Take 2 EU
Buy Now
login

Privacy Policy

Take2eu

PRIVACY POLICY

Your privacy is important to us. This Privacy Policy explains how Take2EU collects, uses, and safeguards your personal information when you use our platform. We are committed to transparency, security, and compliance with applicable data protection laws, including the GDPR.

TAKE2EU – Digital Career Visibility Platform

Effective Date: 1 March 2026

Last Updated: 1 March 2026

  1. INTRODUCTION AND CONTROLLER INFORMATION

1.1 About This Policy

This Privacy Policy explains how Take2EU (“Company”) collects, uses, processes, and protects personal data of Users and visitors to our website and platform. This Policy applies to:

  • Users who register for the Service.
  • Visitors to www.take2eu.com.
  • Individuals who contact us via email or other support channels.

1.2 Data Controller

The entity responsible for the processing of your personal data is:

Take2EU

DDC Spółka z o.o.

Wspólna 7B

45-837 Opole Poland

Registration / VAT Number: 8992793337

Email: support@take2eu.com

1.3 Data Protection Contact / Data Protection Officer (DPO)

If Take2EU has appointed a Data Protection Officer pursuant to Article 37 GDPR, you may contact the DPO or data protection contact at:

Email: dpo@take2eu.com

  1. LEGAL BASIS FOR PROCESSING

2.1 General Principles

Take2EU processes personal data lawfully only where there is a valid legal basis under Article 6 of the GDPR and applicable data protection laws. The main legal bases for processing your data are:

  • Performance of a contract (Article 6(1)(b) GDPR).
  • Compliance with legal obligations (Article 6(1)(c) GDPR).
  • Legitimate interests (Article 6(1)(f) GDPR).
  • Your consent, where required (Article 6(1)(a) GDPR).

Table of typical processing operations and legal bases:

  • Name, email, phone – Account creation and service delivery – Contract (Article 6(1)(b) GDPR).
  • CV, qualifications, experience – Service provision (visibility to Employers) – Contract (Article 6(1)(b) GDPR), and where relevant your explicit actions/choices on the Platform.
  • Payment information – Invoice generation and payment processing – Contract + legal obligation (tax and accounting law).
  • Log and usage data – Platform security, fraud prevention, and improvement – Legitimate interest (Article 6(1)(f) GDPR).
  • Cookies and identifiers – Website analytics and user experience – Your consent where required (Article 6(1)(a) and Article 7 GDPR).
  • Data in international transfers – Cross-border processing for service delivery – Contract (Article 6(1)(b) or 6(1)(f) GDPR) + Standard Contractual Clauses and supplementary safeguards (see Sections 3 and 13).

2.2 Consent

Where processing requires consent (for example for certain cookies, analytics, or marketing communications), we will explicitly ask for your consent through a clear, separate checkbox or button on the Platform. You may withdraw consent at any time by:

  • Adjusting your preferences in your Account or cookie banner, or
  • Contacting us at dpo@take2eu.com.

Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  1. DATA COLLECTION AND PROCESSING LOCATIONS

3.1 What Data We Collect

Take2EU collects the following categories of personal

  1. a) Information You Provide Directly
  • Identity and Contact Data: full name, email address, phone number (optional), postal address, country of residence.
  • Professional Data: CV/resumé, work experience, educational qualifications, certifications, languages spoken, professional skills, employment history, references.
  • Account Data: username, password (stored in encrypted form), account preferences, notification settings.
  • Payment Data: payment details necessary for processing via Tpay (operated by Krajowy Integrator Płatności S.A.). We do not store full card numbers or sensitive authentication data. Payment data is processed directly by Tpay in accordance with its own privacy policy and regulatory obligations.
  • Communication Data: messages to support, complaint submissions, feedback, survey responses.
  • Preference Data: job preferences, industry interests, target countries, desired locations, salary expectations.
  1. b) Information Collected Automatically
  • Technical Data: IP address, browser type, operating system, referring URL, device identifiers, pages visited, time spent, click behaviour.
  • Cookie Data: device identifiers, session tokens, preferences (see Section 8 for Cookie Policy).
  • Log Data: login times, upload timestamps, account activity, interaction records.

