TimeFlow Srl SB, (hereinafter also “Timeflow” or “owner”) with headquarters in Via 95° Reggimento Fanteria 9, 73100 – Lecce, is the operator of the Marketplace Platform which can be reached at the following link https://marketplace. timeflow.it/ (hereinafter also “Marketplace”).
This information is provided only for the Marketplace and not for the websites, apps or social platforms accessible via hyperlinks (links) present in the Marketplace, for which please refer to the relevant information on the processing of personal data.
The role and responsibilities of Timeflow
Timeflow acts as data controller pursuant to Regulation (EU) 679/2016 (General Data Protection Regulation – GDPR).
Through the Marketplace, Timeflow facilitates the search for partners and the start of collaborations between legal entities (B2B), as well as the recruitment of resources who attend or have completed a training course (hereinafter, " Students ") at a training institute ( hereinafter, “ Academy ”). Specifically, the Marketplace allows users who need support for the development of projects or who are looking for resources to hire (hereinafter, " Customers ") to: receive quotes or applications from other users (hereinafter, " Providers "); consult, select and interact with Suppliers and with the professional figures who operate within the respective organizations (hereinafter " Professionals "); consult the Student profiles and send an interview/availability request to the Academies. We specify that, although they refer to legal entities, Customer, Supplier and Academy accounts are created and managed by natural persons, as company representatives, whose personal data is collected and processed by Timeflow from the moment of registration on the Marketplace. For the purposes of this information, we will refer to these subjects (interested in the processing) respectively as "Customers", "Suppliers" and "Academy" . The organizations to which they belong ( legal entities ) will instead be referred to as "Customer Companies", "Supplier Companies", "Academy Companies" .
The information relating to Professionals and Students is entered and published respectively by the Suppliers and the Academies via the "Add profile" function. In particular, Students - once their profile has been created - receive, by email, an invitation to access their account on the Marketplace and have the possibility of integrating the information entered by the Academies. Furthermore, based on their economic plan, Customers and Suppliers have the possibility of creating accounts in the name of other users, who can play the role of project contacts, to whom an invitation to access the Marketplace. It is therefore up to the Client Companies, the Supplier Companies and the Academy Companies, as independent data controllers, to identify a suitable legal basis to legitimize the making available of the personal data of the Students, Professionals and users who receive an invitation to access the Marketplace (interested in the processing), verify its accuracy and provide them with information on the processing pursuant to art. 13 of the GDPR.
We also remind you that all operations carried out by Customers, Suppliers and Academies within the Marketplace, which involve the use of personal data, constitute processing activities pursuant to art. 4, par. 1, n, 2) of the GDPR . Reference is made, for example, to the submission of applications for the development of Time&Material projects, to the modification and deletion of profiles already published, or to the sharing of the same outside the Marketplace by Suppliers , as well as to consultation activities of the profiles and curricula of Professionals and Students, or the collection of further information relating to them, via the internal messaging system of the Marketplace from Customers .
In this perspective, the natural persons who carry out personal data processing activities can be qualified as subjects authorized to process , pursuant to art. 29 of the GDPR, instructed for this purpose by the Client Companies, the Supplier Companies and the Academy Companies to which the role of independent data controllers can be attributed , since they act to achieve their own purposes, independently of the will of Timeflow.
The contact details of the owner and the Data Protection Officer
For any information, clarification or further information regarding our personal data protection policies, as described here, you can contact us:
via our email: privacy@timeflow.it ;
by writing to the address of our registered office: TimeFlow Srl SB, Via 95° Reggimento Fanteria 9, 73100 – Lecce;
to the email address of our Data Protection Officer : andrealisi@studiolegalelisi.it
The purposes and legal bases of the processing of your personal data
Below, we indicate the purposes for which we process your personal data, divided into homogeneous categories, and the legal bases of the processing carried out for these purposes.
