fbpx

PRIVACY

Last updated: December 2024

Our Privacy Policy detailed below (hereinafter referred to as the “Policy”) has been drafted to inform you about the practices and conditions under which Timeleft, a simplified joint-stock company with a share capital of €824.60, registered in the Paris Trade and Companies Register under number 889 565 206, with its registered office located at 128 rue la Boétie, 75008 Paris (hereinafter referred to as “Timeleft” or “We”), collects, uses, and retains your personal data (hereinafter referred to as “Data”).

This Policy explains the types of Data we may collect and/or process when you use our services, access the website https://timeleft.com/fr/ (the “Site”), the blog https://timeleft.com/fr/blog/ (the “Blog”), and the Timeleft mobile application available on the App Store and Google Play (the “Mobile App”).

The use of the Site and Mobile App (collectively referred to as the “Solution”) is subject to this Policy.

This Policy will be updated regularly to ensure compliance with applicable regulations, including the European General Data Protection Regulation (GDPR) 2016/679 and the French Data Protection Act of January 6, 1978, as amended. Any changes will be communicated through a dedicated notification.

If any provision of this Policy is declared void or contrary to regulations, it shall be deemed unwritten without invalidating other provisions.

This Policy applies to Data collected through the Site, the Mobile App, and all services accessible through them.

We invite you to read this Policy carefully to understand how we handle your Data. By visiting or using our Site or Mobile App, you agree to this Policy.

Our Data Privacy Officer (DPO) can be reached at [email protected].

It is your responsibility to ensure that the information you provide to Timeleft is complete and up to date.

1. Data Collected by Timeleft

Depending on your interactions with the Site and Mobile App (e.g., creating an account, subscribing to newsletters, filling out contact forms, phone interactions, or visiting the Blog), we may collect the following Data:

  • Identification Data: Name, first name, year of birth, marital status, country of origin, zodiac sign, professional field, gender, phone number, email address, profile photo, etc.
  • Economic and Financial Data: Information related to purchases of Timeleft services.
  • Browsing Data: IP address, browser used, navigation duration, search history, operating system, language, and pages viewed.
  • Traffic and Communication Data: Information regarding your visits to the Site, Blog, and Mobile App, including log files and usage analytics.

2. How Is Your Data Collected?

Data may be collected directly when you provide it through forms, for example:

  • Creating a user account.
  • Subscribing to the newsletter.
  • Downloading the Solution.

We may also collect Data indirectly through cookies, trackers, and our partner, Luma. Luma’s privacy policy is accessible at https://lu.ma/privacy-policy.

3. Why and How Long Do We Retain Your Data?

The Data we collect serves the following purposes, with corresponding legal bases and retention periods:

Purpose and Sub-Purpose Legal Basis Retention Period
Provision of Timeleft services:    
– User registration Execution of contract When you create an account: your data is kept for the duration of your account.
– User matching   Your login logs are kept for 6 months or 1 year.
– Making reservations with partner restaurants   In the case of an inactive account for 2 years, your personal data will be deleted if no response is received to our reactivation email.
    Additionally, your data may be archived for proof purposes for a period of 5 years.
Management of business relationships Our legitimate interest in managing our activity Data is kept for the entire duration of the contractual relationship.
– Accounting   Data contained in accounting documents is kept for 10 years in intermediate archiving.
– Contract generation    
– Supplier management    
Monitoring and improvement of the Timeleft solution: Our legitimate interest in managing our activity Data is kept for 2 years from collection.
– Monitoring website and mobile app security    
– Monitoring website and mobile app availability    
– Tracking statistics    
Marketing and commercial communication: Our legitimate interest in developing and promoting our activity Data is kept for the duration of the business relationship and 3 years from the end of that relationship for customers, and 3 years from the last contact for prospects.
– Prospecting    
– Sending newsletters    
– Managing incoming contacts    
Compliance with legal obligations To comply with our legal and regulatory obligations For invoices: invoices are archived for a period of 10 years.
Managing rights exercise requests To comply with our legal and regulatory obligations If we request an identity proof: we keep it only for the time necessary for identity verification.
Use of cookies or trackers    
– Measure the number of visitors and users, ensuring the services are easier to use and respond quickly to requests   These cookies or trackers are kept for up to six (6) months for audience measurement cookies or trackers, and up to thirteen (13) months for other cookies or trackers.
– Estimate browsing habits and accelerate searches    
– Help us understand how you interact with and use our Site/Mobile App to improve them    
– Improve your interactions on our Site, Mobile App, and user experience    
    You can view the list of cookies via the following link: app.timeleft.com

Data collected via cookies is retained for up to 6 months for audience measurement cookies and up to 13 months for others.


4. Who Processes Your Data?

Your Data is processed by:

  • Timeleft personnel.
  • Subcontractors and partners engaged in providing our services, including:
  • Google EU
  • Supabase
  • Twilio
  • Klaviyo
  • Meta
  • Customer.io
  • Zendesk

Transfers outside the EU are conducted with appropriate safeguards, such as:

  • Adequacy decisions under GDPR Article 45.
  • Standard contractual clauses or similar measures under GDPR Article 46.


5. Data Protection Measures

Your Data is stored on secure servers protected by firewalls, antivirus software, and restricted access. Technical and organizational measures ensure Data confidentiality and prevent unauthorized access, alteration, or disclosure.

You are responsible for safeguarding your account password and ensuring you log out after each session.


6. Your Rights Regarding Your Data

Under GDPR and the French Data Protection Act, you have the following rights:

  • Access and Rectification: Correct inaccurate or incomplete Data.
  • Erasure: Request deletion of your Data.
  • Processing Restrictions: Limit how your Data is processed.
  • Objection: Refuse certain Data processing, including profiling for commercial purposes.
  • Portability: Retrieve Data in a structured format.
  • Withdraw Consent: Revoke consent for processing at any time (previous processing remains lawful).

Requests can be submitted via Timeleft Support. Timeleft will respond within one month, extendable by two months for complex requests.

You may also lodge complaints with the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr.