PRIVACY & COOKIE POLICY

Last Updated: May 29, 2025

1. INTRODUCTION

Welcome to napa ("Company", "we", "us", or "our"). napa provides facilities management services, including but not limited to home maintenance, buildings cleaning, electromechanical equipment installation and maintenance, plumbing, swimming pool maintenance, landscaping, gardening, and installation of furniture works (collectively, the "Services").

At napa, we prioritize the protection of your personal data and respect your privacy. This Privacy & Cookie Policy ("Policy") explains how we collect, use, store, share, and protect your personal data and how we use cookies and similar technologies when you use our website ("Website") or mobile application ("Platform").

By accessing or using our Services, Website, or Platform, you acknowledge that you have read, understood, and agreed to this Policy. If you do not agree, you must stop using our Services immediately.

2. PERSONAL DATA WE COLLECT

We collect and process various types of personal data, including but not limited to:

2.1 Categories of Personal Data

• Contact Information: Name, address, email, phone number, location.
• Identity and Profile Data: Username, gender, profile pictures, government-issued identification (if required for verification).
• Marketing and Communication Data: Preferences, feedback, service requests, and marketing subscriptions.
• Technical Data: IP address, browser type, operating system, device identifiers, session logs.
• Transaction Data: Payment details (excluding full card details, which are handled by secure payment processors), purchase history, refunds.
• Usage Data: Interactions with our Services, navigation patterns.
• Cookie Data: Information stored via cookies and similar tracking technologies.
• Behavioural Data: Insights derived from user engagement patterns, including response to advertisements, content preferences, and interaction history.

2.2 Automated Data Collection

We use cookies, web beacons, pixel tags, and other tracking technologies to collect technical and usage data (see Section 7 for more on Cookies).

• Behavioural Tracking: We analyze browse habits and service interactions to improve user experience and personalize offerings.

2.3 Biometric Data and Facial Recognition

Biometric data Collection and Consent: napa collects and processes biometric data, including facial recognition or fingerprint data, solely with the explicit, informed, and documented consent of the user. This data is used strictly for identity verification and security purposes. Users will be provided with a clear explanation of the purpose, retention period, and processing method before consent is obtained. No biometric data will be processed without this prior consent.

2.4 Aggregated and Anonymized Data

We may collect aggregated data that does not directly identify individuals. If combined with identifiable data, it will be treated as personal data.

2.5 Data Minimization & Accuracy Commitment

We only collect data necessary for the purpose of processing and ensure that personal data is accurate, up-to-date, and relevant. Users may be required to verify their information periodically to maintain accuracy.

2.6 Additional Data Categories Collected

• Employee & Contractor Data: If applicable, we collect employment history, background checks, payroll details, and tax information.
• Emergency Contact Information: Users may provide emergency contacts for safety and communication purposes.
• Communication Records: We may record and store chat transcripts, emails, and customer service call logs for quality assurance and dispute resolution.
• Children's Privacy: We do not knowingly collect or solicit personal data from individuals under the age of 13 (or 16, where applicable under local laws). If we become aware that such data has been collected without verified parental consent, we will take steps to delete it. Please contact us at info@napa.ae if you believe a minor has provided personal data.
• Staff & Contractor Data: A separate Employee and Contractor Privacy Policy is maintained internally. Staff and contractors should refer to the HR Department or internal portal for full details regarding data handling.

3. HOW WE COLLECT PERSONAL DATA

3.1 User-Generated Content & Voluntary Data Sharing

Users acknowledge that when submitting voluntary data (e.g., reviews, testimonials, or shared content on the Platform), such data may become publicly accessible, depending on user settings. napa is not responsible for any misuse of voluntarily shared information.

3.2 Location Data & Tracking

If users enable location tracking, napa may collect real-time GPS location data to enhance service delivery. Users can disable location tracking at any time via their device settings.

3.3 We collect data through the following means:

• Direct interactions: When you create an account, submit service requests, or contact customer support.
• Automated technologies: Through cookies, server logs, and analytics tools when you visit our Website or use our Platform.
• Third-party sources: From service providers, analytics partners, public records, and marketing affiliates.
• Geo-Location Data: If you allow location tracking, we may collect precise geo-location for enhanced service delivery.

4. LEGAL BASIS FOR DATA PROCESSING

We process your personal data based on the following legal grounds:

• Performance of Contract: To provide and manage our Services.
• Legitimate Interest: For analytics, service improvement, fraud prevention, and security.
• User Consent: For marketing communications, cookies, voluntary data submissions, and biometric data processing.
• Legal Obligation: To comply with United Arab Emirates and international laws, regulatory requirements, and law enforcement requests.
• Vital Interest: When data processing is required to protect an individual's life or safety (e.g., emergency service requests).

5. DATA SECURITY AND RETENTION

5.1 Advanced Security Protocols

We implement the following to protect your data:

• Zero-Trust Architecture: Continuous verification of user identity before granting access.
• AI-Based Threat Detection: Uses machine learning to detect and block suspicious activity.
• Data Masking & Pseudonymization: Limits exposure of personally identifiable information.
• Blockchain-Based Verification (If Applicable): Secure storage of transaction and identity data.

5.2 Data Retention Adjustments

• Biometric Data: Deleted within 30 days unless required for ongoing security purposes.
• Chat & Communication Logs: Stored for 12 months for dispute resolution.
• Geo-Location Data: Retained only during an active session, unless needed for service improvements.

5.3 Third-Party Security Compliance

napa ensures that third-party vendors, cloud storage providers, and data processors comply with industry security standards and contractual obligations to protect user data.

