Privacy Policy

1. Introduction

At TWO03 (“we”, “us”, or “our”), accessible via two03.com, we are committed to safeguarding the privacy and personal data of all individuals who engage with our website, services, and products. We recognize the fundamental importance of privacy as a human right and handle all personal data in accordance with applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the California Consumer Privacy Act (“CCPA”). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information and affirms our commitment to transparency and accountability in all data processing activities.

2. Scope of Policy and Data Controller Role

This Privacy Policy applies to all users of our website at two03.com, including registered account holders, newsletter subscribers, and other users who interact with our digital services. TWO03 is the data controller responsible for determining the purposes and means of processing your personal data. If you have any questions about our data processing activities, you may contact us at [email protected].

3. Categories of Data We Process

We may collect and process the following categories of personal data:

a) Usage Data: This includes information collected automatically when you interact with two03.com, such as your IP address, browser type, browsing behavior, device identifiers, referral URLs, and session duration.

b) Account Data: Information provided when creating or managing an account, such as your full name, postal address, email address, and phone number.

c) Profile Data: Includes user preferences, purchase history, feedback, product interests, and behavioral information regarding your interactions with our platform and services.

d) Communication Data: Records of your communications with us, including customer support inquiries, feedback submissions, and correspondence conducted through our contact forms or email.

e) Technical Data: Information about the device and technology used to access our services, including operating system, hardware specifications, network provider, configurations, and security features.

f) Transaction Data: Details of payments, billing address, order details, delivery status, and refunds associated with purchases made through two03.com.

g) Preference Data: Data concerning marketing communications, newsletter opt-ins/opt-outs, wishlists, and stated consumer interests or consent preferences.

4. Legal Bases for Processing

Under both GDPR and CCPA, we process your personal data only when we have a valid legal basis. These bases include:

– Contractual Necessity: Processing required to fulfill a contract with you, such as delivering purchased products or providing requested services.
– Legitimate Interest: Processing necessary for our legitimate business operations, such as improving our services or preventing fraud, provided your rights do not override those interests.
– Consent: When you have explicitly consented to processing, such as for receiving promotional emails or storing cookies beyond those essential for site functionality.
– Legal Obligation: When processing is required to comply with a legal obligation or enforce legal rights.

5. Your Rights

You have specific rights under applicable data protection laws. These include:

– Right of Access: You may request a copy of the personal data we hold about you.
– Right to Rectification: You can request correction of inaccurate or incomplete data.
– Right to Erasure: You may request deletion of your data, subject to our legal obligations or legitimate interests.
– Right to Restrict Processing: You may request limited processing in certain circumstances.
– Right to Data Portability: You may request a structured, commonly-used, machine-readable copy of your data for transmission to another service provider.
– Right to Object: You may object to processing under legitimate interest or for direct marketing purposes.

To exercise any of your rights, please contact us at [email protected]. We may require verification of your identity prior to processing such requests.

6. Security Measures

We employ industry-standard technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. These measures include:

– End-to-end data encryption during transit and at rest
– Role-based access control and authentication practices
– Regular security audits and risk assessments
– Secure server infrastructure and multi-layered firewalls
– Staff data protection training and confidentiality agreements
– Automatic backups and data redundancy protocols

7. International Transfers

When your personal data is transferred outside the European Economic Area or California, we ensure an equivalent level of protection by implementing safeguards such as Standard Contractual Clauses (SCCs), adequacy decisions, or binding corporate rules in compliance with GDPR and CCPA standards. In doing so, we ensure that data subjects’ rights remain enforceable and effective remedies are available.

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including:

– Account Data: Retained for the duration of your account and up to 12 months thereafter for potential reactivation or legal claims.
– Transaction Data: Maintained for up to seven (7) years to comply with tax and accounting regulations.
– Communication Data: Stored for up to three (3) years for quality assurance and dispute resolution purposes.
– Marketing and Preference Data: Retained until you revoke consent or opt out of communication.
– Usage and Technical Data: Anonymized and aggregated for analytical purposes within 24 months.

Upon expiration of retention periods, data is securely deleted or anonymized.

9. Cookie Policy

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies may be categorized as follows:

– Essential Cookies: Necessary for site functionality, such as authentication and shopping cart management.
– Functional Cookies: Enable enhanced features like remembering preferences and login details.
– Analytics Cookies: Help us understand usage patterns and improve user experience via tools like Google Analytics.
– Performance Cookies: Collect aggregated data on site performance to help us maintain operational effectiveness.

10. Cookie Management and Compliance

We comply fully with GDPR and CCPA regarding cookie usage. Upon first visit, you have the option to accept or reject non-essential cookies via our cookie banner. You can also manage your cookie preferences at any time through your browser settings or our cookie management interface. Users based in California can exercise their CCPA rights, including the right to opt-out of “selling” personal data, by using our designated opt-out tool on two03.com.

11. Children’s Privacy

We do not knowingly collect or process personal data from children under the age of 13. If you believe that we have inadvertently collected personal data from a minor without parental consent, please contact us immediately at [email protected] so we can take appropriate action.

12. Policy Updates and Notifications

We reserve the right to amend this Privacy Policy as needed in order to comply with evolving legal, regulatory, and operational requirements. If significant changes are made, we will notify users via prominent announcements on two03.com or by direct email where applicable. Users are encouraged to review this policy periodically to remain informed about our data practices.

13. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact:

Privacy Team
TWO03
Email: [email protected]

Conclusion

This Privacy Policy reflects our commitment to responsible data stewardship and compliance with the GDPR, CCPA, and other applicable privacy laws. Your trust is paramount, and we are happy to assist with any privacy-related concerns via [email protected].