Servi Smart Solutions Ltd. d/b/a Duve and its affiliates and subsidiaries (collectively, “Duve”, “us” or “we”) provides hospitality vendors (hotels, vacation rentals, hostels, real estate owners, etc.) (“Customer(s)”) with a Software-as-a-Service cloud-based managing solution allowing Customers to manage their hospitality related services, personalizing their guests’ experience, including online check-in and checkout, upsell, increase profitability, improve performance, and offer personalized guest experience (“Services”).  

This privacy policy (“Privacy Policy”) describes how Duve collects, uses, and processes Personal Data, specifically the types of Personal Data collected, the purposes for which we will use it, how long we will retain it, with whom we share it, and your rights regarding your Personal Data.

This Privacy Policy applies to:

• Any individuals, including representatives of prospects and potential business partners, who access and use our website or other digital assets under our domain, including requesting a demo, or other similar forums as available through our website (respectively “website” and “Prospects”);
• Customers that access and use the Services (through the Customer account, dashboard or app), However, specifically excludes any data processed by Duve in its role as a data processor, processing Personal Data on behalf of the Customer, which is subject to our commercial agreements and a data processing agreement with the Customer;
• Third-party suppliers, that participate in the Duve marketplace which access and use the marketplace for the purpose of selling their services to the Customers’ guests, all through the Duve platform (“Suppliers”); and
• Authorized users, employees or contractors, using and accessing the Services or marketplace on behalf of a Customer or Supplier (“Authorized User”).

Customer and Prospect shall be, collectively and separately, referred herein as “you”.

In the event you have applied for a job with us, please further review our Job Candidates Privacy Policy which governs our Personal Data processing practices in connection with such interactions.

ANY PERSONAL DATA YOU PROVIDE IS MADE AT YOUR FREE WILL AND CONSENT (WHERE REQUIRED UNDER APPLICABLE DATA PROTECTION LAWS), AND YOU ACKNOWLEDGE THAT YOU ARE NOT UNDER ANY STATUTORY OBLIGATION TO PROVIDE PERSONAL DATA TO DUVE. HOWEVER, IF YOU WILL NOT PROVIDE US WITH CERTAIN PERSONAL DATA, WE WILL NOT BE ABLE TO FULFILL CERTAIN SERVICES.

This Privacy Policy further includes or incorporates specific information required under applicable data protection laws for residents of certain jurisdictions, among others:

If you are a located in the EEA or UK – this Privacy Policy further details our lawful basis for processing Personal Data, information regarding cross border data transfer and your rights, as well as additional information we are required to disclose to you under the EU and the UK General Data Protection Regulations (collectively “GDPR”).

If you are a California resident– please also review our CCPA Privacy Notice which serves as a Notice at Collection as required under the California Privacy Rights Act and further details the categories of information collected and additional information regarding our privacy practices, including your rights.

Additional Information to certain United States Residents– please also review Section 12 of this Privacy Policy “Additional Notice for US Residents” to learn more about our privacy practices and your rights under these territories.

1. POLICY AMENDMENTS

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of this Privacy Policy will always be posted on the website and the update date will be reflected in the “Last Updated” heading. We will provide notice to you if these changes are material, and, where required by applicable law, we will obtain your consent. Any amendments to the Privacy Policy will become effective immediately, unless we notify otherwise. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

2. CONTACT INFORMATION AND DATA CONTROLLER INFORMATION

Duve, a company incorporated under the laws of the state of Israel, is the “Data Controller” (as such term is defined under applicable privacy and data protection legislation, which refers to the organization that determines the means and the processing of the personal data) of the Personal Data collected as described under this Privacy Policy.