Processing carried out by Timeflow for purposes related to the offering of its services via the Marketplace
Timeflow will process your personal data to:
allow the correct functioning of the Marketplace, in order to guarantee the full functionality of our services;
send you transactional emails (for example, to confirm your email address for the purpose of activating your account, inform you of the status of actions taken through the Marketplace, etc.);
send you notifications viewable within the Marketplace;
allow you to register and log in to access your reserved area of the Marketplace. We specify, in this regard, that registration is reserved for Customers, Suppliers and Academies, at the time of creating an account. Professionals and Students may be enabled, respectively, by Suppliers and Academies to access their account, after verifying the email address indicated by them when creating a profile. Furthermore, based on their economic plan, Customers and Suppliers have the possibility to create, modify and delete other users, which can be activated after verifying the e-mail address indicated when creating the account;
if you are a Customer, a Supplier or an Academy allow you to: personalize, modify and delete your personal profile; personalize and modify the company profile, also by attaching documents;
if you are a user invited to access the Marketplace or a Professional authorized to access your account, allow you to customize and modify your profile;
if you are a Student, allow you to modify your profile by entering information regarding your work experiences;
if you are a Customer or a Supplier, process payments and record economic transactions, for the purpose of purchasing an economic plan;
if you are a Supplier or a project contact, allow you to: insert, make visible, obscure, modify and delete one or more Professional profiles; search and consult the company profiles of customers registered on the Marketplace and published projects, also using search filters; share published projects externally; save your searches; create a list of favorite customers; nominate Professionals with profiles compatible with Client needs to collaborate on Time&Material projects; send quotes for Fixed Price projects; communicate with customers and project representatives via the messaging system within the Marketplace and view the history of conversations; organize cognitive interviews with company representatives and project representatives; view and manage collaborations started through the Marketplace and check their progress; receive email updates on new published projects;
if you are a Customer or a project contact, allow you to: search and consult the profiles of Suppliers, Professionals, Academies and Students, also using search filters; save searches relating to Suppliers, Academies and Students; share the profiles of Professionals and Students externally; create a list of favorite Suppliers, Professionals and Students; present and cancel availability requests to Professionals and Students; communicate with suppliers and project representatives, via the messaging system within the Marketplace and view the history of conversations; organize cognitive interviews with professionals, students, company representatives and project representatives, with the possibility of inviting third-party participants; view and manage collaborations started through the Marketplace and check their progress; publish projects and receive applications or quotes; receive update email messages relating to the entry of new Suppliers and the availability of new Professional profiles;
if you are an Academy, allow you to: insert, make visible, obscure, modify and delete one or more Student profiles; receive and manage availability/interest requests presented by Customers to your Students; organize cognitive interviews with the company representatives of the Clients who have requested the availability of one or more Students;
if you are a Professional:
collect the information necessary to create a profile, including through the automated processing of the data contained in your CV;
analyze, through automated systems, the information obtainable from your profile (including, level of experience, skills, hourly cost, languages spoken, availability to collaborate in person and/or remotely) in order to determine the percentage of compatibility with respect to Customer needs, as can be obtained from published projects;
make the information associated with your profile available to Customers. We would like to point out, in this regard, that your contact details are not present among the data that can be consulted by Customers via the Marketplace, since any communication with the same Customers will be intermediated by the Supplier or the project contact person. Furthermore, until any request for availability of your profile is made, Customers will only be able to view your name and the initial of your surname;
allow you to participate in cognitive interviews with customers and project representatives, with the support of a member of the Timeflow Team, who will be able to take part in the interview;
if you are enabled to access your account, allow you to add work experience, upload your CV, enter some additional information (such as your telephone number) and associate an image with your profile;
if you are a Student:
collect the information necessary to create a profile, including through the automated processing of the data contained in your CV;
make the information associated with your profile available to Customers. We would like to point out, in this regard, that your contact details are not present among the data that can be consulted by Customers via the Marketplace, since all communications with the same Customers will be intermediated by your Academy;
allow you to participate in cognitive interviews with Customers, with the support of a contact person from your Academy and a member of the Timeflow Team, who will be able to take part in the interview;
allow you to access your account and add work experience to your profile.
