PRIVACY POLICY
Welcome to the Privacy Policy of Do2, Inc (Do2”, “we”, “us” and/or “our”). This Privacy Policy is
provided by Do2 and has been created to provide information about how we collect and process
information through the Do2 website (“the Site”), mobile applications (“App”), and services provided by
us (the Do2 Services”), as well as from our business customers who use our business services (the Do2
Business Customer Services”). This Privacy Policy is divided into 3 parts depending on what type of user
of the Do2 services you are:
A. Site visitors, who are individuals visiting our website to learn more about Do2, in which case
the Do2 Privacy Policy for Site Visitors” applies to you;
B. End-Users of Do2 Services offered by Do2 customers, in which case the Do2 Privacy Policy
for End Users of Do2 Services Offered by Do2 Customers” applies to you; and
C. Do2 business customers, in which case the Do2 Privacy Policy for Do2 Business
Customers” applies to you
Data Privacy Framework Policy Updates
Do2 and its affiliates comply with the requirements of the EU-U.S. Data Privacy Framework, the UK
Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework as
set forth by the U.S. Department of Commerce (collectively, the “DPF”). Do2 has certified to the U.S.
Department of Commerce that it adheres to the DPF Principles with respect to personal information
(as described below) that is transferred from the European Union and its Member States, the
European Economic Area, the United Kingdom (and Gibraltar), and/or Switzerland to the United
States. If there is any conflict between the terms in this DPF Policy or another applicable privacy
policy and the DPF Principles, the DPF Principles shall govern. To learn more about the Data Privacy
Framework and to view Do2’s certification, please visit: https://www.dataprivacyframework.gov.
This DPF Policy applies to personal information within the scope of Do2’s DPF certification, which
covers the following categories of information:
Personal information regarding current, former and prospective partners, principals and
employees for the purposes of operating and managing Do2, performing human resource
administration and maintaining contact with individuals.
Personal information regarding current, former and prospective clients and their personnel,
customers, or other data subjects for the purposes of delivering Do2 services, maintaining ongoing
relationships and performing business development activities.
Personal information regarding our suppliers, service providers, and other third parties, and
their personnel for the purposes of managing and administering Do2’s business relationships
with such third parties.
Accountability for Onward Transfers Consistent with the DPF Principles
Do2 may transfer personal information to third parties, including transfers from one country to
another. We will only disclose an individual’s personal information to third parties under one or
more of the following conditions:
The disclosure is to a third party providing services to Do2, or to the individual, in connection with
the operation of our business, and as consistent with the purpose for which the personal information
was collected. We maintain written contracts with these third parties and require that these third
parties provide at least the same level of privacy protection and security as required by the DPF
Principles. To the extent provided by the DPF Principles, Do2 remains responsible and liable under
the DPF Principles if a third party that it engages to process personal information on its Do2 | Do2's
Data Privacy Framework Policy 2 behalf does so in a manner inconsistent with the DPF Principles,
unless Do2 proves that it is not responsible for the matter giving rise to the damage;
With the individual’s permission to make the disclosure;
Where required to the extent necessary to meet a legal obligation to which Do2 is subject, including
a lawful request by public authorities and national security or law enforcement obligations and
applicable law, rule, order, or regulation;
Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal
claims. Individual rights Individuals whose personal information is covered by this DPF Policy have
the right to access the personal information that Do2 maintains about them as specified in the DPF
Principles. Individuals may contact us to correct, amend or delete such personal information if it is
inaccurate or has been processed in violation of the DPF Principles (except when the burden or
expense of providing access, correction, amendment, or deletion would be disproportionate to the
risks to the individual’s privacy, or where the rights of persons other than the individual would be
violated). Individuals may also have the right to limit the use and disclosure of their personal
information (opt out) under certain circumstances, such as marketing. Requests to access, correct,
amend, delete, or limit the use and disclosure of personal information (opt out) may be submitted
using our request form.
Security
Do2 takes appropriate measures to protect personal information in its possession to ensure a level of
security appropriate to the risk of loss, misuse, unauthorized access, disclosure, alteration, and
destruction. These measures take into account the nature of the personal information and the risks
involved in its processing, as well as best practices in the industry for security and data protection.
Enforcement In compliance with the DPF Principles
Do2 commits to resolve complaints about our collection or use of your personal information. Individuals
with inquiries or complaints regarding our DPF Policy should first contact Do2. Do2 has a policy of
responding to individuals within forty five (45) days of an inquiry or complaint. If an individual has an
unresolved complaint or concern that is not addressed satisfactorily, that individual may contact our U.S.
based third party dispute resolution provider (free of charge). If the dispute involves human resources
personal information or information collected in the context of an employment relationship, we will
cooperate with the competent EU, UK, or Swiss data protection authorities and comply with the advice of
such authorities. You may have the option to select binding arbitration under the EU-U.S. Data Privacy
Framework Panel for the resolution of your complaint under certain circumstances. Do2
is also subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.
Modifications- Do2 may update this DPF Policy at any time by publishing an updated version here,
however we will not update this DPF Policy in contravention of the DPF Principles.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF,
Do2, Inc. commits to cooperate and comply respectively with the advice of the panel established by the
EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the
Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved
complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF
and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment
relationship. This applies to parts A, B, and C of the Privacy Policy.
Do2 Contact Information:
No matter what type of user you are, you have any questions about Do2’s Privacy Policy or the
information practices of the Do2 Services, or wish to exercise any of your data protection rights
as described in the sections below, please email privacy@do2.co.
If you are a resident of the United Kingdom or European Economic Area, please note that we
have appointed an EU data protection representative. If you have any questions, please contact
Do2's Compliance Team at legal@do2.co
(A) Do2 Privacy Policy for Site Visitors
Do2, Inc., is the controller of your information collection through your use of our Site pursuant to the
EU General Data Protection Regulation 2016/679, as applicable.
Please read this section of Privacy Policy to understand how we may process your information via
your use of our Site. If you do not agree with how we process your information, please do not use the
Site.
1. Information We Collect
When you interact with us through the Site, we may collect your information from and about you,
as further described below:
Information That You Provide: We collect information from you when you voluntarily
provide it, such as when you contact us with inquiries, respond to one of our surveys, or
provide it at a conference or event. This information may include your name, business contact
information, and title.
