Last updated on 13 March 2019
1. Our commitment to Protecting Your Data
Amaury Sport Organisation (A.S.O.), a limited company with a capital of €61,200,240, registered with the Nanterre Trade and Companies Register under number 383 160 348, with its headquarters at 40-42 Quai Point du Jour, 92100 Boulogne-Billancourt (hereinafter "We"), collects and processes data in order to allow the user (hereinafter "You") optimal use of the website www.timeto.com (hereinafter the "Site") and the Services provided on the Site.
A.S.O. knows that You value how Your Personal Data is processed and recognizes the importance of protecting Your privacy.
In this Policy, words or phrases beginning with a capital letter refer to terms defined in the Terms and Conditions of Use and, failing this, shall be defined in accordance with Article 4 of Regulation (EU) 2016/679 (known as the "GDPR"):
Personal data: refers to any information relating to an identified or identifiable natural person (hereinafter referred to as the "data subject"); an "identifiable natural person" is a natural person who can be either directly or indirectly identified, most notably by reference to an identifier, such as a name, ID number, location data, online username, or one or more specific details relating to their physical, physiological, genetic, psychological, economic, cultural or social identity;
Rules: refers to the sporting rules and the terms and conditions applicable to the organization of an Event.
Applicable regulations: refers to the French Data Protection and Freedom of Information Act no. 78-17 of 6 January 1978 as amended by law no. 2018-493 of 20 June 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and any other applicable regulations regarding the protection of personal data.
"Data controller" refers to the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purpose and means of the processing. In the present case, A.S.O. may, depending on the case, be considered the Data Controller.
"Data Processor" refers to the natural or legal person, public authority, service or other body that processes personal data on behalf of the controller. A.S.O. may act as Data Processor when organizing events on behalf of other Organizations, for example.
"Consent" from the data subject means a freely given, specific, informed and unambiguous expression of intent whereby he or she agrees, through a statement or a clear affirmative act, to their personal data being processed.
The terms "You", "Your" and "Yours" refer to You as a user of the Site or as the parent or legal guardian (over 18 years of age) of the user, if said user is a minor in their country of residence.
3. Data and information collected
When using the Site, You will be required to provide us with a certain amount of data and information directly, in particular at the time of completing Your registration. Some of this data can be used to directly or indirectly identify You and is therefore personal data.
3.1 Personal data collected by A.S.O. and its hosting provider ACTIVE
By using the Site, You acknowledge that We directly collect and treat the following Data:
3.2 Mandatory Declarative Data on the Site
This is the Data that You, the Site User, give to Us when creating an account on the Site. The mandatory nature of the Data is indicated to the User by an asterisk. Data not preceded by an asterisk is considered optional.
In particular, the following Declarative Data is considered mandatory, bearing in mind that this list is subject to change in accordance with A.S.O.'s legal, technical and organizational obligations.:
- Last name;
- First name;
- Date of birth;
- Email address;
You will also be required to create a login and password used to identify You when You access certain parts of the Site.
Providing this Data is necessary and mandatory for us to be able to register You on the Site.
3.3 Optional Data on the Site
This involves personal data not necessary for Your registration on the Site, but which You can provide us if You wish. Examples include Your nationality
- Your postal address
- Your mobile number
- Information on who to contact in the event of an emergency, should an incident occur while attending an Event.
- Your photos
To improve Your User experience or to receive personalized services, You may provide us with information related to Your sport and Your preferences: Sports practised, training frequency, use of apps, participation in events, materials and equipment used, etc.;
3.4 Event Registration Data
We may collect additional data specific to Your enrolment in an Event. We recommend that You read the Event Rules and Additional Terms and Conditions carefully for further details.
The recipients of this Personal Data are the Seller or the Event Organizer, with A.S.O. acting simply as Data Processor within the meaning of the GDPR.
We may also collect Data about You indirectly:
3.5 Connection Data
As You browse, We may collect personal data about You when You visit Our Site or Our mobile or third-party apps. This can include:
- Information about the browser You are using
- Information about the operating system You use
- the IP address of the device You are using
- The pages You view
- The links You click when You interact with the Site.
