TIMEWAY SAS, with registered office at 55 rue d’Amsterdam, 75008 Paris – France, in its capacity as Controller, wishes to inform you about the processing of your data, collected or managed on the www.timewaygroup.com site, and on how it guarantees the protection of such data at all times.
European Regulation 2016/679 defines personal data as any information relating to an identified or identifiable natural person. An identifiable natural person is an individual who can be identified, directly or indirectly, by reference to identifiers such as name, identity document number, location data, online identifier or one or more factors specific to that person’s physical, physiological, genetic, mental, economic, cultural or social identity. Data rendered anonymous or processed in aggregate in such a way that the specific natural person can no longer be identified, even in combination with other information, are not considered to be personal data.

PURPOSE OF PROCESSING
The Controller processes the personal, identifying and non-sensitive data (hereinafter referred to as ‘personal data’ or ‘data’) communicated by you exclusively for the following purposes.

A) Allow access to and browsing on the site, process anonymous statistics on its use, control its operation and ascertain possible liability in the event of offences (legitimate interest of TIMEWAY SAS);

B) Respond to any requests/questions received via the webforms on the site in the FAQ and CONTACTS sections or received directly by e-mail at info.france@timewaygroup.com.

The legal basis for processing is the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, pursuant to Article 6(b) of European Regulation 2016/679.
The provision of data for the purposes set out in point (b) is obligatory (in the absence thereof, it is not possible to provide the services requested).

TYPES OF DATA COLLECTED
Whenever you interact with our sites, information is automatically collected, such as your IP address in an anonymised version, the type and version of browser used for browsing, operating system and platform. So-called “cookies” are used on the site and information is collected every time your browser accesses the site. Cookies are data that are transferred to your computer’s hard drive through your browser and are handled anonymously.

METHODS OF PROCESSING
The processing of your personal data is carried out by means of the operations indicated in Art. 4 Privacy Code and Art. 4(2) GDPR and specifically: collection, recording, organisation, storage, consultation, processing, alteration, selection, extraction, comparison, use, interconnection, blocking, communication, erasure and destruction of data.
Your personal data collected is subject to automated electronic processing.

DATA STORAGE PERIOD
The Controller will process personal data for the time necessary to fulfil the above-mentioned purposes, to comply with legal obligations and/or to exercise rights in a possible court case.

ACCESS TO DATA AND COMMUNICATION TO THIRD PARTIES
Your data may be made accessible, for the above-mentioned purposes, exclusively to employees and collaborators of the Controller or companies belonging to the same group as the Controller. Under no circumstances may your data be disclosed and/or communicated to third parties.

DATA TRANSFER
The personal data will be managed and stored on servers located within the European Union and belonging to the Data Controller and/or to third-party companies duly appointed as Data Processors. The data will not be transferred outside the European Union.

RIGHTS OF THE DATA SUBJECT
In your capacity as data subject, you have the rights under Art. 7 Privacy Code and Art. 15 GDPR, namely the rights to:

I) obtain confirmation as to whether or not personal data concerning you exist, even if they have not yet been recorded, and their communication in intelligible form;

II) obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out using electronic means; d) the identity of the data controller, data processors and the controller’s representative, pursuant to Art. 5(2) of the Privacy Code and Art. 3(1) of the GDPR;

III) obtain a) the updating, rectification or, where interested therein, supplementing of the data; b) the erasure, transformation into anonymous form or blocking of data processed in breach of the law, including data the storage of which is unnecessary for the purposes for which the data were collected or subsequently processed c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;

IV) object, in whole or in part, on legitimate grounds, to the processing of personal data concerning you, even if they are relevant to the purpose of collection. Where applicable, you also have the rights set out in Articles 16-21 GDPR (Right to rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to lodge a complaint with the Data Protection Authority.

These rights may be exercised by sending a request to the Controller or by sending an e-mail to info.france@fr.timewaygroup.com.