PRIVACY
Last updated: December 2024
Our Privacy Policy detailed below (hereinafter referred to as the “Policy”) has been drafted to inform you about the practices and conditions under which Timeleft, a simplified joint-stock company with a share capital of €824.60, registered in the Paris Trade and Companies Register under number 889 565 206, with its registered office located at 128 rue la Boétie, 75008 Paris (hereinafter referred to as “Timeleft” or “We”), collects, uses, and retains your personal data (hereinafter referred to as “Data”).
This Policy explains the types of Data we may collect and/or process when you use our services, access the website https://timeleft.com/fr/ (the “Site”), the blog https://timeleft.com/fr/blog/ (the “Blog”), and the Timeleft mobile application available on the App Store and Google Play (the “Mobile App”).
The use of the Site and Mobile App (collectively referred to as the “Solution”) is subject to this Policy.
This Policy will be updated regularly to ensure compliance with applicable regulations, including the European General Data Protection Regulation (GDPR) 2016/679 and the French Data Protection Act of January 6, 1978, as amended. Any changes will be communicated through a dedicated notification.
If any provision of this Policy is declared void or contrary to regulations, it shall be deemed unwritten without invalidating other provisions.
This Policy applies to Data collected through the Site, the Mobile App, and all services accessible through them.
We invite you to read this Policy carefully to understand how we handle your Data. By visiting or using our Site or Mobile App, you agree to this Policy.
Our Data Privacy Officer (DPO) can be reached at DPO@Timeleft.com.
It is your responsibility to ensure that the information you provide to Timeleft is complete and up to date.
1. Data Collected by Timeleft
Depending on your interactions with the Site and Mobile App (e.g., creating an account, subscribing to newsletters, filling out contact forms, phone interactions, or visiting the Blog), we may collect the following Data:
- Identification Data: Name, first name, year of birth, marital status, country of origin, zodiac sign, professional field, gender, phone number, email address, profile photo, etc.
- Economic and Financial Data: Information related to purchases of Timeleft services.
- Browsing Data: IP address, browser used, navigation duration, search history, operating system, language, and pages viewed.
- Traffic and Communication Data: Information regarding your visits to the Site, Blog, and Mobile App, including log files and usage analytics.
2. How Is Your Data Collected?
Data may be collected directly when you provide it through forms, for example:
- Creating a user account.
- Subscribing to the newsletter.
- Downloading the Solution.
We may also collect Data indirectly through cookies, trackers, and our partner, Luma. Luma’s privacy policy is accessible at https://lu.ma/privacy-policy.
3. Why and How Long Do We Retain Your Data?
The Data we collect serves the following purposes, with corresponding legal bases and retention periods:
| Purpose and Sub-Purpose | Legal Basis | Retention Period |
|---|---|---|
| Provision of Timeleft services: | ||
| – User registration | Execution of contract | When you create an account: your data is kept for the duration of your account. |
| – User matching | Your login logs are kept for 6 months or 1 year. | |
| – Making reservations with partner restaurants | In the case of an inactive account for 2 years, your personal data will be deleted if no response is received to our reactivation email. | |
| Additionally, your data may be archived for proof purposes for a period of 5 years. | ||
| Management of business relationships | Our legitimate interest in managing our activity | Data is kept for the entire duration of the contractual relationship. |
| – Accounting | Data contained in accounting documents is kept for 10 years in intermediate archiving. | |
| – Contract generation | ||
| – Supplier management | ||
| Monitoring and improvement of the Timeleft solution: | Our legitimate interest in managing our activity | Data is kept for 2 years from collection. |
| – Monitoring website and mobile app security | ||
| – Monitoring website and mobile app availability | ||
| – Tracking statistics | ||
| Marketing and commercial communication: | Our legitimate interest in developing and promoting our activity | Data is kept for the duration of the business relationship and 3 years from the end of that relationship for customers, and 3 years from the last contact for prospects. |
| – Prospecting | ||
| – Sending newsletters | ||
| – Managing incoming contacts | ||
| Compliance with legal obligations | To comply with our legal and regulatory obligations | For invoices: invoices are archived for a period of 10 years. |
| Managing rights exercise requests | To comply with our legal and regulatory obligations | If we request an identity proof: we keep it only for the time necessary for identity verification. |
| Use of cookies or trackers | ||
| – Measure the number of visitors and users, ensuring the services are easier to use and respond quickly to requests | These cookies or trackers are kept for up to six (6) months for audience measurement cookies or trackers, and up to thirteen (13) months for other cookies or trackers. | |
| – Estimate browsing habits and accelerate searches | ||
| – Help us understand how you interact with and use our Site/Mobile App to improve them | ||
| – Improve your interactions on our Site, Mobile App, and user experience | ||
| You can view the list of cookies via the following link: app.timeleft.com |
Data collected via cookies is retained for up to 6 months for audience measurement cookies and up to 13 months for others.
4. Who Processes Your Data?
Your Data is processed by:
- Timeleft personnel.
- Subcontractors and partners engaged in providing our services, including:
- Google EU
- Supabase
- Twilio
- Klaviyo
- Meta
- Customer.io
- Zendesk
Transfers outside the EU are conducted with appropriate safeguards, such as:
- Adequacy decisions under GDPR Article 45.
- Standard contractual clauses or similar measures under GDPR Article 46.
5. Data Protection Measures
Your Data is stored on secure servers protected by firewalls, antivirus software, and restricted access. Technical and organizational measures ensure Data confidentiality and prevent unauthorized access, alteration, or disclosure.
You are responsible for safeguarding your account password and ensuring you log out after each session.
6. Your Rights Regarding Your Data
Under GDPR and the French Data Protection Act, you have the following rights:
- Access and Rectification: Correct inaccurate or incomplete Data.
- Erasure: Request deletion of your Data.
- Processing Restrictions: Limit how your Data is processed.
- Objection: Refuse certain Data processing, including profiling for commercial purposes.
- Portability: Retrieve Data in a structured format.
- Withdraw Consent: Revoke consent for processing at any time (previous processing remains lawful).
Requests can be submitted via Timeleft Support. Timeleft will respond within one month, extendable by two months for complex requests.
You may also lodge complaints with the CNIL (Commission Nationale de l’Informatique et des Libertés) at www.cnil.fr.
Timeleft Child Safety Standards Policy
Timeleft is committed to protecting minors and preventing all forms of child exploitation. We have a zero-tolerance policy for Child Sexual Abuse and Exploitation (CSAE) and the sharing of Child Sexual Abuse Material (CSAM).
Any content, behavior, or activity involving or encouraging child exploitation is strictly prohibited and will result in immediate account removal and reporting to authorities.
Users can report concerning behavior or content directly through the in-app “Report” feature or contact our Trust & Safety Team at report@timeleft.com.
When we become aware of CSAM, we remove it immediately, preserve evidence securely, and report it to the National Center for Missing and Exploited Children (NCMEC) or the appropriate local authority.
Timeleft complies with all child safety and data protection laws and maintains a dedicated Child Safety Officer to coordinate investigations and enforcement.
Our goal is to ensure a safe, respectful, and responsible community for everyone.