The legal basis for which we process your data for the purposes indicated above is determined based on the type of processing carried out, according to the criteria we set out below:
all processing activities that require your active use of the features available within the Marketplace , based on your profile, are necessary to provide you with the services reserved for Marketplace users, pursuant to art. 6, par. 1, letter. b) of the GDPR;
in other cases, however, Timeflow may process your personal data independently of your carrying out activities within the Marketplace . This happens, in particular, if you are a Professional, a Student or a user invited to access the Marketplace by a Supplier or a Customer, whenever we collect and process information concerning you (for example, when we acquire from a Customer, a Supplier or an Academy the data associated with your profile, including through the automated extraction of such data from your CV). In these cases, Timeflow acts in execution of a contract concluded with a Client Company, a Supplier Company or an Academy Company, to the extent that it provides for the provision of services involving the processing of your personal data. The legal basis of such processing, therefore, is constituted by the need to fulfill the legal obligation to perform the services contractually agreed with the Client Companies, the Supplier Companies and the Academy Companies, pursuant to art. 6, par. 1, letter. c) of the GDPR.
However, if you are a Professional, we need your approval to proceed with the automated analysis of the information obtainable from your profile , in order to determine the percentage of compatibility with Customer requests. In this case, the legal basis of the processing is represented by your express consent, pursuant to the combined provisions of the articles. 6 par. 1 letter a) and 22 par. 2 lett. c) of the GDPR.
Processing carried out by Timeflow for administrative, accounting and tax purposes
If you are a Customer, a Supplier or an Academy, Timeflow may process your personal data for the purposes of carrying out administrative, accounting and tax obligations connected to purchases made through the Marketplace, such as, by way of example, the maintenance of accounting records and issuing the invoice. We would like to point out, however, that these activities represent the processing of personal data only if the purchase and payment operations can be traced back to a natural person.
The legal basis of these treatments is constituted by the fulfillment of legal obligations to which Timeflow is subject, pursuant to art. 6, par. 1, letter. c) of the GDPR
Processing carried out by Timeflow for the purposes of optimization and promotion of the services offered through the Marketplace
With your authorization, Timeflow may process your data, even with fully automated systems, for profiling for marketing purposes. These treatments may consist, for example:
in the collection and recording of information relating to your browsing actions, in order to show you commercial communications through social networks and other web contexts;
in tracking your behavior on the Marketplace, in order to identify the areas with which you interact most frequently. This may allow us, for example, to adapt the ways in which content is shown to you, so as to make it even easier for you to find content that interests you;
in sending promotional messages, mainly by email, based on specific actions performed on the Marketplace;
in the collection of data relating to the date and time of display of the messages you receive at your e-mail address and the clicks on the links contained therein, in order to determine and improve the level of effectiveness of our communications.
The processing carried out for these purposes is based on your express consent, pursuant to art. 6 par. 1 letter a) of the GDPR.
The sources of collection of your personal data
Your personal data may be provided directly by you, in an active and conscious manner (for example, the data provided by completing the registration form on the Marketplace, the CV and data relating to work experience entered by the Professionals and Students authorized to access their accounts, etc.).
In other cases, your data is provided indirectly , through access and interaction with the Marketplace or use of your devices (for example, information relating to your browsing actions and your behavior on the Marketplace, data relating to the viewing of messages you receive via e-mail, etc.).
Furthermore, the personal data relating to you may be collected from third parties and, in particular:
from other users registered on the Marketplace (for example, the data of the Professionals and users invited to access the Marketplace provided by Customers and Suppliers at the time of creation and modification of the relevant profiles; the data of the Students provided by the Academies at the time of creation of the relevant profiles; the email address of third parties invited to participate in the cognitive interviews between Customers and Suppliers);
from Google Ireland Ltd, Google LLC or Microsoft Corporation , if you decide to access the Marketplace using your Google or Microsoft account.
Categories of data processed and nature of the provision
Browsing data
While browsing the Marketplace, some information is automatically acquired, the transmission of which is implicit in the use of Internet communication protocols.
