PERSONAL DATA THAT WE COLLECT:
In connection with our business, we collect and process the following categories of Personal Data of individuals:
- Consumer contact information, primarily email addresses. 2for1 also collects individuals’ names from some sources.
- Consumer shopping preferences, purchasing history, and geolocation data (derived from merchant locations favorited and offers redeemed by the consumer on the 2for1 App)
- Inferences about personal preferences and attributes drawn from profiling (e.g., using cookies)
- merchant contact information and employment information for merchant contacts, including merchant name and addresses, contact names, job titles, and email addresses
- payment information for merchant accounts, such as credit card type and number. However, please note that 2for1 and its employees will not have access to payment data or store such data on 2for1’s servers, other than minimal information such as the last four digits of a credit card or bank account. A third party is used for payment processing.
- information regarding your electronic device(s), IP address and internet use
- information regarding your use of our subscription service or other services
HOW WE COLLECT YOUR DATA:
We collect Personal Data from individuals who register for and use the 2for1 App, including registration information, tracking information gathered as users navigate through and redeem offers from the 2for1 App, and from visitors to our website(s). For merchants and their personnel, we also collect Personal Data when you or your employer or organization registers an account with us, makes payments on their merchant account, and when you otherwise transact business with or communicate with 2for1.
Additionally, we collect Personal Data from the information voluntarily supplied by visitors from time to time through surveys, requests and questionnaires.
Data obtained for marketing purposes for potential customers or others. We obtain marketing data from third parties that we use to reach out to inform potential customers and others of the services offered by our organization. The Personal Data collected generally includes the email address of a potential customer or other and may also include their name and phone number. We also use the contact information provided to us by our customers to communicate information about our products and services, which may include marketing our products and services.
Cookies and Other Tracking Technologies: 2for1 uses tracking technologies such as cookies to collect information from your web browser through our servers or filtering systems when you visit our website(s).
You can change your web browser settings at any time to stop accepting cookies or to prompt you before accepting a cookie from the sites you visit. If you do not accept cookies, however, our website may not function properly for you, and you may not be able to use some sections or functions of our websites.
To learn more about cookies and how to manage and delete them, visit http://www.allaboutcookies.org.
We may also use other web user tracking technologies, such as clear GIFs, Flash cookies, pixel tags, or web beacons.
Information collected may include but is not limited to your browser type, your operating system, your language preference, any referring web page you were visiting before you came to our site, the date and time of each visitor request, and information you search for on our sites. We can also track the path of page visits on a website and monitor aggregate usage and web traffic routing on our sites.
Information from Third Party Platforms. If you access our website or communicate with us using your account or account credentials from a third-party owned or operated platform/service (e.g., Amazon, Apple, AWS, Facebook, Google, Shopify, Twitter, etc.), post content from our website to a social network, or use various social media features (e.g.,“Like” button), we may process certain information from the third parties, such as your username, “likes”, location, birthday, comments and reviews, preferences, network reach and influence, and any other information you provided to the third parties in connection with your account. Depending on your account and privacy settings, we may also be able to see information that you post when using these third parties whether or not you are an active customer. We may also collect Personal Data about you from our third party service providers who provide us with e-commerce and/or technical related associated with functionality and purposes of the website. The information you post or provide to third parties, as well as the controls surrounding these disclosures are governed by the policies of these third parties.
Personal Data of Minors. We do not actively collect or otherwise process Personal Data from minors, and children under the age of 13 are not knowingly allowed to use the 2for1 App or provide their Personal Data to us.
HOW WE USE YOUR DATA:
These purposes include:
- Our business purposes, including addressing customer service issues, planning and conducting marketing activities, tradeshows, responding to inquiries; conducting web analytics, and business operations and administration.
- Purposes related to our 2for1 App and other products or services. These purposes include licensing and operation of the software, remote management, customer service, system monitoring and data security. We also use the data we gather to make the 2for1 App and our website more responsive to the needs of our users and visitors, to assist them as they navigate between different sections of the 2for1App, to tailor content to their needs, and to measure traffic within the network. We use Personal Data to enable use of software features and related services, including through use of third-party service providers. We also use Personal Data to communicate with our users to inform them of software updates and enhancements, available software features and modules, and other information that may helpful or informative for our users.
- For the Protection of 2for1 and Others. If 2for1, in good faith, determines that you have used the service to menace, threaten, harass, intimidate or otherwise deceptively pose as another person, or in any other way in violation of law. Simply, if you attempt to use the website or purchase or use a product for any unlawful means, you have no expectation of privacy and we may use and disclose any and all information for the protection of 2for1 and others.
- Pursuant to Law, Rule or Regulation. If required or permitted to do so by law or if, in good faith, 2for1 believes that such action is necessary to: (1) comply with laws and regulations or with legal processes; (2) protect and defend 2for1’s rights and property or prevent fraud; (3) protect 2for1 against abuse, misuse or unauthorized use of 2for1’s products or services; (4) protect the personal safety or property of our personnel, users of our website or the public; and/or (5) comply with tax reporting requirements, then 2for1 may use and disclose any and all information as needed. The servers that serve our website automatically identify a computer by its IP address.
- Aggregated and de-identified data. We may anonymize data to create statistical data or system usage data, by removing all personal identifiers and/or aggregating your data with other’s data so that it is not identifiable as to any particular person. Such de-identified data may be retained and used by 2for1 to improve its products and services, shared with merchants (e.g., the number of 2for1 App users who redeemed offers in their location), and used for other proper purposes, provided that such retention and use is permitted by applicable laws.
Legal basis. We base our processing of Personal Data on the need to perform our contractual obligations under our license agreements and our legitimate activities as a provider of software and related services. We also process Personal Data to comply with applicable law and to exercise our legal rights. We may also use your Personal Data for internal purposes, including auditing, data analysis, system troubleshooting, and research. In these cases, we base our processing on legitimate interests in performing the activities of the organization.
HOW WE SHARE OR DISCLOSE YOUR DATA:
No sale of Personal Data. We never sell or rent Personal Data to third parties.
Third party providers featured on or linked to the 2for1 App, such as merchants and vendors of products and services offered through the 2for1 App, may gather Personal Data from individuals who use the 2for1 App to favorite their business or redeem offers from that vendor.
Disclosures of Personal Data. We may disclose or share your Personal Data with other parties in the following circumstances:
- Third-party service providers. We use third-party service providers (or subprocessors) to process Personal Data to facilitate your use of our products and services and in the operation of our business. This includes providing Personal Data to third parties for their processing in performing functions on our behalf, particularly the functions listed above in the “HOW WE USE YOUR DATA” section. These functions include processing payments, collecting debts, hosting software, performing security services, analyzing data, performing surveys, administering our website(s), and/or providing technical support services. These third party providers will be contractually and/or legally required to protect Personal Data from additional processing (including for marketing purposes) and transfer in accordance with applicable laws. Under certain data protection laws, we may be liable if a third party subprocessor that we have engaged to process Personal Data fails to fulfill its data protection obligations.
- Compliance with law and protecting our legal rights. We may disclose your Personal Data to regulatory bodies if we have a good-faith belief that doing so is required under applicable laws or regulations. This may include submitting Personal Data required by tax or other governmental authorities, or lawfully requested by governmental agencies, including law enforcement and judicial authorities. We may also disclose your Personal Data in order to exercise or defend our legal rights; to take precautions against liability; to protect the rights, property, or safety of 2for1 or any individual or third party; to maintain and protect the security and integrity of our information system; to protect 2for1 against fraudulent, abusive, or unlawful acts; or to investigate and defend 2for1 against third-party claims or allegations.
- Corporate Transactions. If a third party acquires all or substantially all of the assets of, or ownership interests in, 2for1, whether by merger, acquisition, reorganization or otherwise, 2for1 may transfer its database, including all Personal Data contained therein, to the acquiring entity.
- Aggregated and de-identified data. We reserve the right to disclose aggregated user statistics as well as non-personally identifiable information (such as anonymous usage data), in order to describe our services to prospective vendors, partners, licensees, advertisers, and other third parties.
STORAGE OF PERSONAL DATA:
2for1 stores all information in secure physical storage facilities and cloud storage. In doing so, 2for1 uses appropriate physical, organizational and technological measures to protect the Personal Data you provide to us against loss or theft, and unauthorized access, disclosure, copying, use, or modification. This includes limiting access on a “need-to-know” basis. Where third parties (such as AWS) are used to host our products, we use third parties who meet required privacy and security standards.