For any question, inquiry or concern related to this Privacy Policy or the processing of your Personal Data, you may contact as follows:

By Mail: Ha-Khilazon St. 6, Ramat Gan, Israel 5252270

Data Protection Officer: dpo@duve.com

Data Protection Representative for Data Subjects in the EU: Duve has designated its French entity as Duve’s representative in the European Union for data protection matters related to the processing of personal data of residents of the EU, pursuant to Article 27 of the GDPR. If you have any comments or questions regarding our Privacy Policy, if you have any concerns regarding your privacy, or if you wish to make a complaint about how your personal data is being processed by Duve, please send an email to dpo@duve.com or by post at: 10-14 Rue Anatole France, 94140, Alfortville, France.

This Privacy Policy governs the processing of Duve’s independent privacy and data processing practices as a “Data Controller” and does not govern our privacy practices with respect to the processing of the personal data of individuals, hotel guests, who manage their reservation or may purchase services from Customer through the Duve Platform white labeled by the Customer (“Guest(s)”). We collect, process and manage such data solely on behalf and under the instructions of the Customers in our role as a “Data Processor” in accordance with our Data Processing Addendum with them. However, we did provide some informative disclosures of Duve’s processing, to assist Guests in making informed decisions and understanding their rights.

3. DATA PROCESSED BY DUVE, PURPOSES OF USE AND LAWFUL BASIS

You will find below information regarding the types of data we collect, the purposes for which we process Personal Data as well as our lawful basis for processing (where the GDPR applies to your Personal Data).

We may collect aggregated, non-personal, and non-identifiable information which may be made available or gathered via your use of the website or Services (“Non-Personal Data”). We are not aware of the identity of the individual from who we have collected the Non-Personal Data and cannot link between the data and the individual with reasonable means. This refers mainly to technical information, or aggregated data.

We further collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data”). This may include online identifiers, names, emails, etc., subject to applicable law.

For the avoidance of doubt, any Non-Personal Data connected or linked to Personal Data shall be deemed as Personal Data as long as such connection or linkage exists.

Below we detail the Personal Data we collect and how and for which purposes we process and use your Personal Data, as well as our lawful basis for processing (subject to the GDPR, if applicable). 