This category of data includes, for example, the IP addresses or domain names of the devices you use, the addresses in URI/URL (Uniform Resource Identifier/Locator) notation of the requested resources, the time of the request, the method used in the submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the IT environment in use. The provision of this data is necessary to guarantee the correct functioning of the Marketplace.
This category also includes the data collected by Timeflow for profiling for marketing purposes, such as, for example, information relating to actions performed on the Marketplace (type of action, time, frequency with which it is performed, etc.). In this case, you can choose not to consent to the collection of your data, without compromising your browsing experience.
You can find further information on the types of data belonging to this category within the choices management area, accessible via the appropriate command located in the Marketplace footer.
Data provided through the use of our services
Timeflow collects personal data provided or generated through interaction with the Marketplace. This data includes:
data necessary for registration on the Marketplace (if you are a Supplier or an Academy: name and surname, telephone number, company email address, role in the company, information relating to how you came to know Timeflow, name and registered office of the the company to which you belong; if you are a Customer: information on the needs you would like to fulfill through the Marketplace and related timing, name and surname, telephone number, company email address, role in the company, information relating to the methods with which have you known Timeflow, name, sector and registered office of the company you belong to).
After registering, you can also access the Marketplace using your Google or Microsoft account. If you decide to make this choice, a window will open indicating the data that the account manager will share with Timeflow, such as name, email address, language preference and profile picture;
data associated with your personal profile :
for all Marketplace users: organization you belong to, name and surname, e-mail address, telephone number, city, photographic image or avatar;
for Professionals: data contained in the curriculum vitae , contractual relationship with the Supplier Company, work qualification, technical skills, work experience (additional to those indicated in the CV), availability for potential collaborations, period of availability, daily rate, working seniority, languages spoken, availability to work in person, full-time or part-time, feedback received from other users;
for Students: data contained in the curriculum vitae, technical skills, work experience (additional to those indicated in the CV), residence, languages spoken, seniority, availability to work in person, full-time or part-time, availability to transfer ;
for project representatives: job title and business unit to which they belong.
data relating to interactions with other users (for example, potential or initiated collaborations between Suppliers, project representatives, Professionals and Students on the one hand, and Customers, on the other; data relating to conversations between users who use the internal messaging system Marketplace; data relating to the organization of cognitive interviews between users and/or Professionals and Students and any personal data communicated during the interview, etc.);
data provided in the interaction with the automated live chat system (name, reasons for contact and any other data entered within the chat and/or in attached documents, which Timeflow can associate with your user profile);
data provided for the purpose of participating in online surveys (opinions expressed, which Timeflow can associate with your user profile);
accounting and billing data , if referring to a natural person (including data relating to the credit cards and bank accounts used and the transaction identifier).
The provision of this data is necessary to allow you to register on the Marketplace and use our services.
In particular, any refusal to provide the data requested when registering an account and creating profiles relating to Professionals, Students or other users invited to access the Marketplace will make it impossible to complete the registration procedure. registration and profile creation. Similarly, the refusal to provide the data requested for the purchase of a subscription plan through the Marketplace makes it impossible to conclude the purchase contract.
Furthermore, if you are a registered user on the Marketplace, you can provide your personal data in order to complete your profile (e.g. photography, work experience, etc.) or to take advantage of additional features reserved for users (such as, for example, the automated live chat service, participation in surveys, exchange of messages with other users, etc.). The provision of data for these purposes is optional, in the sense that there is no legal or contractual obligation to provide it, but it is a necessary requirement to be able to integrate or update the information visible to other users, or use the services available to you.
To which subjects your personal data may be communicated
Your personal data may be communicated to:
specifically authorized and trained Timeflow employees and collaborators who need to access it in carrying out their duties;
users registered on the Marketplace;
external subjects who provide specific services or carry out instrumental activities on behalf of Timeflow, as data controllers or data processors: for the updated list of such subjects, we invite you to consult the table attached to this information;
external subjects who act as independent data controllers or, in some cases, as joint data controllers, for purposes ancillary and related to the provision of our services: this category of recipients includes, in particular, banking institutions for payment operations carried out by the Customers and Suppliers for the purpose of purchasing a subscription plan.
