At 2LZ, we take your privacy seriously. This privacy policy explains how we handle your personal data when you visit our website, use our mobile application, or subscribe to our services.
EU Data Centres
All your data remains in Europe (Frankfurt)
No sale to third parties
We never sell your data
No tracking cookies
Only functional cookies
Full GDPR rights
Access, rectification, erasure
End-to-end encryption
TLS 1.3 and AES-256
No minors
Service only for ages 16+
2LZ B.V. is a Dutch software company that provides an online platform (SaaS) and mobile application for workforce planning and business operations. We assist installation companies and technical SMEs with work orders, leave management, VCA compliance, and more.
Company name
2LZ B.V.
Chamber of Commerce number
42022298
VAT number
NL869336605B01
Privacy email
Website
We are the data controller for the processing of personal data of:
We are a data processor when our customers (employers) use the 2LZ platform for their workforce administration. In that case:
Tip: If you have questions about data your employer processes via 2LZ, please contact your employer directly.
| Data | Description |
|---|---|
| Name | First name, middle name, surname |
| Email address | For login and communication |
| Telephone number | Contact details |
| Profile photo | Optional, for identification within the platform |
When your employer uses the 2LZ platform, the following data may be processed:
| Data | Description |
|---|---|
| IP address | For security and access control |
| Device information | Device type, browser, operating system |
| Login data | Time of last login, number of failed attempts |
| Trusted devices | For multi-factor authentication (MFA) |
Our mobile application (available for iOS and Android) may, depending on the features you use and the permissions you grant, process additional data:
Used for trip registration and damage reports. Only processed when you explicitly grant location permission. You may withdraw this permission at any time via your device settings.
Permission: "While Using" or "Always" (your choice)
Used for taking photographs for damage reports, work orders, and document uploads. We do not have access to your other photographs.
Permission: Camera and Photo Library (limited)
Face ID or Touch ID for secure login. Biometric data is processed locally on your device by Apple/Google and is never transmitted to our servers.
Permission: Face ID / Touch ID (optional)
For notifications regarding leave requests, work orders, and important updates. You may disable notifications at any time via your device settings.
Permission: Notifications (optional)
Important notice regarding app permissions
You have full control over the permissions you grant to our application. You may withdraw permissions at any time via your device settings. Some features may not function without the corresponding permission.
| Purpose | Legal basis (GDPR) |
|---|---|
| Service delivery | Performance of contract (Art. 6(1)(b)) |
| - Executing workforce planning | Performance of contract |
| - Time registration and leave administration | Performance of contract |
| - Service-related communication | Performance of contract |
| Security | Legitimate interest (Art. 6(1)(f)) |
| - Preventing unauthorised access | Legitimate interest |
| - Detecting misuse | Legitimate interest |
| Legal obligations | Legal obligation (Art. 6(1)(c)) |
| - Fiscal retention requirements | Legal obligation |
No automated decision-making
We do not make decisions based solely on automated processing that produce legal effects concerning you or similarly significantly affect you.
We do not retain personal data longer than necessary. The retention periods are as follows:
| Data type | Retention period | Reason |
|---|---|---|
| Account data | Up to 2 years after termination | Performance of contract |
| Employee data | 7 years after end of employment | Fiscal/employment law retention obligation |
| Time registration | 7 years | Fiscal retention obligation |
| Leave and absence records | 7 years | Employment law retention obligation |
| Security logs | 1 year | Security and incident investigation |
| Audit logs | 7 years | Compliance and security |
| Notifications and alerts | 90 days | Operational necessity |
Upon expiry of the retention period, data is automatically deleted or anonymised, unless there is a legal obligation to retain it longer or the data is required for ongoing legal proceedings.
All your data is stored within the European Economic Area (EEA), specifically in AWS data centres in Frankfurt, Germany.
Under the GDPR, you have the following rights:
You may request information about the personal data we process about you.
You may request the correction of inaccurate data or the completion of incomplete data.
You may request the deletion of your data. This right is limited when we are legally obliged to retain the data.
You may request the restriction of the processing of your data.
You may request to receive your data in a structured, commonly used, and machine-readable format.
You may object to processing based on legitimate interest.
Submit your request to: privacy@2lz.ai
Please include in your request:
We shall respond to your request within 1 month. For complex requests, this period may be extended by 2 months.
Please note: When your employer uses the 2LZ platform, your employer is the data controller. In that case, please contact your employer directly.
Our service is intended for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
If you believe we have inadvertently collected data from an individual under the age of 16, please contact us immediately at privacy@2lz.ai so that we may delete this data.
We may amend this privacy policy. The most recent version is always available on this page. In the event of material changes, we shall inform you via the platform, by email, or via a notification in our application.
Last amended: January 2026 (version 2.0)
If you are dissatisfied with how we handle your data, please contact us first at privacy@2lz.ai. We shall endeavour to reach a resolution together.
If this is not successful, you may lodge a complaint with the Dutch Data Protection Authority:
Dutch Data Protection Authority (Autoriteit Persoonsgegevens)
PO Box 93374
2509 AJ The Hague
The Netherlands
Website: www.autoriteitpersoonsgegevens.nl