Privacy Policy for two03.com

1. Introduction

At two03.com (“we,” “us,” or “our”), we are committed to maintaining the highest standards of privacy and data protection. We understand the importance of safeguarding your personal information and processing it in a transparent, secure, and lawful manner. This Privacy Policy outlines how we collect, use, store, disclose, and protect your data when you access or use our website and related services. We prioritize your privacy and strive to comply with applicable data protection regulations, including the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

2. Scope of this Policy and Controller Responsibilities

This Privacy Policy applies to all visitors, users, and others who access or use the services provided on two03.com (“the Website”). It governs all interactions in which we process personal data via the Website, including, but not limited to, communications, transactions, and usage.

For the purposes of the GDPR, two03.com is the Data Controller of your personal data. We are responsible for determining the purposes and means of processing such data.

For California residents, this Privacy Policy supplements your rights under the CCPA and describes your applicable rights under state law.

3. Categories of Personal Data Processed

We collect and process the following categories of personal data:

a. Usage Data
This includes data automatically collected when you interact with the Website, such as IP addresses, browser type, time zone setting, geographical location, operating system, referring URLs, pages visited, session duration, clickstream data, and other diagnostic data.

b. Account Data
When you create an account or provide information in order to use our services, we collect data such as your full name, billing/shipping address, email address, and phone number.

c. Profile Data
This may include user preferences, shopping history, behavior data, demographic details, and responses to surveys or questionnaires.

d. Communication Data
This includes records of your communications with our support or sales teams, including email correspondence, chat transcripts, requests, and inquiries submitted through contact forms.

e. Technical Data
We collect device-related information such as device type, hardware model, mobile/desktop version, operating system, and system configuration details relevant to your access to the Website.

f. Transaction Data
This refers to data related to purchases or service engagements made through two03.com, including payment identifiers (tokenized or encrypted), last four digits of card numbers, purchase history, delivery tracking numbers, and receipt information.

g. Preference Data
Includes marketing and communication preferences, language selections, opt-in/opt-out status for promotional materials, and indicated product or service interests.

4. Legal Bases for Processing

In accordance with the GDPR, we rely on the following legal bases to process your personal data:

– Consent: Where you have provided your clear and unambiguous consent for us to process your data for specific purposes (e.g., marketing emails).
– Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
– Legal Obligation: Where processing is required to comply with our legal or regulatory obligations.
– Legitimate Interests: Where processing is necessary for the purposes of our legitimate interests—such as website functionality, fraud prevention, and business analytics—provided those interests are not overridden by your data protection rights.

For California residents, the collection of personal data may constitute a “sale” under the CCPA. We do not sell your personal data for monetary gain.

5. Your Rights

Subject to applicable laws, you have the following rights concerning your personal data:

– Right of Access: Obtain confirmation on whether we process your personal data and receive a copy of it.
– Right to Rectification: Correct inaccurate or incomplete personal data that we hold about you.
– Right to Erasure (“Right to be Forgotten”): Request deletion of your data under certain circumstances.
– Right to Restrict Processing: Request that we limit the processing of your personal data where appropriate.
– Right to Data Portability: Obtain your personal data in a structured, commonly used, and machine-readable format and transmit it to another controller.
– Right to Object: Object to processing based on legitimate interest, direct marketing, or profiling.
– Non-Discrimination: We do not discriminate against consumers who exercise their CCPA rights.

To exercise any of the above rights, please contact us at [email protected].

6. Security Measures

We implement robust technical and organizational security measures to ensure the confidentiality, integrity, and availability of your personal data. These measures include but are not limited to:

– End-to-end encryption of personal data during transfer and storage
– Role-based access controls and regular audits of privileges
– Secure data storage with routine backups
– Network and application-level firewalls and intrusion detection systems
– Employee training programs on data protection obligations

Despite our efforts, no system is completely secure. We urge users to take their own precautions to protect personal data online.

7. International Data Transfers

If personal data is transferred from the European Economic Area (EEA) or the United Kingdom to countries outside these jurisdictions, we take steps to ensure an adequate level of protection through:

– The use of Standard Contractual Clauses (SCCs) approved by the European Commission
– Ensuring recipient entities are located in jurisdictions deemed to provide an adequate level of data protection
– Implementing further technical, legal, and organizational safeguards when necessary

8. Data Retention

We retain personal data for only as long as necessary to fulfill the purposes outlined in this Privacy Policy or comply with legal obligations. The following retention periods apply:

– Usage and Technical Data: stored for up to 12 months for analytics and performance evaluation
– Account and Profile Data: retained as long as your account is active and for a period of up to 36 months after closure
– Transaction Data: maintained for up to 7 years for accounting, audit, and compliance purposes
– Communication Data: stored for up to 24 months to support our customer service and legal records
– Marketing Preference Data: retained for 24 months from the last interaction unless you withdraw consent earlier

9. Cookie Policy

We use cookies and similar tracking technologies to enhance user experience, analyze performance, and deliver personalized content. The cookies we use include:

– Essential Cookies: Required for core website functionality; they enable navigation, access to secure areas, and session management.
– Functional Cookies: Improve usability, such as remembering login credentials and preferences.
– Performance and Analytics Cookies: Help us understand user behavior and optimize platform performance using tools such as Google Analytics.
– Marketing Cookies: Support the delivery of personalized marketing content and advertising based on browsing behavior.

10. Cookie Management and Compliance

Users can manage or disable cookie preferences via cookie consent banners or browser settings. In jurisdictions requiring prior consent (such as under the GDPR), non-essential cookies are only set with your active approval.

California residents may review and exercise their CCPA rights related to cookies, including opting out of the sale of personal data, via the “Do Not Sell My Personal Information” link, where applicable.

11. Children’s Privacy

Our Website and services are not directed toward children under the age of 13. We do not knowingly collect or solicit personal data from children. If we become aware that personal data has been collected from a child under 13 without verified parental consent, we will take immediate steps to delete such information. If you believe we have collected data on a child under 13, please contact us at [email protected].

12. Policy Updates and User Notifications

This Privacy Policy may be revised periodically to reflect changes in our data practices or legal obligations. Updates will be posted on two03.com and, where required, we will notify users through appropriate channels. Continued use of our Website indicates your acceptance of the revised policy.

13. Contacting Us

Should you have any questions, concerns, or requests related to this Privacy Policy or your personal data, you may reach us at:

Email: [email protected]
Website: https://two03.com

We are committed to upholding your privacy rights and will respond in a timely, transparent, and lawful manner in compliance with all applicable laws and regulations.