Privacy policy

Last Update : Oct 07, 2022

Thank you for visiting Two Notes  and shopping with Two notes North America Corp. (hereinafter referred to as “TWO NOTES”), a Delaware incorporated company registered at the address: Two Notes North America Corp, c/o Pramex International Corp, 1251 Ave of the Americas, 3rd Fl, New York, NY 10020.

Contact details of the data controller

TWO NOTES is responsible for collecting and processing the personal data of its Customers. 

Should the Customer have any questions or concerns about how TWO NOTES collects and processes their personal data, or wishes to exercise any of the rights relating to their personal data, the Customer can contact TWO NOTES via the following contact details: 

Two Notes North America Corp

 c/o Pramex International Corp

 1251 Ave of the Americas, 3rd Fl

 New York, NY  10020

Purpose of the Privacy Policy:

This Privacy Policy, (hereinafter referred to as the “Privacy Policy”), specifies the conditions under which TWO NOTES, collects and processes Customer’s personal data. 

The collected data concerns any user consulting or placing an order through the Website, (hereinafter referred to as the “Customer”). 

In order to provide the Customer with the products and services requested, and improve the Customer’s experience on the Website, TWO NOTES might collect or receive the Customer’s personal data, such as the Customer’s first & last names, mail & email addresses, phone number or product preferences. TWO NOTES can either collect data directly from the Customer, for example when the Customer creates a personal account or purchases products online, or indirectly through Cookies placed on the Customer’s electronic devices.  

The personal data is collected and processed by TWO NOTES in accordance with both European and the United States of America’s statutory requirements, in particular the General Data Protection Regulation (GDPR). 

Categories of Personal data collected: 

TWO NOTES collects and processes the following categories of personal data: 

  • Identification data: title, first name, last name, date of birth;
  • Contact data: email, mail address, phone number, delivery and invoice addresses; 
  • Payment data: type of credit card, bank details, PayPal account details; 
  • Transaction data: purchased products, product preferences, purchase history; 
  • Navigation data: pages and content looked at, duration of the visit, product(s) searched for or selected to create a cart; 
  • Personal account data: password, login details; 
  • Technical data: IP address, navigation Information, device information. 

If the Customer does not provide the personal data marked with an asterisk (*), this may affect the products and services provided by TWO NOTES. 

The Customer acknowledges that by voluntarily providing personal data, the Customer agrees that such data may be processed by TWO NOTES under the conditions, and for the purposes, set out below. 

 

Purposes and legal basis of personal data processing

Purposes

Legal basis
  • Management of enquiries (respond to questions, provide information and interact with the Customer) 
  • Consent: the Customer consents to the processing of his personal data for a specific purpose, namely to process their request.

  • Performance of a contract: data processing is necessary for the performance of a contract concluded between the Customer and TWO NOTES. 
  • Customer Account Management 
  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve and personalize the Customer’s experience, improve the quality of the products and services offered, evaluate Customer satisfaction, prevent fraud and ensure that the IT tools are reliable and secure

  • Performance of a contract: data processing is necessary for the performance of a contract concluded between the Customer and TWO NOTES, the Customer may create a personal account to purchase the products on the Website.
  • Management of orders 
  • Performance of a contract: data processing is necessary for the performance of the contract concluded between the Customer and TWO NOTES, to ensure the supply of the products requested, to facilitate the return process and manage possible cancellations.
  • Management of payments 
  • Definition of Customer preferences  
  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to anticipate and better meet the needs and expectations of the Customer.

  • Consent: the Customer has consented to the processing of its personal data for specific purpose(s), in particular Cookies placed on Customer’s devices to personalize their experience on the Website, the products and services offered and commercial prospecting messages. 
  • Newsletters and marketing communications
  • Consent: the Customer has agreed to receive newsletters and commercial prospecting messages. 
  • Management and removal of customer information 
  • Legal Obligation: TWO NOTES must maintain a list for the purpose of removing Customers who no longer wish to receive commercial prospecting messages. 
  • Evaluation of the quality of the products and services offered for sale (product ratings, reviews)
  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve the quality of its products and services and to meet the expectations and needs of the Customer. 
  • Audience & Statistical analysis
  • Legitimate Interest: data processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to evaluate the preferences of the Customer in order to improve and optimise the Website and to determine the products and services most requested by the Customer. 

  • Consent: the Customer has consented to the processing of their personal data for specific purpose(s) (e.g. analytics & statistics, surveys, website performance improvements, and improvements of the online experience for the Customer). 
  • Management of the rights of the Customer (right to be informed, right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object).  
  • Legal Obligation: TWO NOTES must comply with the legal obligation allowing the Customer to exercise their rights. 
  • Monitoring, improvement and security of the Website 
  • Legitimate Interest: the processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to maintain the security of the Website, to ensure its protection against fraud and cyberattacks, and to improve the experience of the Customer online. 
  • Social Media platforms
  • Legitimate Interest: the processing is necessary for the purpose of legitimate interests pursued by TWO NOTES, namely to improve the quality of the products and services offered, to interact with Customers, evaluate Customer satisfaction and promote business activity. 


