PRIVACY POLICY ON THE PROCESSING OF PERSONAL DATA ACCORDING TO ARTICLES 13 AND 14 OF REGULATION (EU) 679/2016 (GDPR)
TimeFlow S.r.l. (hereinafter also referred to as “TimeFlow”), located at Via 95° Reggimento Fanteria No. 9 – 73100 Lecce, is the manager of the website www.timeflow.it (hereinafter also referred to as the “Site”) and of the web application www.marketplace.timeflow.it (hereinafter also referred to as the “Marketplace”).
This information is provided only for the Site and not for the Marketplace, websites, apps, or social platforms that can be accessed through hyperlinks (links) contained therein, even those leading back to the timeflow.it domain, for which reference is made to their respective privacy policies regarding personal data processing.
1. The contact details of the Data Controller and the Data Protection Officer
For any information, clarification, or further details regarding our personal data protection policies, as described here, you can contact us:
- via our email: privacy@timeflow.it
- or by writing to the address of our legal office: TimeFlow S.r.l. – Via 95° Reggimento Fanteria No. 9 – 73100 Lecce
- at the email address of our Data Protection Officer: andrealisi@studiolegalelisi.it
2. The purposes and legal bases for processing your personal data
The legislation on personal data protection allows their use only for specific and clearly stated purposes, provided there is a suitable legal basis that allows us to do so.
Below, therefore, we provide you with a list of purposes for which we process your personal data:
a) to enable the proper functioning of the Site and the usability of its services;ù
b) to obtain aggregated and anonymized statistical information related to the use of the Site (such as, for example, most visited pages, number of visitors per time slot or day, geographical areas of origin, etc.);
c) to send you transactional emails;
d) to manage and respond to your requests, sent to the email addresses listed on the Site or made by filling out contact forms, in relation to the services provided by Timeflow;
e) to evaluate and respond to your appointment requests with one of Timeflow’s representatives;
f) to send you informative newsletters and promotional communications about TimeFlow’s services and initiatives;
g) to facilitate customer care activities through the live chat service (also referred to as “Chatbot”) and forward your requests to the specific support team;
h) to collect and record information related to your navigation actions, in order to show you commercial communications through social networks and other web contexts;
i) to improve the enjoyment of Timeflow’s services and offers through statistical tracking systems that allow detecting the opening of messages you receive at your email address and clicks on links contained in them.
The processing activities carried out for the purposes referred to in letters a), c), d), e), and g) are necessary for the provision of services offered through the Site. The legal basis for processing is, therefore, the execution of a contract to which the data subject is party or the implementation of pre-contractual measures requested by the data subject, in accordance with Article 6, paragraph 1, letter b) of Regulation (EU) 679/2016 (GDPR).
The processing carried out for the purposes referred to in letters b), h), and i), namely the use of navigation tracking tools and profiling for marketing purposes, is subject to your consent, which constitutes the legal basis for processing, in accordance with Article 6, paragraph 1, letter a) of Regulation (EU) 679/2016 (GDPR).
The processing activities carried out for the purposes referred to in letter f), may have as their legal basis the execution of a service in your favor, in case you have requested to subscribe to the newsletter through the specific form on the Site, or the legitimate interest of the Data Controller, in accordance with Article 6, paragraph 1, letter f) of Regulation (EU) 679/2016 (GDPR), to use the personal data and email addresses you provided to Timeflow to receive informational services through the Site.
3. The sources of collection of your personal data
Your personal data can be provided directly by you, actively and knowingly (e.g., data provided when interacting with the Chatbot, data entered in the contact form or in the newsletter subscription form, etc.).
In other cases, your data is provided indirectly, through navigation on the Site or the use of your devices (e.g., traffic data, data related to the devices used, etc.).
4. What personal data we collect and process
4.1 Navigation data
During navigation on the Site, the computer systems responsible for its operation automatically acquire some information whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, for example, the IP addresses or domain names of the devices you use, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the server’s response (success, error, etc.) and other parameters related to the operating system and the computer environment in use.
You can find more information about Timeflow’s use of these technologies in the choice management area, accessible through the specific command located in the footer of the Site.
4.2 Data provided through the use of our services
TimeFlow collects personal data provided through interaction with the Site. Such data include:
a) data provided by sending optional and voluntary email messages to the email addresses indicated on the Site (which include, in particular, the sender’s email address and any other personal data present in the message);
b) data provided by filling in the newsletter subscription form (email address);
c) data provided in interaction with the Chatbot (name, email address, telephone number, reasons for contact, subscription to the platform, and any other data entered within the chat and/or in attached documents);
d) data provided through filling in the contact form (name, surname, email address, phone, company);
e) data provided through filling in the form to book a call (name, email address, and guests’ emails and any other personal data present in the message). You may also decide to provide us with the email address of one or more guests who will participate in the call. In this case, please ensure that these subjects have been previously informed about the processing purposes indicated in paragraph 2, letter e) and have consented to the use of their data by Timeflow.
5. Nature of the provision of personal data and consequences in case of non-provision
The provision of personal data referred to in paragraph 4.2 is necessary in order to provide the services offered through the Site: in particular, for the purposes of filling in the forms on the Site, the provision of data marked with an asterisk is necessary for the management and response to communications. It is specified, in any case, that you are free to provide the requested data, in the sense that you are not legally obligated to provide them: however, failure to provide data indicated as necessary will result in the inability for the Data Controller to deliver the requested service.
