This page describes the conditions under which Timesphere (Horasphere inc.)process personal data collected from individuals (customers, prospects, etc.).
If you have any questions about this policy, you can send us your request to dpo@timesphere.com.
Privacy Policy
The purpose of this policy is to present the rules relating to the protection of personal data, in the capacity of data controller and subcontractor, which TIMESPHERE undertakes to respect. These rules come in particular in application of the Personal Information Protection and Electronic Documents Act (PIPEDA) of Canada and of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (the General Data Protection Regulation or GDPR) of Europe, relating to the protection of natural persons with regard to the processing of personal data and to the free movement of such data, and repealing Directive 95/46/EC in Europe.
This document is likely to evolve, particularly when necessary to meet the obligations of the legislation on the protection of personal data. We therefore encourage you to visit this dedicated page regularly.
The concepts concerning the protection of personal data used in this document have the same meaning as those given by the PIPEDA or the RGPD.
Compliance with the general principles of personal data protection
When TIMESPHERE acts as a data controller
TIMESPHERE guarantees that personal data are:
- processed in a lawful, fair and transparent manner ;
- collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with these purposes;
- adequate, relevant and limited to what is necessary for the purposes for which they are processed;
- accurate and, where necessary, kept up to date;
- kept for no longer than is necessary for the purposes for which they are processed;
- processed in such a way as to guarantee appropriate security, including protection against unauthorized or illicit processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures adapted to the risks.
When TIMESPHERE acts as a subcontractor
TIMESPHERE guarantees that :
- the purposes of the processing are described in the contract signed between TIMESPHERE and its client;
- the processing of the client’s personal data is carried out only for the purposes determined and on its instructions under the conditions provided for in the contract;
- the deletion of the personal data is undertaken at the end of the contract and under the conditions provided for in the contract, except if the applicable law requires this conservation.
Purpose and legal basis of personal data processing
When TIMESPHERE acts as data controller
For its internal needs, TIMESPHERE collects personal data for the following purposes
- management of its customer and prospective customer contacts (sending marketing information, product information or Group news, meeting the needs of customers or prospective customers, etc.);
- management of its commercial contracts (management of orders, invoicing, collection, etc.);
- management of TIMESPHERE personnel, recruitment and careers (screening and contacting candidates, etc.);
- creation and administration of user accounts;
- implementation and management of services subscribed to by its clients (recording of calls and/or tickets made to support, etc.).
According to these different purposes, TIMESPHERE ensures that one of the following conditions is met:
- the consent of the individual has been collected for one or more specific purposes;
- the processing is necessary for the execution of a contract to which a natural person is a party or for the execution of pre-contractual measures taken at the request of the latter;
- the processing is necessary to comply with a legal obligation to which TIMESPHERE is subject;
- the processing is necessary to safeguard the vital interests of a natural person;
- the processing is necessary for the purposes of the legitimate interests pursued by TIMESPHERE, unless the interests or the fundamental rights and freedoms of the natural person concerned prevail.
When TIMESPHERE acts as a subcontractor
TIMESPHERE may have to access and process the personal data entrusted by its clients within the strict framework of the contract and services subscribed to.
This access and processing is governed by a contract containing specific data protection clauses signed between TIMESPHERE and its client.
TIMESPHERE processes personal data only on behalf of and on the documented instructions of its client in accordance with the provisions of the said contract.
Security and notification of data breaches
TIMESPHERE implements appropriate technical and organizational measures to ensure a level of security appropriate to the risks.
More generally, TIMESPHERE employees are subject to an IT charter to ensure an appropriate level of security.
Any data breach will be notified :
- when TIMESPHERE acts as a data controller, to the local supervisory authority and, if necessary, to the individuals affected by the said breach;
- when TIMESPHERE acts as a subcontractor, to its clients affected by the said violation under the conditions of the contract between TIMESPHERE and its clients.
Right of individuals
When TIMESPHERE acts as a data controller
Under the conditions provided for by local legislation, individuals have the right to
- access personal data concerning them and processed by TIMESPHERE;
- request the rectification, erasure or limitation of the processing of their personal data by TIMESPHERE;
- under certain conditions, to object to the processing of their personal data;
- request the portability of personal data;
- when consent is the legal basis of the processing, to withdraw their consent;
- to define directives concerning the fate of their personal data in the event of their death.
Requests related to these rights can be sent to dpo@timesphere.com.
TIMESPHERE reserves the right to ask for clarification of any request and to justify the identity of the applicant.
An unsubscribe link is also available in our email marketing communications.
In any case, TIMESPHERE recommends contacting the local control authority (such as the CNIL in France) to find out more about the regulations relating to the protection of personal data, the rights of individuals and the possibility of lodging a complaint with this authority.
When TIMESPHERE acts as a subcontractor
In the event that TIMESPHERE receives a request from an individual concerned with the processing of his or her personal data in the context of the performance of the contract between TIMESPHERE and its client, TIMESPHERE will communicate this request to its client as soon as possible after its receipt and, taking into account the nature of the processing and under the conditions established in the contract, will assist its client, by means of appropriate technical and organizational measures, to the fullest extent possible, in fulfilling its obligation to comply with these requests.
