** Vico SRL (hereinafter called – “Vico”, “we”, “our” or “us”)** provides an all-encompassing guest experience management platform (the “Vico Platform”) designed to assist hoteliers and hospitality experts in digitizing their guest journey, boosting profitability, enhancing performance, and offering an elevated guest experience. This Privacy Policy outlines the methods by which we collect, store, utilize, and disclose personal data or personal information pertaining to (i) our business customers, including real estate owners, property managers, hoteliers, hostel managers, and other hospitality providers interested in sub-leasing their property/properties (“Customer(s)”), (ii) third-party suppliers registered on the Vico Marketplace or independently inputted into the Vico Platform by the Customer to provide ancillary services to the Customer’s Guests (as defined below) via the Vico Platform (“Customer Service Provider(s)“), (iii) Authorized Users of the Vico Platform on behalf of our Customers and the Customer Service Providers (collectively, “User(s)”), (iv) visitors to our website who browse the site, and any other prospective customers, users, or partners (collectively, “Prospect(s)”) who visit or otherwise interact with our Site, online ads and content, emails, integrations, or communications under our control (the “Site”, and together with the Platform, the “Services”). This Privacy Policy details Vico’s independent privacy and data processing practices as a “Data Controller” and does not cover our privacy practices concerning the processing of the personal data of individuals who manage their reservations with our Customers via the Customers’ interface on the Vico Platform and who may purchase services from Customer Service providers via the Vico Marketplace (“Guest(s)”). We gather, handle, and manage such data solely on behalf of and under the instructions of our Customers or the Customer Service Providers, as applicable, in our capacity as a “Data Processor” in accordance with our Data Processing Addendum with them. If you are a Guest, please contact the property owner/property manager/hotelier with whom you made your reservation, as they are the “Data Controller” of your personal data, for any inquiries or requests regarding the processing of your personal data. Specifically, this Privacy Policy describes our practices regarding: - Data Collection & Processing - Data Uses & Lawful Bases - Data Location and Retention - Data Disclosure - Cookies and Tracking Technologies - Communications - Data Security - Data Subject Rights - Data Controller/Processor - Requirements under US State Privacy Laws - Additional Notices If you are a Customer, a Customer Service Provider, a User, or a Prospect, please read this Privacy Policy carefully and ensure that you fully understand it. You are not legally required to provide us with any of your personal data and may do so (or avoid doing so) at your own discretion. If you do not wish to provide us with your personal data, or to have it processed by us or any of our Service Providers (defined below), please refrain from interacting with our Site or from using our Services. ### 1. Data Collection & Processing When we use the terms “personal data” or “personal information” in this Privacy Policy, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to an individual. It does not include aggregated or anonymized information that is maintained in a form that is not reasonably capable of being associated with or linked to an individual. We collect or generate the following categories of personal data in relation to the Services: - **User Account data**: personal data collected for your registration to the Platform, including full name, contact information, and password. - **Business Details Information**: including contact details, position and workplace, contractual and billing details, which may also contain the details of internal focal persons who directly engage with us, e.g., billing contacts and authorized signatories on behalf of the Customer or Customer Service Provider; as well as details concerning their needs and preferences relevant to our existing engagement with them or potential engagement with our Prospects. - **Usage Information**: including connectivity, technical and aggregated usage data and activity logs, log-in and log-out time, IP addresses, device data (such as type, operating system, mobile device or ID, browser version, location and language settings used), cookies and pixels installed or utilized on the device, session recordings (`clicks, use of features, logged activities and other interactions) and analytics, in connection with our Services. - **Direct interactions and communications with us**: personal data contained in any forms and inquiries that you may submit to us, including emails, and chats with us, recordings, and transcripts of your calls (e.g., for customer service, feedback, and support). We gather the above personal data either automatically, through your interaction with us or our Services; or through third-party services, social media, analytics tools, and other business initiatives. ### 2. Data Uses & Lawful Bases We use personal data as necessary for the performance of our Services (“Performance of Contract”); to comply with our legal and contractual obligations (“Legal Obligations”); and to support our legitimate interests in maintaining and improving our Services, e.g., in understanding how our Services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently; in marketing, advertising, and selling our Services to you and others; providing customer services and technical support; and protecting and securing our Users, Customers, Customer Service Providers, Prospects, ourselves, and our Services (“Legitimate Interests”). If you reside or are using the Services in a territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing personal data as described in this Privacy Policy (either in general, based on the types of personal data you expect or elect to process or have processed by us or via the Services, or due to the nature of such processing) (“Consent”), your acceptance of our Terms and of this Privacy Policy will be deemed as your consent to the processing of your personal data for all purposes detailed in this Privacy Policy, unless applicable law requires a different form of consent. If you wish to revoke such consent, please contact us at contacto@vicomanager.com. Specifically, we use personal data for the following purposes (and in reliance on the legal bases for processing noted next to them, as appropriate): #### Customers’, Customer Service Providers’, and Users’ personal data - To facilitate, operate, enhance, and provide our Services; (Performance of Contract; Legitimate Interests) - To provide our Customers, Customer Service Providers, and Users with assistance and support, to test and monitor the Services, diagnose or fix technical issues (Performance of Contract; Legitimate Interests); - To invoice and process payments (Performance of Contract); - To personalize our Services, including by recognizing an individual and remembering their information when they return to our Services, and to provide further localization and personalization capabilities (Performance of Contract; Legitimate Interests); - To provide Customers with personalized offers aimed to induce an increase in sales by the Customers from our list of Customer Service Providers operating in the area of their properties (Performance of Contract; Legitimate Interests); and - To provide, improve and optimize the Artificial Intelligence features embedded in our Services (Performance of Contract; Legitimate Interests). #### Customers’, Customer Service Providers’, Users’ and Prospects’ personal data - To gain a better understanding on how Users and Prospects evaluate, use, and interact with our Services, to utilize such information to continuously improve our Services, the overall performance, user-experience and value generated therefrom. We collect such information automatically through their usage of the Services (Legitimate Interests); - To create aggregated, statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or others may use to provide and improve our respective Services, or for any other business purpose such as business intelligence (Legitimate Interests); - To facilitate and optimize our marketing campaigns, ad management and sales operations, and to manage and deliver advertisements for our Services more effectively. Such activities allow us to highlight the benefits of using our Services, and thereby to increase your engagement and overall satisfaction with our Services. This includes contextual, behavioral, and interests-based advertising the activity on our Services, preferences, or other data available to us or to our Authorized Service Providers (as defined in Section 4 below) (Legitimate Interests); - To contact our Customers, Customer Service Providers, Users, and Prospects with general or personalized service-related messages, as well as promotional messages that may be of specific interest to them (Performance of Contract; Legitimate Interests; Consent); - To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error, or any illegal or prohibited activity (Performance of Contact; Legitimate Interests; Legal Obligations); - To publish your feedback and submissions to our Sites (Legitimate Interests); - To comply with our contractual and legal obligations and requirements, and maintain our compliance with applicable laws, regulations, and standards (Performance of Contract; Legitimate Interests; Legal Obligations); and - For any other lawful purpose, or other purpose that you consent to in connection with provisioning our Services (Legal Obligations; Consent). We do not process your personal data to conduct automated decision-making. ### 3. Data Location **Data Location**: We maintain, store, and process personal data in AWS servers located in Ireland as may be required by applicable law.