Last Modified: 22 November 2020
We are careful and do not use consent light-hearted as a legitimate ground for processing personal data as a one-size-fits-all solution. We adopted all the measures that are legally required for its work in commercial intermediation in digital marketing and, more specifically, in the field of protection of personal data.
We comply with the requirements of the current laws and regulations and other applicable privacy codes of conduct for an accurate processing of personal data.
In accordance with our data processing operations we have checked if your consent is the most appropriate basis for processing. We ask our customers and respondents to positively opt-in prior to any start of the processing. The request for consent to you is made prominent and separate from any conditions that may apply to the promotions you have participated. Your consent is (also) used to administer the campaigns you are interested in. If you withdraw consent you contact data is blocked until you have given your consent again. Any given consent is never made on a default mode. We keep a record of when and how we received your consent on an individual identifiable basis. We also keep a record of exactly what you were shown or told at the time of participating to the campaign.
Should you have questions about the campaign to which you participated in, then please contact our data protection officer at [email protected]
who can reply to you directly for any question or concern you may have.
We would like to specify to you why we process data and what we’re going to do with it, for which purposes data are going to be used and further processed.
Opting out from marketing
Users may opt-out from receiving future contact from us using the following methods:
To opt-out from email marketing and to remove your anonymized data from programmatic advertising enabled by contacting customer service, click the “Unsubscribe” link on the bottom of every page.
To opt-out from telemarketing calls, please follow the prompts on the call or contact customer service;
To opt-out from SMS/text messages, reply STOP to the text/SMS message received;
To opt-out of browser-based push notifications, please disable the notifications at the time you receive the notification or disable notifications through your browser’s settings; and
To-opt out of cookies, interest-based advertising and/or third-party analytics, please see the section above.
Consent or opt-out
We give individual options to consent or positively opt-in to different purposes and types of processing. We name our organisation and any third party controllers who will be relying on the consent at the moment of collecting your data. We inform our customers and respondents that they can withdraw or refuse their consent without detriment. We perform on withdrawals of consent as soon as we can and direct our customers and respondents how to do so. In offering online communication directly to our customers and respondents we seek consent in accordance with and necessary for the purposes of our data processing operations and our relation with you. We have age-verification measures (and parental-consent measures for younger children) in place to avoid that children (below 12) and youngsters (12-18) can participate to our services.
The online services and websites are designed to comply with the Children’s Online Privacy Protection Act (“COPPA”). COPPA requires that website operators not knowingly collect PII from anyone under the age of 13 without prior verifiable parental consent. In compliance with COPPA, we do not knowingly collect or retain information from the Websites from children under the age of 13 and may only collect a limited amount of Information from users who are between the ages of 13 and 18. We do not sell the Information of users who are under eighteen (18) years of age.
Data processing principles
The below data processing principles continue to be in effect, and relate to:
Lawfulness, fairness and transparency;
Purpose limitation and compatible use;
Integrity and confidentiality; and
Accountability (TWO Ventures is able to demonstrate compliance on first request).
Examples of purposes are:
For Website operations, content improvements, testing, research, analysis and product development;
To verify whether users are entitled to participate in Promotions and, if so, to fulfill the Promotions;
To provide users with customer service and to respond to inquiries from you;
To provide users with e-mail, direct mail and telemarketing messages concerning certain of our products and/or services, as well as third-party products and/or services, that we believe may be of interest to you;
To provide users with email alerts, text/SMS message alerts and other communications that users have requested or consented to receive or that we are required to send concerning users’ registrations, Promotions, our products or services or other information;
To carry out our obligations and enforce our rights arising from any contracts entered into between users and us, including any inquiry specific to express the ground of the data processing;
To detect, investigate and respond to any fraudulent or malicious activity or any other activity we determine is or may be a violation of our Terms, Policy, existing laws, rules and regulations;
As necessary or appropriate to protect our rights, property or safety and that of Related Parties, our clients, advertisers, service providers and others;
As described to you when collecting Information or as otherwise set forth in any applicable consumer protection, privacy or data security laws;
To maintain suppression or opt-out lists so that users are not contacted when they have asked not to be;
To augment Information by enhancing it with other data sources provided by third parties and related Parties to enable us, for example, to gain deeper insights into our users;
If we are sold, merge with a third party, are acquired or are the subject of bankruptcy proceedings, your Information may be shared with the applicable third party(ies); if we are involved in one of these transactions, users will be notified via email or a Policy update on our Website of any change in ownership or uses of your Information, as well as any choices that you may have regarding your Information; and
To respond to subpoenas, court orders or legal process, or to establish or exercise our legal rights or defend against legal claims or when we determine it is necessary to comply with applicable laws or regulations.
