Privacy Policy
1. Who We Are & Data Controller Identity
TwentyTo2 ("we", "us", or "our") is the data controller responsible for processing your personal data in connection with the services available at twentyto2.com (the "Service").
Registered address:
Plot B93, Smart Village, 6 October City, Cairo Governorate 12577, Egypt
For general privacy inquiries:
Email: [email protected]
Postal: Privacy Team, TwentyTo2, Plot B93, Smart Village, 6 October City, Cairo Governorate 12577, Egypt
1.1 Egyptian Personal Data Protection Law
TwentyTo2 is established in Egypt and is subject to the Egyptian Personal Data Protection Law (Law No. 151 of 2020) and its Executive Regulations. We are also subject to GDPR obligations when processing personal data of individuals in the European Economic Area. Where both laws apply, we observe the higher standard of protection.
2. Scope of This Policy
This Privacy Policy applies to all personal data collected through:
- Our website at twentyto2.com and any subdomains;
- Our products, services, and briefing deliverables;
- Communications between you and us (email, phone, WhatsApp);
- Marketing activities including newsletters and event registrations.
It does not apply to third-party websites linked from our Service.
3. Personal Data We Collect
3.1 Data You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Identity data | First name, last name, job title | Contact / briefing request forms |
| Contact data | Email address, telephone number, company name | Contact forms, direct communications |
| Communications data | Enquiry content, briefing scope requests, support emails | Contact form submissions, email |
| Marketing preferences | Opt-in/opt-out status for our insights newsletter | Email sign-up |
3.2 Data Collected Automatically
| Category | Examples | Source |
|---|---|---|
| Technical data | IP address, browser type, OS, device type | Server logs, analytics tools |
| Usage data | Pages visited, session duration, referral source | Analytics cookies & scripts |
| Cookie & tracking data | Cookie IDs, referral sources | Cookies — see our Cookie Policy |
4. Legal Bases & Purposes for Processing
Under Article 6 GDPR and the Egyptian Personal Data Protection Law, we rely on the following legal bases:
| Purpose | Legal Basis (Art. 6 GDPR) | Data Categories |
|---|---|---|
| Respond to briefing requests and enquiries | Contract performance / Legitimate interests (6(1)(b)/(f)) | Identity, contact, communications |
| Send insights newsletter (if opted in) | Consent (6(1)(a)) | Identity, contact, marketing preferences |
| Improve our website via analytics | Legitimate interests (6(1)(f)) | Technical, usage |
| Fraud prevention and security | Legitimate interests (6(1)(f)) | Identity, technical |
| Comply with legal obligations | Legal obligation (6(1)(c)) | As required by Egyptian law / EU law |
5. Data Sharing & Third-Party Processors
We do not sell your personal data. We share data only as described below, under appropriate contractual safeguards (Data Processing Agreements per Article 28 GDPR).
| Recipient Category | Purpose | Transfer Safeguard |
|---|---|---|
| Cloud hosting & infrastructure | Service delivery, data storage | SCCs / Adequacy decision |
| Email service provider | Transactional & marketing emails | SCCs / DPA |
| Analytics providers | Usage analytics | SCCs / Consent |
| Professional advisors | Legal, audit services | Confidentiality obligations |
| Law enforcement / regulators (Egyptian & EU) | Legal obligation or court order | Statutory obligation |
6. International Data Transfers
We are established in Egypt. Some of our processors are located or process data outside Egypt and outside the European Economic Area (EEA). Wherever personal data is transferred outside the EEA or outside Egypt, we ensure an adequate level of protection using Standard Contractual Clauses (SCCs) or other approved safeguards recognised under applicable law.
7. Data Retention
| Data Category | Retention Period | Basis |
|---|---|---|
| Briefing enquiry / contact data | 3 years from last interaction | Legitimate interests |
| Marketing consent records | Until consent withdrawn, plus 3 years | Consent + legal obligation |
| Analytics / log data | 26 months | Legitimate interests |
| Security / audit logs | 12 months | Legitimate interests |
8. Your Data Subject Rights
Under the GDPR (Articles 15–21) and the Egyptian Personal Data Protection Law (Law No. 151 of 2020), you have the following rights regarding your personal data:
- Right of Access (Art. 15 GDPR / Art. 19 Egyptian PDL) — Request a copy of personal data we hold about you.
- Right to Rectification (Art. 16 GDPR) — Request correction of inaccurate data.
- Right to Erasure (Art. 17 GDPR / Art. 20 Egyptian PDL) — Request deletion where no compelling reason for continued processing.
- Right to Restriction (Art. 18 GDPR) — Request restriction of processing in certain circumstances.
- Right to Data Portability (Art. 20 GDPR) — Receive personal data in a structured, machine-readable format.
- Right to Object (Art. 21 GDPR) — Object to processing based on legitimate interests.
- Right to Withdraw Consent — Withdraw any consent given at any time without affecting prior lawfulness.
8.1 How to Exercise Your Rights
Submit a request by:
- Email: [email protected] with subject line "Data Subject Request";
- Post: TwentyTo2, Attn: Privacy Team, Plot B93, Smart Village, 6 October City, Cairo Governorate 12577, Egypt.
We will respond within 30 days. We may need to verify your identity before processing your request.
8.2 Right to Lodge a Complaint
If you believe we have not handled your personal data in accordance with applicable law, you have the right to lodge a complaint with:
- Egyptian Personal Data Protection Centre (PDPC) — the competent authority under Egyptian PDL No. 151/2020;
- Your EU/EEA Member State's data protection supervisory authority if you are located in the EU/EEA.
9. Data Security
We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, accidental loss, destruction, or alteration, including encryption of data in transit (TLS) and role-based access controls. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours.
10. Cookies & Tracking Technologies
We use cookies and similar tracking technologies on our website. For detailed information, please see our Cookie Policy.
11. Children's Privacy
Our Service is directed at business professionals and is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected].
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will post a notice on our website and update the "Last updated" date at the top of this page.
13. Contact Us
- Data Controller: TwentyTo2
- Email: [email protected]
- Address: Plot B93, Smart Village, 6 October City, Cairo Governorate 12577, Egypt
- Website: twentyto2.com