Interaction with our Site: When you interact with Do2 through the Site, we receive and store
certain information automatically through various technologies. Do2 may store such
information itself or such information may be included in databases owned and maintained by
Do2 affiliates, agents or service providers. This Site may use such information and pool it with
other information to track, for example, the total number of visitors to our Site, the number of
visitors to each page of our Site, and the domain names of our visitors Internet service
providers. For further details please see the section on “Cookies” below.
Research and Analytics Data: In an ongoing effort to better understand and serve the users of
the Do2 Services, Do2 often conducts research on its Site visitor demographics, interests and
behavior based on the information you provide to us and that we collect from and about you.
This research may be compiled and analyzed on an aggregate and/or de-identified basis, in
which case Do2 may share this aggregated and/or de-identified data with its affiliates, agents
and business partners. This aggregate and/or de-identified information cannot be used to
identify you personally. Do2 may also disclose aggregated user statistics to describe our services
to current and prospective business partners, and to other third parties for other lawful
purposes.
2. Our Use of Your Information and Legal Bases for Processing Information
We process information you provide to us to enable us to provide the Site to you pursuant to any
applicable Site terms, to ensure compliance with local legal and regulatory requirements, and for the
purposes of our legitimate business interests, including to:
enable us to provide you with the information, products and services that you request from us;
enable us to respond to an inquiry or other request you make when you contact us via our
Site, including for customer services support;
notify you about any changes to the Site;
enable us to issue a notice or corrective action to you in relation to the Site, if required;
help us improve the content and functionality of the Site and Do2 Services, and to better
understand and analyze how you use our Site;
detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal activity;
troubleshoot and debug Site;
provide you with information about other services which we believe will be of interest to you
similar to those that you have already purchased or inquired about, as described in the
“Marketing” section below.
3. Cookies and Online Advertising
(a) Our Use of Cookies
In operating our Site, we may use a technology called “cookies”. A cookie is a piece of
information that the computer that hosts our Site stores to your browser when you access the Site.
We use various types of cookies, including session cookies, persistent cookies, local shared
objects, pixels, gifs and other tracking technologies, session and persistent technologies, first and
third-party cookies. Cookies can be persistent by remaining on your computer until you delete
them or be based on your browsing session where they delete once you close your browser. First
party cookies are used and controlled by us to provide services on our Site. Our use of cookies
falls into three categories:
Strictly necessary cookies: these are essential to enable you to move around our Site and
use its features. Without these cookies, the services you have asked for cannot be provided.
Performance cookies: also known as “analytical” cookies. These cookies allow us to
recognize and count the number of visitors and to see how visitors move around our site. For
example, they allow us to understand which pages are visited most often, and if they get
error messages from web pages. All information collected by these cookies is aggregated and
therefore anonymous.
Advertising cookies: Through the help of third-party service providers, we may place
certain cookies on our Site that allow us to provide advertising for the Do2 Services both on and
off the Site, as explained below.
Strictly necessary cookies are necessary to provide the Site to you. We use such cookies without
your prior consent. All other cookies are dropped after you have consented via a cookie banner.
(b) Opting out of Cookies
You have the ability to accept or decline cookies. Most browsers automatically accept cookies, but
you can usually modify your browser setting to decline cookies if you prefer. Detailed instructions
are provided by your browser. If you do not accept all cookies or withdraw your consent, you may
still browse the Site; however, in this case you may not be able to use the full functionalities of the
Site. For more information on cookies and how they can be managed and deleted please visit
https://www.allaboutcookies.org/ or your browser cookie settings.
(c) Online Advertising
We and non-affiliated third parties performing services on our behalf may integrate advertising
technologies that allow for the delivery of relevant advertising on the Site, as well as on other
websites you visit. The ads may be based on various factors such as the content of the page you are
visiting, demographic data, and other information we and our service providers collect from or
about you. These ads may be based on your current activity or your activity over time and across
other websites and online services and may be tailored to your interests.
We neither have access to, nor does this Privacy Policy govern, the use of cookies or other tracking
technologies that may be placed on your device you use to access the Services by such non-affiliated
third parties. If you are interested in more information about tailored browser advertising and how
you can generally control cookies from being put on your computer to deliver tailored advertising,
you may visit the Network Advertising Initiative’s Consumer Opt-Out Link, the Digital Advertising
Alliance’s Consumer Opt-Out Link, or Your Online Choices to opt-out of receiving tailored
advertising from companies that participate in those programs. To opt out of Google Analytics for
display advertising or customize Google display network ads, visit the Google Ads Settings page. We
do not control these opt-out links or whether any particular company chooses to participate in these
opt-out programs. We are not responsible for any choices you make using these mechanisms or the
continued availability or accuracy of these mechanisms.
Please note that if you exercise the opt out choices above, you will still see advertising when you use the
Site, but it will not be tailored to you based on your online behavior over time.
4. Marketing
Do2 and itsaffiliates (see Schedule I for list of affiliates) (the Do2 Related Companies) may also use
your information to contact you via email, phone, or postal mail with promotional materials in the
future to tell you about services we believe will be of interest to you, in accordance with applicable law.
In our promotional emails, there will be instructions explaining how to “opt-outof receiving them in
the future, if you would like. In addition, if at any time you wish not to receive any future promotional
communications or you wish to have your name deleted from our mailing lists, please contact us as
indicated below. Please note that it may take time to process your request, consistent with our legal
obligations. Also, after you have opted out, you may continue to receive non-promotional, transactional
communications from us.
5. Our Disclosure of Your Information
We may share your information with certain third parties, as set forth below:
Business Transfers: As we develop our business, we might sell or buy some or all of
our businesses or assets. In the event of a corporate sale, merger, reorganization,
dissolution or similar event, your information may be part of the transferred assets.
Related Companies: We may also share information with our Do2 Related Companies
for purposes consistent with this Privacy Policy.
