PRIVACY POLICY

Effective date: August 2021

Reesrv OÜ (“us”, “we”, or “our”) operates the https://reesrv.com website and the Reesrv mobile applications (hereinafter referred to as the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data, according to General Data Protection Regulation (GDPR) – Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

You have the right to make a complaint at any time to the applicable supervisory authority for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance.

DEFINITIONS

Service

Service means the https://reesrv.com website and the Reesrv mobile applications operated by Reesrv OÜ.

Personal Data

Any information relating to an identified or identifiable natural person (“data subject”);  an identifiable natural person is one who can be identified, directly or  indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (GDPR).

Usage Data

Usage Data is data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a

page visit).

Cookies

Cookies are small files stored on your device (computer or mobile device).

Processing

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Controller

Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Policy, we are a Data Controller of your Personal Data.

Data Processors (or Service Providers)

Data Processor (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller.

We use the services of various Service Providers in order to process your data more effectively, as explained bellow.

Data Subject (or User)

Data Subject is any living individual who is using our Service and is the subject of Personal Data.

INFORMATION AND CONSENT

GDPR only validates a consent resulting in a demonstration of free will, specific, informed and explicit, by which you agree through positive and affirmative act, that your data will be object of processing.

Where processing is based on consent, the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data. As a data subject, you have the right to withdraw your consent at any time.

By accepting this privacy policy, you give your consent, in accordance with the RGPD, with regard to your data provided through REESRV´s website, as follows. Considering different purposes or types of processing, we provide a separate opt-in for each. You won´t feel forced to agree to all or nothing, as you may want to consent to some things but not to others.

If REESRV needs to process personal data necessary for the performance of a contract or offer you a service, or imposed by law, consent is not the appropriate lawful basis.

Your data will be included in a file under our responsibility, subject to appropriate technical and organizational security measures.

DATA PROCESSING

We collect several different types of information for various purposes, as bellow.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”):

•        Email address

•        First name and last name

•        Phone number

•        Address, State, Province, ZIP/Postal code, City

•        Cookies and Usage Data

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or offer you a service, if that personal data is necessary for the performance of that contract or service.

Contacts

Ressrv Biz offers the option to import client information. If you choose to use this feature, you will be given an option to connect your contacts to Reesrv to find the clients whose information you intend to import. 

When you select “import selected contacts” we will add the contact names, phone and email to the client data base. You can select what contacts you want to add.

Data will only be imported once upon selection and confirmation by user. Access to contacts is optional, and can be revoked any time. 

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access the Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customise our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings.

Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

Special Categories of Personal Data

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Tracking Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Examples of Cookies we use:

  • Session Cookies. We use Session Cookies to operate our Service.
  • Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
  • Security Cookies. We use Security Cookies for security purposes.
  • Third-Party Cookies. We use certain third-party cookies as identified in the Data Sharing section below.

Purposes of Data Processing

REESRV OÜ uses the collected data for various purposes:

  • To provide and maintain our Service
  • To notify you about changes to our Service
  • To provide customer support
  • To gather analysis or valuable information so that we can improve our Service
  • To monitor the usage of our Service
  • To detect, prevent and address technical issues
  • To provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information

Legal Basis for Processing Personal Data under the General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), REESRV OÜ
 legal basis for collecting and using the personal information described in this Privacy Policy depends on the Personal Data we collect and the specific context in which we collect it.

REESRV OÜ may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it is not overridden by your rights
  • To comply with the law

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose, according to article 6th, number 4 of GDPR.

Retention of Data

REESRV OÜ will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

REESRV OÜ will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer periods.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Disclosure of Data

REESRV OÜ may disclose your Personal Data in the good faith belief that such action is necessary to comply with a legal obligation.

Service Providers

We may disclose your Personal Data to our service providers as set forth below. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions and your consent.

Security of Data

We guarantee the confidentiality of your data, which is subjected to appropriate technical and organizational measures to ensure a level of security appropriate to the risk. In particular, we shall implement measures to avoid accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

Before each treatment operation, we commit to ensure, in addition to above:

i)       The integrity of your data;

ii)       That your data will only be collected and processed by authorized third parties, according to GDPR.

However, the processing of data in open networks raises the risk of use by unauthorized third parties. The security of your data is important to us but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our Policy on “Do Not Track” Signals and Third-Party Website Tracking under the California Online Protection Act (CalOPPA)

We do not support Do Not Track (“DNT”). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

We do not engage in the collection of Personal Data over time across third-party websites, and we do not permit third parties to gather information passively on our website for behavioral advertising purposes.

Your California Privacy Rights

Under California law, a California resident with whom REESRV OÜ has an established relationship has the right to request certain information with respect to the types of personal information REESRV OÜ has shared with third parties for their direct marketing purposes (if any), and the identities of those third parties, within the immediately preceding calendar year, subject to certain exceptions. In response to a written request, REESRV OÜ is allowed to provide a cost-free means to opt-out of such sharing.