Personal Data Sets	Purposes of Processing	Legal Basis
ProspectsData
Usage Data: When you access our website, and interact with it, we may collect certain online identifiers, such as your Internet Protocol (IP) address, Cookie ID, user agent, and other unique identifiers, tags, etc. as well as information related to your usage, such as actions made on the website, pages viewed, access time and date, session durations, language preferences, etc. (“Usage Data”).	We process the Usage Data for the following purposes: * To operate and secure the website. * For analytic purposes and to enhance and improve our website, etc. For example, we process this data to understand how Prospects use our website or the most viewed content, to improve the way we present such content. * To promote, advertise and market our website and Services. This includes targeted advertisements (which further depends on your cookies’ settings and preferences) on our website or third party’s platforms across the website, and to contact our Prospects with general or personalized service-related messages, as well as promotional messages that may be of specific interest to them.	Except when we use cookies for essential features of the website, all other Usage Data processing conducted through third-party tools, APIs, cookies, agents or other tracking and monitoring technologies, is subject to your explicit consent. The consent is obtained through the cookie notice presented when you first access the website. You may withdraw consent or change your preference at any time by using the cookie preference settings tool available on our website.
Contact Details and Communications: If you voluntarily contact us in any manner, whether for support, to submit a request, to book a demo or for other inquiries, whether by sending us an email or through other means of communications, e.g., any online form, chat or if we otherwise communicate with you, you will be requested to provide us with your contact information, which depending on the interaction with us may include your name, telephone number, email address or business email address, your organization and position (“Contact Details”). Further, we may receive your Contact Details through our third-party providers, that provides business and contact information, along with intelligence for marketing, sales promotions and similar sources. When we communicate with you, by emails correspondence, phone call, chat, or other means, we will further process and store our communications with you, including email correspondence and, where applicable call and meeting recording, and may also receive insights related to such communications such as, interactions with email communications (access time and date, whether opened or not) (all collectively shall be referred as “Communications”).	We process Contact Details and Communications for the following purposes: * To respond to your inquiries or request, establish a potential business relationship and to provide you with the information you have requested. * To improve and optimize our sales activity. * To send additional information and marketing materials directly related to your interest and engagement with us (“Direct Marketing”). * We may keep records of our Communications in the event we determine it is needed for legal requirements.	Processing Contact Details and Communications to respond to your inquiry or request or send information you have signed up to receive, is based on your consent. Processing Contact Details and Communications for our unsolicited marketing campaigns, including Direct Marketing, is based on our legitimate interests. Processing Contact Details and Communications to improve our marketing efforts and for internal records keeping, is based on our legitimate interests. You have the right to withdraw your consent at any time. You may further opt-out from our marketing communications by using the “unsubscribe” or other option we provide within the body of the message.
Customers and Suppliers Data
Account Data: To use our Services, our Customers or Suppliers, as applicable, will need to initially create an account or will be designated with an account, which will include basic Contact Details (of the Customer and Authorized Users) and other business information (address, billing information, etc.).	We process Account Data for the following purposes: * To create and designate the account, authentication and validate access, enable log-in, access and use of the Services. * To send Customers with needed service, operation or transaction information related to our engagement (e.g., billing and invoicing, technical updates, etc.). * For Direct marketing purposes (as defined above), meaning, as our Customer or its representative, we may send you marketing related communications (by email or other contact details you have provided), materials and content regarding the Services you are currently using or any services we may offer in the future to keep you up to date and promote or Services. * Customer support. In this case we might also process the communication information related to such support request.	Account Data for the purpose of account creation and validation, enable log-in and for transactional or operational messages, including customer support and management matters, are all based on contract necessity. Processing Account Data for Direct Marketing purposes is based on our legitimate interest. You can opt-out at any time using the “unsubscribe” option within the body of the message. Please note that if you choose to unsubscribe from our Direct Marketing, we will still retain your contact details and send you service-related emails, such as invoices.
Platform and Service Usage Data: When you use our Services (including the web-app application https://frontdesk.duve.com/), Duve will collect telemetry data and information regarding your use of the Service, including access logs, activity logs, crash data, session recordings and analytics (“Service Usage Data”).	We process Service Usage Data for the following purposes: * To secure our Services, and detect any potential threats or fraudulent activities, and for example, to resolve technical errors.  * To gain a better understanding on how Customers use the Services, account, dashboard, and other features. * To improve our Services, the overall performance, user-experience, and value generated therefrom. * To enforce our policies and agreements regarding the use of our Services and to have internal records to evidence the Services provided or used, in the event we find needed subject to any potential, actual or threatened claim or dispute with us, and to comply with applicable laws or security standards. * To provide, improve and optimize the Artificial Intelligence features embedded in our Services. * To comply with legal obligations and requirements, and maintain our compliance with applicable laws, regulations, and standards.	Processing Service Usage Data is based on our legitimate interest.
Reviews and Feedback: If you voluntarily provide your feedback on our Services and agree we publish it on the website, we may process and publish your name, title, the content of your feedback and your picture.	We will process and use this information for publication on our website.	We process this information solely subject to your consent which you may withdraw at any time.
Guest
Guest Information: When a Guest manages its reservation with our Customers through the Customers’ interface on the Duve Platform, Duve will collect information related to the purpose of trip (honeymoon, business, etc.), check-in and check-out dates, communications (including through Chat AI), details about accompanying family members, and any additional information that the Guest or Customer provides (“Guest Information”).	We process Guest Information on behalf of our Customers, for the following purposes: * To provide Guest with personalized offers aimed to induce an increase in sales by the Customers from a list of Customer Service Providers operating in the area of their properties. * To gain a better understanding on how Guests evaluate, use, and interact with our Services, to utilize such information to continuously improve our Services, the overall performance, user-experience and value generated therefrom. We collect such information automatically through their usage of the Services. * To enable our Customers to personalize the Guest’s journey and visit.	As a processor, Duve follows the Customers’ instructions and lawfulness.