The customer remains responsible for the response to the natural person concerned.
Information of natural persons
When TIMESPHEREHR acts as a data controller
At the time of collection of personal data, TIMESPHERE undertakes to provide the natural persons concerned with at least the following information, as far as possible and whatever the processing carried out:
- the contact details of the data controller and its Data Protection Officer;
- the purposes of the processing and its legal basis;
- the recipients;
- transfers outside the EU, if any;
- the length of time for which the data will be kept;
- the possibility of requesting the exercise of rights that may be exercised in application of the applicable regulations;
- the right to lodge a complaint with the control authority.
TIMESPHERE may also receive personal data (name, associated company, telephone number, e-mail address) from third party sources such as lead providers.
This data is only used to :
- update, develop and analyze its client/prospect base;
- identify new prospects;
- to provide information about appropriate TIMESPHERE products and services.
When TIMESPHERE acts as a subcontractor
The responsibility for informing individuals lies with the data controller. Under the conditions provided for in the contract, TIMESPHERE provides its clients acting as data controller with all useful information to enable them to comply with local regulations.
Transfers outside the European Union (where applicable)
The data collected may be processed outside the European Union. Thus, in accordance with the legislation on data protection, TIMESPHERE refrains from transferring Personal Data, without putting in place the adequate tools for the supervision of these transfers in application of article 46 of the RGPD, outside:
- the European Union, or
- the European Economic Area, or
- countries recognized as having an adequate level of security by the European Commission, including companies established in the United States of America certified “Privacy Shield” or, in the event of its invalidation, the mechanism that replaces it.
Recipients of the data
TIMESPHERE may share personal data with third parties only as provided in this document and/or the applicable contract.
To learn more about the recipients, contact us at dpo@timesphere.com.
Service Provider
TIMESPHERE may share personal data with third parties providing a service:
- on behalf of TIMESPHERE in the context of the execution of the client contract (hosting, consulting, subcontractor, etc.) under the conditions provided for in the contract;
- to assist TIMESPHERE in the execution of the financial and administrative conditions of the contract (collection, billing, etc.);
- to carry out marketing communication on behalf of TIMESPHERE.
Distributors and/or sales partners
TIMESPHERE has developed a network of partners (distributors, editors, etc.) for several of its offers in order to help it supply and develop its products.
Depending on the offer that interests the contact or is likely to interest him/her, TIMESPHERE may share the contact information with a relevant partner.
TIMESPHERE subsidiaries
TIMESPHERE may share personal data with TIMESPHERE Group companies for the purposes mentioned in this policy if this is necessary for its realization (contract or application for a position in a subsidiary outside of Canada or France, etc.).
Public authorities
In some cases, TIMESPHERE may be required to share personal data in response to a request from a public authority, a subpoena or any other legal request under applicable laws.
In such cases, TIMESPHERE will provide the data necessary to comply with the request, including when TIMESPHERE believes in good faith that such sharing is necessary to protect your rights, ensure your safety or the safety of others, investigate fraud, or comply with a legal requirement.
TIMESPHERE’s cooperation with its clients and the supervisory authority
In accordance with local legislation and in compliance with its contractual obligations, TIMESPHERE undertakes to cooperate reasonably with its clients in order to help them meet their obligations.
In general, TIMESPHERE undertakes to cooperate with the local supervisory authority when necessary and to reasonably take into account its recommendations.
Privacy by design in products and services
When TIMESPHERE plans to develop a new service or offer and in its capacity as a publisher, it will make its best efforts to introduce from the beginning of this project the principles of personal data protection (“privacy by design”) and thus help its clients to comply with the requirements of the applicable regulations by specific functionalities and means.
Awareness of TIMESPHERE staff
All new employees at TIMESPHERE are required to undergo an awareness-raising course on the protection of personal data.
More generally, TIMESPHERE makes every effort to offer all its employees regular awareness training on the challenges of personal data protection.
More specific awareness-raising or training sessions may be carried out for employees who are required to handle personal data on a regular basis.
Governance of personal data protection
In order to manage the protection of personal data, TIMESPHERE has set up a dedicated governance structure.
A Data Protection Officer (DPO) has been appointed and declared to the relevant local supervisory authorities. The DPO leads this governance.
A strategic committee acts transversally on all of the company’s activities, supported by an operational committee composed of the DPO and the relays within TIMESPHERE.
Data processing registers
TIMESPHERE maintains two personal data processing registers:
- a register describing the processing carried out in its capacity as data controller;
- a register describing the processing carried out on behalf of and on the instructions of its clients who are responsible for the data processing.
These records are made available to the relevant local supervisory authorities upon request.
Contractual policy
TIMESPHERE has taken into account the mandatory contractual obligations under local legislation in all the clients and contracts affected.
Thus, contractual clauses specific to data protection and in compliance with applicable regulations have been introduced in particular in :
- license agreements (GTC/UG);
- contracts between TIMESPHERE and its own subcontractors.
Contact
For any question relating to this policy, you can contact our Data Protection Officer and send your request to dpo@timesphere.com.