by the Service Provider, giving access to the Services, and which is available free of charge in Apple's "App Store" and Google's "Google Play Store" to be downloaded by the User onto his/her Apple iOS or Android device. The Application also includes the Content, software, programs, tools (programming, navigation, etc.), databases, operating systems, documentation and all other elements and services of which it is composed, as well as updates and new versions that may be made to the Application by the Service Provider. 

"Content" means, but is not limited to, the structure of the Application, editorial content, drawings, illustrations, images, photographs, graphic charters, brands, logos, acronyms, company names, audiovisual works, multimedia works, visual content, audio and sound content, as well as any other content present within the Application and/or any other element making up the Application. 

"Personal Data" refers to any information relating to an identified or identifiable natural person; an "identifiable natural person" is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity. 

"Partner" means a private or public legal entity offering the User the opportunity to receive documents and messages directly and to benefit from paid or free Services via the Application.  

"Services" or "Service" means the various functionalities provided via the Application by both the Service Provider and Partners.  

"User" means a natural person of full age or a minor 16+ who has obtained prior authorisation from its parents or legal guardian, and who has downloaded the Application for own needs, for strictly personal and non-commercial use, with no direct or indirect profit motive. 

‍

Article 2: PURPOSE OF THE APPLICATION 

The purpose of the Application is to enable: 

• Creating a customer account; 

• Updating account information; 

• Collection of documents and authorisation for the User to share them with Partners; 

• Checking the conformity of documents at the request of the Partner; 

• The storage of documents, qualified as compliant, in a sovereign digital safe so that they can be used by any Service requesting them; 

The Application also enables access to additional Services provided by Partners with the account and documents collected and requiring acceptance of the Partner's Terms and Conditions. 

‍

Article 3: AVAILABILITY OF THE APPLICATION 

The Application is accessible 24 hours a day, 7 days a week, except in cases of force majeure and subject to any breakdowns and maintenance operations necessary for the proper functioning of the Application. 

The Application is updated to add new functions and new Services without the User being able to object, apart in case Additional Contractualization is required, c.f. Preamble hereabove. User’s refusal may trigger limited access to the Application. 

Maintenance and/or updates may be carried out without prior notice to Users. 

Article 4: CONDITIONS OF ACCESS AND FINANCIAL CONDITIONS 

4.1: ACCESS CONDITIONS 

4.1.1: Downloading 

The equipment and material resources required to access the Application are the sole responsibility of the User. 

To access and use the Application, the User must have: 

• A compatible mobile phone or mobile terminal; 

• Internet access; 

• A customer account in a virtual store at one of the mobile Application providers (App store and/or Google Play Store). 

4.1.2: Creating or registering an account 

If the User does not have an account, they will be required to create one in order to use the Application. The User must provide the necessary information to the Partner, who will then generate a code and invite the User to create an account. 

Once the account has been created, the User enters its e-mail address and a confidential password, which User will have defined when logging on for the first time, enabling accessing the Services. 

The User guarantees the Service Provider that the information provided at the time of registration is accurate, complete and up to date. 

4.2: FINANCIAL CONDITIONS 

The Application is offered free of charge to Users other than: 

• Cost of subscription with mobile phone operator 

• Cost of connection and access to the Internet 

• Additional costs may be charged for loading data 

• Possible cost of Services provided by Partners 

‍

Article 5: RIGHTS, OBLIGATIONS AND LIABILITY OF THE USER 

The User expressly undertakes: 

• To download the Application onto equipment exclusively for personal, non-commercial use; 

• To expressly refrain from using software or devices likely to disrupt the proper functioning of the Application, nor from taking any action likely to impose a disproportionate burden on the Service Provider's infrastructure; 

• To inform the Service Provider as soon as they become aware of an act of piracy and in particular of any illicit or non-contractual use of the Application and/or the Content, whatever the means of distribution; 

• Not to sell, rent, sub-license or distribute in any way whatsoever the Application and/or the Content to third parties. 

The User is strictly forbidden to: 

• Adapt, modify, translate, transcribe, arrange, compile, decompile, assemble, disassemble, transcode or reverse engineer all or part of the Application, Services and/or Content; 

• To create works derived from the Application; 

• Use software or processes intended to copy the Content without the Service Provider's prior authorisation; 

• Export the Application, merge all or part of the Application with other computer programs; 

• Reproduce the Application permanently or temporarily, in whole or in part, by any means and in any form; 

• Extract or re-use, including for private purposes, without the Provider's prior written authorisation, any substantial or non-substantial part of the content of the databases and archives created by the Application; 

• Set up systems likely to pirate the Application and/or the Content in whole or in part, or likely to violate the Application GTCU. 

In the event of suspected fraudulent use of the account, the User must notify the Service Provider immediately. 