Recipient of the personal data

All personal data is processed exclusively, within the limits of their respective tasks, (i) by TWO NOTES’ internal services, in particular customer service and marketing service, (ii) by external service providers, in particular IT service providers (e.g. web hosting), banking and accounting service providers (e.g. bank, accountant), legal service providers (e.g. lawyers, legal advisors), (iii) as well as partners or subcontractors (e.g. transportation company).

These service providers may need to contact the Customer directly from the contact details provided to TWO NOTES. TWO NOTES requires its service providers to use the Customer’s personal data only to perform and manage the services requested by the Customer and in accordance with European laws and regulations. 

TWO NOTES reserves the right, after express authorization from the Customer, to use directly or indirectly, the personal data collected for commercial prospecting purposes.

With the exception of the above-mentioned transfers, the Customer’s personal data is not sold, exchanged, transferred, or given to third-parties. However, TWO NOTES may be under a duty to disclose or share the Customer’s personal data in order to comply with a legal obligation or a request from an official authority. 

In the event that TWO NOTES sells any or part of the business or assets, it may disclose the Customer’s personal data to the prospective buyer of such business or assets. If TWO NOTES or a part of its assets are acquired by a third-party, personal data of the Customers will be one of the transferred assets. In such a case, the Customer’s personal data will be processed by the buyer acting as the new data controller and its privacy policy will govern the processing of Customer’s personal data. 

Data retention period

TWO NOTES retains the personal data only as long as necessary to provide the Customer with the products and services requested, or to comply with commercial or legal obligations.

To determine the retention period of the Customer’s personal data, TWO NOTES considers several criteria to ensure that it does not keep Customers personal data for longer than necessary or appropriate. These criteria include: 

  • The purpose for which TWO NOTES holds the Customer’s personal data; 
  • TWO NOTES’ legal and regulatory obligations in relation to that personal data, for example any financial reporting obligation;
  • Whether TWO NOTES’ relationship with the Customer is ongoing, for example, the Customer has an active account, subscribes to marketing communications, regularly browses or purchases on TWO NOTES’ Website; 
  • Whether the Customer is no longer actively participating or engaging with TWO NOTES’ products and services, for example, the Customer does not open TWO NOTES’ emails, visit TWO NOTES’ Website, or interact with TWO NOTES’ social media content. 
  • Any specific request from the Customer in relation to the deletion of Customer’s personal data;  
  • TWO NOTES’ legitimate business interest in relation to managing its own rights, for example the defense of any claims, or for statistical purposes. 

In particular, TWO NOTES retains the personal data for the following periods: 

  • If the Customer purchases products, TWO NOTES keeps Customer’s personal data for the duration of the contractual relationship. Being specified that, after this duration, the personal data will be kept for five (5) years in case of litigation, and financial and accounting information will be kept for ten (10) years to comply with legal obligations; 
  • If the Customer participates in a promotional offer, TWO NOTES keeps Customer’s personal data for the duration of the promotional offer; 
  • If the Customer has consented to receive marketing communications, TWO NOTES keeps  Customer’s personal data until the Customer: (i) requests the deletion of his personal data, or (ii) after a period of inactivity (when the Customer has not interacted with TWO NOTES for three (3) years);
  • If Cookies are placed on the Customer’s computer or electronic devices, they are stored for as long as necessary to achieve their purposes (e.g. for the duration of a session for shopping cart Cookies or session ID Cookies) (see hereunder). 

If TWO NOTES no longer needs to use the Customer’s personal data, the personal data is removed from TWO NOTES’ systems and records, in order that the Customer can no longer be identified from it. 

Data security and privacy

TWO NOTES is committed to keeping the Customer’s personal data secure and takes all reasonable precautions to do so. TWO NOTES does its best to protect the Customer’s personal data and uses strict procedures and security features to try to prevent unauthorized access. However, as no transmission of information via the internet is completely secure, TWO NOTES cannot guarantee the security of the Customer’s personal data transmitted to the Website. Any transmission is therefore at the Customer’s own risk. 

Social Media Content

The Website may allow the Customer to submit content on social media platforms. The Customer acknowledges that any content submitted to TWO NOTES’ social media accounts can be viewed by the public, and the Customer should be cautious about providing certain personal data (e.g. financial information or contact details). TWO NOTES is not responsible for any actions taken by other individuals if the Customer posts personal data on a social media platform and TWO NOTES recommends that the Customer does not share such information. 

Customer’s rights

Pursuant to articles 15 to 23 of the GDPR, the Customer can exercise the following rights: right to be informed, right of access, right to rectification, the right to erasure or right to be forgotten, the right to object to direct marketing, the right to withdraw consent at any time for personal data processing based on consent, the rights to object to processing based on legitimate interest, the right to lodge a complaint with a supervisory authority, the right to data portability, the right to restriction, and the right to turn on/off Cookies.