Please note that the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ, and we are only responsible for the Personal Data we collect and process as the controller of the Personal Data. Such processing operation usually includes a set of operations made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts, and any other misuse of our Services, and to enforce our terms of use and other policies, as well as to protect the security or integrity of our databases and Services, and to take precautions or defend against legal liability and claims. Such processing is based on our legitimate interests.

4. HOW WE COLLECT PERSONAL DATA

Depending on the nature of your interaction with Duve, we may collect Personal Data as follows:

• Automatically – we may use cookies (as elaborated below) or similar tracking technologies to gather some information automatically when you interact with our website or Services.
• Provided by you voluntarily – we will collect Personal Data you provide us with, such as when you contact us, etc.
• Provided by third parties – such as third parties data aggregators, referrals, etc.

5. COOKIES AND TRACKING TECHNOLOGIES

We use “cookies” (or similar tracking technologies such as tags and pixels) when you interact with our website. The use of cookies is a standard industry-wide practice. Cookies and similar technologies are a small piece of information, text, or code that a website assigns and stores on your computer or browser while you access a website.

Cookies can be used for various purposes, including allowing you to navigate between pages efficiently, for statistical purposes, for operation and security purposes, as well as for advertising purposes.

The information generally collected and stored by cookies includes Online Identifiers, UsageData, and Service Usage Data (as defined under Section 3 of this Privacy Policy “Data Processed by Duve, Purposes of Use and Lawful Basis”).

You can find more information about cookies here: www.allaboutcookies.org

Please see our cookie list available through the Cookie Manager accessed through the icon (in the website footer), which details the cookies we use on our website. You may change your cookies preference at any time.  Note that, certain cookies used for strict operation and security purposes are considered as “strictly necessary” and cannot be disabled.

Please note that once you choose to opt out or disable cookies, some features of our website may not operate properly, and your online experience may be limited.

6. DISCLOSURE OF PERSONAL DATA

We may disclose your Personal Data to third parties, including our affiliated companies, partners or service providers that help us manage our business operations or provide our Services. You can find in the table below information about the categories of such third-party recipients.

Category of Recipient	Data That Will Be Shared	Purpose of Sharing
Service Providers	All types of Personal Data as needed for the service provided, on a case-by-case basis	We employ other companies and individuals to perform functions and services on our behalf. Such third parties may include hosting service providers, data security services, billing and payment processing services, fraud detection and prevention services, web and product analytics, e-mail distribution and monitoring services, session or activity recording services, remote access services, performance measurement, data optimization and marketing services, social and advertising networks, voicemails, support, enablement and customer relation management systems, and our legal, financial and compliance advisors, etc. These third-party service providers have access to Personal Data needed to perform their functions, but they are prohibited, through contractual obligations, from using your Personal Data for any purposes other than providing us with requested services.
Partners, Affiliated Companies and Corporate Transactions	All types of Personal Data as needed, on a case-by-case basis.	We may share in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation, or asset sale) or in the event of a corporate reorganization.
Law enforcement, governmental agencies or authorized third parties	All types of Personal Data as needed, on a case-by-case basis	We may disclose certain Personal Data to law enforcement, governmental agencies, or authorized third parties, in order to comply with applicable laws or in response to a verified request or order. We may further disclose Personal Data to enforce our policies and agreements, as well as defend our rights, including the investigation of potential violations thereof, alleged illegal activity or any other activity that may expose us to legal liability, and solely to the extent required. In addition, we may disclose Personal Data to detect, prevent, or otherwise address fraud, security, or technical issues, solely to the extent required.

For the avoidance of doubt, Duve may share Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous. We may transfer, share, or otherwise use non-personal and non-identifiable data at our sole discretion and without the need for further approval.