Agents, Consultants and Related Third Parties: Do2, like many businesses, sometimes hires
other companies to perform certain business-related functions on our behalf. Examples of
such functions include hosting our Do2 Services, mailing information, sales and marketing,
shipping and fulfillment, maintaining databases, and processing payments. When we employ
another company to perform a function of this nature, we only provide them with the
information that they need to perform their specific function.
Legal Requirements: Do2 may disclose your information if required to do so by law or in
the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii)
protect and defend the rights or property of Do2, (iii) act in urgent circumstances to protect
the personal safety of users of the Site or the public, or (iv) protect against legal liability.
When we disclose your personal data to third parties, we take reasonable measures to ensure that the
rules set out in this Privacy Policy are complied with and that these third parties provide sufficient
guarantees to implement appropriate technical and organizational measures to protect your personal
data.
6. Storing Your Information
Your information collected via our Site will be stored on servers located in the United States,
European Union and other locations that may have different data protection laws than in your
jurisdiction. This includes by individuals or service providers engaged in, among other things,
administration of an enquiry or request you make via our Site, or the provision of support services.
By using the Site, you acknowledge that your information will be stored and processed in the United
States, European Union and potentially other global locations.
7. Data Privacy Framework Principles
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-
U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) ("Data Privacy Framework") and
to the rights of EU and UK individuals and Swiss individuals. Do2 is committed to comply with the EU-
U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-
U.S. Data Privacy Framework (Swiss-U.S. DPF) and to the rights of EU and UK individuals and Swiss
individuals in regard to transfers of personal data from the European Union and, as applicable, the
United Kingdom, and/or with the Swiss-U.S. DPF Principles with regard to transfer of personal data
from Switzerland as reflected in Do2's self-certification submissions to the U.S. Department of
Commerce, and in the Do2 Privacy Policy. The Frameworks as set forth by the U.S. Department of
Commerce regarding the processing of Personal Data as defined in, and subject to, applicable EU, UK,
and Swiss data protection laws (for these purposes, reference to the EU also includes the European
Economic Area countries of Iceland, Liechtenstein and Norway). We process Personal Data (as defined in
applicable EU, UK, and Swiss data protection laws) in accordance with the EU-U.S. Data Privacy
Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy
Framework (Swiss-U.S. DPF).
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-
U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S.
Department of Commerce. Do2 has certified to the U.S. Department of Commerce that it adheres to the
EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of
personal data received from the European Union and the United Kingdom in reliance on the EU-U.S.
DPF and the UK Extension to the EU-U.S. DPF. Do2 has certified to the U.S. Department of Commerce
that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with
regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If
there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the
Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework
(DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.
DPF, Do2, Inc. commits to resolve DPF Principles-related complaints about our collection and use of
your personal information. EU and UK individuals and Swiss individuals with inquiries or
complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the
UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Do2, Inc. at the
following email: legal@do2.world We have further committed to refer unresolved Data Privacy
Framework complaints to an alternative dispute resolution provider.
On 4 June 2021, the Commission issued modernised standard contractual clauses under the GDPR
for data transfers from controllers or processors in the EU/EEA (or otherwise subject to the GDPR)
to controllers or processors established outside the EU/EEA (and not subject to the GDPR).
These modernised SCCs replace the three sets of SCCs that were adopted under the previous Data
Protection Directive 95/46. Consequently, we are relying on standard contractual clauses (based on the
clauses published here, a copy of which can be obtained by contacting us at privacy@do2.co) for
transfers of personal data from the EEA.
8. Data Retention
We will only retain your information for as long as necessary to fulfill the purposes we collected it
for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your information, we consider the amount, nature,
and sensitivity of the information, the potential risk of harm from unauthorized use or disclosure of
your information, the purposes for which we process your information and whether we can achieve
those purposes through other means, and the applicable legal requirements.
9. Exclusions
This Do2 Privacy Policy for Site Visitors does not apply to information collected by Do2 other than
information collected through the Site. This Privacy Policy will not apply to any unsolicited
information you provide to Do2 through this Site or through any other means. This includes, but is
not limited to, information posted to any public areas of the Site, such as bulletin boards (collectively,
Public Areas”), any ideas for new products or modifications to existing products, and other
unsolicited submissions (collectively, Unsolicited Information”). All Unsolicited Information will be
deemed to be non-confidential and Do2 will be free to reproduce, use, disclose, and distribute such
Unsolicited Information to others without limitation or attribution.
10. Children
The Site is intended for general audiences and not for children under the age of 13. If we become aware
that we have collected “personal information” (as defined by the United States Children’s Online
Privacy Protection Act) from children under the age of 13 without legally valid parental consent, we
will take reasonable steps to delete it as soon as possible. We do not knowingly process data of EU
residents under the age of 16 without parental consent. If we become aware that we have collected data
from an EU resident under the age of 16 without parental consent, we will take reasonable steps to
delete it as soon as possible. We also comply with other age restrictions and requirements in
accordance with applicable local laws.
11. Links to Other Web Sites
The policies and procedures we described here do not apply to such Third Party Sites. The links from
this Site do not imply that Do2 endorses or has reviewed the Third Party Sites. We suggest contacting
those sites directly for information on their privacy policies and practices.
12. Our Policy on Do Not Track Signals
This Site may contain links to other web sites not operated or controlled by Do2 (the “Third Party Sites”).
The policies and procedures we described here do not apply to such Third Party Sites. The links from this
Site do not imply that Do2 endorses or has reviewed the Third Party Sites. We suggest contacting those
sites directly for information on their privacy policies and practices. Do2 takes steps to protect the
information provided via the Site from loss, misuse, and unauthorized access, disclosure, alteration, or
destruction. However, no Internet or e-mail transmission is ever fully secure or error free. Please keep
this in mind when disclosing any information to Do2.
13. Other Terms and Conditions
Your access to and use of this Site is subject to the Terms of Use (https://www.do2.com/terms/).
14. Changes to Do2's Privacy Policy
The Site, our business, and applicable legal requirements may change from time to time. As a result, at
times it may be necessary for Do2 to make changes to this Privacy Policy. Do2 reserves the right to
update or modify this Privacy Policy at any time in accordance with our legal obligations. Please
review this policy periodically. This Privacy Policy was last updated on the date indicated above. Your
continued use of the Site after any changes or revisions to this Privacy Policy will indicate your
agreement with the terms of such revised Privacy Policy.
15. Your Rights
To keep your information accurate, current, and complete, please contact us as specified at the
beginning of this Privacy Policy. We will take reasonable steps to update or correct your information
in our possession in accordance with applicable law.
You may have the right to: request access to your Personal Data we hold about you; request we correct
any inaccurate Personal Data we hold about you; request we delete any Personal Data we hold about
you; restrict the processing of Personal Data we hold about you; object to the processing of Personal
Data we hold about you; and/or receive any Personal Data we hold about you in a structured and
commonly used machine-readable format or have such Personal Data transmitted to another company.
We may ask you for additional information to confirm your identity and for security purposes, before
disclosing information requested to you. We will process any request in line with any local laws and
our policies and procedures. If you are located in the EEA or United Kingdom, you have the right to
lodge a complaint about how we process your Personal Data with the supervisory authority in your
country.
If you wish to exercise any of your rights, please contact us using the information provided in the
"Do2 Contact Information" section.
16. Privacy Notice for California Users
If you are a California resident, California law requires us to provide you with some additional
information regarding your rights with respect to your “personal information” (as defined in
the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act(“CPRA")).
Please note that we describe the categories of personal information we collect, the sources and
uses of such information, and the entities to which we share such information above in the
“Information We Collect, “Our Use of Your Information and Legal Bases for Processing
Information,and “How We Disclose Your Information” sections above. Do2 allows users the
following rights in accordance with the CPRA/CCPA:
Right to Request and Receive Personal Information Disclosures
Right to Delete Personal Information
Right to Correct Inaccurate Personal Information
Right to Know what Personal Information is Being Collected and Right to Access
Personal Information
Right to Know what Personal Information is Sold or Shared, and to Whom
Right to Opt-Out of the Sale or Sharing of Personal Information:
Right to Limit Use and Disclosure of Sensitive Personal Information
Right of Non-Retaliation Following Opt-Out of Exercise of Other Rights
If you are a California resident and you have any questions about our practices, please contact us
using the contact information above.
Further, please note that applicable California privacy legislation permits individuals who are
California residents to request certain information regarding our disclosure of “personal information”
(as defined by California law) to third parties for their direct marketing purposes. We do not share
personal information with third parties for their own marketing purposes.
17. Federal Trade Commission (FTC)
Do2 is subject to the investigatory and enforcement powers of the FTC.
18. Arbitration
Do2 is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF
Principles, provided that an individual has invoked binding arbitration by delivering notice to Do2
and following the procedures and subject to conditions set forth in Annex I of Principles.
19. Accountability for Onward Transfers Consistent with the DPF Principles.
Do2 may transfer personal information to third parties, including transfers from one country to
another. We will only disclose an individual’s personal information to third parties under one or
more of the following conditions:
The disclosure is to a third party providing services to Do2, or to the individual, in connection with
the operation of our business, and as consistent with the purpose for which the personal information
was collected. We maintain written contracts with these third parties and require that these third
parties provide at least the same level of privacy protection and security as required by the DPF
Principles. To the extent provided by the DPF Principles, Do2 remains responsible and liable under the
DPF Principles if a third party that it engages to process personal information on its behalf does so in a
manner inconsistent with the DPF Principles, unless Do2 proves that it is not responsible for the matter
giving rise to the damage;
With the individual’s permission to make the disclosure;
Where required to the extent necessary to meet a legal obligation to which Do2 is subject, including a
lawful request by public authorities and national security or law enforcement obligations and
applicable law, rule, order, or regulation;
Where reasonably necessary for compliance or regulatory purposes, or for the establishment of legal
claims.
(B) Do2 Privacy Policy for End-Users of Do2 Services Offered by Do2 Customers
To the extent that you are providing information via the mobile applications (“App”) in
connection with your occupation or use of a building or particular physical space (“End-Users”)
in which you live, visit or work, please note that Do2 processes this information on behalf of our
customers who are building or space owners (“Customer Data”) to provide Do2 services,
including access to the Do2 Platform and Tenant Experience applications (the Do2 Services”) to
you as an App End User. We are a processor when we process Customer Data, our customer is
the data controller. This Privacy Policy explains the information collected from and about you as
an End User of the App.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.
DPF, Do2, Inc. commits to cooperate and comply respectively with the advice of the panel
established by the EU data protection authorities (DPAs) and the UK Information
Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information
Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human
resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF
and the Swiss-U.S. DPF in the context of the employment relationship. This applies to parts A, B,
and C of the Privacy Policy.
Please read this Privacy Policy to understand how we and our Customers (together referred to
herein as “we”) may process your information via your use of the Do2 Services. If you do not
agree with how we process your information, please do not use the Do2 Services.
1. Information We Collect
When you interact with us through our Site, we may collect information from and about you, as
further described below:
Information That You Provide: We collect information from you when you voluntarily provide it,
such as when you contact us with inquiries, respond to one of our surveys, provide it at a
conference or event, register for access to the Do2 Services, or use certain Do2 Services. This
information may include your name, business contact information, and title.
Location Data: Some features and functionality in our Do2 Services require that you provide your
location. If you have location services turned on, whenever you use such Do2 Services on your
mobile device, we collect and use your geocoordinates (e.g. latitude and longitude) to tailor the
Do2 Services to your current location. We will only process your location with your express
permission. If you have persistent background location turned on, we will obtain your device’s
location even if you are not using the Do2 Services on your mobile device. Your location is never
shared with others, except with your consent or as permitted under this Privacy Policy. We use
various technologies to determine your precise location, such as the location services of your
operating system or browser, sensor data from your device (e.g. magnetometer, barometer,
gyroscopes, accelerometers, compasses, Bluetooth data, beacon data, Wi-Fi access points, GPS
data, and cell tower data), and other data that may help us understand your precise location. If
you have opted-in to sharing your background location with us as part of using the Do2 Services,
you may remove this permission at any time by going into your operating device settings and
toggling off background sharing.
