https://www.timatis.com
Overview
Examples
Map-o-matic
Documentation
Sign in

Privacy policy

Last updated: 12 July 2023

This Privacy Policy outlines the manner in which we collect, use, and protect your personal data. By accessing and using the timatis.com website, creating an account, and utilizing our services, you acknowledge and agree that your personal data will be processed in accordance with the provisions set forth in this Privacy Policy. This Privacy Policy is intended to supplement and complement our Terms and Conditions.

Jurisdiction

This web site and its related services are operated by Timatis UG (haftungsbeschränkt), a limited liability company subject to the laws of Germany. Contact details can be found on our contact page.

Data collection

As the operator of this website, we act as the data controller for the personal information collected, processed, and stored in accordance with the EU's General Data Protection Regulation (GDPR). We collect personal data that is either necessary for the performance of a contract, to fulfill our contractual obligations, or to respond to the messages and inquiries you send to us. Additionally, we may process personal data based on our legitimate interests in operating this website, as explained in the following sections.

Visiting timatis.com

When you visit timatis.com, our system automatically collects and stores certain information in log files, including your internet protocol (IP) address and other protocol headers that your web browser sends to our servers. This information, including IP addresses, is considered personal data. The purpose of collecting this information is to ensure the proper functioning of the website and to assist in diagnosing and resolving technical issues that may arise. This information is not used to analyze individual visitors and is automatically deleted after 7 days. The collection of this data is crucial for the operation of the website, e.g. to detect anomalies caused by high traffic, fraud, or other malicious attacks. The legal basis for processing this data is our legitimate interest, as outlined in Article 6(1)(f) of the EU General Data Protection Regulation (GDPR), which is to protect our services against malicious activities.

When displaying map data on our website, we may utilize a content delivery network (CDN) to distribute the map data globally for fast retrieval by visitors. This involves the disclosure of your IP address and protocol headers to the CDN provider. We have a data processing agreement (DPA) in place with our CDN provider to ensure the protection of your personal data. Please refer to the list of our data processors provided below. The legal basis for using a CDN is our legitimate interest, as stated in Article 6(1)(f) of the EU GDPR, which is to provide a responsive web experience for visitors of our site.

Personal account and sign-in process

To provide you with access to our services and enable account-specific functionality on timatis.com, we offer the option to create an account using third-party authenticators, also known as "social login." When you choose to sign in with a third-party authenticator platform, they will handle the sign-in process and verify your identity to us. This means that you will be redirected to the chosen third-party platform, where your identity will be authenticated, and relevant personal data will be shared with us based on your privacy settings at that third party. It is important to note that you will be subject to the terms and conditions, as well as the privacy policy of the third-party authenticator.

The personal data we collect from the authenticator are the following:

  1. Your user ID.
  2. Your e-mail address.
  3. Your full name.
  4. A link to your profile picture.

From this data set, we store items 1 and 2 on our servers. Items 2, 3, and 4 are temporarily stored in an encrypted session cookie on your computer. Please refer to the section below for more information about cookies.

We utilize your name to personalize our interaction with you on relevant parts of our website, and your profile picture is displayed in the header bar as an indication that you are signed in. Your e-mail address is used to send you important account-related information, such as notifications regarding your subscription quota if applicable. Additionally, your user ID serves as a unique identifier that allows us to associate your account at our services with your account at the chosen authenticator, even if your e-mail address or name undergoes any changes.

The legal basis for processing this data is Article 6(1)(b) of the GDPR, as the creation of an account is necessary to facilitate the purchase of a subscription or the initiation of a subscription trial, thereby establishing a contractual relationship between you and us.

Account deletion

If you decide to delete your account on timatis.com, you can do so by visiting your account page and clicking on the red button labeled "Delete account." It's important to note that deleting your account does not immediately remove all your account data. Here are some key points regarding the account deletion process:

  1. Account Deletion Process: When you initiate the account deletion process, your account data will be marked for deletion. However, certain data may still be retained for a limited period for legal and legitimate business purposes.
  2. Subscription Continuation: If you have purchased a subscription, it will remain active and usable until the end of the current billing cycle, even after initiating the account deletion process. You will still have access to the subscription benefits during this time.
  3. Account Reactivation: Should you choose to do so, you can re-activate your account at any point after deleting it.
  4. Retention of Data: Even after your account data has been deleted, we may retain a certain amount of personal data for specific purposes that are lawful and necessary for our business operations. For example, we may retain invoices and purchase records at our payment processor, Stripe, Inc., for accounting and tax purposes. Additionally, we may retain your e-mail address and user IDs to ensure the security of our services.

The retention of data will be conducted in compliance with applicable laws and regulations and with due consideration for your privacy rights. Please refer to the sections below for further information regarding payments and data security.

Cookies

Cookies are small data blocks created by a web server and placed on your computer by your web browser during your browsing experience on the timatis.com website.

Please note that unless you sign in to timatis.com, no cookies are created by our web servers. However, if you successfully sign in, we will generate a session cookie named "s." This cookie is non-persistent, meaning it is deleted immediately when you close your web browser. The purpose of this cookie is to enable user authentication and authorization, allowing access to account-specific parts of the website. The session cookie is encrypted and can only be read by our web servers. It contains the following personal data:

  1. Your Timatis account ID.
  2. Your e-mail address.
  3. Your full name.
  4. The link to your profile picture.

In addition, we create another session cookie "o" for security reasons for the duration of the sign-in process. It contains cryptographic information to secure the process against replay and cross-site request forgery attacks.

As mentioned, the session cookies are a technical requirement for proper authentication and authorization. Without these cookies, the website would not be secure and in particular the account-related functionalities cannot work. No cookie is shared with any third party and is only exchanged between your computer and our servers. The legal basis for our use of cookies is derived from applicable local laws and Article 6(1)(b) of the GDPR, as user identification is necessary to fulfill contractual obligations, such as payments, and to secure access to your personal account data.

Contact form

This website provides a contact form as an alternative means of communication, allowing you to send messages to us without using an e-mail client. The contact form only requires the actual message text, and no other data is collected as a mandatory requirement. If you are signed in to your account, your e-mail address will be automatically included in the message so that we can respond to you. However, if you are not signed in, it is necessary for you to manually include your contact information in the message.

When you submit the contact form, the message is sent via e-mail to our e-mail service provider, Proton AG, located in Switzerland. Please refer to the list of our data processors below. The legal basis for processing the data you provide is Article 6(1)(f) of the EU GDPR, as we need to process the data in order to respond to your message. If your message pertains to our services and products, Article 6(1)(b) of the GDPR applies accordingly.

Please note that we will protect any personal data provided through the contact form in accordance with this privacy policy. The data submitted via the contact form will be retained only for as long as necessary to fulfill the purpose of your communication or as required by law.

Payments and subscription management

If you choose to purchase a subscription or make one-time payments for API requests, we utilize the services of a specialized payment processing company, Stripe, Inc., to handle the transaction. In order to facilitate this process, we share the following data about you with Stripe:

  1. Your Timatis account ID.
  2. Your e-mail address.

These pieces of information are necessary to associate our account information with Stripe's system. It is important to note that payment and address information are collected, processed, and stored directly by Stripe, Inc. We do not store any payment information, such as credit card numbers, on our own systems.

You can access and update subscription plan changes, invoices, and payment information through a customer portal operated by Stripe, Inc., accessible from your account page on timatis.com. We have a data processing agreement (DPA) in place with Stripe, Inc. to ensure the protection of your personal data. Stripe, Inc. is based in the United States, and data transfers to Stripe are additionally safeguarded by Standard Contractual Clauses which ensure compliance with the EU's data protection standards. For more information please refer to the list of our data processors below. The legal basis for processing the data you provide is Article 6(1)(b) of the EU GDPR, as payment processing is necessary for the performance of our contractual obligations.

Your rights

Subject to applicable law, you have certain rights regarding your personal information. These rights include:

  • The right to know if we have personal information about you and to request copies of such information and details about how it is processed.
  • The right to request the correction of any inaccurate personal information we hold about you.
  • The right to request the deletion of personal information that is no longer necessary for the purposes for which it was collected, processed based on withdrawn consent, or processed in violation of applicable legal requirements.
  • The right to request the restriction of the processing of your personal information in certain circumstances, such as when the processing is inappropriate.
  • The right to object to the processing of your personal information.
  • The right to request the portability of personal information that you have provided to us, where the processing is based on your consent or a contract with you and is carried out by automated means.

To exercise any of these rights, please contact us through our contact form or send an e-mail to privacy@timatis.com.

We will respond to your request within one month of receipt, though in some cases this period may be extended as permitted by law. Exercising these rights is free of charge, but please note that in cases of requests that are manifestly unfounded or excessive, we may charge a reasonable fee or refuse to act on the request.

Additionally, you have the right to lodge a complaint with a supervisory authority as defined in Article 4(21) of the GDPR, if you believe that your rights regarding your personal information have been violated.

Service providers and data processors

To support us in delivering our services, we may engage the services of third-party service providers who assist us with various data processing activities. These service providers act as our data processors and process personal data on our behalf. They are bound by contractual obligations and are required to implement appropriate technical and organizational measures to ensure the security and confidentiality of the data they process.

We carefully select our service providers and enter into data processing agreements (DPAs) with them to ensure that they handle personal data in accordance with applicable data protection laws and regulations. These agreements outline the specific responsibilities and obligations of the service providers regarding the processing of personal data.

We regularly assess the security and privacy practices of our service providers to ensure that they continue to meet our standards and comply with applicable data protection requirements.

The current list of our data processors can be found below:

Amazon Web Services, Inc.
  • Purpose: Cloud service provider
  • Data: Account data, log files, e-mail delivery
  • Entity country: United States
  • Data transfer guarantees: Standard contractual clauses, data processing agreement
  • More information: https://aws.amazon.com/compliance/gdpr-center/
Stripe, Inc.
  • Purpose: Payment processing service
  • Data: Payment details and invoices
  • Entity country: United States
  • Data transfer guarantees: Standard contractual clauses, data processing agreement
  • More information: https://stripe.com/legal/privacy-center
Proton AG
  • Purpose: E-mail provider
  • Data: E-mails
  • Entity country: Switzerland
  • Data transfer guarantees: Data processing agreement
  • More information: https://proton.me/legal/dpa
BUNNYWAY, informacijske storitve d.o.o.
  • Purpose: Content delivery network
  • Data: Map data
  • Entity country: Slovenia
  • Data transfer guarantees: Data processing agreement
  • More information: https://bunny.net/gdpr/

Please note that we may update this list from time to time as we engage new service providers or make changes to our existing partnerships. We will make reasonable efforts to notify you of any significant changes to our data processors that may affect the processing of your personal data.

Timatis as a data processor

If you enter into a contract with us and become our customer by purchasing a subscription to our services or starting a subscription trial, and you choose to embed our map data into your website, we will serve map data on your behalf to the visitors of your website. In this context, we act as a data processor while you are the data controller.

To ensure compliance with the General Data Protection Regulation (GDPR), we provide a GDPR-compliant Data Processing Agreement (DPA) that outlines our commitments as a data processor. This DPA is an integral part of our terms and conditions and is automatically applicable to all our customers.

The DPA sets out the specific obligations, responsibilities, and rights of both parties regarding the processing of personal data. It includes provisions regarding data security, confidentiality, data transfers, sub-processors, and data subject rights. By entering into a contract with us, you are deemed to have accepted the terms of the DPA.

We take the protection of personal data seriously and strive to ensure that our data processing activities comply with applicable data protection laws and regulations. Our DPA reflects our commitment to maintaining a high standard of data protection and privacy.

For further information or to review our DPA, please contact us using the contact details provided in this privacy policy or refer to the relevant section in our terms and conditions.