7. PRIVACY RIGHTS

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what Personal Data we collect so that you can make meaningful choices about how it is used. We allow you to exercise certain choices, rights, and controls in connection with your Personal Data. Depending on your relationship with us, your jurisdiction and the applicable data protection laws that apply to your Personal Data, you have the right to control and request certain limitations or rights to be executed.

Please note: you may exercise your rights with respect to data processed by Duve as the controller, if you are a hotel guest, or otherwise an individual using our Customer’s app, which is powered by Duve, we will share your request with our Customers or Suppliers, that are the controller of such processing.

Further, if you are a Guest, please contact the property owner, hotel, with which you made your reservation, for any questions or requests regarding the processing of your Personal data.

In the table below you can review your rights depending on your interaction with us, how you can exercise them, and appeal a decision we take in this regard, any specification per geo-location or territory are available below the table: 

RIGHT TO BE INFORMED, RIGHT TO KNOW	You have the right to confirm whether we collect Personal Data about you. You may also have the right, at our option, to receive a list of the specific third parties to which we have disclosed either your Personal Data or any Personal Data. If you wish to know if we collect Personal Data about you, please review this Privacy Policy. If you have additional questions, please feel free to reach out at: dpo@duve.com
ACCESS RIGHTS (or under different regulations may be referred to as the right to inspect or review the personal data processed)	You further have the right to know which Personal Data we specifically hold about you, and receive a copy of such or access it, if you wish to receive a copy of the Personal Data or Personal Information, please send us an e-mail to: dpo@duve.com
RIGHT TO CORRECTION AND RECTIFICATION OF THE PERSONAL DATA	You have the right to correct inaccuracies in your Personal Data, taking into account the nature and purposes of each processing activity. If you wish to exercise this right, please contact us at: dpo@duve.com
RIGHT TO BE FORGOTTEN, RIGHT TO DELETION	In certain circumstances, you have the right to request deletion of your Personal Data that we hold about you. Unfortunately this right is not absolute and if we are not able to delete all or part of your Personal Data we will inform you. If you wish to exercise this right, please contact us at: dpo@duve.com You are not required to create an account with us to submit a deletion request. In the event you are a Customer – note that termination of the engagement or closing your account does not automatically resolve in deletion of Customer Data or the Personal Data processed on you or the Authorized Users. If you wish to delete the data, please ensure to contact us with such request.
RIGHT TO PORTABILITY	You have the right to obtain the Personal Data in a portable, and to the extent technically feasible, readily usable format that allows you to transmit the data to another entity without hindrance. We will select the format in which we provide your copy. If you wish to exercise this right, please contact us at: dpo@duve.com
RIGHT TO OPT OUT OR WITHDRAW CONSENT (AS APPLICABLE) AND EXERCISING THE RIGHT TO NOT SHARE OR SELL PERSONAL INFORMATION, OPT OUT FROM TARGETED ADVERTISING AND, OPT OUT FROM PROFILING AND AUTOMATED DECISION MAKING	Marketing Communications: You have the right to opt-out from Directing Marketing, or otherwise withdraw consent, by unsubscribing through the message received. Cookies: You have the right to opt-out or otherwise withdraw consent from processing of Personal Data through our use of cookies, by changing your preferences through the Cookie Setting tool available on our website and click the “withdraw your consent” button. Sale of Personal Data for targeted advertising, monetary gain or profiling, or Share or Sale of Personal Information for analytic or marketing: If and to the extent applicable, you have the right to opt out of the “sale” or “share” of your Personal Data – meaning to opt-out of our practice of using cookies for the purposes of targeted advertising, analytic, etc. through the cookie settings tool available on our website. You are further able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (like the “Global Privacy Control”).
RIGHT TO OBJECT	You have the right to object to processing of your Personal Data (subject to certain conditions under data protection laws). If you wish to exercise this right, please contact us at: dpo@duve.com
RIGHT TO RESTRICT PROCESSING	You have the right to ask us to restrict or limit the purpose for which we process your Personal Data (subject to certain conditions under data protection laws). If you wish to exercise this right, please send us an e-mail to: dpo@duve.com
RIGHT TO APPEAL OR COMPLAINT	If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable. Under the EU you have the right to lodge a complaint with the supervisor authority or the Information Commissioner in the UK.
NON-DISCRIMINATION	Such discrimination may include denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate our users.