However, no electronic data transmission can be guaranteed to be secure from access by unintended recipients and 2for1 will not be responsible for any breach of security unless this breach is due to its negligence. Although we are committed to employing reasonable technology in order to protect the security of our website, even with the best technology, no website is 100% secure. In transacting business with us through our website, you assume the risk inherent in transacting business online.
To offer our website, products and services to you, 2for1 relies on plugins and services from third parties such as:
- Email: Amazon AWS, Mail Chimp
- Credit Card: Authorized.Net, Stripe
- Database: Amazon AWS
- SEO: Google analytics
- CRM for Merchants: Pipedrive
- Advertising services: Facebook and Google
To the extent these providers have access to your Personal Data, we will require that they are legally or contractually committed to comply with applicable privacy laws, In the case of credit card processors, we require that they be PCI DSS-compliant. However, we cannot guarantee with certainty that the computer systems and storage systems whereon these services are offered will not be accessed by unauthorized parties. This is a risk inherent in providing any information or, or conducting any business, online. In transacting business with us through our website, you assume the risk inherent in transacting business online.
PERSONAL DATA SECURITY:
2for1 uses technical and organizational measures to protect the Personal Data that we store, transmit, or otherwise process, against accidental or unlawful destruction or disclosure, loss, alteration, or unauthorized access. Our security controls and risk management program and processes are designed to implement appropriate technological and organizational measures to ensure a level of security appropriate to the risks. We regularly consider appropriate new security technology and methods. Security measures implemented include:
- Web and database servers are protected using firewalls;
- Passwords used for account registration require minimum password strength attributes;
- User access is tracked;
- Role-based security is applied to system access;
- Data encryption is used where appropriate;
- Industry-standard security measures are used to protect the security of Subscriber data while traversing public networks;
- Regular maintenance is performed on systems;
- Systems are monitored for security;
- Payment card information, such as account numbers, is processed via a third-party vendor that specializes in payment processing and has committed to PCI DSS compliance; and
- All 2for1 employees are contractually obligated to maintain the confidentiality of Personal Data accessible through their employment; and
- Security and privacy training for employees.
RETENTION OF PERSONAL DATA:
2for1 processes Personal Data for a reasonable period of time to fulfill the processing purposes mentioned above. Personal Data is then archived for time periods as required or necessitated by law or legal considerations. 2for1 reserves the right to delete a customer’s data, including Personal Data provided by that customer, from its system after [30 days] from the date of termination of its agreement with the applicable customer. 2for1 also deletes Personal Data in response to an individual’s request, as set forth in the “YOUR RIGHTS RELATING TO YOUR DATA” section below.
2for1 reserves the right to retain usage data relating to our products and services, as well as data that has been anonymized and/or aggregated, to the extent permitted by applicable laws. With respect to any Personal Data collected by us for marketing or for our own internal purposes, we will retain that data for a reasonable time in order to fulfill those purposes.
We regularly review our retention policy to ensure compliance with our obligations under data protection laws and other regulatory requirements. We regularly audit our databases and archived information to ensure that Personal Data is only stored and archived in alignment with our retention policy.
YOUR RIGHTS RELATING TO YOUR DATA:
Unsubscribing to marketing communications: In particular, if we are sending you email communications of a marketing nature, an ‘unsubscribe’ option is provided in the footer of every email. You may also contact us directly to unsubscribe to marketing emails or other marketing communications, at the contact information set forth in the “2FOR1’S CONTACT INFORMATION” section below. If you have agreed to receive marketing communications, you may always opt out at a later date.
Your California privacy rights. This section applies to California residents only.
- Shine the Light law. Pursuant to Section 1798.83 of the California Civil Code, residents of California have the right to request from a business, with whom the California resident has an established business relationship, certain information with respect to the types of Personal Data the business shares with third parties for direct marketing purposes by such third party and the identities of the third parties with whom the business has shared such information during the immediately preceding calendar year. 2for1 does not presently share any information with third parties for their direct marketing purposes. However, to submit such a request, you can contact us as set forth below.
PRIVACY POLICIES OF OTHER WEBSITES:
2FOR1’S CONTACT INFORMATION:
Phone: (801) 477-8123
If you wish to report a complaint or if you feel that 2for1 has not addressed your concerns in a satisfactory manner, you may also contact your state or local data protection authority.
Last updated: January 22, 2020