Categories of data
The categories of personal data which are necessary to provide the services are:
Information that could reasonably identify a user, such as name, postal address, email address(es), mobile/landline phone number(s), date of birth and gender;
Information collected from a user’s responses to survey questions, including preferences, products and services of interest, personal attributes such as marital status, home or auto ownership, political affiliation, views on various issues and responses to wellness questions, as further described below;
Information collected from our web server log files, including device type(s), user agent data, referring URL(s), and IP address(es);
Information collected from third parties or parties under common control (which includes our parent, subsidiaries and other entities under common control with us – collectively “Related Parties”) to validate and augment a user’s profile including a user’s email address, postal address, telephone number, device ID or other user Information;
Information collected from our customer support department and fulfillment vendors, including customer support inquiries, Promotion-related claims and emails and, as needed, proof of identification and Promotion completion;
Information relating to a user’s interaction with telemarketing calls, SMS messaging, push notifications, commercial email and other forms of communication; and
Information collected from Cookies (as defined below), including whether a user has previously visited one of our Websites or has opened an email sent by one of our marketing partners.
These categories of personal data are processed for purposes which are based on legitimate sources in accordance with the laws and regulations. The legitimate sources are our own interests and the (commercial, legitimate) sources of third parties to provide you with the offers you would like to receive. The promotions contain not only offers which benefit our customers’ and respondents’ contact preferences but also apply to educate you about discount offers and for that purpose sending the correct email and sms on the right moment. In order to balance the commercial interests with your privacy preferences we never collect or ask for more data than is necessary for a proper operational performance of our online communication.
The legitimate sources of data collection are:
Registration forms and surveys;
Emails, telephone calls, mailings and other contacts received from users as part of customer service or to claim credits, a reward or reward in a Promotion;
From publicly available sources, such as Internet search engines; and
From the use of “cookies” (small text files placed on a user’s computer that track online behavior), single-pixel GIF image files (also called “web beacons”) and other technological means (collectively, “Cookies”).
Hosting servers collect Information from users through various technological means when users access and interact with our Websites;
Our systems access Information held by Related Parties and third parties and match it with user Information which enables us to augment and verify the Information we collect from users;
From third parties including service providers who assist us in hosting the Websites, providing customer support and fulfilling Promotions;
From third parties who drive users to our Websites and whose goods and services are advertised on our Websites; and
From Related Parties and third parties who send emails, push notifications, SMS messages and make telemarketing calls to users.
Why does TWO Ventures collect personal data?
We process data data when such is necessary for:
the responsible management of TWO Ventures’s online services;
providing the option to register or unregister for specific user interests;
processing interest(s) in product or service categories which are offered;
operation of customer services, such as answering questions and block personal data on the first request of the data subject;
processing of traffic data (inbound clicks, testing, log files where needed) and analyse these to detect fraud and redemption;
offering the option to use mobile device as a form of identification to obtain or purchase services from other organisations and address the benefit of the data subject therein;
if applicable, the conclusion or performance of a contract concluded in the interest of the data subject between the controller and partners;
the (further) performance of another legal obligation.
Information is not automatically used for all these objectives simultaneously.
Online (direct) communication
Data required for online (direct) communication are processed in accordance with the following requirements.
The processing is intended for communication with data subjects, sending information about the products and services of partners, keeping an overview of the information sent and maintaining the contact with the data subjects.
No other personal data will be processed than:
a. surname, first names, initials, title, gender, date of birth, address, postcode, place of residence, telephone number and similar data required for communication by the person concerned;
b. data relating to the information to be sent and transmitted;
c. other additional data that are necessary with a view to maintaining contact with the involved data subjects.
The personal data are only provided to those third parties, who are in charge of or direct communication with the data subject or who are thereby necessarily involved, such as participating third parties who conduct direct response activities.
The personal data will be deleted at the request of the data subject or no later than two years after the relationship with the data subject has terminated, unless the personal data are necessary for compliance with a legal obligation to retain data.