3.2 Data Processing Locations – International Processing

Take2EU informs Users that personal data may be processed and stored in the following jurisdictions outside the European Economic Area (EEA):

  • India – data hosting, CRM systems, email infrastructure, customer support ticketing, profile database management, document storage.
  • Bangladesh – customer support, ticket resolution, document review, profile optimisation.
  • Philippines – customer support, live chat support, profile assistance.

Users from the European Union, EEA, and UK should note that data protection laws in India, Bangladesh, and the Philippines are not equivalent to the GDPR.

3.3 Risk Disclosure – International Data Transfer

By accepting this Privacy Policy and using the Service, you acknowledge that:

  • Local data protection laws in India, Bangladesh, and the Philippines may provide a lower level of statutory protection than GDPR.
  • Public authorities (such as law enforcement or security agencies) in those jurisdictions may have broader powers to request access to personal data under local laws.
  • Judicial and administrative remedies available locally may differ from those in the EU/EEA.

Take2EU has implemented legal and technical safeguards (described below) to ensure that, as far as reasonably possible, your data benefits from a level of protection that is substantially equivalent to GDPR standards.

3.4 Contractual Safeguards – Standard Contractual Clauses (SCC)

To mitigate risks associated with international data transfers, Take2EU has implemented the following safeguards:

  1. a) Standard Contractual Clauses

Take2EU relies on Standard Contractual Clauses (SCC) approved by the European Commission for controller-to-processor transfers with subprocessors located in India, Bangladesh, and the Philippines, where applicable. These Clauses require subprocessors to:

  • Process data only for specified purposes and instructions.
  • Implement appropriate technical and organisational security measures.
  • Assist Take2EU in fulfilling GDPR obligations (e.g. data subject requests).
  • Not engage further subprocessors without prior written authorisation.
  • Delete or return personal data upon request or termination.
  • Provide evidence of compliance upon request or audit.

A summary of the SCC and main provisions is available upon request by contacting dpo@take2eu.com.

  1. b) Data Processing Agreements (DPA)

All subprocessors have signed Data Processing Agreements that define:

  • Scope, duration, and purpose of processing.
  • Commitments to implement appropriate safeguards.
  • Rights for Take2EU to audit and monitor compliance.
  • Restrictions on further sub-processing.
  • Obligations to notify Take2EU of incidents or breaches.
  1. c) Technical and Organisational Measures

Subprocessors are required to implement, among others:

  • Encryption of data in transit (TLS/SSL) and, where appropriate, at rest.
  • Role-based access control and multi-factor authentication for staff.
  • Logging and monitoring of access to personal data.
  • Regular security audits and testing.
  • Incident response procedures and timely breach notification.
  • Data retention limits and secure deletion procedures.

3.5 Supplementary Measures

Beyond SCC and DPAs, Take2EU also implements:

  • Data Transfer Impact Assessments (DTIA) for key third-country transfers.
  • Data minimisation to limit which data is accessible in third countries.
  • Pseudonymisation or aggregation of data for certain analytics and support uses where possible.
  • Regular staff training on data protection and security.

3.6 User Rights Regarding International Transfer

You have the right to:

  • Request information about which subprocessors process your data and in which countries.
  • Request clarification of the legal basis and safeguards used for specific transfers.
  • Request deletion of your data, including data stored in third countries, where legally and technically feasible.

Please note that in some cases, restricting or preventing international transfers may make it impossible for us to provide some or all parts of the Service. We will inform you if this is the case.

Requests may be submitted to dpo@take2eu.com.

  1. HOW WE USE YOUR DATA

4.1 Service Delivery

We process your personal data to:

  • Create and maintain your Account.
  • Display your profile in the searchable database.
  • Share your profile information with registered Employers.
  • Send notifications to Employers about your profile.
  • Provide document optimisation and CV review support.
  • Track profile views and Employer interactions.
  • Provide customer support and resolve issues.

