Position Statement

Company Information

Who are we?

What services do we provide?

Company information


Data Protection Officer (DPO) contact





Data Processing Related Information

Data centre location

Main data storage service providers

Pertinent registrations

Sub-Processer information

Is our data processed/accessed from outside of the EU?





Policies & Procedures

Two Jay, its employees and contractors operate within a number of policies. These are regularly updated and supported with relevant training.



Data Controls

Data security



Data subject controls



Data anonymisation/pseudonymisation

Data Access Permissions 



Two Jay Ltd

Digital development agency

UK registered business - 07536157

Suite A, The Quadrant, Parkway Business Centre, 99 Parkway Avenue, Sheffield S04WG

Name: Michelle Ellis

Address: 99 Parkway Avenue, Sheffield S04WG

Tel: 01143830807

Email: DPO@twojay.co



EU and USA

Google Cloud Platform, UKFast and various SaaS platforms

Information Commissioner's Office - A83000249

We use Google Cloud Platform and UKFast to support our business processes.

Data centres for these services are held in global locations. All of our sub-processors are fully compliant with GDPR and where necessary, hold Privacy Shield certification.

Our development team in India have the same access to workflows from the Nagpur office as our UK team. The Two Jay India team is carefully managed through our internal policies and compliance protocol and complies with GDPR and appropriate data protection legislation.



IT security and usage

Data Management

Data Breach policy



Data is secured, and the integrity and confidentiality are maintained using technical and organisational means including:

Through our selected SaaS partners there is regular penetration testing and a full range of security protocol.

Best practice processes outlined in our internal policies

We request written permission in advance:

- To access client’s data and servers

 - To maintain a development instance locally with appropriate controls

A process to anonymise personal data during development is actively underway

Carefully managed through an independent encrypted secure platform server with access based on role and responsibility