3.6 Information relating to use of the Site.
We may collect Data on the use of Services provided through the Site, and in particular Your interaction with Our Services, the number of Event registrations, and the Events' sporting results. We remind you that Your results from the events in which You participate are published by sports federations as an official federal ranking. As a result, the results become public data.
3.7 Transaction Data
When ordering a product or service, Our payment provider, ACTIVE, collects and processes the Data regarding Your payment method (debit/credit card number, expiry date and security code). Your bank details will not be kept unless You have given Your Consent at the time of the transaction.
Your payment method is never sent unencrypted on the networks. When You give us this information during Your transaction, the numbers are encrypted using a security protocol.
A.S.O. can act as both Data Controller and Data Processor, as defined below:
- A.S.O. acts as Data Controller when Your transaction concerns the provision of a product or service by A.S.O.;
- A.S.O. acts as Data Processor when performing the transaction on behalf of a Seller or an Organizer of a sporting event other than A.S.O.
4. Use of Your Personal Data
4.1 Purpose of use
Data collected as part of Your use of the Site is subject to processing for the following purposes:
4.1.2 Creating, managing and accessing Your account;
4.1.3 Providing the information and Services requested, so that You may register for Events on the Site, and to allow the sale of products and services on the Site;
4.1.4 Processing, monitoring and managing Your Event registrations;
4.1.5 Offering personalized services based on the information provided on Your profile, including advice and training programs;
4.1.6 Debt recovery, combating fraud;
4.1.7 Managing, amending and improving the Site and Our Services;
4.1.8 Sending emails or posting messages on the Site to provide You with:
- confirmation of Your account creation;
- information, announcements and updates relating to the Site;
- confirmation of Your username and password;
- newsletters about Our activities;
- Information to correct account errors.
4.1.9 Sending emails and text messages, in accordance with the applicable legal provisions and with Your consent, in order to:
- provide information, announcements and updates related to the Event for which You have registered;
- tell You about Events that may interest You, based on the interests entered on Your profile
- send You promotional offers, advertisements or other commercial communication from partners of our Site or Events.
4.1.10 Notifying You of Your results, sending You Your certificates;
4.1.11 Collecting information, in particular through polls, surveys and questionnaires that We send to You. You can manage Your participation in these surveys or questionnaires at all times by disabling invitations to take part on Your profile;
4.1.12 Managing marketing and the promotion of Our Services;
4.1.13 Allowing Site users to communicate with each other;
4.1.14 Organizing lotteries and competitions and allowing You to register and participate in them,
4.1.15 Enabling any other purpose specified at the time of Data collection and for which Your Consent is requested.
4.2 Recipients of Personal Data
The Data collected during Your registration allows Your profile to be created. This Data may be sent to the following parties:
- Organizers of Events offered on the Site. This helps to ensure optimal organization of the Event and to confirm Your participation in it.
In these cases, the Organizers are the Data Controllers and A.S.O. is their Data Processor;
- Commercial partners of the Site, for which You have given Your consent. They use this Data to offer You products and/or services, alone or jointly with A.S.O., or for marketing and/or advertising purposes;
- Data Processors with whom A.S.O. works, for technical, commercial, legal and financial services. This allows them to provide You with Services including Data hosting and transactions. Data Processors act on behalf of A.S.O. and in accordance with Our instructions.
4.3 Responsibilities of the Data Controller and Data Processors.
The Event Rules stipulate that the Event Organizer(s) will act as Data Controllers for the information You provide when registering for an Event (Registration Process), or when purchasing products or services on the Site.
The Event Organizer is therefore considered to be the Data Controller as defined in the Event Rules and in the Additional Terms and Conditions of Use. The Organizer undertakes to comply with applicable regulations in terms of the protection of personal data and in particular with the GDPR.
The Organizer undertakes to:
- Process Your Data for the purposes described in Article 4 "Use of Your Personal Data" and in the Additional Terms and Conditions of Use, where applicable;
- Limit the access of employees and authorized staff strictly to the data they need in the context of their specific aims;
- Enter into contracts with data processors that are likely to access, host and/or process some of Your Data, provided that they comply with the regulations in force regarding the protection of personal data and any laws applicable to cybersecurity.
All data processors shall act on behalf of the Data Controller as defined in the Event Rules and according to their instructions. Data processors shall guarantee the protection, security and confidentiality of Your Data, in compliance with this Policy and any applicable personal data protection and cybersecurity laws.
5. The Importance of Your Consent
We do not sell or rent any Data to third parties, We use Your Data in strict accordance with the applicable personal data protection law. You alone remain responsible for the use we make of Your Personal Data by giving or withdrawing Your consent at any time.
5.1 When You register for an Event organized by a third party where A.S.O. is not involved in the organization, You authorize Us to transmit the Data on Your profile to this third party. In this case, the third-party Organizer becomes the data controller and A.S.O. acts as processor for the purposes of the Applicable Regulations.
The Third-Party Organizer and A.S.O. are liable to You for compliance with the applicable Regulations.
5.2 In connection with Your use of the Site, when You choose to make Your profile public by logging into the MY INFORMATION area, You consent to other Site users freely accessing Your profile, which may contain personal information. You may decide to make Your profile inaccessible to the public at any time by logging into the MY INFORMATION area and changing the "view my profile" setting. Your profile will become private.
5.3 By registering and participating in a Sports Event, You understand and agree that Your activity, results and athletic performance may be published by the Event Organizer. You can always choose for Your results not to be published when You register for an Event.
Because the Site is hosted by our provider ACTIVE, and is an SSO platform, as explained in our Terms and Conditions of Use, once You have consented to the publication of Your results, You are liable to find all Your results on the "ACTIVE passport" site. IF YOU PREFER YOUR RESULTS NOT TO BE PUBLISHED AND WOULD LIKE THEM TO BE REMOVED, YOU MUST CONTACT THE EVENT ORGANIZER DIRECTLY BEFORE THE EVENT
A.S.O. is not responsible for the publication or removal of this information when the Event is organized by a third party.
5.4 If You have consented by ticking the respective box on the Site when registering for an Event, You may well receive promotional offers by phone and/or post and/or email and/or SMS:
- From A.S.O. regarding products and services available on the Site. In this context, A.S.O. can send You messages on behalf of a third-party Organizer.
- From partners of the Site and/or A.S.O., to whom Data may be communicated and released for commercial marketing purposes
- From the Organizer
- From the Organizer's partners, where applicable.
You can change Your preferences at any time by logging into Your profile.
Your consent to receiving this type of message is handled directly by the Organizer. A.S.O. may not be held liable in this regard.
5.5 We may, upon request, pass on Your Personal Data to judicial authorities or any other authority that requests it and is authorized to do so in accordance with applicable regulations and data protection law.
6. Retention of Personal Data
6.1 The life cycle of Your Data
Data is retained for the entire legal duration required.
6.1.1 Generally speaking, A.S.O. will keep Your Data for the duration of Your activity on the Site and for three (3) years following Your most recent use (account login, participation in an event, purchase made on the website, etc.).
At the end of this three (3) year period, A.S.O. will send You a reminder by email. If there is still no action or response from You, A.S.O. will proceed with the deletion of Your account and all Your Personal Data at the end of the month following our email reminder.
6.1.2 If You delete Your profile on Our Site, We undertake to delete Your Data and information within (30) days of the profile being deleted from all Time To and ACTIVE platforms. You will have nothing to do.
Your Data is then archived by A.S.O. with very limited access, for an additional period, for reasons limited and authorized by law (payment, warranty, litigation, etc.) or for any other purposes specified in the Terms and Conditions of Use and Sale. After this legal period, Your Data will be deleted.
6.1.3 We keep Your payment ID for a maximum period of thirteen (13) months.
6.2 Where and how is Your Data kept?
The Data We collect is held and hosted by ACTIVE, a company specializing in the management of online registrations. The servers hosting Your Data are located outside the European Union, in the USA. A.S.O. has ensured that ACTIVE provides all the necessary guarantees for protecting Your Data, in compliance with any applicable laws regarding to the protection of personal data and cybersecurity.
In general, You expressly agree that Your Data may be sent to an Organizer and/or data processing service providers located outside the European Economic Area, for the purposes of providing the Services, conducting statistical studies, supporting users, hosting Data, or organizing an Event when it takes place outside the European Union.