Outside of the cases mentioned above, personal data will not be communicated, disseminated, transferred or otherwise transferred to third parties for illicit purposes or purposes not connected to the purposes of the collection and, in any case, without providing suitable information to the interested parties and obtaining their consent, where required by law. Personal data will not be transferred abroad, to countries or international organizations not belonging to the European Union which do not guarantee an adequate level of protection, recognized pursuant to art. 45 GDPR, based on an adequacy decision by the EU Commission. In the event that it is necessary for the provision of the Site's services, the transfer of personal data to countries or international organizations outside the EU, for which the Commission has not adopted any adequacy decision pursuant to art. 45 GDPR, will take place only in the presence of adequate guarantees provided by the recipient country or organization, pursuant to art. 46 GDPR and provided that the interested parties have enforceable rights and effective remedies. In the absence of an adequacy decision from the Commission, pursuant to art. 45 GDPR, or adequate guarantees, pursuant to art. 46 GDPR, including binding corporate rules, the cross-border transfer will take place only if one of the conditions indicated in the art. 49 GDPR.
How long we keep your personal data
Timeflow will retain the data collected for different periods, depending on the purposes of the processing:
the data necessary for registration on the Marketplace, the data associated with your personal profile and the data relating to interactions with other users will be retained for up to 12 months from the deletion of your account or profile; we specify, in this regard, that the cancellation of the account of a Customer, an Academy or a Supplier will result in the cancellation of the profiles of Professionals, Students and users invited to access the Marketplace, created by them;
the data provided in interaction with the automated live chat system will be retained for a maximum period of 24 months;
the data provided for the purposes of participating in online surveys will be retained for a maximum period of 12 months;
the accounting and billing data will be kept for 10 years from collection.
TimeFlow will, after the expiry of the retention terms, according to the indicated criteria, adopt measures aimed at deleting or anonymizing data that do not need to be retained for specific regulatory obligations or for other legitimate reasons (e.g. pending litigation).
To find out how long navigation data is retained, we invite you to consult the information available in the choices management area, accessible via the appropriate command located in the footer of the Marketplace.
As an interested party, you have the right to access your personal data, to request rectification, updating and cancellation or limitation, if incomplete, incorrect or collected in violation of the law, as well as to oppose the processing for legitimate reasons or to obtain portability.
In particular, you have the right to obtain confirmation of the existence or otherwise of personal data concerning you, even if not yet registered, and their communication in an intelligible form.
You also have the right to obtain the indication:
of the purposes and methods of processing;
of the logic applied in case of processing carried out with the aid of electronic instruments;
of the identification details of the Data Controller, the Managers and the subjects or categories of subjects to whom the personal data may be communicated or who may become aware of it as authorized to process it.
You have the right to obtain:
the updating, rectification or integration of your data;
the cancellation, transformation into anonymous form or blocking of data processed in violation of the law, including those whose retention is not necessary in relation to the purposes of the processing;
the limitation of processing, when one of the hypotheses referred to in Article 18 GDPR occurs;
the certification that the operations referred to in letters a), b) and c) have been brought to the attention of those to whom the data have been communicated or disseminated, except in the case in which this fulfillment proves impossible or involves the use of means manifestly disproportionate to the protected right;
the transmission of data concerning you, provided to the Data Controller and processed on the basis of a contract, in a structured, commonly used and machine-readable format. Pursuant to art. 20 GDPR, you also have the right to transmit such data to another data controller without impediments and, if technically feasible, to obtain the direct transmission of personal data from one data controller to another.
You have the right to object, in whole or in part:
for legitimate reasons to the processing of personal data concerning you, even if pertinent to the purpose of the collection;
to the processing of personal data concerning you for the purposes of sending advertising or direct sales material or for carrying out market research or commercial communication;
to automated decision-making processes that significantly impact you.
