1. Introduction

We at Servi Smart Solutions Ltd. (hereinafter called “Duve” or “We”/“Our”/“Us”), hold your privacy and the security of your personal data to the highest level of importance.
This Data Protection Policy (hereinafter, the “Policy”) applies to all of Our activities with respect to the protection of personal data that We collect, process and store in the course of providing you with Our services (hereinafter, the “Services”).

As used in this Policy the terms “Registered Property Manager” and “Registered Supplier” shall have the meaning ascribed to them in Duve’s Terms of Service (https://duve.com/terms/).

2. About this policy

Duve is committed to ensuring that your personal data and data privacy are protected in accordance with the best practices available, as well as according to Duve’s relevant legal obligations. This Policy explains your rights regarding the personal data We collect, process and use, as well as Duve’s use of safeguards to protect these rights.

The Policy also applies to Duve’s use of cookies and tracking tools on the relevant website and application interfaces, as further specified in our Cookies and Tracking Technologies Policy.
Your personal data will be collected and stored lawfully, fairly and transparently by Duve. In processing your data, We act in good faith, in a proportionate manner, and with the appropriate technical and organizational measures employed when taking into account the risks represented by the processing and
the nature of the personal data processed and protected by Us.

From time to time, We may develop new, or offer additional services. If the introduction of these new or additional services results in any change to the way we collect or process your personal data We will provide you with more information and additional terms or policies prior to the introduced of any such
additional services. Unless stated otherwise, any introduction of these new or additional services will be subject to this Policy.

2.1.The purpose of this Policy is to:

2.1.1. Ensure that you understand what personal data We collect about you, the reasons why We collect and use it, who We share it with and how We will protect your privacy;

2.1.2. Explain the way We use the personal data that you share with Us in order to provide you with Our Services; and

2.1.3. Explain your rights and the choices at your disposal in relation to Our use of the personal data We collect and process about you.

Important note: If you do not consent to the collection, use, processing and disclosure of your personal data as set forth in this Policy, please refrain from browsing Our website, registering and/or logging into Our Registered Property Manager Interface or to Our Registered Supplier Interface, or otherwise refrain
from providing Us with any of your personal data.

3. Your Rights and Your Preferences

We will only process personal data if you have consented to such processing, unless We are otherwise legally authorized or obliged to collect and further process personal data relating to you.
Therefore, if We process data solely based on your affirmative consent, We will only use the data for the purposes stated in the consent procedure and within the scope outlined below.

You are entitled to the following additional rights:
3.1. Withdrawal of Consent. You may file for the revocation or withdrawal of your consent to Our collection, use or processing of your personal data at any time by notifying Our Data Protection Officer, at: E-mail: dpo@duve.com Upon receipt of your notification, We will revert back to you and thereafter
cease the collection, use or processing of your personal data, and/or suspend/delete your account, as applicable according to the content of your request alongside giving you confirmation such a request has been fulfilled, provided however, that We are not legally obliged or authorized to retain your personal data, including for ongoing legitimate business interests. If We cannot partially or fully comply with your request, We shall revert back to you in response to your above mentioned notification and shall inform you accordingly.

3.2. The “Right to be Forgotten” and Right to Rectification. You may also request the erasure or correction of any or all of your personal data that is held by Duve. Upon sending your request to Our Data Protection Officer, at: E-mail: dpo@duve.com, We will delete/correct your personal data or close/suspend your account/registration and/or remove or correct your personal data from any or all of Our records, as applicable according to the specifics of your request, as soon as reasonably possible and when technically feasible, unless there is an overriding legal interest or other authorized basis for the continuation of the data processing, and We shall revert back to you in response to your above mentioned notification and shall inform you accordingly in such an event.

The foregoing notwithstanding, Duve will store the minimal sufficient amount of personal data to ensure that the restriction is respected in the future, where you have not asked for the full deletion of your personal information (and provided We can abide such a requested as mentioned above).
In the event of deletion and/or correction of personal data, upon your request, results in Duve no longer being able to provide you with any or all of Our Services via the website or other applications, We shall notify you accordingly, but in so requesting Us to act, you hereby irrevocably agree and waive any claim against Duve for Our inability to provide the Services partially or fully through the website, or any interruption or malfunction of the Services resulting from fulfilling your request. Note that your request for deletion or correction of your personal data, may also be rejected by Duve for lack of relevant information provided by you, upon which you will be notified accordingly.