We use commercially reasonable efforts to prevent unauthorized access or disclosure, or accidental loss or destruction of your Information. Access to your Information is strictly limited and we take reasonable measures to ensure that your Information is not accessible to the public. We restrict access to our users’ Information to only those persons who need access to perform or provide their job or service, both internally and with our third-party service providers.
We don’t generally collect sensitive Information such as medical information, driver’s license/ID card number, health insurance information, data collected from an automated license plate recognition system, Social Security Number and credit card information. If and when we do collect, store and transmit sensitive information, that Information will be processed encrypted.
Given the nature of the Internet, your Information passes through entities that we are unable to control. Therefore, we cannot guarantee that our security measures or those of third parties who access or transmit your Information will prevent your Information from being improperly accessed, stolen or altered in case of transmission errors. In compliance with applicable laws, we shall notify you and any applicable regulatory agencies if we learn of an information security breach of your Information. You will be notified via e-mail in the event of such a breach. Please be advised that notice may be delayed in order to address the needs of law enforcement, determine the scope of network damage, and to engage in remedial measures.
The processing is intended for the control and security of the systems or programs, the support of the proper functioning of the systems or programs, sorting and recovering files, creating backup copies of files, the management of the systems or programs.
No other personal data will be processed than:
a. data relating to the use of the software,
b. technical and control data,
c. data to promote proper functioning,
d. historical data,
e. user agent data.
The personal data are only provided to those, including third parties, who are in charge of or direct the system, data management or application management or who are necessarily involved and others, as the case may be, to the (further) performance of another legal obligation.
The personal data will be deleted at the latest 6 months after they have been obtained, unless the personal data are necessary to comply with a legal data retention obligation.
Credits Eligible Entrant(s)
Data required for processing operations concerning credits of Eligible Entrants are processed in accordance with the following requirements.
Processing is only for company purposes to inform and collect the sent and validated credits and to determine entitlement to credits and earned points.
The personal data will be deleted after termination of the website or will be immediately deleted at the request of the data subject.
Combinations of processing operations
Your individual rights
What are your rights relating to processing of my personal data?
We ask individual users to identify themselves and the Information requested to be accessed, corrected or deleted (suppressed) before processing such requests and, to the extent permitted by applicable law, we may decline to process requests that we are unable to verify, are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others or would be extremely impractical (for instance, requests concerning Information residing on archive servers).
You have the following rights:
Information and access: We tell you which of your personal data we are storing and for what purposes.
Rectification: Please let us know if you want to have your personal data corrected or supplemented because they are incorrect and/or incomplete. We will change them accordingly.
Deletion: You can also submit a request for us to delete your data. We cannot delete data when the law requires us to retain the personal data in question. We may also have to be able to process the data for other purposes (administrative).
Limitation: You can impose limits on processing of your data if you feel that your data are processed unlawfully or incorrectly.
Objection: You can submit an objection against processing of your data. If this relates to processing for direct marketing purposes, we will terminate the processing as quickly as possible.
If you no longer with to receive direct mail, you can:
– Unsubscribe via any marketing mail
– Change your account browser settings and update your privacy restrictions where applicable.
Transferability: If you want us to transmit your data to a third party, please contact us at [email protected]
Lodge your complaint with the data protection officer through [email protected]
In order to exert your aforementioned rights and, where applicable, your right related to automated individual decision making (including profiling), please contact us at [email protected]
Browsing session and IP-address
We also make use of the IP-address of your computer. This IP-address is a number which automatically assigned to your computer when you have a browsing session on the internet, such as when you visit one of our sites or landing pages. They can be used to see which use has been made of the website and for drafting analyses and reports with non-identifiable information.
Website and cookies
remembering and communicating information that you fill in during the entry process or that you enter when indicating your interests in the various web pages, so that you don’t have to re-enter the same information every time or see the same promotions twice,
saving of preferred settings, and
tracking the unauthorised use of our landing pages.
‘Analytical’ cookies are used to analyse your visit to our websites. We analyse the number of visitors to our websites, the duration of the visits, the order of pages visited and whether any changes need to be made to the website. Using the information collected, we can make our websites even more user-friendly. These cookies are also used to solve possible technical problems on the websites.
Marketing and tracking cookies
We will only use tracking cookies for commercial purposes with your prior consent. These cookies, which are often posted by third parties, help us to tailor promotional offers to you personally. Third parties can use tracking cookies.
Questions, complaints or disputes
We will contact you to discuss any concerns within 48 hours of receiving your email.
You can contact us by writing or email us at the address below: