Privacy Policy

1. Introduction

The company Takotime (a SAS with a capital of 1,500 euros, registered with the Marseille RCS under number 953 858 933, whose registered office is located at 7 Rue Yann de l'Ecotais, 13009 Marseille) operates the platform T-Race (hereinafter "the Site").

As the data controller, Takotime is committed to protecting the privacy of Site users, in accordance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), Law No. 78-17 of January 6, 1978 as amended (Data Protection Act), the e-Privacy Directive 2002/58/EC, and all regulations applicable in 2026.

2. Personal Data Collected

We collect the following personal data based on your use of the Site:

2.1. Registration and Account Data

• First and last name
• Email address
• Password (stored in encrypted form)
• Phone number (optional)

2.2. Race Registration Data

• Date of birth
• Gender
• T-shirt size (if applicable)
• Team name and composition (for team categories)
• Medical certificate or sworn statement
• Emergency contact information

2.3. Timing and Performance Data

• Transit times at various stations
• Any penalties
• Results and standings

2.4. Payment Data

• Payment information (credit card number, expiry date, CVV) is collected and processed directly by our provider Stripe. Takotime never stores your full banking data. We only keep a transaction reference (Stripe Customer ID, Invoice ID).

2.5. Technical and Navigation Data

• IP address
• Browser type and version
• Pages visited and timestamps
• Strictly necessary cookie data

2.6. Data Processed by Artificial Intelligence

• Voice or text data voluntarily submitted by the organizer during event configuration assistance (voice transcription, suggested race settings). This data is transmitted ephemerally to the AI provider and is not kept after processing, except for the configuration settings validated by the user.

3. Purposes and Legal Bases for Processing

4. Recipients and Subcontractors

Your personal data may be transmitted to the following subcontractors, who act on Takotime's instructions and in compliance with the GDPR:

4.1. Supabase Inc.

• Role: Database hosting, user authentication.
• Office: San Francisco, CA, United States.
• Guarantees: Data is hosted in data centers located in the European Union. Transfer of data to the United States is framed by the EU-US Data Privacy Framework (adequacy decision of the European Commission of July 10, 2023, confirmed in 2025). Standard Contractual Clauses (SCC) and additional security measures are also in place.

4.2. Stripe Inc.

• Role: Online payment processing.
• Office: San Francisco, CA, United States.
• Guarantees: Stripe is PCI-DSS Level 1 certified. Data transfer is framed by the EU-US Data Privacy Framework and Standard Contractual Clauses (SCC).

4.3. Vercel Inc.

• Role: Website hosting.
• Office: Covina, CA, United States.
• Guarantees: Transfer framed by the EU-US Data Privacy Framework and additional security measures.

4.4. AI Service Provider

• Role: Voice/text data processing for event configuration assistance.
• Guarantees: Data is transmitted encrypted (TLS), processed ephemerally, and is not used for model training. A Data Processing Agreement (DPA) compliant with Article 28 of the GDPR is in effect.

5. Data Transfers Outside the EU

As some of our subcontractors are established in the United States, personal data transfers outside the European Economic Area (EEA) may occur. These transfers are framed by:

• The EU-US Data Privacy Framework(adequacy decision of the European Commission).
• Standard Contractual Clauses (SCC) adopted by the European Commission.
• Additional technical security measures(encryption in transit and at rest, pseudonymization).

6. Retention Periods

7. Cookies and Trackers

7.1. Strictly Necessary Cookies

The Site uses cookies strictly necessary for the running of the service (authentication, session maintenance, security). These cookies do not require your consent in accordance with Article 5(3) of the e-Privacy Directive.

7.2. Non-Essential Cookies

No audience measurement, advertising, or profiling cookies are deposited without your prior free, informed, and specific consent.

7.3. Withdrawal of Cookie Consent

If you have consented to the deposit of non-essential cookies, you can withdraw your consent at any time by:

• Using the cookie management banner permanently accessible on the Site (link in the footer "Manage my cookies").
• Changing your browser settings to block or delete existing cookies.

Withdrawal of consent does not compromise the lawfulness of processing based on consent performed before withdrawal.

8. Your Rights

In accordance with the GDPR and the Data Protection Act, you have the following rights:

• Right of access (Art. 15 GDPR): obtain confirmation of data processing and receive a copy.
• Right to rectification (Art. 16 GDPR): correct inaccurate or incomplete data.
• Right to erasure (Art. 17 GDPR): request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18 GDPR): request suspension of processing in certain cases.
• Right to data portability (Art. 20 GDPR): receive your data in a structured, commonly used, and machine-readable format.
• Right to object (Art. 21 GDPR): object to the processing of your data for legitimate reasons, or prospecting purposes.
• Right not to be subject to an automated decision (Art. 22 GDPR): no decision producing legal effects concerning you is made on the sole basis of automated processing.
• Right to define post-mortem directives (Art. 85 Data Protection Act): define directives relating to the storage, erasure, and communication of your data after your death.

Exercising Your Rights

To exercise your rights, please send your request by email to: takotime.official@gmail.com

We commit to responding to your request within 30 days, in accordance with the GDPR. Proof of identity may be requested.

Complaint

If you consider that the processing of your data does not comply with the regulation, you can lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

• Website: www.cnil.fr
• Address: 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07

9. Data Security

Takotime implements appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access, including:

• Encryption of data in transit (TLS/HTTPS) and at rest.
• Enhanced authentication and role management (Row Level Security).
• Logging of access to sensitive data (audit logs).
• Regular security review of subcontractors.

10. Transparency on AI Use

In accordance with the European Union Artificial Intelligence Act (AI Act – Regulation (EU) 2024/1689):

• The AI functionalities used on the Site arelimited risk and aim exclusively at assisting organizers in event configuration.
• Any interaction with an AI system is reported clearly and visibly to the user.
• Data processed by AI is not used for profiling, scoring, or autonomous decision processing.
• The user can at any time disable AI assistance and proceed with manual configuration.

11. Policy Modifications

Takotime reserves the right to modify this Privacy Policy at any time. Any substantial modification will be notified to users by email or a visible notice on the Site. The last update date is indicated at the top of this page.

12. Contact

For any questions regarding the protection of your personal data, you can contact Takotime at the following address:

• Email: takotime.official@gmail.com
• Mail: Takotime – Data Protection, 7 Rue Yann de l'Ecotais, 13009 Marseille, France