For any processing that falls under Our responsibility, We undertake and impose on the Organizer that these transfers take place under conditions that ensure the confidentiality and security of the data, as well as an adequate level of protection in line with Articles 32 and 36 of the GDPR.
7. What are Your rights in terms of Data protection?
7.1 How can You exercise Your data protection rights?
Pursuant to the applicable regulations on the protection of Personal Data and particularly French Data Protection Act no. 78-17 as amended by law no. 2018-493 dated 20 June 2018, and Regulation (EU) 2016/679, You have the right to access, rectify, oppose and delete Your Data, the right to restriction of processing and the right to data portability, in accordance with Articles 15 to 21 of the GDPR:
- By contacting A.S.O. for Your Account Data
- By contacting the Organizer for Data relating to Your participation in an Event.
With regard to A.S.O., You can exercise all Your rights by filling in the form requesting to exercise Your rights, which You can access by clicking here: form
Once You have completed the form and attached the requested documents, it will be automatically sent to the address DPO@amaury.com
You can also request to exercise Your rights by email at the following address:
DATA PROTECTION OFFICER AMAURY
40-42 Quai du Point du Jour,
Right of access: You can request access to Your Data and obtain all the information We hold about You in an accessible and readable format.
Right to rectification: You may request to modify, correct or update any Data about You that is inaccurate or incomplete. You have the option to change some of Your Data directly by accessing Your profile.
Right to erasure (right to be forgotten): You can request the deletion or removal of all or part of Your Data free of charge, within the limit of the obligations that apply to Us, in accordance with the Applicable Regulations.
Should You wish to delete any of Your Data on Your account, please be advised that this deletion can only take place once the Event for which You are registered has taken place. Otherwise, the Organizer will not be able to usefully communicate with You to give You the information You need for the Event or to provide You with Services, which You acknowledge and thus release the Organizer from any and all responsibility.
Right to restriction of processing: You can ask Us to stop processing some of Your data, for example Your photographs.
Right to object: You have the right to object to the processing of Your Personal Data at any time.
Right to data portability: You have the right to obtain Your Data in an easily reusable format.
Post-mortem right: You also have the right to give instructions regarding the storage, deletion and communication of Your Data after Your death. These rights will be exercised by Your beneficiaries.
You are advised that a copy of Your I.D. will be required to verify Your identity. This information will be destroyed as soon as A.S.O. has processed Your request in full.
A.S.O will respond to Your requests to exercise these rights within the legal period of thirty (30) days following the receipt of Your I.D., provided that Your application is complete. Any request from You that does not provide us with all the necessary information enabling us to process it within the legal period will halt this period and extend it until all the necessary documents are obtained.
Finally, You have the right to lodge a complaint with the Commission Nationale Informatique et Libertés.
7.2 How can You exercise Your right to object to unsolicited marketing?
You also have the right to object to unsolicited marketing.
7.2.1 If You are affected by telephone marketing, You can object to the use of Your phone number by signing up for free on the website www.bloctel.fr
7.2.2 If You are affected by email marketing, You can change Your preferences by logging into Your profile or unsubscribing from newsletters by clicking on a dedicated link in each newsletter.
7.2.3 If You are affected by SMS marketing, You can unsubscribe by sending the message "STOP SMS" to 36007.
We will process Your requests within a maximum of 48 (forty-eight) working hours, except for requests sent by post, which require a processing time of 8 (eight) days.
You can exercise these rights by sending
- A letter to Informatique et Libertés. A.S.O. 40-42 Quai du Point du Jour, 92100 Boulogne Billancourt, France
- An email to the address firstname.lastname@example.org
The contact details for the A.S.O. Data Protection Officer are as follows: DPO@amaury.com
8. How do We protect Your Data?
In accordance with the Applicable Regulations on the protection of personal data, We take all appropriate technical and organizational measures to ensure Your Data is protected. We impose the same level of restriction on the providers We work with.
You are responsible for the confidentiality of the username and password that You choose when signing up to the Site.
You agree to take any necessary confidentiality and protection measures to guarantee access to Your account, and not to disclose this username or password to third parties.
You will be notified of the publication of the new Policy on the Site homepage or by email. We recommend that You read it regularly to stay abreast of any changes.