Without prejudice to any other administrative or jurisdictional appeal, you have the right to lodge a complaint with the Guarantor for the protection of personal data.
Automated decision-making processes
Timeflow uses automated processes applied to a set of initial personal data attributable to the Professionals and capable of producing effects on the respective legal sphere or in any case significantly impacting them.
The legal basis of this processing is represented by the express consent of the Professional, pursuant to the combined provisions of the articles. 6 par. 1 letter a) and 22 par. 2 lett. c) of the GDPR.
In particular, Timeflow uses an algorithm to analyze the information obtainable from the profile of the Professionals (including, level of experience, skills, hourly cost, languages spoken, availability to collaborate in person and/or remotely) in order to determine the percentage of compatibility with the needs of customers, as can be obtained from the published projects. Consequently, the profile of individual Professionals will be more easily manageable for the purposes of submitting applications for the development of Time&Material projects and proposing professional collaborations.
If you are a Professional, you can write to Timeflow at any time to request:
information about the mechanisms underlying the automation;
information about the periodic assessments that are carried out to verify the reliability of the automated tool used;
indications on the forms of access to data;
human intervention and/or to express one's opinion and/or to contest the decision.
How you can exercise your rights
You can exercise your rights by sending an email to privacy@timeflow.it . We will provide you with a response within one month of your request. If it is not possible to comply with your request, we will provide you with reasons why we cannot do so.
To exercise your rights you can also make use of non-profit bodies, organizations or associations whose statutory objectives are in the public interest and which are active in the sector of protection of the rights and freedoms of interested parties with regard to the protection of personal data, conferring, for this purpose, a suitable mandate. You can also choose to be assisted by a trusted person.
To know your rights and always be updated on the legislation regarding the protection of individuals with regards to the processing of personal data, you can contact the Guarantor Authority for the protection of personal data by consulting the website at http://www. garanteprivacy.it/.
Last revised June 2024
Recipients of personal data collected through the Timeflow Marketplace
Below, we list the service providers with whom Timeflow may share its users’ data, with an indication of their respective role.
| Recipient | Role | Purpose of Processing | Other Processors | |
|---|---|---|---|---|
| Controller | Owner | |||
| Amazon Web Services EMEA SARL | X | Data storage | ||
| Hubspot Inc. | X | Online chat management; web content management (CMS); sending emails for commercial purposes; user relationship management; marketing and sales campaign automation | Refer to the dedicated page on the supplier's site | |
| Intuit Inc. | X | Transactional email sending; management of support and contact requests received through email contact forms | Refer to the dedicated page on the supplier's site | |
| Pendo.io Inc. | X | User interaction tracking with content on Marketplace and email messages to measure the effectiveness of marketing campaigns and provide personalized service updates | Refer to the dedicated page on the supplier's site | |
| Typeform SL | X | Collecting user feedback on Marketplace service quality; conducting opinion surveys and market research | Amazon Web Services Inc., Cloudflare Inc. | |
| Calendly LLC + | X | Meeting scheduling | Refer to the dedicated page on the supplier's site | |
| Zoom Video Communications, Inc. | X | X | Videoconference organization | Refer to the dedicated page on the supplier's site |
| Google Ireland Limited (Google Calendar) | X | X | Appointment management | |
| Google Ireland Limited | X | Remarketing and behavioral targeting | Refer to the dedicated page on the supplier's site | |
| Meta Platforms Ireland Limited | X | Remarketing and behavioral targeting | Refer to the dedicated page on the supplier's site | |
| LinkedIn Corporation | X | Remarketing and behavioral targeting | Refer to the dedicated page on the supplier's site | |
| Chargebee Inc. | X | Payment management | Refer to the dedicated pages on the supplier's site: https://www.chargebee.com/privacy/dpa/#sub_processors https://www.chargebee.com/privacy/sub-processors/ https://www.chargebee.com/receivables/privacy/sub-processors/ |
|
Last update: February 2024