6.4 Data Breach Response Policy

In the event of a data breach:

• Users will be notified within 72 hours if their data is impacted.
• We will conduct a forensic investigation and implement corrective measures.
• If legally required, we will notify United Arab Emirates regulatory authorities and affected users.

5.5 Data Access & Processing Restrictions

• Limited Access Protocols: Only authorized personnel have access to sensitive data.
• Multi-Factor Authentication (MFA): Required for internal data access.
• Data Deletion Upon Account Termination: Users may request complete deletion of personal data, subject to legal retention obligations.

5.6 International Transfers.

If personal data is transferred or accessed outside the United Arab Emirates, we ensure appropriate safeguards are in place, such as standard contractual clauses or binding corporate rules, to ensure the same level of data protection.

6. COOKIES AND TRACKING TECHNOLOGIES

6.1 We use cookies to:

• Identify returning users.
• Analyze site traffic and improve user experience.
• Deliver personalized content and advertisements.
• Manage security and prevent fraudulent activities.
• Ensure compliance with legal obligations.

6.2 Advanced Tracking Disclosures

• Session Replay & Behavioural Heatmaps: napa may analyze mouse clicks, scrolls, and user navigation to optimize Platform usability.
• Cross-Device Tracking: If a user logs in from multiple devices, data is correlated to enhance user experience.
• Do Not Track (DNT) Compliance: Users can opt out of behavioural tracking where applicable.

6.3 Opt-Out Mechanisms & Granular Controls

Users have the right to:

• Opt out of targeted ads and tracking cookies via browser settings or our Cookie Settings page.
• Adjust consent preferences for analytics, personalization, and marketing cookies.
• Request deletion of previously collected cookie-based data.

6.4 Use of Biometric & Behavioural Tracking

napa may implement biometric authentication (e.g., facial recognition, fingerprint access) for security purposes, subject to user consent. Additionally, behavioural tracking (e.g., mouse movements, click paths) may be used to enhance the user experience.

6.5 Cookie Consent Banner

We use a cookie banner and consent management tool to obtain your consent for the use of cookies and tracking technologies. You can manage preferences via the "Cookie Settings" link on our Website.

7. THIRD-PARTY DISCLOSURE

7.1 Liability for Third-Party Data Processing

While napa ensures third-party compliance, we are not responsible for independent privacy policies, tracking technologies, or unauthorized data practices conducted by third-party services.

7.2 Third-Party AI & Algorithmic Processing

Certain data processing activities (e.g., behavioural analysis, personalized recommendations) may involve third-party AI or machine-learning models. Users have the right to request:

• A non-AI alternative where feasible.
• Disclosure of AI-based processing methods impacting their data.
• Review of automated decisions if they affect rights or services.

7.3 We may share data with:

• Service providers (e.g., payment processors, IT vendors) for operational purposes.
• Marketing and analytics partners (subject to consent for targeted ads).
• Regulatory authorities when required by law.
• Business partners in case of mergers, acquisitions, or restructuring.
• Law Enforcement Requests: We may disclose information in response to legal subpoenas, court orders, or law enforcement requests.
• Affiliated Companies: Data may be shared within napa's corporate group for administrative efficiency.

7.4 Prohibited Third-Party Data Sharing

napa does not share personal data with:

• Unverified advertisers or marketing firms.
• Entities engaged in data brokering, reselling, or monetization of personal data.
• Organizations that do not comply with United Arab Emirates' and General Data Protection Regulation privacy laws.

8. USER RIGHTS

• Right to Limit Processing: Users can request restriction of specific processing activities (e.g., AI profiling or geo-tracking).
• Right to Object to Automated Decision-Making: If significant, users may demand human intervention.
• Right to Portability: Data provided in a machine-readable format for transfer to another service provider.
• Right to Review & Audit AI Decisions: Users may request an explanation of AI-driven decisions impacting their access to services.
• Right to Compensation for Misuse of Data: If napa violates applicable data protection laws leading to tangible harm, affected users may seek compensation in accordance with United Arab Emirates regulations.
• Right to Restrict Data Processing for Marketing: Users can request:
  • Exclusion from personalized ad targeting.
  • Restriction of marketing-related data processing.
  • Removal from marketing databases within 30 days of opt-out request.
• Right to Report Data Violations: Users may file complaints directly with:
  • United Arab Emirates Data Protection Authority for violations under United Arab Emirates Laws.
  • European Union Data Protection Supervisory Authorities if General Data Protection Regulation applies.

9. CHANGES TO THIS POLICY

• Advance Notification: Significant changes will be communicated at least 30 days in advance via email or website notification.
• Material Changes Clause: If amendments materially affect user rights, continued use post-update constitutes acceptance.
• Emergency Policy Updates: In cases where urgent legal or security updates must be implemented immediately, napa reserves the right to enact policy changes without prior user consent, with an advisory notice published on the Website.
• User Notifications for Data Processing Changes: If napa makes substantial modifications to data processing activities, users will receive:
  • Email notification or in-app alert before changes take effect.
  • A summary of key policy changes with user options for data deletion.
  • The right to opt-out of new processing activities that require consent.

10. RELATED POLICIES

For more information, please refer to the following documents:

• Terms of Use: Outlines the rules for using our Website, Platform, and Services.
• Intellectual Property Rights (IPR) Statement: Describes ownership, use, and protection of our intellectual property.

These documents are incorporated by reference and are considered part of this Privacy & Cookie Policy. We encourage you to review them regularly.

CONTACT INFORMATION

If you have any questions about this Privacy Policy, you may contact us:

• Email:info@napa.ae
• Phone:

  +971 50 191 6702

By using our website, you agree to this Privacy Policy. Thank you for trusting napa!