3.3. Rights of Transparency and Portability. You are entitled to ask Us for information regarding the types of personal data We hold or have collected on you and for what purposes.
You are also entitled to obtain (in a commonly used and machine-readable form) and reuse your personal data as you have provided to Us and which We process by automated means, for your own purposes, across Our different Services, free of charge, subject to the technical feasibility and lawfulness
considerations. Please forward your request for such an output, in written or machine-readable form, to Our Data Protection Officer, at: E-mail: dpo@duve.com.

3.4. Automated decision-making. Duve shall not intentionally take any potentially damaging decision concerning you because of using automated processing operations without human intervention; and commits to giving you the opportunity to obtain human intervention in such a decision, express your point of view, and obtain an explanation of the decision.

In the implementation of these data protection rights, Duve is committed to providing a timely and transparent response to your requests, and upholding your right to contact Duve’s Data Protection Officer, at: E-mail: dpo@duve.com

4. Why Duve Collects Your Personal Data and Uses Cookies on This Site

Duve uses your personal data for the following reasons:

4.1. To ensure that content on (i) the website, (ii) the Registered Property Manager Interface, and (iii) the Registered Supplier Interface, are presented in the most effective manner for you;

4.2. To process your guests/clients personal information for the purposes of providing Our Services;

4.3. To process your upsell requests and guest/client experience requests through Our Registered Property Manager Interface, including the transfer of your information to the selected registered suppliers chosen from Our registered supplier database;

4.4. To gather statistical information and analytics in order to analyze and improve Our website and Services in general; and

4.5. To send you e-mails, advertisements and newsletters on deals, discounts and updates regarding Our Services;

Cookies and tracking tools are employed on Our website to distinguish you from other users and to improve your use of Our website and Services. In some cases, certain features may not function if you choose to remove some or all of the cookies from your browser.

Additional information about the use of cookies and tracking by Duve may be found on Our Cookies and Tracking Policy, under the title “The Use of Cookies and Tracking Technologies by Duve”.

5. How Duve Collects Personal Data and Information:

5.1. When you sign on to Our Website We collect personal information about you:

5.1.1. When you sign up to Duve as a Registered Property Manager the following information will be collected form you:

5.1.1.1. E-mail address and your preferred, personal password.

5.1.1.2. Personal information, including full name, address and contact information.

5.1.1.3. Information on your property/properties which We are asked to use and process for the purpose of providing you with guest/client experience management services;

5.1.1.4. Your credit card and billing address for processing your monthly subscription free.

5.1.2. When you sign up to Duve as a Registered Supplier the following information will be collected form you:

5.1.2.1. E-mail address and your preferred, personal password.

5.1.2.2. Personal information, including full name, address and contact information.

5.1.2.3. The services you provide (selectable from a list and/or filled in a text box).

5.1.2.4. Your credit card and billing address for processing the upsell commission We are entitled to (and which will be divided between Duve and the Registered Property Manager) when one of our Registered Property Managers’ guests/clients executes a transaction with You

5.2. We collect Information about our Registered Property Managers’ Guests/Clients:
When you use the Registered Property Manager Service, we will collect the following information about your guests/clients:

5.2.1. Their reservation, including their names, contact details, dates of stay, number of the clients/guests of the ordered room/property, the selected property out of your list of active properties, and the
amounts paid as an attachment;

5.2.2. Any information they have filled in, which you have elected to add as fields in your Registered Property Manager interface on Our website;

5.3. Responsibility to Acquire Consent

5.3.1. In the event that your properties are directly leased to the end-user clients, then it is the Registered Property Manager’s responsibility to collect the required consent, according to the provisions of the
applicable privacy and/or data protection legislation in force in his/her jurisdiction, from the end-user clients regarding the processing of the personal information set forth in section 5.2 above, including but not limited to:

5.3.1.1. the right to transfer the end-user guest/client’s personal information from the Registered Property Manager to Duve; and

5.3.1.2. the right to transfer end-user guest/client’s personal information from the Registered Property Manager to any selected Registered Supplier of Duve; and

5.3.1.3. Duve’s (or Duve’s Registered Suppliers’ as the case may be) right to process personal information in order to provide order management, check-in and booking management services and upsell facilitation.

5.3.2. If you are leasing your properties through an intermediary website or service, the responsibility remains with the Registered Property Manager as per section 5.3.1 above, and Duve advises you to verify
that any such intermediary collects initial consent as set out hereinabove.

The Registered Property Manager shall be liable and shall hold Duve harmless against any claim, complaint or administrative fine levied against Duve due to the Registered Property Manager’s failure to acquire such consent from its end-user guest/clients according to this section 5.3;

6. The Type of Personal Data We Collect and How We Use It

6.1.The personal data We collect about Our users and that is used by Duve includes the data required for Us:

6.1.1. To provide you with the Services in the course of Our ongoing business while operating under Duve’s relevant legal data protection legislation and regulations obligations, including the principles of data protection, reduction and data minimization;

6.1.2. To perform analytics and statistical analysis of Our website and our Registered Property Manager and/or Registered Supplier interfaces’ performance and to ensure their stability and integrity;

6.1.3. To provide you with the best user experience while using Our websites and service interfaces;

6.1.4. To use data tracking technologies (i.e: browsing and history data) for the purpose of providing you with personalized advertisements;

6.1.5. To provide Registered Property Managers with personalized offers aimed to induce an increase in sales by the Registered Property Manager from Our list of Registered Service Providers operating in the
area of your registered properties;

6.2.The data collected and processed is both general in nature, (for example, for technical purposes) and personal data, contact details, signatures and other information inputted by you (or your guests/clients if you are a Registered Property Manager), depending on the services selected and utilized.

6.3.Some automatic processing of your personal data may occur when you browse Our website and/or input information through our Registered Property Manager or Registered Supplier interfaces.
Data processed may include specifically your name, some identifying numbers, the name of your internet provider, your IP address, browser type and system software, as well as the websites you have visited before being transferred to the Duve websites and/or application interface, including keywords used for searches and the sites from which you have been transferred (e.g., search engine or linked content).

6.4.As is true of most organizations operating websites and apps, We also gather certain information automatically and store it in log files. This information includes but is not limited to IP addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp and
click stream data. We use this information to analyze trends, administer the site, track users’ movements around the site and to gather information about our user base as a whole. We may link this automatically-collected data to personal information for legitimate business purposes, such as detection and prevention of fraudulent activity; and other authorized purposes.

6.5.When you receive Services from Us, you may also be directed to third-party processors such as payment service providers, including credit card or online payment providers or document scanning software providers.

When Duve uses such third-party payment processors, We do not store credit card details or retain copies of identification documents scanned, but instead rely on the third-party service provider to process personal data in order to provide these payment services. Duve contractually engages with internationally recognized third-party payment processors which comply with the applicable data protection and other laws and regulations applicable to their payment processing services.

Duve mainly uses ‘Stripe’, as a third party payment processor, for the purpose of facilitating payments made across its Services. You are hereby advised to review Stripes’ applicable privacy policy prior to inputting and making use of any such payment processor’s services (https://stripe.com/privacy).
If you have questions regarding Our use of payment service providers, please get in touch with our Data Protection Officer, at: E-mail: DPO@Duve.com.

6.6.Our website employs online advertising, tailored to the individual user, as practice known as “Online Behavioral Advertising” which uses cookies to discover general information about the pages you visit. Our advertising delivery systems and partners use the limited information available to them to serve adverts to you, which they believe are relevant. They do not collect personal information such as your name, email address postal address or telephone number.

Behavioral retargeting is another form of Online Behavioral Advertising that enables Us and some of Our advertising partners to show you adverts based on browsing patterns and interactions with the site while browsing on other websites online.

6.7. From time to time, Duve may share this aggregated data with Our advertising partners. This could mean that when you are on other websites you are served advertising based on your behavior across Duve’s website and service interfaces, or you may be served advertising based on your behavior on
other sites.

If you want to opt out of receiving Online Behavioral Advertising this does not mean that you will no longer receive advertising when you are using Our website, it will only result in the adverts you see not being customized for you.

If you would like more information about online behavioral targeting and examine options to opt out of receiving advertisements in this manner, you may visit http://www.youronlinechoices.com or http://www.networkadvertising.org.

6.8. Our websites and user interfaces may, from time to time, contain links to and from websites of Our partners’ networks, advertisers and affiliates. We cannot control or be held responsible for third parties’ privacy practices and content and if you click on a third-party advertisement or link, please understand that you are leaving the Duve website or interface and any personal data you provide will not be covered by this Policy and such third-party websites are governed solely by such third parties’ privacy policies; you are advised to be careful and check any such third party’s privacy policies and compliance with laws, prior to inputting and/or supplying them with any of your personal data.

