Privacy Policy

1. Data controller and INPDP declaration

The data controller is Tembo SUARL, whose registered office is located at Centre Urbain, Tunis, Tunisia ("Tembo", "we").

In accordance with Article 7 of Organic Law No. 2004-63 of 27 July 2004, the personal data processing operations carried out by Tembo are subject to prior declaration to the National Authority for the Protection of Personal Data (INPDP). This document also constitutes the prior information owed to data subjects under Articles 27 and 31 of the same law.

For any question regarding the protection of your data or to exercise your rights, you may contact Tembo at contact@tembo-event.com or by telephone at +216 27 095 055.

• Data controller: Tembo, registered office in Tunis (Lac 2)
• Competent supervisory authority: INPDP (Tunisia)
• Data-protection framework: Organic Law No. 2004-63 of 27 July 2004
• Electronic-commerce framework: Law No. 2000-83 of 9 August 2000
• Consumer protection: Law No. 92-117 of 7 December 1992
• Declaration of processing to INPDP: Article 7 of Law 2004-63

2. Data we collect

We collect only the data necessary to provide our ticketing and networking services. The categories of data processed are as follows:

• Account data: last name, first name, email address, password (encrypted), language, country, and where applicable job title and organization.
• Newsletter data: email address and communication preferences when you subscribe to our marketing communications.
• Networking profile: photo, job title, industry, professional interests, meeting objectives and other information you voluntarily provide in your attendee profile.
• Messaging and 1:1 video metadata: identifiers of correspondents, timestamps, connection status, call duration and technical quality. Tembo does not retain the content of video calls.
• Order and ticket data: events viewed, tickets purchased, amounts, currency, order status, tickets issued and access history.
• Payment data: handled via one or more certified payment processors. Tembo never stores card numbers or related authentication data; only transaction references and payment status are transmitted to us.
• Technical data: IP address, device and browser type, connection logs and cookies/identifiers necessary for operation, security and audience measurement.

3. Purposes and legal basis for each processing operation

Each processing operation relies on a defined legal basis, in accordance with Organic Law No. 2004-63. The table below specifies, for each purpose, the applicable legal basis:

• Account management, ticket purchase and issuance, customer support: performance of the contract entered into with you.
• Newsletter and marketing communications: your consent, revocable at any time.
• AI matchmaking and networking introductions: your consent and/or Tembo's legitimate interest in providing a relevant networking service; consent is required where the processing relies on sensitive data or significant profiling.
• Security, fraud prevention and detection, platform integrity: the legitimate interest of Tembo and its users.
• Legal and accounting obligations (invoicing, retention of supporting documents): compliance with a legal obligation.
• Audience measurement and service improvement: your consent (non-essential cookies) or legitimate interest (aggregated statistics).

4. Recipients and processors

Your data is never sold. It may be disclosed to the following categories of recipients, strictly within the limits of their mission:

Important: when you purchase a ticket, the event organizer receives the data necessary to run the event (identity, ticket, and where applicable participation profile). For the data the organizer collects and uses for its own purposes, the ORGANIZER acts as a separate and independent data controller from Tembo; its own processing is governed by its own privacy policy, which it is responsible for providing to you.

• Payment processor(s) by currency (TND, XOF, NGN and others): payment processing and fraud prevention. Provider(s): Flouci, ClicToPay, Stripe and bank transfer.
• Professional host of the platform and database.
• Transactional and marketing email and SMS providers.
• Analytics and audience measurement providers.
• Event organizers, for attendees of their events (see above — independent data controllers).
• Administrative or judicial authorities, only where required by law.

5. Transfers of data outside Tunisia

Some of our processors (hosting, payment processors, email/SMS services, analytics) may be located outside Tunisia, including in other African countries, in Europe or elsewhere. Any transfer of personal data abroad is governed by Articles 47 to 52 of Organic Law No. 2004-63.

In accordance with these provisions, no transfer of data to a foreign country is carried out without the prior authorization of the INPDP where required, and provided that the recipient country ensures an adequate level of protection or that appropriate contractual safeguards are in place with the recipient.

On a supplementary and voluntary basis, Tembo strives to align its practices with recognized international standards ("GDPR-compliant" badge), without the GDPR constituting the primary legal basis for our processing, which remains Tunisian law.

• Authorization basis: Articles 47 to 52 of Organic Law No. 2004-63.
• Prior authorization of the INPDP where required.
• Contractual safeguards with foreign recipients.