Interaction with our App: When you interact with the Do2 Services through the App, we receive
and store certain information automatically about your interaction with the App. We may store
such information ourselves, or such information may be included in databases owned and
maintained by our affiliates, agents or service providers. The Do2 Services may use such
information and pool it with other information to track, for example, the total number of App
users, the number of users of different portions of the App, and similar App usage information.
Setting up an account via the App: when you download our App and set up an account, we will
collect certain information from you such as your username and password in order to process
your registration and administer your account.
Research and Analytics Data: In an ongoing effort to better understand and serve the users of the
Do2 Services, Do2 often conducts research on its customer and user demographics, interests and
behavior based on the information you provide to us. This research may be compiled and
analyzed on an aggregate and/or de-identified basis, in which case Do2 may share this
aggregated and/or de-identified data with its affiliates, agents and business partners. This
aggregate and/or de-identified information cannot be used to identify you personally. Do2 may
also disclose aggregated user statistics to describe our services to current and prospective
business partners, and to other third parties for other lawful purposes.
2. Our Use of Your Information and Legal Bases for Processing Information
We process the information you provide to us to enable us to perform the contract we are about
to enter into or have entered into with your landlord or your employers landlord, to ensure
compliance with local legal and regulatory requirements, and for the purposes of our legitimate
business interests, including to:
to provide you with access to our Platform and the Services, to support your use of Do2
Services, and to support the use of the Do2 Services by others who interact with you
through our Do2 Services (such as your landlord, your property manager, your
employer, or third party service providers)
enable us to carry out our obligations arising from any contracts and to provide you with
the information, products and services that you request from us;
enable us to respond to an inquiry or other request you make when you contact us via our
App, including for customer services support;
notify you about any changes to the Do2 Services;
enable us to issue a notice or corrective action to you in relation to any of the Do2 Services,
if required;
help us improve the content and functionality of the Do2 Services, and to better
understand and analyze how you use our App;
detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal
activity;
troubleshoot and debug Do2 Services errors;
provide you with information about other services which we believe will be of interest to
you similar to those that you have already purchased or inquired about, as described in
the “Marketing” section below.
3. Marketing
Do2 and its affiliates (see Schedule I for list of affiliates) (the Do2 Related Companies”) may also
your information to contact you via email, phone, or postal mail with promotional materials in
the future to tell you about services we believe will be of interest to you in accordance with
applicable law. In our promotional emails, there will be instructions explaining how to “opt-out
of receiving them in the future, if you would like. In addition, if at any time you wish not to
receive any future promotional communications or you wish to have your name deleted from our
mailing lists, please contact us as indicated below. Please note that it may take time to process
your request, consistent with our legal obligations. Also, after you have opted out, you may
continue to receive non-promotional, transactional communications from us.
4. Our Disclosure of Your Information
We may share your information with certain third parties, as set forth below:
Business Transfers: As we develop our business, we might sell or buy some or all of our
businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution
or similar event, your information may be part of the transferred assets.
Related Companies: We may also share your information with our Do2 Related
Companies for purposes consistent with this Privacy Policy.
Agents, Consultants and Related Third Parties: We, like many businesses, sometimes hire
other companies to perform certain business-related functions on our behalf. Examples of
such functions include hosting the Do2 Services, mailing information, sales and
marketing, shipping and fulfillment, maintaining databases, and processing payments.
When we employ another company to perform a function of this nature, we only provide
them with the information that they need to perform their specific function.
Legal Requirements: We may disclose your information if required to do so by law or in
the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii)
protect and defend our rights or property, (iii) act in urgent circumstances to protect the
personal safety of users of the Do2 Services or the public, or (iv) protect against legal
liability.
When we disclose your personal data to third parties, we take reasonable measures to ensure that
the rules set out in this Privacy Policy are complied with and that these third parties provide
sufficient guarantees to implement appropriate technical and organizational measures to protect
your personal data.
5. Storing Your Information
Your information collected via the Do2 Services will be stored on servers located in the United
States, European Union and other locations that may have different data protection laws than in
your jurisdiction. This includes individuals or service providers engaged in, among other things,
and provision of support services. By using the Do2 Services, you acknowledge that your
information will be stored and processed in the United States, European Union and potentially
other global locations.
6. Data Privacy Framework Principles
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to
the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) ("Data Privacy
Framework") and to the rights of EU and UK individuals and Swiss individuals. Do2 is
committed to comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK
Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and
to the rights of EU and UK individuals and Swiss individuals in regard to transfers of personal
data from the European Union and, as applicable, the United Kingdom, and/or with the Swiss-
U.S. DPF Principles with regard to transfer of personal data from Switzerland as reflected in
Do2's self-certification submissions to the U.S. Department of Commerce, and in the Do2
Privacy Policy. The Frameworks as set forth by the U.S. Department of Commerce regarding the
processing of Personal Data as defined in, and subject to, applicable EU, UK, and Swiss data
protection laws (for these purposes, reference to the EU also includes the European Economic
Area countries of Iceland, Liechtenstein and Norway). We process Personal Data (as defined in
applicable EU, UK, and Swiss data protection laws) in accordance with the EU-U.S. Data Privacy
Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data
Privacy Framework (Swiss-U.S. DPF).
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to
the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the
U.S. Department of Commerce. Do2 has certified to the U.S. Department of Commerce that it
adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard
to the processing of personal data received from the European Union and the United Kingdom in
reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Do2 has certified to the
U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework
Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received
from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in
this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the
Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to
view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.
DPF, Do2, Inc. commits to resolve DPF Principles-related complaints about our collection and use
of your personal information. EU and UK individuals and Swiss individuals with inquiries or
complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and
the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Do2, Inc. at the
following email: legal@do2.co . We have further committed to refer unresolved Data Privacy
Framework complaints to an alternative dispute resolution provider.
On 4 June 2021, the Commission issued modernised standard contractual clauses under the
GDPR for data transfers from controllers or processors in the EU/EEA (or otherwise subject to
the GDPR) to controllers or processors established outside the EU/EEA (and not subject to the
GDPR).
These modernised SCCs replace the three sets of SCCs that were adopted under the previous
Data Protection Directive 95/46. Consequently, we are relying on standard contractual clauses
(based on the clauses published here, a copy of which can be obtained by contacting us at
privacy@do2.co) for transfers of personal data from the EEA.