7. Transfer to Third Parties and Transfers Outside Your Country

7.1.The use of Our Services may sometimes require Us to transmit personal information We process to external service providers and affiliated companies, such as intermediary property rental websites (e.g. Airbnb, Booking.com, etc.). In these cases, however, the extent of data transmitted is kept to the minimum necessary in order to provide the Services which require such third-party service providers.

7.2. Duve may need to transfer your (or your guests/clients’ personal data, subject to the restrictions detailed above) to parties in locations outside the country in which you are physically located, potentially including countries which may not require an adequate level of protection for your personal data compared with that provided in your country.

7.3.In these cases, We will employ all reasonable, commercial efforts to ensure that a reasonable level of data protection is established with the recipient, before transmitting your personal data.

7.4.The aforesaid notwithstanding, by accepting this Policy, you expressly consent to the data transfer as described herein, even if the level of data protection is not up to those customary in your country, and if you are a resident of the European Union, this includes transfers to countries outside of the EEA/EU or without European Union Adequacy Decisions.

7.5.For more information on the countries subject to the European Union’s Adequacy Decisions, please click here.

8. Data Retention and Deletion

Duve deletes personal data in cases where the business purpose for which the data was being collected or processed ceases to apply, or if applicable data protection rules require Us to delete such personal data, unless We have overriding legal obligations or interests, or other authorized lawful basis for the
continuation of the data processing of the personal information.

However, We shall keep your personal data only as long as necessary to provide you with the Duve Services and for legitimate and essential business purposes, such as maintaining the performance of the Duve Services, making data-driven business decisions based on statistical information from Our user base about new features and offerings, complying with Our legal obligations, and resolving disputes, such as the following circumstances:

8.1. If there is an unresolved issue relating to your account, such as an outstanding credit on your account or an unresolved claim or dispute We will retain the necessary personal data until the issue is resolved;

8.2. Where We are required to retain the personal data for our legal, tax, audit, and accounting obligations, We will retain the necessary personal data for the period required under applicable law; and/or,

8.3. Where necessary for Our legitimate business interests such as fraud prevention or to maintain the security of Our users.

The above notwithstanding, there are types of personal information that We will only store for as long as you are a user of the Duve Service, such as your user name, your password and We will delete them upon your request for un-subscription or following your express request as mentioned in the “Your Rights and Preferences” section above.

9. Duve’s Protection of Your Personal Data

We are committed to protecting Our users’ personal data. We implement all reasonably appropriate, industry-standard technical and organizational measures to protect your personal data against loss, alteration, theft or access by unauthorized third parties.

The above notwithstanding, no system is completely secure, and Duve will not be liable or responsible for any damage or loss resulting from the improper use of its Services and/or any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data.

Your password protects your user account and you are responsible for maintaining its security and integrity, therefore we encourage you to use a unique and strong password, not to share it with third-parties, as Duve will not be liable for any actions taken through your username. If you have reason to believe your password has been stolen or compromised, please contact Us as soon as possible at: office@duve.com , so We may suspend your account and assist you in renewing your password.

10. Children Data Protection

The Duve Services are not directed towards children under the age of 18 years. However, in some countries, stricter age limits may apply under local law and if you are under the age limit applicable to your country, please do not use the Duve Service, and do not provide any personal data to us.

Other than when we collect information on our Registered Property Managers’ guests/clients, subject to the receipt of their consent as stated in section 5.3 above, we do not knowingly collect or process personal data relating to children and minors under the age of 18 years or less, according to applicable local laws, unless We are legally obliged to do so.

If We become aware that personal data was transferred to Us or collected by Us relating to children and minors under the age of 18 years for any other reason not stated above in this section 10 or for registration to the service in contradiction of this section 10, all without the informed consent of a parent or legal guardian, We will delete such personal data without undue delay as soon as reasonably possible, including where it is necessary to delete the account/username used by the minor.

11. Changes to This Privacy Policy

We may revise this Policy from time to time, and such changes shall come into effect from the moment Duve notifies you of such changes and/or updates, either by email, on the website or via other reasonable manner.

When We make material changes to this Policy, We will provide you with prominent notice as appropriate under the circumstances, e.g., by displaying a prominent notice within the Duve website, by sending you an email or by prompting a pop-up window when you next log-in with your username, requiring your consent to continue