Who are we?
This website is owned, controlled and operated by 2theloo Holding B.V. (hereinafter referred to as ‘2theloo’ or ‘we’), whose registered office is at Jan Evertsenstraat 759, 1061 XZ, The Netherlands.
Who does it concern?
This privacy statement concerns all people involved, for example but not limited to:
a. (potential) clients/vistors of 2theloo;
b. (potential) partners of 2theloo;
c. (potential) suppliers of 2theloo;
d. visitors of the 2theloo website;
e. applicants of 2theloo;
f. other persons who contact 2theloo or whom 2theloo processes personal data of, with the exception of 2theloo’s own employees.
Processing your personal data
2theloo processes personal data, which:
a. a person provided him/herself (during a meeting or event), by phone, digital (via e-mail or online form), for example his/her contact details;
b. is requested by 2theloo at external parties with prior consent of the personal data provider;
c. is collected during a 2theloo website visit, for example the IP address and the visitor’s browsing behavior regarding the first, recent and current website visit;
d. is recorded as camera images while visiting a 2theloo store. The cameras are positioned in the public areas of the 2theloo locations with the purpose to assist during emergency situations and to guarantee safety for both 2theloo customers and employees. 2theloo operates according to the legal guidelines for camera images.
Purposes of processing personal data
2theloo processes personal data for the following purposes:
a. relation management; for example the newsletter, invitations for company events, special deals or information the person involved requested him/herself or gave his/her consent for;
b. improvement of the company website
c. user statistics regarding the amount of website visitors per day, the duration of the visit and the visitor’s browsing behavior. It concerns generic reports, which do not include traceable data to an individual person;
d. recruitment of (potential) candidates for vacancies within 2theloo;
e. necessity for compliance with a legal obligation to which 2theloo is subject.
Lawful basis for processing
2theloo processes personal data according to one of the following lawful basis of the General Data Protection Regulation (GDPR):
a. consent of the personal data provider. Consent may be withdrawn at any time, without influencing legality of processing personal data during the period of time the consent by the personal data provider was given;
b. performance of a contract, for example a cooperation between 2theloo and an external partner or supplier;
c. legal obligation, for instance recording personal data for compliance with local law and legislation;
d. legitimate interests, for instance the use of contact details for company events, newsletter, always with a voluntary opt-in by the personal data provider.
Protection of your personal data
2theloo takes the protection of your personal data very serious and takes every effort to protect your personal data from misuse, interference, loss, unauthorized access, modification or disclosure. Our systems and software are secured and we operate with internal procedures to make sure only authorized persons have access to your personal data. Our employees have signed a confidentiality clause within their employment agreement.
You should be aware that you are responsible for the security of your computer and/or phone and your own internet connection, and that it is never 100% secure. The transmission of personal data through the internet is therefore at your own risk.
Subprocessing personal data
2theloo makes use of external partners for certain business processes which involves personal data. These external partners processes your personal data according to the (legal) guidelines 2theloo instructed them with, which are captured in a data processing agreement according to the General Data Protection Regulation (GDPR).
Sharing personal data
2theloo shares personal data with third parties in case it concerns a legal obligation. 2theloo does not use your personal data for any commercial purposes.
Transmitting personal data outside EEA
2theloo does not transmit personal data to or store personal data in a country outside the European Economic Area (EEA) or makes personal data accessible for a non-EEA country, unless the country ensures an adequate level of protection or if an applicable provision of the General Data Protection Regulation (GDPR) requires it to process the relevant data.
2theloo collects personal data according to the legal retention periods:
a. personal data from temporary workers and contractors, other than financial administration, maximum 2 years after the end of employment/contract of agreement;
b. personal data of applicants: maximum of 4 weeks after the application procedure ended or maximum 1 year in case of prior and clear consent of the applicant;
c. website visitors: maximum 5 years after the last website visit, unless a request to delete the personal data has been initiated before;.
d. financial administration: at least 7 years after registering the financial figures.
In general, you will visit the 2theloo website without registration of personal data taking place. However, our website will collect certain personal data automatically, for instance the Internet Protocol (IP)-address of your computer and web statistics. The technical information is used for the website and system management and to improve the usability of the website. Cookies are small text files that will be stored in your device via your browser, primarily to enhance the convenience of using the site, to make visiting our website attractive and to enable certain functions. You can read more about this in our cookie statement below.
Amendments to privacy statement
2theloo will update this privacy statement when necessary to reflect customer feedback or in case of changes in our products or services. The most recent version will be published at the 2theloo website. Therefor it is recommended to read through our privacy statement on a regular basis, to make sure you are aware of potential changes.
Rights, questions, (suspicion of) data breach or complaints
This is how you withdraw your consent:
a. You have the right to send a request to check, rectify, transfer or delete your personal data, or to limit/to oppose processing your personal data. Please send your request to firstname.lastname@example.org using ‘privacy’ as the subject of your message.
b. You can prevent cookies from being placed through your browser settings, but you can also change or delete your cookie settings from your device at any time through the browser settings.
c. In case there is a (suspicion of) a data breach, for example, if you suspect loss or unauthorized access to personal data, please let us know immediately by sending an email to email@example.com.
d. In case of questions or a complaint, you may contact us by sending an e-mail to firstname.lastname@example.org. We will do our ultimate best to handle your complaint to your fullest satisfaction. However, in case you are not completely satisfied, you may contact the Dutch Data Protection Authority to assist you further.
The supervisory authority on the General Data Protection Regulation (GDPR) within the Netherlands is the Dutch Data Protection Authority. Contact details can be found on their website: www.autoriteitpersoonsgegevens.nl.