You can download the general terms and conditions of 2factors here. These are filed with the Chamber of Commerce under number 30174840.
General terms & conditions
Data storage related to our services
- We do not use your data for any other purposes than for the functioning of our Customer Data Platform tritonX.
- We store the data of one company separated from the data of other companies.
- We store personal data separated from transactional data.
- our data is safely stored on one of our servers for as long as you use our services.
- After you stop using our services, your data will be deleted automatically within three months.
- We store personal identifiable data, but we only store it when directly related to your own customers.
- We collect and store non-personal transactional data. Also those that are not related to individuals.
- Our data processing and storage happens through 3rd parties; at AWS data centers (Europe).
- When using 3rd party software in connection to our services, we refer to their respective privacy and security policies. We take appropriate measures to keep the connections to these 3rd party services as secure as possible, but we can never be held responsible for security breaches, data leaks or otherwise caused by those 3rd party software providers.
- Should any of the data stored be wrong or incomplete, please let us know.
Security of your data
- 2factors BV SaaS app tritonX makes use of official APIs (application programming interfaces) for accessing data.
- Data transfers are done using encrypted connections.
- For logging into official APIs, our tools use the OAuth 2.0 authorization protocol if available.
- We warrant that the Technical and Organizational Measures will be:
- Adequate, taken into account the state of technology, the nature of the Personal Data and the specific risks to which the Personal Data is exposed; and
- Determined and applied in such a way that the we act in compliance with the Data Protection Laws
A description of technical and organizational measures Employees
- All employees (both internal and external) have a signed confidentiality agreement.
- Employees agree to act in accordance with our security policies.
- Employees are authorized to only access data strictly necessary for their function.
Logical user access
- Access rights to systems are clearly defined and controls are in place to ensure that the security and integrity of the information is maintained.
- Periodic access review is implemented for both logical (network) access and physical (facilities) access.
Network-, server- and application security and maintenance
- The network environment in which data is processed is strictly protected. Measure against abuse and attacks are implemented.
- The environment in which personal data is processed is monitored.
- Changes in applications are tested for vulnerabilities before migration into the production environment.
- A patch management process is in place, periodically the last (security) patches are installed on systems.
- Access to the system is logged and monitored, including monitoring of possible unauthorized access to personal data.
- Passwords and other sensitive personal data are stored encrypted.
- Encrypted connections are used at the logon process where Two Factor Authentication is also required.
- The exchange of personal data is encrypted.
- The exchange of personal data with third parties on behalf of the Client is also encrypted.
- Developments/changes in the service are tested/reviewed before put in production.
- The Data Processor uses Sub Processor AWS for server hosting in Europe. AWS Data Centres are ISO 27001 certified (https://aws.amazon.com/compliance/eu-data-protection).
Revoking accessing data / deleting data
- You can always revoke 2factors BV’s right to access your data at any point either by sending an e-mail to our support team (firstname.lastname@example.org) of by revoking access rights within the specific sources. If you need any assistance, please contact support (email@example.com). Revoking access will reduce the usability of our services.
- After ending your trial or subscription, your data will be deleted automatically in three months. If you want to have your data deleted without delay send an e-mail to our support team (firstname.lastname@example.org).
- Exchange of information may take place by way of the following methods
- In writing (on paper or digitally).
- By delivery on electronic and/or optic information carrier.
- By providing access to information on data storage facilities or online platforms, like databases, analytics software, advertising platforms, e-commerce systems, etc.
- By ways of speech, visual presentations or demo’s.
- 2factors BV will keep all information strictly confidential and will take necessary precautions to safeguard the privacy and security of the confidential information.
- 2factors BV will not share confidential information with third parties, unless specifically requested by or agreed with the information supplying party.
- Confidential information will be destroyed or returned as soon as possible after request from the information supplying party.
- 2factors BV considers all information as confidential unless one or more of the following applies:
- Data that is or has been available in the public domain. Nevertheless, should any of your end users or clients ask you to delete public data that we have stored on your behalf, please let us know.
- Aggregated data that can’t be linked, directly or indirectly, to an individual organization or person. Examples of aggregated data are calculated industry benchmarks, forecasts, trends and other ways of aggregation.
- General ideas, general concepts, general knowledge or generic techniques.
- 2factors BV can never be held responsible for conclusions, interpretations, action undertaken based upon our services.
- 2factors BV uses third party software for part of its operation and services and can not be held responsible nor accountable for interruptions, errors or otherwise malfunctioning of third party software, even when this interrupts 2factors BV’s services.
- For some users, a Service Level Agreement applies. In that case, that Service Level Agreement will prevail.
- This Agreement shall be governed by, and construed in accordance with, the laws of The Netherlands.
- Any dispute arising out of or in connection with this Data Processing Agreement will be settled by the competent court in Amsterdam.
- No term of this Data Processing Agreement shall be amended or modified, unless such amendments or modifications are made in writing with express reference to this Data Processing Agreement and signed by both parties.