7. Data Retention
We will only retain your information for as long as necessary to fulfill the purposes we collected
it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your information, we consider the amount,
nature, and sensitivity of the information, the potential risk of harm from unauthorized use or
disclosure of your information, the purposes for which we process your information and whether
we can achieve those purposes through other means, and the applicable legal requirements.
8. Exclusions
This Privacy Policy does not apply to information collected by us other than information collected
through the Do2 Services. This Privacy Policy will not apply to any unsolicited information you
provide to Do2 through any means. This includes, but is not limited to, any ideas for new
products or modifications to existing products, and other unsolicited submissions (collectively,
Unsolicited Information”). All Unsolicited Information will be deemed to be non-confidential
and we will be free to reproduce, use, disclose, and distribute such Unsolicited Information to
others without limitation and attribution.
This Privacy Policy does not address, and we are not responsible for, the privacy, information, or
other practices of any third parties with whom you interact using our Do2 Services, including any
landlord, property manager, tenant, merchant or service provider, and including any other third
party operating any site, application or service that may be introduced, included or integrated
into our Do2 Services. We encourage you to read the privacy policy of every person with whom
you interact using our Do2 Services.
9. Children
Do2 Services are intended for general audiences and not for children under the age of 13. If we
become aware that we have collected “personal information” (as defined by the United States
Children’s Online Privacy Protection Act) from children under the age of 13 without legally valid
parental consent, we will take reasonable steps to delete it as soon as possible. We do not
knowingly process data of EU residents under the age of 16 without parental consent. If we
become aware that we have collected data from an EU resident under the age of 16 without
parental consent, we will take reasonable steps to delete as soon as possible. We also comply with
other age restrictions and requirements in accordance with applicable local laws.
10. Links to Other Web Sites
This Privacy Policy applies only to the Do2 Services. The Do2 Services and App may contain links
to other web sites not operated or controlled by Do2 (the Third Party Sites”). The policies and
procedures we described here do not apply to such Third Party Sites. The links from the Do2
Services do not imply that Do2 endorses or has reviewed the Third Party Sites. We suggest
contacting those sites directly for information on their privacy policies and practices.
11. Security
We take steps to protect the information provided via the Do2 Services from loss, misuse, and
unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-mail
transmission is ever fully secure or error free. Please keep this in mind when disclosing any
information to us.
12. Changes to this Privacy Policy
Our business, and applicable legal requirements may change from time to time. As a result, at
times it may be necessary for us to make changes to this Privacy Policy. We reserve the right to
update or modify this Privacy Policy at any time in accordance with our legal obligations. Please
review this policy periodically. This Privacy Policy was last updated on the date indicated above.
Your continued use of the Do2 Services after any changes or revisions to this Privacy Policy will
indicate your agreement with the terms of such revised Privacy Policy.
13. Your Rights
To keep your information accurate, current, and complete, please contact us as specified below.
We will take reasonable steps to update or correct your information in our possession in
accordance with applicable law.
You may have the right to: request access to your Personal Data we hold about you; request we
correct any inaccurate Personal Data we hold about you; request we delete any Personal Data we
hold about you; restrict the processing of Personal Data we hold about you; object to the
processing of Personal Data we hold about you; and/or receive any Personal Data we hold about
you in a structured and commonly used machine-readable format or have such Personal Data
transmitted to another company. We may ask you for additional information to confirm your
identity and for security purposes, before disclosing information requested to you. We will
process any request in line with any local laws and our policies and procedures. If you are located
in the EEA or United Kingdom, you have the right to lodge a complaint about how we process
your Personal Data with the supervisory authority in your country.
If you wish to exercise any of your rights, please contact us using the information provided in the
"Do2 Contact Information" section.
14. Privacy Notice for California Users
If you are a California resident, California law requires us to provide you with some additional
information regarding your rights with respect to your “personal information” (as defined in the
California Consumer Privacy Act ("CCPA") and California Privacy Rights Act(“CPRA")). We
describe the categories of personal information we collect, the sources and uses of such
information, and the entities to which we share such information above in the “Information We
Collect,“Our Use of Your Information and Legal Bases for Processing Information,” and “How
We Disclose Your Information sections above. Do2 allows users the following rights in
accordance with the CPRA/CCPA:
Right to Request and Receive Personal Information Disclosures
Right to Delete Personal Information
Right to Correct Inaccurate Personal Information
Right to Know what Personal Information is Being Collected and Right to Access Personal
Information
Right to Know what Personal Information is Sold or Shared, and to Whom
Right to Opt-Out of the Sale or Sharing of Personal Information:
Right to Limit Use and Disclosure of Sensitive Personal Information
Right of Non-Retaliation Following Opt-Out of Exercise of Other Rights
If you are a California resident and you have any questions about our practices, or would like to
exercise any rights you may have (subject to any legal exceptions) please contact us using the
contact information above. Further, please note that applicable California privacy legislation
permits individuals who are California residents to request certain information regarding our
disclosure of “personal information” (as defined by California law) to third parties for their direct
marketing purposes. We do not share personal
information with third parties for their own marketing purposes.
15. Federal Trade Commission (FTC)
Do2 is subject to the investigatory and enforcement powers of the FTC.
16. Arbitration
Do2 is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF
Principles, provided that an individual has invoked binding arbitration by delivering notice to
Do2 and following the procedures and subject to conditions set forth in Annex I of Principles.
17. Accountability for Onward Transfers Consistent with the DPF Principles.
Do2 may transfer personal information to third parties, including transfers from one country to
another. We will only disclose an individual’s personal information to third parties under one or
more of the following conditions:
The disclosure is to a third party providing services to Do2, or to the individual, in connection
with the operation of our business, and as consistent with the purpose for which the personal
information was collected. We maintain written contracts with these third parties and require that
these third parties provide at least the same level of privacy protection and security as required
by the DPF Principles. To the extent provided by the DPF Principles, Do2 remains responsible
and liable under the DPF Principles if a third party that it engages to process personal
information on its behalf does so in a manner inconsistent with the DPF Principles, unless Do2
proves that it is not responsible for the matter giving rise to the damage;
With the individual’s permission to make the disclosure;
Where required to the extent necessary to meet a legal obligation to which Do2 is subject,
including a lawful request by public authorities and national security or law enforcement
obligations and applicable law, rule, order, or regulation;
Where reasonably necessary for compliance or regulatory purposes, or for the establishment
of legal claims.
