Privacy & Policy

Privacy Policy

Last updated: December 26, 2025

We are deeply committed to protecting your privacy and treating all information you share with us as strictly confidential. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in full compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), Luxembourg national data protection laws, and other applicable European regulations.

This policy applies to our website, all our services (including ML Feasibility Studies, AI/ML project acceleration, consulting, and related tools), and any interaction where we process personal or business data.

Strict Confidentiality Commitment

All information you share with us — whether personal data, project details, business strategies, data samples, or any other sensitive content — is treated as strictly confidential. We do not disclose it to third parties except as explicitly described in this policy (e.g., with trusted processors under strict agreements) or when required by law. Our team is bound by confidentiality obligations, and we implement robust technical and organizational measures to safeguard your trust at every step.

1. Who We Are (Data Controller)

Company: 2RL Sàrl-S
Address: 16B Robert-Schuman Stross, Frisange L-5751, Luxembourg
Email: privacy@2rl.ai
Registration: [If applicable, add Luxembourg RCS number]

We act as the data controller for personal data processed through our services.

Data Protection Officer (DPO):
You may contact us directly at privacy@2rl.ai for any data protection matters.

Supervisory Authority:
Commission Nationale pour la Protection des Données (CNPD)
15, Boulevard du Jazz, L-4370 Esch-sur-Alzette, Luxembourg
Website: https://cnpd.public.lu

2. What Personal and Business Data We Collect

We only collect data necessary for delivering our services effectively.

Categories include:

  • Identification & contact data — Name, email, phone number, job title, company name.
  • Communication data — Messages, inquiries, meeting notes.
  • Project & business data — Descriptions of your tech projects, objectives, datasets (including samples for ML analysis), financial estimates, timelines, and any confidential business information you provide.
  • Technical & usage data — IP address, browser type, device info, cookies, log files, interaction with our website/services.
  • AI/ML-specific data — Uploaded datasets or samples used for feasibility studies, model training, testing, or experiments (treated with extra care and confidentiality).

We do not intentionally collect special categories of sensitive personal data (e.g., health, racial origin, political opinions) unless you explicitly provide it for a specific project purpose and with additional safeguards.

3. How We Collect Data

  • Directly from you via forms, emails, calls, meetings, or project submissions.
  • Automatically through website technologies (cookies, server logs).
  • From tools during service delivery (e.g., uploaded files for ML analysis).

We always rely on a valid GDPR legal basis:

  • Performance of a contract — To deliver feasibility studies, accelerate projects, and provide agreed services.
  • Consent — For newsletters, marketing, or optional cookies.
  • Legitimate interests — For security, service improvement, analytics (always balanced against your rights).
  • Legal obligation — When required by applicable laws.

5. Purposes of Processing

Your data is used solely to:

  • Deliver and improve our core services (ML feasibility, project acceleration, consulting).
  • Communicate effectively with you (responses, updates, recommendations).
  • Perform analyses and develop tailored AI/ML solutions.
  • Ensure platform and data security.
  • Comply with legal and regulatory requirements.
  • Send marketing communications (only with your consent, which you can withdraw anytime).

Confidential project data is used exclusively for the purpose you authorized and is never repurposed without your explicit agreement.

6. Data Retention & Deletion

We keep data only as long as necessary:

  • Project-related data: Duration of the engagement + 3 years for follow-up/support (or as agreed).
  • Contractual/communication data: Duration of relationship + required legal archiving periods.
  • Marketing data: Until you withdraw consent.
  • Technical logs: Maximum 12 months.

After retention periods end, we securely delete or fully anonymise the data.

7. Data Sharing & International Transfers

We share data only when strictly necessary and always under confidentiality obligations:

  • With trusted processors (e.g., cloud providers, analytics tools) bound by GDPR-compliant Data Processing Agreements.
  • With professional advisors (legal, accounting) under strict confidentiality.
  • With partners only if jointly delivering services and with your prior knowledge/consent.

International transfers outside the EEA: We use EU-approved mechanisms such as Standard Contractual Clauses (SCCs), adequacy decisions, or Binding Corporate Rules.

We never sell your personal or business data.

8. Security & Confidentiality Measures

We employ industry-standard technical and organizational safeguards:

  • Encryption in transit and at rest.
  • Access controls and least-privilege principles.
  • Regular security audits and employee training.
  • Pseudonymisation and anonymisation where possible, especially in AI/ML workflows.
  • Secure deletion procedures.

Your project data and communications are stored in secure, access-restricted environments.

9. Cookies & Tracking

Our website uses essential cookies for functionality and, with your consent, analytics/performance cookies. Full details are in our separate Cookie Policy.

10. Automated Decision-Making

Our AI/ML services involve automated processing for analysis and recommendations. We do not make solely automated decisions that produce legal or similarly significant effects on you without human oversight. You always have the right to request human review.

11. Your GDPR Rights

You have full rights over your data:

  • Access, rectification, erasure, restriction, portability, objection.
  • Withdraw consent at any time.
  • Lodge a complaint with the CNPD or any EU supervisory authority.

Contact us at privacy@2rl.ai to exercise your rights — we respond within one month (extendable for complex requests).

12. Protection of Children

Our services are not intended for individuals under 16. We do not knowingly collect their data without verified parental consent.

13. Changes to This Policy

We may update this policy to reflect service or legal changes. Significant updates will be communicated via email or prominent website notice. Continued use after changes constitutes acceptance.

14. Contact Us

For any privacy questions, concerns, or rights requests:
Email: privacy@2rl.ai
Postal address: 2RL Sàrl-S, 16B Robert-Schuman Stross, Frisange L-5751, Luxembourg

We value your trust and are dedicated to maintaining the highest standards of confidentiality, security, and transparency.