The collection of personal data referred to in paragraph 4.1 may be necessary to ensure the correct use of the services provided through the Site, or it may serve to offer you additional services and functionalities, but not essential for the proper functioning of the Site. In the latter case, Timeflow may collect and process your data after obtaining your consent, which is optional, or until your possible opposition to the processing. If you do not authorize us to process these data or you oppose their processing, you can still benefit from the services available as a user of the Site.
6. To whom your personal data may be disclosed
Your personal data may be communicated to:
- employees and collaborators of TimeFlow specifically authorized and trained, who need to access it in the performance of their duties;
- providers of services offered through the Site or related to its operation, among which, in particular, Hubspot Inc., for the live chat service, web content management, and the sending of email communications for commercial purposes; Amazon Web Services EMEA SARL for cloud storage services; Intuit Inc. for the sending of transactional email communications, the management of support and contact requests; Calendly LLC for scheduling introductory meetings; Google LLC and Fonticons Inc. for displaying content from external platforms;
- Google Ireland Limited, Meta Platforms Ireland Limited, and LinkedIn Corporation for remarketing and behavioral targeting activities.
Outside of the above-mentioned cases, personal data will not be communicated, disseminated, transferred, or otherwise transferred to third parties for unlawful purposes or not related to the purposes of collection, and in any case, without providing suitable information to the data subjects and obtaining their consent, where required by law. Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union that do not guarantee an adequate level of protection, recognized under Article 45 GDPR based on an adequacy decision of the EU Commission. Should it be necessary for the provision of the Site’s services, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted an adequacy decision under Article 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient country or organization, under Article 46 GDPR, and provided that the data subjects have enforceable rights and effective legal remedies. In the absence of an adequacy decision by the Commission, under Article 45 GDPR, or of adequate guarantees, under Article 46 GDPR, including binding corporate rules, the cross-border transfer will take place only if one of the conditions listed in Article 49 GDPR is met.
How long we keep your personal data
Your personal data will be stored for a period of time not exceeding that necessary to achieve the purposes for which they were collected and subsequently processed.
In particular:
- data processed to respond to support and contact requests received via email or through filling in contact forms will be kept for a maximum period of 6 months from their provision; moreover, the personal data and email address provided through filling in the contact form will be stored for the sending of informative and promotional communications until the possible exercise of the right to object to processing;
- data under b) of paragraph 4.2 will be stored until the possible exercise of the right to object to processing;
- data provided in interaction with the Chatbot will be kept for a maximum period of 24 months; moreover, the personal data and email address acquired in interaction with the Chatbot will be stored for the sending of informative and promotional communications until the possible exercise of the right to object to processing;
- data processed to respond to a request for an appointment will be kept for a maximum period of 12 months from their provision; moreover, the personal data and email address provided by filling in the specific form will be stored for the sending of informative and promotional communications until the possible exercise of the right to object to processing.
TimeFlow will, after the expiration of the storage terms, according to the indicated criteria, adopt measures aimed at deleting or anonymizing the data that should not be retained for specific legal obligations or for other legitimate reasons (e.g., pending litigation).
To know the retention time of navigation data, we invite you to consult the information available in the choice management area, accessible through the specific command located in the footer of the Site.
What are your rights
As a data subject, you have the right to access your personal data, to request their correction, updating, deletion, or restriction if they are incomplete, incorrect, or collected in violation of the law, as well as to object to processing for legitimate reasons or to obtain their portability.
In particular, you have the right to obtain confirmation of whether or not personal data concerning you exists, even if not yet registered, and their communication in an intelligible form.
You also have the right to obtain information on:
a) the purposes and methods of processing;
b) the logic applied in the case of processing carried out with the aid of electronic tools;
c) the identification details of the Data Controller, the Data Processors, and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as authorized processors.
You have the right to obtain:
a) the updating, correction, or integration of your data;
b) the deletion, anonymization, or blocking of data processed in violation of the law, including data that do not need to be kept for the purposes for which they were processed;
c) the restriction of processing when one of the conditions specified in Article 18 GDPR applies;
d) certification that the operations as per letters a), b), and c) have been notified to those to whom the data were communicated or disseminated, except in the case where this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
e) the transfer of data concerning you, provided to the Controller and processed based on a contract, in a structured, commonly used, and machine-readable format. Under Article 20 GDPR, you also have the right to transmit such data to another data controller without hindrance and, if technically feasible, to have the personal data transmitted directly from one controller to another.
You have the right to object, in whole or in part:
a) for legitimate reasons to the processing of personal data concerning you, even though they are relevant to the purpose of the collection;
b) to the processing of personal data concerning you for the purpose of sending advertising material or direct selling or for carrying out market research or commercial communication;
c) to automated decision-making processes that significantly affect you.
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the Guarantor for the protection of personal data.
How you can exercise your rights
You can exercise your rights by sending an email to privacy@timeflow.it. We will respond within one month of the request. If it is not possible to fulfill your request, we will provide the reasons why we cannot do so.
To exercise your rights, you can also make use of bodies, organizations, or non-profit associations whose statutory objectives are in the public interest and which are active in the field of protecting the rights and freedoms of data subjects regarding the protection of personal data, conferring, for this purpose, a suitable mandate. You may also choose to be assisted by a person of trust.
To learn about your rights, file a complaint, and stay updated on legislation concerning the protection of individuals with regard to the processing of personal data, you can contact the Guarantor for the protection of personal data by visiting the website at http://www.garanteprivacy.it/.
Last revision February 2024