Our privacy policy

We understand that you care about your personal data, and 2theloo does too. Our privacy policy details how 2theloo carefully uses your personal data in accordance with the General Data Protection Regulation (GDPR).

Who are we?

This website is owned, controlled, and operated by 2theloo Holding B.V. (hereinafter referred to as "2theloo" or "we"), located at Jan Evertsenstraat 759, 1061 XZ, Netherlands.

Who does this concern?

This privacy policy concerns all involved persons, for example, but not limited to:

a. (potential) customers/visitors of 2theloo;
b. (potential) partners of 2theloo;
c. (potential) suppliers of 2theloo;
d. visitors to the 2theloo website;
e. applicants to 2theloo;
f. other persons who contact 2theloo or whose personal data 2theloo processes, excluding its own employees.

Processing of your personal data

2theloo processes personal data that:

a. is provided by a person themselves (during a meeting or event), by phone, digitally (via email or online form), such as their contact details;
b. is requested by 2theloo from external parties with the prior consent of the provider of personal data;
c. is collected during a visit to the 2theloo website, such as the IP address and browsing behavior of the visitor during the first, last, and current visit to the website;
d. is recorded as camera images during a visit to a 2theloo store. The cameras are installed in the public areas of the 2theloo branches to help in emergency situations and ensure the safety of 2theloo customers and employees. 2theloo operates in accordance with legal guidelines for camera images.

Purposes of processing personal data

2theloo processes personal data for the following purposes:

a. Relationship management; e.g., newsletters, invitations to corporate events, special offers, or information requested by or consented to by the person concerned;
b. Improvement of the company's website [www.2theloo.com];
c. User statistics on the number of website visitors per day, the duration of the visit, and the browsing behavior of visitors. These are general reports that do not contain data traceable to a single person;
d. Recruitment of (potential) candidates for vacancies at 2theloo;
e. Necessity to fulfill a legal obligation to which 2theloo is subject.

Legal basis for processing

2theloo processes personal data according to one of the following legal bases of the General Data Protection Regulation (GDPR):

a. Consent of the provider of personal data. Consent can be withdrawn at any time without affecting the lawfulness of processing personal data during the period consent was provided;
b. Fulfillment of a contract, e.g., a collaboration between 2theloo and an external partner or supplier;
c. Legal obligation, e.g., recording personal data to comply with local laws and regulations;
d. Legitimate interests, e.g., using contact details for corporate events, newsletters, always with a voluntary opt-in by the provider of personal data.

Protection of your personal data

2theloo takes the protection of your personal data very seriously and makes every effort to protect your personal data from misuse, impairment, loss, unauthorized access, alteration, or disclosure. Our systems and software are secured, and we work with internal procedures ensuring only authorized persons have access to your personal data. Our employees have signed a confidentiality clause in their employment contracts.

You should be aware that you are responsible for the security of your computer and/or phone and your own internet connection and that these are never 100% secure. The transmission of personal data over the internet is therefore at your own risk.

Further processing of personal data

2theloo uses external partners for certain business processes involving personal data. These external partners process your personal data according to the (legal) guidelines given by 2theloo, which are recorded in a data processing agreement in accordance with the General Data Protection Regulation (GDPR).

Sharing personal data

2theloo shares personal data with third parties when it is a legal obligation. 2theloo does not use your personal data for commercial purposes.

Transfer of personal data outside the EEA

2theloo does not transfer personal data to a country outside the European Economic Area (EEA), store personal data in a country outside the EEA, or make personal data accessible to a non-EEA country unless the country ensures an adequate level of protection or an applicable provision of the General Data Protection Regulation (GDPR) requires the processing of the relevant data.

Retention period

2theloo collects personal data according to the legal retention periods:

a. Personal data of temporary workers and contractors, except for financial administration, for a maximum of 2 years after termination of employment/contract;
b. Personal data of applicants: a maximum of 4 weeks after the end of the application process or a maximum of 1 year in the case of prior and explicit consent of the applicant;
c. Website visitors: a maximum of 5 years after the last website visit, unless a request for deletion of personal data has been made beforehand;
d. Financial administration: at least 7 years after the registration of the financial figures.

Use of cookies

In general, you visit the 2theloo website without the registration of personal data. However, our website automatically collects certain personal data, for example, the Internet Protocol (IP) address of your computer and web statistics. The technical information is used for website and system administration and to improve the user-friendliness of the website. Cookies are small text files stored on your device via your browser, mainly to facilitate the use of the website, make the visit to our website attractive, and enable certain functions. Learn more about this in our Cookie Policy below.

Changes to the Privacy Policy

2theloo will update this Privacy Policy as necessary to reflect customer feedback or changes to our products or services. The latest version will be published on the 2theloo website. It is therefore recommended to regularly review our Privacy Policy to ensure you are informed of any changes.

Rights, questions, (suspected) data breaches, or complaints

How you can withdraw your consent:

a. You have the right to request a review, correction, transfer, or deletion of your personal data or to restrict or prohibit the processing of your personal data. Please send your request to info@2theloo.com, and mention "Privacy" in the subject line of your message.
b. You can prevent cookies from being set through your browser settings, but you can also change or delete your cookie settings on your device at any time via the browser settings.
c. In the case of a (suspected) data breach, such as suspected loss or unauthorized access to personal data, please inform us immediately by email at info@2theloo.com.
d. For questions or complaints, you can contact us by sending an email to info@2theloo.com. We will do our best to handle your complaint to your satisfaction. However, if you are not fully satisfied, you can contact the Dutch Data Protection Authority, which will assist you further.

Supervisory Authority

The supervisory authority for the General Data Protection Regulation (GDPR) in the Netherlands is the Dutch Data Protection Authority. Contact details can be found on their website: www.autoriteitpersoonsgegevens.nl.

© 2theloo Holding B.V.

November 2020