4.2 Business Operations

We use your data to:

  • Process payments via Tpay (Krajowy Integrator Płatności S.A.), acting as an independent payment service provider and data controller for payment transaction data.
  • Manage subscriptions and package renewals.
  • Comply with legal obligations, including tax and accounting rules.
  • Investigate and prevent fraud, abuse, or unauthorised access.
  • Enforce the Terms and other applicable policies.
  • Monitor and improve Platform security and performance.

4.3 Marketing and Communications

We may use your data to:

  • Send service-related updates and administrative messages (transactional communications).
  • Send promotions, newsletters, or marketing communications, but only where you have opted in or where permitted by law.
  • Send reminders about expiring packages or upcoming renewals.
  • Request feedback, surveys, or reviews.

You may opt out of marketing communications at any time by:

  • Clicking “Unsubscribe” in any marketing email, or
  • Adjusting notification settings in your Account, or
  • Contacting support@take2eu.com with an opt-out request.

Transaction and service-related emails (e.g. invoices, important service notices) may still be sent even if you opt out of marketing.

4.4 Analytics and Improvement

We use anonymised or aggregated data, where possible, to:

  • Understand how Users navigate and use the Platform.
  • Improve features and user experience.
  • Develop new services and functionalities.
  • Generate statistics about Platform performance and usage.

4.5 Legal Compliance

We may process data where required by law, regulation, or order of a public authority, including:

  • Government or tax authority requests.
  • Court orders or legal proceedings.
  • Law enforcement investigations.
  • Compliance with accounting and tax obligations.
  1. WHO WE SHARE YOUR DATA WITH

5.1 Employers

Your profile (including name, professional experience, skills, and, where applicable, contact information) is shared with registered Employers so they can assess your suitability and contact you if interested. This sharing is a core part of the Service.

5.2 Subprocessors and Service Providers

We share data with the following categories of subprocessors and service providers:

  • Data hosting and infrastructure providers (including providers located in India).
  • CRM and customer support tool providers.
  • Email service providers.
  • Payment processor – Tpay (Krajowy Integrator Płatności S.A.), acting as an independent controller for payment data and as a regulated payment service provider.
  • Analytics providers (e.g. web analytics tools).
  • Customer support vendors and back-office support teams (including in India, Bangladesh, and the Philippines).
  • Legal, accounting, and compliance advisors (to the extent necessary).

All subprocessors are bound by contractual obligations, including DPAs and, where applicable, SCC.

5.3 Legal Requirements and Law Enforcement

We may disclose your data when:

  • Required by applicable law, regulation, or a valid legal process.
  • Necessary to protect the safety, rights, or property of Take2EU, Users, or the public.
  • Needed to prevent or investigate suspected fraud, security incidents, or abuse.

Where legally permitted, we will attempt to notify you before disclosing your data.

5.4 Business Transfers

If Take2EU is involved in a merger, acquisition, asset sale, or corporate restructuring, your data may be transferred as part of that transaction. In such case, we will ensure that the receiving entity is bound by obligations equivalent to this Privacy Policy, and we will inform you of any material changes.

5.5 What We Do Not Do

We do not:

  • Sell your personal data to third parties for their independent marketing purposes.
  • Share your payment card details with Employers.
  • Rent or lease your contact data.
  • Share sensitive identity documents (e.g. passport scans) with Employers without your clear request or consent.
  1. DATA RETENTION

6.1 Retention Periods

We retain your personal data only for as long as necessary for the purposes described in this Policy or as required by law. Typical retention periods:

  • Account and profile data – for the lifetime of your Account and up to 30 days after account deletion, or longer where required for the establishment, exercise, or defence of legal claims.
  • Payment records and invoices – 7 years (tax and accounting obligations).
  • Support communications – 3 years after resolution (complaint handling and legal defence).
  • Log and technical data – up to 90 days (security and performance monitoring).
  • Cookie data – up to 24 months or earlier if you delete cookies in your browser.
  • Marketing preferences and consent records – duration of your opt-in plus up to 1 year (proof of consent).
  • Backup copies – typically 30–90 days (disaster recovery).

6.2 Deletion on Termination

When you close your Account, we will:

  • Deactivate your profile within 7 days.
  • Delete or anonymise your profile data within 30 days, subject to legal retention obligations.
  • Retain payment and invoice data for the statutory period (usually 7 years).
  • Retain minimal data required for legal, security, or fraud-prevention purposes.

6.3 Permanent Deletion Rights

You may request deletion of your data at any time (see Section 7). We will delete or anonymise your data unless we are legally required or permitted to retain it (for example, for tax or legal claims).

  1. YOUR RIGHTS UNDER DATA PROTECTION LAW

7.1 GDPR Rights (EU/EEA and UK Users)

If you are located in the European Union, EEA, or UK, you have, in particular, the following rights under the GDPR:

  • Right of Access (Art. 15) – obtain confirmation whether we process your data and receive a copy.
  • Right to Rectification (Art. 16) – request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17) – request deletion of your data in certain circumstances.
  • Right to Restriction of Processing (Art. 18) – request that we limit processing in specific situations.
  • Right to Data Portability (Art. 20) – receive your data in a structured, commonly used, machine-readable format, and transmit it to another controller where technically feasible.
  • Right to Object (Art. 21) – object to processing based on legitimate interests or to direct marketing at any time.
  • Right not to be subject to automated decision-making (Art. 22) – we do not use automated decisions that produce legal or similarly significant effects on you.

7.2 Exercising Your Rights

To exercise any of these rights, please contact:

Data Protection Contact

Email: dpo@take2eu.com

Address: DDC Spółka z o.o., Wspólna 7B, 45-837 Opole, Poland

Subject line: “Data Subject Rights Request”

Please include:

  • Your full name and the email address used for your Account.
  • A clear description of your request.
  • Any additional information we may reasonably need to verify your identity (if necessary).

We will respond within 30 days of receipt, or within 45 days for complex requests, in accordance with applicable law. If we cannot fulfil your request, we will explain the reasons.

7.3 Right to Lodge a Complaint

If you believe that we have violated your data protection rights, you have the right to lodge a complaint with your local Data Protection Authority (DPA), in particular in the EU country of your habitual residence, place of work, or place of the alleged infringement.

  1. COOKIES AND TRACKING TECHNOLOGIES

8.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They can be:

  • Session cookies (deleted when you close your browser).
  • Persistent cookies (remain until expiry or manual deletion).
  • First-party cookies (set by Take2EU).
  • Third-party cookies (set by external providers).

8.2 Types of Cookies We Use

We typically use the following categories of cookies:

  • Essential / Functional – login, session management, security; provider: Take2EU; consent: not required (strictly necessary).
  • Preference – saving language and basic settings; provider: Take2EU; consent: not always required, depending on local law.
  • Analytics – understanding usage and performance; provider(s): e.g. Google Analytics or similar tools; consent: required where mandated by law.
  • Advertising / remarketing – only if and when implemented; if used, details will be provided in the cookie banner and/or updated Policy.

8.3 Consent and Cookie Management

On your first visit, we will display a cookie banner that allows you to:

  • Accept all cookies.
  • Reject non-essential cookies.
  • Customise your preferences by category.

You can also manage cookies via your browser settings (e.g. deleting or blocking cookies), although this may affect some functionalities of the Platform.

8.4 Third-Party Analytics Tools

We may use third-party analytics tools (such as Google Analytics) to analyse website traffic and usage patterns. If we do:

  • The provider may be located outside the EEA.
  • Data such as IP address, device information, and visited pages may be processed.
  • Transfers will rely on SCC or other GDPR-compliant mechanisms.