Redress against TWO NOTES should also be available to the data subject in relation with the processing data performed by TWO NOTES at the competent data protection authority.

Automatic decision making

Automatic decision making means the ability to make decisions using technology, without human involvement. TWO NOTES does not use automatic decision making technologies. 

CCPA

If you are a resident of California, you have the right to access the Personal Information we hold about you (also known as the ‘Right to Know’), to port it to a new service, and to ask that your Personal Information be corrected, updated, or erased. If you would like to exercise these rights, please contact us through the contact information above. 

If you would like to designate an authorized agent to submit these requests on your behalf, please contact us at the address above.

Cookies

TWO NOTES may use Cookies or similar technologies when the Customer browses the Website. Cookies are small text files stored on Customer’s electronic devices (computer, tablet, mobile), when the 

Cookies may enable TWO NOTES to access technical data and data related to the Customer’s use of the Website, including but not limited to: Customer’s IP address, navigation information, device information, Customer’s unique ID which is given to each visitor, and the expiration date of the ID, location, login details, videos watched, pages/ads/content the Customer looked at, duration of the visit, and products searched and/or selected to create a cart. 

TWO NOTES only tracks the navigation of the Customer on the Website to ensure that the Website works properly and to improve and personalize Customer’s online experience. 

Cookies placed on Customer’s electronic devices are the following: 

 

- Functional Cookies  

Name

Function

Duration

_ab

Used in connection with access to admin.

2y

_secure_session_id

Used to track a user's session through the multi-step checkout process and keep their order, payment and shipping details connected.

24h

_shopify_country

For shops where pricing currency/country set from GeoIP, that cookie stores the country we've detected. This cookie helps avoid doing GeoIP lookups after the first request.

session

_shopify_m

Used for managing customer privacy settings.

1y

_shopify_tm

Used for managing customer privacy settings.

30min

_shopify_tw

Used for managing customer privacy settings.

2w

_storefront_u

Used to facilitate updating customer account information.

1min

_tracking_consent

Used to store a user's preferences if a merchant has set up privacy rules in the visitor's region.

1y

c

Used in connection with checkout.

1y

cart

Used in connection with shopping cart.

2w

cart_currency

Set after a checkout is completed to ensure that new carts are in the same currency as the last checkout.

2w

cart_sig

A hash of the contents of a cart. This is used to verify the integrity of the cart and to ensure performance of some cart operations.

2w

cart_ts

Used in connection with checkout.

2w

cart_ver

Used in connection with shopping cart.

2w

checkout

Used in connection with checkout.

4w

checkout_token

Used in connection with checkout.

1y

dynamic_checkout_shown_on_cart

Used in connection with checkout.

30min

hide_shopify_pay_for_checkout

Used in connection with checkout.

session

keep_alive

Used in connection with buyer localization.

2w

master_device_id

Used in connection with merchant login.

2y

previous_step

Used in connection with checkout.

1y

remember_me

Used in connection with checkout.

1y

secure_customer_sig

Used to identify a user after they sign into a shop as a customer so they do not need to log in again.

20y

shopify_pay

Used in connection with checkout.

1y

shopify_pay_redirect

Used in connection with checkout.

1 hour, 3w or 1y depending on value

storefront_digest

Stores a digest of the storefront password, allowing merchants to preview their storefront while it's password protected.

2y

tracked_start_checkout

Used in connection with checkout.

1y

checkout_one_experiment

Used in connection with checkout.

session

checkout_session_lookup

Used in connection with checkout.

3w

checkout_session_token_<<id>>

Used in connection with checkout.

3w

 

 Reporting and Analytics

Name

Function

Duration

_landing_page

Track landing pages.

2w

_orig_referrer

Track landing pages.

2w

_s

Shopify analytics.

30min

_shopify_d

Shopify analytics.

session

_shopify_fs

Shopify analytics.

30min

_shopify_s

Shopify analytics.

30min

_shopify_sa_p

Shopify analytics relating to marketing & referrals.

30min

_shopify_sa_t

Shopify analytics relating to marketing & referrals.

30min

_shopify_y

Shopify analytics.

1y

_y

Shopify analytics.

1y

_shopify_evids

Shopify analytics.

session

_shopify_ga

Shopify and Google Analytics.

session

 

Non-functional Cookies 

[Insert Non-Functional Cookies List]

If the Customer no longer wishes to be tracked by such Cookies, the Customer can set their browser in order to block them (see links below). However, this may disrupt the operation of the Website.

-Microsoft Internet Explorer: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11-0753-043d-7c16-ede5947fc64d 

- Google Chrome: https://support.google.com/chrome/answer/95647?hl=en-GB&hlrm=en 

- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac 

- Firefox: https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop 

- Opera:  https://help.opera.com/en/latest/web-preferences/#cookies 

Complaints

As noted above, if you would like to make a complaint, please contact us by e-mail or by mail using the details provided under “Contact details of the data controller” above.

If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority.