TODAY — Privacy
Privacy Policy
At TODAY, protecting your personal data is a priority. When you use the TO.DAY website (the "Site"), we may collect personal data about you. The purpose of this policy is to inform you about how we process this data in accordance with EU Regulation 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the "GDPR").
Effective date: 25 October 2021
1.
Who is the data controller?
The data controller is TODAY, a simplified joint-stock company registered with the Paris Trade and Companies Register under number 893 977 124, with its registered office at 12 Place des Victoires - 75002 PARIS ("We").
2.
What data do we collect?
Personal data is data that identifies an individual directly or in combination with other data.
We collect data in the following categories:
• Identification data (including your name, email address, postal address, phone number);
• Possibly, connection data (including IP address).
Mandatory data is indicated when you provide your data. It is marked with an asterisk and is necessary to provide our services.
3.
On what legal bases, for what purposes, and for how long do we retain your personal data?
| Purposes | Legal basis | Retention periods |
|---|---|---|
| Building a client and prospect database | Our legitimate interest in developing and promoting our business | For clients: throughout the contractual relationship. For prospects: 3 years from your last contact, for prospecting purposes. |
| Sending newsletters, solicitations and promotional messages | Our legitimate interest in retaining and informing our clients and prospects | 3 years from your last contact with us. |
| Responding to your information requests | Our legitimate interest in responding to your requests | For the time necessary to process your request, then deleted once the request is handled. |
| Managing the exercise of rights requests | Our legitimate interest in responding to your requests and keeping a record | Identity proof: only for the time needed for verification, then deleted. Right to object to prospecting: 3 years. |
4.
Who has access to your data?
The following parties will have access to your personal data:
- Our company staff;
- Our subcontractors: hosting provider, newsletter sending provider;
- Where applicable: public and private bodies, solely to comply with our legal obligations.
5.
Can your data be transferred outside the European Union?
Your data is stored throughout the processing period on Amazon Web Services servers located in the European Union.
Through the tools we use, your data may be transferred outside the EU. Such transfers are secured through:
• Countries covered by an adequacy decision of the European Commission (Art. 45 GDPR);
• Countries without recognised adequate protection: in such cases, appropriate safeguards apply (standard contractual clauses, binding corporate rules, approved certification mechanisms);
• Transfers based on the appropriate safeguards described in Chapter V of the GDPR.
6.
What are your rights over your data?
You have the following rights regarding your personal data:
- Right to information: provided for in Articles 13 and 14 of the GDPR.
- Right of access: access all your personal data at any time (Art. 15 GDPR).
- Right of rectification: correct inaccurate, incomplete or outdated data (Art. 16 GDPR).
- Right to restriction: obtain restriction of processing in certain cases (Art. 18 GDPR).
- Right to erasure: request deletion of your data on grounds set out in Art. 17 GDPR.
- Right to lodge a complaint with the CNIL if you consider the processing to be in breach of applicable law (Art. 77 GDPR).
- Right to define directives on the retention and communication of your data after death (Art. 40-1 French Data Protection Act).
- Right to withdraw consent at any time for consent-based processing (Art. 7 GDPR).
- Right to data portability: receive your data in a machine-readable format (Art. 20 GDPR).
- Right to object to the processing of your personal data (Art. 21 GDPR).
7.
What cookies do we use?
We only use cookies that are strictly necessary for the operation of our site.
8.
Personal data contact
Email: data@to.day
Postal address: TODAY, for the attention of the Data Protection Officer, 12 place des Victoires, 75002 Paris, France
9.
Changes
We may modify this policy at any time, in particular to comply with regulatory, case law, editorial or technical developments. Changes take effect on the date the updated version comes into force. You are invited to regularly consult the latest version of this policy. We will notify you of any significant changes.