(C) Do2 Privacy Policy for Do2 Business Customers
If you are a business customer of Do2, Do2, Inc., is the controller of your information collected
from and about you as part of our business customer services (Do2 Business Customer
Services”).
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.
DPF, Do2, Inc. commits to cooperate and comply respectively with the advice of the panel
established by the EU data protection authorities (DPAs) and the UK Information
Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information
Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human
resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF
and the Swiss-U.S. DPF in the context of the employment relationship. This applies to parts A, B,
and C of the Privacy Policy.
Please read this Privacy Policy to understand how we may process your information via your use
of our Do2 Business Customer Services. If you do not agree with how we process your
information, please do not use the Do2 Business Customer Services. If you are a business
customer that also uses the Do2 Services through our App, or that uses our Site, please also see
the privacy policies relevant to those services.
1. Information We Collect
When you interact with us as a user of the Do2 Business Customer Services, we may collect
information from and about you, as further described below:
Information That You Provide: We collect information from you when you voluntarily
provide it, such as when you contact us with inquiries, respond to one of our surveys,
provide it at a conference or event, or otherwise use the Do2 Business Customer Services.
This information may include your name, business contact information, and title.
Research and Analytics Data: In an ongoing effort to better understand and serve the users
of Do2 Business Customer Services, Do2 often conducts research on its customer
demographics, interests and behavior based on the information you provide to us. This
research may be compiled and analyzed on an aggregate and/or de-identified basis, in
which case Do2 may share this aggregated and/or de-identified data with its affiliates,
agents and business partners. This aggregate and/or de-identified information cannot be
used to identify you personally. Do2 may also disclose aggregated user statistics to
describe our services to current and prospective business partners, and to other third
parties for other lawful purposes.
2. Our Use of Your Information and Legal Bases for Processing Information
We process the information you provide to us to enable us to provide the Do2 Business Customer
Services to you, to ensure compliance with local legal and regulatory requirements, and for the
purposes of our legitimate business interests, including to:
enable us to carry out our obligations to provide you with the information, products and
services that you request from us;
enable us to respond to an inquiry or other request you make when you contact us,
including for customer services support;
notify you about any changes to the Do2 Business Customer Services;
enable us to issue a notice or corrective action to you in relation to any of the Do2 Business
Customer Services, if required;
help us improve the content and functionality of the Do2 Business Customer Services, and
to better understand and analyze how you use our Services;
detect security incidents, and protect against malicious, deceptive, fraudulent, or illegal
activity;
troubleshoot and debug Do2 Business Customer Services errors;
provide you with information about other services which we believe will be of interest to
you similar to those that you have already purchased or inquired about, as described in the
“Marketing” section below.
3. Marketing
Do2 and its affiliates (see Schedule I for list of affiliates) (the Do2 Related Companies”) may also
use your information to contact you via email, phone, or postal mail with promotional materials
in the future to tell you about services we believe will be of interest to you, in accordance with
applicable law.
In our promotional emails, there will be instructions explaining how to “opt-out of receiving
them in the future, if you would like. In addition, if at any time you wish not to receive any future
promotional communications or you wish to have your name deleted from our mailing lists,
please contact us as indicated below. Please note that it may take time to process your request,
consistent with our legal obligations. Also, after you have opted out, you may continue to receive
non-promotional, transactional communications from us.
4. Our Disclosure of Your Information
We may share your information with certain third parties, as set forth below:
Business Transfers: As we develop our business, we might sell or buy some or all of our
businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution
or similar event, your information may be part of the transferred assets.
Related Companies: We may also share your information with our Do2 Related
Companies for purposes consistent with this Privacy Policy.
Agents, Consultants and Related Third Parties: We, like many businesses, sometimes hire
other companies to perform certain business-related functions on our behalf. Examples of
such functions include hosting the Do2 Services, mailing information, sales and
marketing, shipping and fulfillment, maintaining databases, and processing payments.
When we employ another company to perform a function of this nature, we only provide
them with the information that they need to perform their specific function.
Legal Requirements: We may disclose your information if required to do so by law or in
the good faith belief that such action is necessary to (i) comply with a legal obligation, (ii)
protect and defend our rights or property, (iii) act in urgent circumstances to protect the
personal safety of users of the Do2 Services or the public, or (iv) protect against legal
liability.
5. Storing Your Information
Your information collected via the Do2 Business Customer Services will be stored on servers
located in the United States, European Union and other locations that may have different data
protection laws than in your jurisdiction. This includes by individuals or service providers
engaged in, among other things, administration of an enquiry or request you make via the Do2
Business Customer Services, or the provision of support services. By using the Do2 Business
Customer Services, you acknowledge that your information will be stored and processed in the
United States, European Union and potentially other global locations.
6. Data Privacy Framework Principles
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to
the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) ("Data Privacy
Framework") and to the rights of EU and UK individuals and Swiss individuals. Do2 is
committed to comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK
Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) and
to the rights of EU and UK individuals and Swiss individuals in regard to transfers of personal
data from the European Union and, as applicable, the United Kingdom, and/or with the Swiss-
U.S. DPF Principles with regard to transfer of personal data from Switzerland as reflected in
Do2's self-certification submissions to the U.S. Department of Commerce, and in the Do2 Privacy
Policy. The Frameworks as set forth by the U.S. Department of Commerce regarding the
processing of Personal Data as defined in, and subject to, applicable EU, UK, and Swiss data
protection laws (for these purposes, reference to the EU also includes the European Economic
Area countries of Iceland, Liechtenstein and Norway). We process Personal Data (as defined in
applicable EU, UK, and Swiss data protection laws) in accordance with the EU-U.S. Data Privacy
Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data
Privacy Framework (Swiss-U.S. DPF).
Do2 complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to
the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the
U.S. Department of Commerce. Do2 has certified to the U.S. Department of Commerce that it
adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard
to the processing of personal data received from the European Union and the United Kingdom in
reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Do2 has certified to the
U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework
Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received
from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in
this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the
Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to
view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S.