6. Retention periods

We retain your data for the period strictly necessary for the purposes described, after which we delete or anonymize it. Indicative periods by category are as follows:

• Account: for the entire period of account activity, then up to 24 months after the last login in the event of inactivity.
• Order and ticket data: duration of the event then retention under accounting and tax obligations (generally 10 years).
• Payment data (transaction references): the period required by legal and anti-fraud obligations.
• Networking profile and messaging/video metadata: for the period of account activity; deleted upon account closure, subject to metadata necessary for security.
• Newsletter: until you withdraw your consent (unsubscribe).
• Technical and security logs: generally 12 months.
• Data necessary to handle a dispute: until the expiry of the applicable limitation periods.

7. Your rights

In accordance with Organic Law No. 2004-63 of 27 July 2004, you have the following rights over your personal data:

To exercise these rights, send your request to contact@tembo-event.com, together with proof of identity where necessary to verify your identity. We respond within approximately one (1) month. You may at any time lodge a complaint with the INPDP (see the regional annex for other countries).

• Right of access to your data.
• Right to rectification of inaccurate or incomplete data.
• Right to erasure of your data, within legal limits.
• Right to object to processing on legitimate grounds.
• Right to withdraw consent at any time, without retroactive effect, for processing based on consent (newsletter, marketing, certain networking processing).

8. Ticketing, right of withdrawal and refunds

Tembo acts as a ticketing platform and technical intermediary between the organizer (the seller and party responsible for the event) and the attendee (the buyer), in accordance with Law No. 2000-83 of 9 August 2000 on electronic exchanges and electronic commerce and Law No. 92-117 of 7 December 1992 on consumer protection. Before any order, the attendee receives the essential information about the event, the price inclusive of all taxes, the currency (TND, XOF, NGN or other) and the terms of sale, and confirms the order through a clear act of validation.

Where a right of withdrawal applies under Law No. 2000-83, the attendee has a period of ten (10) business days, from the conclusion of the sale, to withdraw without having to give reasons, under the conditions and limits provided for by law.

For tickets to an event on a fixed date, the attendee is informed, before validation, of the specific withdrawal and refund conditions applicable to the event, as defined by the organizer in compliance with the regulations. These conditions (possibility of cancellation, fees, deadlines, possible non-refund as the event approaches, postponement or cancellation by the organizer) are brought to the attendee's attention at the time of purchase and prevail within the limits permitted by Tunisian law.

Refund requests, where admissible, are processed via the payment processor used for the transaction and are refunded to the original means of payment and in the currency of the order. For any complaint relating to an order, write to contact@tembo-event.com.

• Tembo's role: ticketing platform and intermediary; the organizer is the seller of the event.
• Framework: Law No. 2000-83 (electronic commerce) and Law No. 92-117 (consumer protection).
• Right of withdrawal, where it applies: ten (10) business days (not 14 days).
• Fixed-date tickets: withdrawal and refund conditions disclosed before purchase.
• Refunds: via the payment processor, to the original means of payment, in the currency of the order.

9. Regional annex — Africa: supervisory authorities

As Tembo operates across Africa, you may exercise your rights and lodge a complaint with the competent data protection authority in your country. The main authorities are listed below:

• Tunisia: INPDP — National Authority for the Protection of Personal Data.
• Nigeria: NDPC — Nigeria Data Protection Commission.
• Kenya: ODPC — Office of the Data Protection Commissioner.
• South Africa: Information Regulator (South Africa).
• Senegal: CDP — Commission for the Protection of Personal Data.
• Côte d'Ivoire: ARTCI — Telecommunications/ICT Regulatory Authority.
• Ghana: Data Protection Commission (Ghana).
• Morocco: CNDP — National Commission for the Control of Personal Data Protection.
• For any other country, you may contact the locally competent data protection authority, or failing that the INPDP.

10. Automated decisions and AI matchmaking

Our matchmaking feature uses algorithms, including artificial intelligence, to suggest relevant professional contacts based on your profile, your interests and your stated objectives. This constitutes profiling for recommendation purposes.

These suggestions are recommendations: they do not produce legal effects concerning you and do not constitute a solely automated decision with a significant impact on you. You remain free to accept or ignore any proposed introduction.

You may at any time disable matchmaking, withdraw your consent, or request information about the logic of the recommendations by writing to us at contact@tembo-event.com.

11. Security

Tembo implements appropriate technical and organizational measures to protect your data against loss, unauthorized access, disclosure or alteration.

These measures include in particular the encryption of passwords and communications, access segmentation, logging of sensitive operations, and the use of certified payment processors that handle the security of card data. In the event of a data breach likely to create a risk to your rights, we will take the measures required under applicable regulations.

12. Changes to the policy and version

We may amend this Privacy Policy to reflect changes in our services or in regulations. Any substantial change will be notified to you by appropriate means (email or notice on the platform).

The version in force is the one published on this page. Version: June 2026.