By contravening these prohibitions, the User may be liable to prosecution and damages.  In the event of non-compliance with these GTCU, the Service Provider reserves the right to unilaterally and without prior notice refuse the User access to the Application. In this case, the User will have limited access to its documents for a period of one (1) month to recover them prior account will be deleted. 

The User is solely responsible for accessing and using the Application and Services. User is solely responsible for the activities carried out under its personal identifier and password. 

‍

Article 6: RIGHTS AND OBLIGATIONS OF THE SERVICE SUPPLIER 

The Service Provider shall use its best endeavours to ensure the proper functioning of the Application and undertakes to provide secure access, consultation and use of the Application. The Service Provider is subject to an obligation of means. 

The Service Provider undertakes to carry out or have carried out the necessary maintenance work to restore the correct operation of the Application or its Website as soon as possible. 

The User expressly acknowledges that the Service Provider has, by virtue of the information made available to the User under the GTCU, fulfilled its obligations to provide advice and information concerning the characteristics of the Services. 

‍

Article 7: LIABILITY OF THE SERVICE SUPPLIER 

The Service Provider cannot be held liable for the risks accepted by the User in accordance with the article "Risks for the User" below. 

The Service Provider may only be held liable by the User for events exclusively attributable to the Service Provider. The Service Provider shall not be held liable for any other events attributable to the User, a partner or any other third party. The Service Provider accepts no liability in the event of malfunction or incompatibility between the User's equipment or hardware and the Application. 

In the event that the Service Provider's liability is called into question, the right to compensation for damage suffered by the User as a result of proven breaches by the Service Provider is expressly limited to: 

• the return of the User's documents, subject to the User's express request, 

• the reimbursement of any sums paid by the User for the use of the Services.  

The Service Provider may not be held liable for any loss resulting from a fault, non-performance or poor performance attributable to the User or to an unforeseeable and insurmountable event of a third party outside its control affecting the provision of the Services or access to the Application or to a case of force majeure. 

The Service Provider may not be held liable for any indirect damage that may result from the use of the Application. Any action brought against the User by a third party constitutes indirect damage and consequently does not give rise to a right to compensation. 

‍

Article 8: PROTECTION OF PERSONAL DATA 

Personal data is collected, stored and processed by the Service Provider in accordance with the General Data Protection Regulation (GDPR). In its capacity as data controller, the Service Provider uses personal data exclusively for the performance of this contract. The purpose of the processing is the collection, storage and sharing of documents, and where applicable, the commercial relationship, and the invoicing of the service. In accordance with the GDPR regulation, the User has the right to request the rectification, deletion or limitation of its personal data processing, or to object to the processing for a legitimate reason, as well as to request the portability of its data.  

For more detailed information regarding personal data protection, the User is invited to refer to the enforceable Application Privacy Policy. 

For any questions, complaints or to assert their rights, User may contact the Data Protection Officer:  

Either electronically: dpo@be-ys.com   

Or by post to the following address:  

Attention to BeYs DPO  

46 rue du Ressort - 63967 Clermont-Ferrand - France 

The personal data collected by the Service is kept, together with the event logs, for a maximum of ten (10) years after the expiry of these GTCU. 

Article 9: APPLICATION SECURITY 

The Application is provided "as is" and "as available" without warranty of any kind. Access to and use of the Application is at the User's own risk. 

9.1: RISKS FOR THE USER 

It is the User's responsibility to take all appropriate measures to protect its own data and/or software stored on its equipment (telephone, computer) against any attack (malfunction, virus, piracy, non-exhaustive list). 

9.2: RISK ON THE "INTERNET NETWORK" 

The technical performance of the mobile Internet requires the processing time necessary to respond to, consult, query or transfer the Services. 

The User declares being aware of and accepts the limits and problems of the Internet network for which the Service Provider cannot be held liable: (non-exhaustive list) 

• The characteristics and limits of the Internet network and, in particular, the functional characteristics and technical performance of the Internet network; 

• Problems with connection and/or access to the Internet and/or websites; 

• Problems linked to network availability and congestion; 

• Problems linked to network failure or saturation; 

• Problems relating to transit time, access to information posted online, response times for displaying, consulting, querying or otherwise transferring data; 

• The risks of interruption ; 

• The lack of protection of certain data against possible misappropriation or piracy; 

• The risks of contamination by any viruses circulating on the said networks. 

‍

Article 10: TECHNICAL LIMITATIONS 

The User must ensure having a sufficient Internet connection to use the Application. The Service Provider is not responsible for the malfunctioning of the Application in the event of a poor or non-existent Internet connection. Certain services may not function in the event of poor Internet connections. 