8. DATA RETENTION

We retain Personal Data we collect as long as it remains necessary for the purposes set forth above, all in accordance with applicable laws, or until an individual expresses a preference to opt-out.

Other circumstances in which we will retain your Personal Data for longer periods of time include:

• Where we are required to do so in accordance with legal, regulatory, tax, or accounting requirements;
• For us to have an accurate record of your dealings with us in the event of any complaints or challenges; or
• If we reasonably believe there is a prospect of litigation relating to your Personal Data.

Please note that except as required by applicable law, we may at our sole discretion, delete or amend information from our systems, without notice to you, once we deem it is no longer necessary for such purposes.

9. SECURITY

At Duve, security is our highest priority. We design our systems with your security and privacy in mind. We have implemented physical, technical, and administrative security measures for the Services that comply with applicable laws and industry standards. These measures are further detailed in our trust center available at: https://duve.com/security-center/

Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access.

Please contact us at: dpo@duve.com if you feel that your privacy was not dealt with properly, in a way that was in breach of our Privacy Policy, or if you become aware of a third party’s attempt to gain unauthorized access to any of your Personal Data.

10. DATA TRANSFER

We, along with our service providers who assist help us manage our business operations or provide our Services, maintain, store and process personal data in Israel, the United States, Europe, and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by applicable law.

Duve is headquartered in Israel, a jurisdiction recognized by the European Commission, the United Kingdom Secretary of State, and the Swiss Federal Data Protection and Information Commissioner (FDPIC), as offering an adequate level of protection for Personal Data of individuals residing in the European Economic Area (EEA), the UK and Switzerland, respectively.

As a result, any information you provide us may be transferred to and processed in countries other than the country from which you accessed our website or Services. We will take appropriate measures in line with industry standards to ensure that your Personal Data receives an adequate level of data protection upon its transfer. When Personal Data collected from within the EEA is transferred outside this territory, we take necessary steps in order to ensure that sufficient safeguards are provided during the transferring of such Personal Data, pursuant with transfer mechanisms approved by applicable laws, which may include the Standard Contractual Clauses or other approved framework.

11. CHILDREN

Our Services are not intended for use by children, and we do not knowingly collect or maintain information about anyone under the age of 16. Please contact us at: dpo@duve.com if you have reason to believe that a child has shared any information with us. 

12. ADDITIONAL INFORMATION FOR CALIFORNIA RESIDENTS

This section applies only to California residents. Pursuant to the California Consumer Privacy Act of 2018 effective November 2020, and as amended by the CPRA, effective January 1, 2023 (collectively “CCPA”). 

Please see our CCPA Privacy Notice, which discloses the categories of personal information collected, purpose of processing, source, categories of recipients with whom we share the personal information for a business purpose, whether the personal information is sole or shared, the retention period, and how to exercise your rights as a California resident.

13. ADDITIONAL NOTICE TO US RESIDENTS

The section is applicable to residents of certain U.S. states (depending on the applicable state law, acting in an individual or household context and not in a commercial or employment context or as a representative of business), including the following state laws: Colorado Privacy Act; Connecticut Data Privacy Act; Delaware Personal Data Privacy Act; Florida Digital Bill of Rights; Indiana Consumer Data Protection Act; Iowa Consumer Data Protection Act; Kentucky Consumer Data Protection Act; Maryland Online Data Privacy Act; Minnesota Consumer Data Privacy Act; Montana Consumer Data Privacy Act; Nebraska Data Privacy Act; Nevada S.B. 370; New Hampshire Data Privacy Act; New Jersey Data Protection Act; Oregon Consumer Privacy Act; Rhode Island Data Transparency and Privacy Protection Act; Texas Data Privacy and Security Act; Tennessee Information Protection Act; Utah Consumer Privacy Act, and Virginia Consumer Data Protection Act.