Details about currently used analytics tools and opt-out options are provided in the cookie banner and/or on the Platform.

8.5 Advertising and Retargeting

If we implement advertising or retargeting cookies in the future, we will:

  • Inform you in the cookie banner and this Policy.
  • Obtain your consent where required.
  • Provide clear information on how to opt out.
  1. SECURITY AND DATA PROTECTION MEASURES

9.1 Technical Safeguards

We implement, among others:

  • TLS/SSL encryption for all data in transit to and from the Platform.
  • Encryption for sensitive data at rest where appropriate.
  • Firewalls and intrusion detection/prevention systems.
  • Role-based access control and, where appropriate, multi-factor authentication.
  • Regular security reviews and technical testing.
  • Automated backups and disaster recovery mechanisms.

9.2 Organisational Safeguards

We also implement:

  • Confidentiality undertakings for staff and contractors with data access.
  • Access limited to personnel who need it to perform their duties.
  • Regular training on data protection and security.
  • Documented procedures for managing incidents and data breaches.

9.3 Limitations

No system is 100% secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security against all possible attacks or unauthorised access.

  1. DATA BREACH NOTIFICATION

10.1 Notification to Authorities

If a personal data breach occurs and is likely to result in a risk to your rights and freedoms, we will notify the competent Data Protection Authority without undue delay and, where feasible, within 72 hours in accordance with applicable law.

10.2 Notification to Users

If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay, describing in clear language:

  • The nature of the breach.
  • The likely consequences.
  • Measures taken or proposed to address the breach.
  • How you can mitigate potential adverse effects.

10.3 Your Role

You are responsible for:

  • Keeping your password confidential.
  • Not sharing your login details with others.
  • Informing us immediately if you suspect unauthorised access to your Account or other security issues.
  1. CHILDREN AND MINORS

Take2EU is not intended for persons under 18 years of age. We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor, we will delete it promptly.

Parents or guardians who believe their child has provided data to us should contact dpo@take2eu.com.

  1. THIRD-PARTY LINKS AND SERVICES

Our Platform may contain links to third-party websites or services. We are not responsible for:

  • The content of such websites.
  • Their privacy practices.
  • Data collected by them.

We encourage you to read the privacy policies of each website or service you visit.

  1. INTERNATIONAL DATA TRANSFERS AND SUPPLEMENTARY PROTECTIONS

13.1 Summary of Transfer Mechanisms

To legally transfer data outside the EEA/UK, we rely on:

  • Standard Contractual Clauses (SCC) with subprocessors.
  • Supplementary measures such as encryption and access controls.
  • In limited cases, derogations for specific situations (e.g. where necessary to perform a contract at your request).

13.2 Data Transfer Impact Assessments

For transfers to India, Bangladesh, and the Philippines, we conduct Data Transfer Impact Assessments (DTIA) to evaluate local laws and risks. Where risks remain, we apply additional safeguards, adjust data flows, or reconsider such transfers.

13.3 Right to Challenge Transfer

You may:

  • Request details of the legal basis and safeguards for specific transfers.
  • Object to certain transfers, where legally possible.
  • Request deletion of data stored in specific jurisdictions, subject to legal obligations.
  1. POLICY UPDATES AND CONTACT INFORMATION

14.1 Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the “Last Updated” date at the top.
  • For material changes, we will notify you via email and/or a notice on the Platform.
  • Where required by law, we will seek your consent to significant changes.

Continued use of the Service after changes take effect constitutes your acceptance of the updated Policy.

14.2 Contact Us

For questions or requests regarding this Privacy Policy or your personal data, please contact:

Take2EU Privacy Team

Email: support@take2eu.com

Address: DDC Spółka z o.o., Wspólna 7B, 45-837 Opole, Poland

Data Protection Contact / Data Protection Officer (if applicable):

Email: dpo@take2eu.com

14.3 Complaints

You always have the right to lodge a complaint with your local Data Protection Authority if you believe we have processed your data unlawfully or violated your rights.