DPF, Do2, Inc. commits to resolve DPF Principles-related complaints about our collection and use
of your personal information. EU and UK individuals and Swiss individuals with inquiries or
complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and
the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact Do2, Inc. at the
following email: legal@do2.co We have further committed to refer unresolved Data Privacy
Framework complaints to an alternative dispute resolution provider.
On 4 June 2021, the Commission issued modernised standard contractual clauses under the
GDPR for data transfers from controllers or processors in the EU/EEA (or otherwise subject to
the GDPR) to controllers or processors established outside the EU/EEA (and not subject to the
GDPR).
These modernised SCCs replace the three sets of SCCs that were adopted under the previous
Data Protection Directive 95/46. Consequently, we are relying on standard contractual clauses
(based on the clauses published here, a copy of which can be obtained by contacting us at
privacy@do2.co) for transfers of personal data from the EEA.
7. Data Retention
We will only retain your information for as long as necessary to fulfill the purposes we collected
it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for your information, we consider the amount,
nature, and sensitivity of the information, the potential risk of harm from unauthorized use or
disclosure of your information, the purposes for which we process your information and whether
we can achieve those purposes through other means, and the applicable legal requirements.
8. Exclusions
This Privacy Policy does not apply to information collected by Do2 other than information
collected through the Do2 Business Customer Services. This Privacy Policy will not apply to any
unsolicited information you provide to Do2 through any other means. This includes, but is not
limited to, any ideas for new products or modifications to existing products, and other
unsolicited submissions (collectively, Unsolicited Information”). All Unsolicited Information
will be deemed to be non-confidential and Do2 will be free to reproduce, use, disclose, and
distribute such Unsolicited Information to others without limitation or attribution.
9. Security
Do2 takes steps to protect the information provided via the Site and Do2 Services from loss,
misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or e-
mail transmission is ever fully secure or error free. Please keep this in mind when disclosing any
information to Do2.
10. Changes to Do2's Privacy Policy
Our business, and applicable legal requirements, may change from time to time. As a result, at
times it may be necessary for Do2 to make changes to this Privacy Policy. Do2 reserves the right
to update or modify this Privacy Policy at any time in accordance with our legal obligations.
Please review this policy periodically. This Privacy Policy was last updated on the date indicated
above. Your continued use of the Site or Do2 Services after any changes or revisions to this
Privacy Policy will indicate your agreement with the terms of such revised Privacy Policy.
11. Your Rights
To keep your information accurate, current, and complete, please contact us as specified below.
We will take reasonable steps to update or correct your information in our possession in
accordance with applicable law.
You may have the right to: request access to your Personal Data we hold about you, request we
correct any inaccurate Personal Data we hold about you; request we delete any Personal Data we
hold about you; restrict the processing of Personal Data we hold about you; object to the
processing of Personal Data we hold about you; and/or receive any Personal Data we hold about
you in a structured and commonly used machine-readable format or have such Personal Data
transmitted to another company. We may ask you for additional information to confirm your
identity and for security purposes, before disclosing information requested to you. We will
process any request in line with any local laws and our policies and procedures. If you are located
in the EEA or United Kingdom, you have the right to lodge a complaint about how we process
your Personal Data with the supervisory authority in your country.
If you wish to exercise any of your rights, please contact us using the information provided in the
"Do2 Contact Information" section.
12. Privacy Notice for California Users
If you are a California resident, California law requires us to provide you with some additional
information regarding your rights with respect to your “personal information” (as defined in the
California Consumer Privacy Act ("CCPA") and California Privacy Rights Act(“CPRA"))). While
Do2 is not currently subject to the CCPA, Please note that we describe the categories of personal
information we collect, the sources and uses of such information, and the entities to which we
share such information above in the “Information We Collect,” “Our Use of Your Information
and Legal Bases for Processing Information,” and “How We Disclose Your Information” sections
above. If you are a California resident and you have any questions about our practices, please
contact us using the contact information above. Do2 allows users the following rights in
accordance with the CPRA/CCPA:
Right to Request and Receive Personal Information Disclosures
Right to Delete Personal Information
Right to Correct Inaccurate Personal Information
Right to Know what Personal Information is Being Collected and Right to Access Personal
Information
Right to Know what Personal Information is Sold or Shared, and to Whom
Right to Opt-Out of the Sale or Sharing of Personal Information:
Right to Limit Use and Disclosure of Sensitive Personal Information
Right of Non-Retaliation Following Opt-Out of Exercise of Other Rights
Further, please note that applicable California privacy legislation permits individuals who are
California residents to request certain information regarding our disclosure of “personal
information(as defined by California law) to third parties for their direct marketing purposes.
We do not share personal information with third parties for their own marketing purposes.
13. Federal Trade Commission (FTC)
Do2 is subject to the investigatory and enforcement powers of the FTC.
14. Arbitration
Do2 is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF
Principles, provided that an individual has invoked binding arbitration by delivering notice to
Do2 and following the procedures and subject to conditions set forth in Annex I of Principles.
15. Accountability for Onward Transfers Consistent with the DPF Principles.
Do2 may transfer personal information to third parties, including transfers from one country to
another. We will only disclose an individual’s personal information to third parties under one or
more of the following conditions:
The disclosure is to a third party providing services to Do2, or to the individual, in connection
with the operation of our business, and as consistent with the purpose for which the personal
information was
collected. We maintain written contracts with these third parties and require that these third
parties provide at least the same level of privacy protection and security as required by the DPF
Principles. To the extent provided by the DPF Principles, Do2 remains responsible and liable
under the DPF Principles if a third party that it engages to process personal information on its
behalf does so in a manner inconsistent with the DPF Principles, unless Do2 proves that it is not
responsible for the matter giving rise to the damage;
With the individual’s permission to make the disclosure;
Where required to the extent necessary to meet a legal obligation to which Do2 is subject,
including a lawful request by public authorities and national security or law enforcement
obligations and applicable law, rule, order, or regulation;
Where reasonably necessary for compliance or regulatory purposes, or for the establishment
of legal claims.