For the Application Services to function properly, certain mobile phone functions must be activated (camera, geolocation, networks, etc.). If these functionalities are not activated or present on the User's mobile phone, certain Services will not be functional on the Application. The Service Provider cannot be held responsible for non-functional Services. 

The Service Provider shall ensure that the Application is published on the stores and that the Application is compatible with most mobile phone devices on the market. Due to the large number of models, various operating systems (whether up-to-date or not), any additional costs incurred by operators, and the different software installed by the User,  

‍

Article 11: PROOF AGREEMENT 

The Parties acknowledge that the proof of the tasks, exchanges and notifications that take place between them for the purposes of executing these GTCU as part of the implementation of the Services are authentic between them. 

To this end, the User acknowledges and accepts that the computerised records kept by the Service Provider under reasonable conditions of security and integrity are considered to be proof of the tasks, as are the exchanges and notifications that take place for the purposes of executing these GTCU. 

Thus, the elements considered constitute proof and, if they are produced as means of proof by the Service Provider in any litigation or other proceedings, will be admissible, valid and opposable in the same way, under the same conditions and with the same probative force as any document that would be drawn up, received or kept in writing. 

Article 12: INTELLECTUAL PROPERTY 

The Service Provider is the exclusive owner of all intellectual property rights relating to the Application and its Content. Downloading the Application does not give the User any right to the Service Provider's intellectual property rights. 

All rights of reproduction and representation are reserved, including for downloadable documents. All texts, graphics, icons, photographs, plans, logos, videos, sounds, trademarks and, more generally, all elements making up the Application may not be represented, reproduced, exploited or extracted, in whole or in part, on any medium whatsoever, without the express prior authorisation of the Service Provider. 

The User expressly undertakes that the use of the Application shall in no way infringe the rights of the Service Provider, and that such use shall not constitute an act of infringement, unfair competition or parasitism of the Content. 

‍

Article 13: TERMINATION 

The Service Provider may decide to end the provision of the Application at any time, subject to giving 10 (ten) days' notice; notification of the end of the provision will be by e-mail or by displaying a message on a screen of the Application. 

The Service Provider does not have to give reasons for its decision to end the provision of the Application, and this decision may not give rise to compensation or reimbursement (the Application is free). 

The User may also cancel the Services and request the deletion of their User account by clicking on the "delete my account" button. By deleting its account, the User accepts the termination of these GTCU. The deletion of the account entails the deletion of the documents unless the User expressly requests their return by sending an email to the support department at the address given below. 

‍

Article 14: DIVISIBILITY 

If any of the stipulations of the GTCU are held to be null and void or invalid and declared as such in application of a law, regulation or following a final decision by a competent court, this stipulation will be deemed unwritten, without altering the validity of the other stipulations, and will be replaced by a valid stipulation of equivalent effect. 

‍

Article 15: REMEDIES, JURISDICTION AND APPLICABLE LAW IN CASES OF DISPUTE 

The form, implementation and validity of these terms and conditions are governed by Luxembourgish law. 

Prior to any litigation, the Parties undertake to work together in good faith to find an amicable solution within thirty (30) days. Any claim must first be made in writing to the Service Provider's Customer Service at the following address: 

be ys Trusted Solutions Luxembourg 

Customer Service
17 rue Léon Laval  

L-3372 Leudelange  

or by email: kipmi.customer.service@be-ys.com 

Where applicable, any dispute arising from the validity, interpretation or performance of these GTCU shall be submitted to the competent courts. 

‍

WHO ARE WE?

be ys Trusted Solutions Luxembourg, part of the BeYs Group (hereinafter the "Service Provider") a public limited company under Luxembourg law, whose registered office is at 17 rue Léon Laval - L-3372Leudelange registered with the Luxembourg Trade and Companies Register under number B226894.

The Service Provider acts as a data controller for users of the "KIPMI" mobile application(hereinafter the "User"), which collects and stores documents, allowing them to be shared with other service providers with whom the Service Provider has Software as a Service (SaaS) contract.

The Service Provider upholds the highest standards for security of the User’s data and does not share it without the knowledge of the User.

WHAT IS PERSONAL DATA?

According to the GDPR, ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

WHAT PERSONAL DATA WE PROCESS?

For the "KIPMI" mobile application, we collect the following personal data:

• Email address (for registration and verification)
• Phone number (for 2FA and verification upon registration)
• Password (for account security)
• Biometric data (for Face ID authentication, if opted by the User)
• National ID, Passport, or Residence permit details (for identity verification)
• Bank details (of your IBAN and BIC for payments)
• Messages (when you want to send us a message to contact us with questions)
• Adress (when you add personal address to your account)
• Personal details from identification documents, including:some text
  • First name, Middle name, Last name
  • Personal ID number
  • Gender
  • Nationality
  • Document type and number
  • Date of birth
  • Country of issue
  • Date of expiry and issue
  • Place of birth
  • MRZ code
  • Other relevant information depending on the document you take picture of.

Information about family members (you may add information about your marital status, family members such as “spouse” and “child” – First name, Last name, gender, place of birth, date of birth, birth certificate number, etc.)

• Uploaded files and documents (from gallery or phone storage)

We also collect tracking information through Matomo Analytics, which is anonymized and used to optimize app performance and analyse User behaviour. More information about Matomo and its compliance with GDPR can be found here.

WHAT IS THE PURPOSE FOR PROCESSING?

The collection, storage, and processing of personal data by the Service Provider are carried out in accordance with the GDPR. As the data controller, the Service Provider uses personal data exclusively for the performance of the SaaS contract. The purposes of processing include:

• Creation and updating of customer accounts
• Collection and sharing of documents as authorized by the User
• Verification of document authenticity
• Storage of compliant documents in a secure digital vault
• Connecting users with service providers for remote signing and data sharing

WHAT ARE THE RECIPIENTS OF YOUR DATA?

We share your data exclusively with legal entities with whom you want to exchange information. We do not transfer data outside the EU/EEA, nor do we transfer your data without your knowledge.

The data is stored only on the BeYs Cloud, which is under the same control as of the Data Controller.

DATA PROCESSORS AND SUBCONTRACTORS:

Ø  „TINQIN” АD, UIC: 203482415, having its seat and registered office in Bulgaria, Sofia, 115G Tsriogradsko Shossee Blvd., fl. 3, as company part of BeYs Group for the development and maintenance of the mobile application.

Ø  BE YS TRUSTED SOLUTIONS FRANCE, a Simplified joint stock company under French law, whose registered office is at 46 rue du Ressort, 63000 Clermont-Ferrand, and which is registered with Clermont-Ferrand Trade and Companies Register under number 850 954 074, company part of the BeYs Group, for the certification of some functionalities included or to be included in the mobile application.

In the future, if subcontractors or another data processor are involved, we will update this section accordingly.

HOW LONG DO WE PROCESS YOUR DATA?

We will process your personal data only as long as necessary to fulfil the purposes mentioned above. Typically, data will be retained for up to 10 (ten) years following the termination of the contract, unless otherwise required by law.  

‍ARE YOU OBLIGATED TO PROVIDE US WITH YOUR DATA?

The provision of personal data is required by contractual provisions. By accepting the Terms & Conditions, you agree to provide us with your data. If you do not provide the necessary personal data, we cannot conclude the contract, and you will not be able to use the application.

AUTOMATED DECISION MAKING AND PROFILING?

Currently, the "KIPMI" application does not involve any automated decision-making or profiling that produces legal effects or significantly affects the user.

WHAT ARE YOUR RIGHTS?

You have the right to:

• Access your personal data
  (you have the right to obtain confirmation as to whether or not personal data concerning you are being processed. If so, you have the right to obtain access to the data and certain information related to their processing, as well as the right to receive a copy of this data.)
• Rectify inaccurate or incomplete personal data
  (You may require from us the rectification of inaccurate personal data concerning you and/or completion of incomplete personal data concerning you (taking into account the purposes of the processing). 
• Request the erasure of your personal data
  (This gives you an opportunity to ask us to erase/remove your personal data when there is no justifiable reason for the continuing of its processing by us. You have the right to ask us to erase or remove your personal information also in the event that you have exercised your right to object to the processing. )
• Object to the processing of your personal data
  (You have the right, on grounds relating to your particular situation, at any time to object to processing of your personal data which is performed on the basis “legitimate interest”, including in cases of profiling on this basis. In order to continue processing, we shall demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.)
• Exercise the right to data portability
  (you may require from us to receive personal data in a structured, commonly used and machine-readable format and/or to transmit the personal data to another personal data controller.)
• Withdraw your consent at any time (for data processed based on consent)
  (If we process specific personal data on the basis of your consent or explicit consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.)

To exercise these rights, you can contact us via email at dpo@be-ys.com or by physical mail at the address provided at the beginning of this Privacy Policy. If you have concerns about how we handle your data, you have the right to lodge a complaint with the supervisory authority in your country.

For any technical questions or other concerns regarding the application please contact the company „TINQIN” АD : dpo@tinqin.com

YOU ARE IN CONTROL

You can use the settings within the application to control your privacy settings.

In next upcoming version of the mobile application, you will have the possibility to exercise your right directly within the application.

CHANGES TO THE PRIVACY POLICY

Any changes to this policy will be communicated in a timely manner. The current policy is in effect as of July 13, 2024.

The English version of this privacy policy prevails over any other language versions and will be the applicable version.