Cookie Policy
1. What Are Cookies?
Cookies are small text files that a website places on your device (computer, tablet, or smartphone) when you visit. They are widely used to make websites work efficiently and to provide information to the website owner. Cookies set by us are called "first-party cookies"; cookies set by parties other than us are called "third-party cookies."
In addition to cookies, we may use similar tracking technologies including:
- Web beacons / pixels: tiny transparent images embedded in pages or emails that record page views or email opens;
- Local storage: browser storage mechanisms that persist data on your device (we use this to store your cookie consent preference);
- Server logs: our web servers record standard technical information (IP address, browser type, page visited, time) as part of normal operations.
We do not use device fingerprinting as a tracking mechanism.
2. Types of Cookies by Duration
- Session cookies — Temporary cookies that expire when you close your browser. Used to maintain your session state during a visit.
- Persistent cookies — Remain on your device for a set period (specified below) or until you delete them. Used for remembering your preferences and enabling analytics.
3. Cookie Categories & Purposes
We organise our cookies into four categories based on their purpose and whether your consent is required under the GDPR and the ePrivacy Directive:
3.1 Strictly Necessary — No Consent Required
These cookies are essential for the website to function and cannot be disabled. They are usually set in response to actions you take, such as filling out a form or setting privacy preferences.
| Cookie / Storage Key | Provider | Purpose | Duration |
|---|---|---|---|
ttt_consent |
twentyto2.com (1st party — localStorage) | Records your cookie consent preferences (accept-all or essential-only) | 12 months |
__cf_bm |
Cloudflare (3rd party) | Bot management and DDoS protection | 30 minutes |
3.2 Functional — Consent Required
These cookies enable enhanced functionality and personalisation. If you do not allow these cookies, some features may not function properly. At present, TwentyTo2 does not deploy functional cookies beyond the strictly necessary set. This section will be updated if that changes.
3.3 Analytics & Performance — Consent Required
These cookies allow us to count visits, measure traffic sources, and understand how visitors interact with our website. This helps us improve our website's performance and user experience. All information these cookies collect is aggregated and therefore anonymous.
| Cookie Name | Provider | Purpose | Duration | Privacy Policy |
|---|---|---|---|---|
_ga |
Google Analytics (3rd party) | Registers a unique ID to generate statistics about website usage | 2 years | Google Privacy Policy |
_ga_XXXXXXXXXX |
Google Analytics (3rd party) | Persists session state for Google Analytics 4 | 2 years | Google Privacy Policy |
_gid |
Google Analytics (3rd party) | Registers a unique ID for 24-hour session usage statistics | 24 hours | Google Privacy Policy |
We only load analytics cookies after you provide consent via the cookie banner. If you select "Essential only," analytics cookies are not set.
3.4 Marketing & Advertising — Consent Required
TwentyTo2 does not currently run paid advertising campaigns and does not deploy marketing or advertising cookies. This section will be updated if that changes.
4. How We Obtain & Record Your Consent
Under the GDPR and the ePrivacy Directive (as implemented in EU member states), we are required to obtain your freely given, specific, informed, and unambiguous consent before placing non-essential cookies on your device. Specifically:
- Consent banner: Displayed on your first visit; we do not set non-essential cookies until you provide consent;
- Granular choice: You can accept all cookies or choose essential-only (no analytics);
- No pre-ticked boxes: Non-essential categories are opt-in only — they are never pre-selected;
- Consent record: We store your consent choice in browser localStorage under the key
ttt_consentfor 12 months; - Easy withdrawal: You can withdraw or change your consent at any time — see Section 5.
4.1 Legal Basis for Cookie Processing Under GDPR
| Cookie Category | Legal Basis (GDPR Art. 6) | Notes |
|---|---|---|
| Strictly Necessary | Legitimate interests (Art. 6(1)(f)) / Contract (Art. 6(1)(b)) | Essential for service operation; consent not required under ePrivacy |
| Analytics & Performance | Consent (Art. 6(1)(a)) | Requires opt-in; data anonymised where possible |
5. How to Manage & Withdraw Your Cookie Consent
5.1 Using Our Consent Banner
You can change your cookie preferences at any time by clearing your browser's localStorage (which will prompt the banner to re-appear on your next visit) or by contacting us at [email protected]. Changes take effect immediately for future browsing sessions. Note that withdrawing consent will not undo processing that occurred while consent was active.
5.2 Browser Controls
Most browsers allow you to control cookies through their settings. Note that disabling cookies may affect the functionality of this and many other websites you visit. Below are links to cookie management instructions for major browsers:
5.3 Google Analytics Opt-Out
To opt out of Google Analytics tracking specifically, you can install the Google Analytics Opt-Out Browser Add-On.
5.4 Do Not Track (DNT)
Some browsers have a "Do Not Track" feature that signals to websites that you do not want to have your online activity tracked. Currently, there is no accepted industry standard for responding to DNT signals. We acknowledge DNT signals and await a uniform standard.
6. Third-Party Cookies & Data Processors
Some cookies on our website are set by third parties. We have no direct control over these cookies. By accepting the relevant categories in our consent banner, you consent to those third parties setting cookies on your device.
| Provider | Category | Data Processed | Transfer Safeguard | Opt-Out |
|---|---|---|---|---|
| Google Analytics | Analytics | Page views, session data, device type, approximate location | EU-U.S. DPF / SCCs | GA Opt-Out |
| Cloudflare | Strictly Necessary | Bot detection signals, security challenge data | SCCs / Adequacy | Cannot opt out (essential security) |
As a company established in Egypt serving users across the MENA region and the EU, we ensure that transfers of personal data outside Egypt and outside the EEA use Standard Contractual Clauses (SCCs) or other approved safeguards.
7. Cookie Retention & Data Transfers
Cookies set by us are retained for the durations specified in the tables above. Our consent preference record (ttt_consent in localStorage) persists for 12 months. After this period, we will ask for your consent again on your next visit.
8. Cookies & Children
Our website is not directed at children under the age of 16. We do not knowingly use cookies to track children under 16. If you believe a child under 16 has interacted with our website, please contact us at [email protected].
9. Changes to This Cookie Policy
We may update this Cookie Policy when we add new cookies, change our use of existing cookies, or in response to regulatory guidance. When we make material changes, we will update the "Last updated" date at the top of this page. Continued use of our website after changes indicates acceptance of the updated policy.
10. Contact Us
For questions about our use of cookies or to exercise your rights under GDPR or the Egyptian Personal Data Protection Law (Law No. 151 of 2020):
- Company: TwentyTo2
- Email: [email protected]
- Address: Plot B93, Smart Village, 6 October City, Cairo Governorate 12577, Egypt
- Website: twentyto2.com
You also have the right to lodge a complaint with your local data protection supervisory authority — the Egyptian Personal Data Protection Centre (PDPC) or, if you are in the EU/EEA, your EU Member State's data protection authority (DPA).