We are required to provide you with a clear and accessible privacy notice that includes the categories of Personal Data processed, purpose of processing, instructions for exercising consumer rights and appealing decisions, categories of Personal Data shared with third parties, categories of third parties with whom data is shared, and any sale of data or targeted advertising.

Under Section 3 – “Data Processed by Duve, Purposes of Use and Lawful Basis” of this Privacy Policy, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used.

Under Section 6 – “Disclosure of Personal Data” of this Privacy Policy, we detail and disclose the categories of third parties we share Personal Data with for business purposes. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.

Additionally, under Section 7 – “Privacy Rights” of this Privacy Policy, we detail and disclose your rights and how to exercise such requests.

“Sale” of Personal Data:

Under US privacy laws, in principle, the term “sale” is referring to disclosing or making available Personal Data to a third-party in exchange for monetary or other valuable consideration, including for targeted advertising purposes. We do not “sell” information as this term is commonly understood, meaning – we do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment. However, subject to the definition of the term “sale” under applicable US privacy laws, our practice of using “cookies or other third-party advertising services and sharing Personal Data for such purpose is considered as a “sale”.

Appeal Rights:

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to: dpo@duve.com

Not more than 60 days after receipt of an appeal, and always in accordance with the timelines set by the applicable US Privacy Laws, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decision.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

• Colorado Attorney General as follows: Colorado AG at https://coag.gov/file-complaint .
• Connecticut Attorney General at link: https://www.dir.ct.gov/ag/complaint /.
• Delaware Attorney General at https://attorneygeneral.delaware.gov/fraud/cmu/complaint/. 
• Florida Attorney General at https://www.myfloridalegal.com/consumer-protection/consumer-complaint-form.
• Indiana Attorney General at https://www.in.gov/attorneygeneral/consumer-protection-division/file-a-complaint/.
• Iowa Attorney General at https://www.iowaattorneygeneral.gov/for-consumers/file-a-consumer-complaint. 
• Kentucky Attorney General at https://secure.kentucky.gov/formservices/AttorneyGeneral/ConsumerMediationForm.
• Maryland Attorney General at https://www.marylandattorneygeneral.gov/Pages/CPD/Complaint.aspx.
• Minnesota Attorney General at http://www.ag.state.mn.us/
• Montana Attorney General at https://dojmt.gov/consumer/consumer-complaints/. 
• Nebraska Attorney General at https://ago.nebraska.gov/constituent-complaint-form.
• Nevada Attorney General at https://ag.nv.gov/Complaints/CSU_Complaints___FAQ/
• New Hampshire Attorney General at https://onlineforms.nh.gov/app/#/formversion/e0c5d644-c9d8-4056-a7cc-24d29c446fcb. 
• New Jersey Attorney General at https://www.njoag.gov/contact/file-a-complaint/.
• Oregon Attorney General at https://www.doj.state.or.us/consumer-protection/contact-us/. 
• Rhode Island Attorney General at https://riag.ri.gov/forms/consumer-complaint
• Texas Attorney General at https://www.texasattorneygeneral.gov/consumer-protection/file-consumer-complaint.
• Tennessee Attorney General at https://www.tn.gov/attorneygeneral/working-for-tennessee/consumer/file-a-complaint.html
• Utah Attorney General at https://www.attorneygeneral.utah.gov/contact/complaint-form/.
• Virginia Attorney General at https://www.oag.state.va.us/consumercomplaintform .