Since REESRV OÜ does not provide your Personal Data to third parties for their direct marketing purposes, it is not necessary for us to establish this procedure; however, if you do not want REESRV OÜ to use your Personal Data to provide information about our programs, please follow the cost-free opt-out procedures in this policy.

Your Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. REESRV OÜ aims to take reasonable steps to allow you to correct, amend, delete or limit the use of your Personal Data.

You have the following data protection rights:

The right to access, update or delete the information we have on you. You Whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us to assist you.

The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.

The right to object. You have the right to object to our processing of your Personal Data.

The right of restriction. You have the right to request that we restrict the processing of your personal information.

The right to data portability. You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format.

The right to withdraw consent. You also have the right to withdraw your consent at any time where REESRV OÜ
 relied on your consent to process your personal information.

You can exercise all your rights through a written request to the following addresses:

Email – [email protected]

Please note that we may ask you to verify your identity before responding to such requests. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month.

Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. You will not have to pay a fee to access your personal data (or to exercise any of the other rights).

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact data protection authority in the European Economic Area (EEA): https://www.cnpd.pt/index.asp

INTERNATIONAL TRANSFER OF DATA AND DATA PROCESSORS

We may employ third party companies and individuals to facilitate our Service (“Service Providers”), provide the Service on our behalf, perform Service-related services or assist us in analysing how our Service is used. These third parties, as our processors, have access to your Personal Data to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

REESRV, the controller is responsible for assessing that its processor is competent to process personal data in line with the GDPR’s requirements. A controller must only use a processor that can provide “sufficient guarantees” to implement appropriate technical and organisational measures to ensure the processing complies with the GDPR and protects the rights of individuals.

Processing by FRPG´s processors is governed by a contract, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller.

Your information, including Personal Data, may be transferred to — and maintained on — other countries where the data protection laws may differ from those of your jurisdiction.

If you are located outside United States and choose to provide information to us, please note that we transfer the data, including Personal Data, to United States and process it there.

REESRV OÜ will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.

As REESRV OÜ is an Estonian based company, Personal Data will be primarily stored in the EU.

Compliance with Google API Services User Data Policy

Reesrv OÜ’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Analytics

We may use third-party Service Providers to monitor and analyse the use of our Service.

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

Google Analytics complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and subject to enforcement by the Federal Trade Commission: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active;

Certification:

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 4/18/2017

Next Certification Due Date: 9/22/2019

Data Collected: HR, NON-HR

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 9/22/2016

Next Certification Due Date: 9/22/2019

Data Collected: HR, NON-HR

Google Analytics is our Data Processor, and processes data on our behalf in accordance with GDPR requirements (article 28th GDPR), as the contract bellow:

https://support.google.com/analytics/answer/3379636?hl=en~

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: https://policies.google.com/privacy?hl=en

Behavioral Remarketing

REESRV OÜ
 uses remarketing services to advertise on third party websites to you after you visited our Service. We and our third-party vendors use cookies to inform, optimise and serve ads based on your past visits to our Service.

Remarketing is a feature that lets you customize your display ads campaign for people who have previously visited your site, and tailor your ads (using dynamic remarketing) to these visitors when they browse the web and use apps.

Google Ads (AdWords) remarketing service is provided by Google Inc., complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and subject to enforcement by the Federal Trade Commission:

https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active;

Certification:

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 4/18/2017

Next Certification Due Date: 9/22/2019

Data Collected: HR, NON-HR

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 9/22/2016

Next Certification Due Date: 9/22/2019

Data Collected: HR, NON-HR

Google Ads is our processor. You can view here the contract:

https://privacy.google.com/businesses/adsservices/

You can opt-out of Google Analytics for Display Advertising and customise the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on – https://tools.google.com/dlpage/gaoptout – for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:

https://policies.google.com/privacy?hl=en

Facebook

Facebook remarketing service is provided by Facebook Inc. – complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and subject to enforcement by the Federal Trade Commission:

https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC

Certification:

SWISS-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 11/3/2017

Next Certification Due Date: 12/17/2019

Data Collected: NON-HR

EU-U.S. PRIVACY SHIELD FRAMEWORK: ACTIVE

Original Certification Date: 9/30/2016

Next Certification Due Date: 12/17/2019

Data Collected: NON-HR

Facebook is our processor. You can check the contract here:

https://www.facebook.com/business/gdpr#Facebook-como-o-Respons%C3%A1vel-Pelo-Tratamento-de-Dados-vs.-Facebook-como-o-Subcontratante

You can learn more about interest-based advertising from Facebook by visiting this page: https://www.facebook.com/help/164968693837950

For more information on the privacy practices of Facebook, please visit Facebook’s Data Policy: https://www.facebook.com/privacy/explanation

International Transfer of data to Other Countries

This international transfer of data complies with all the requirements of GDPR, including entering into a contract incorporating standard data protection clauses adopted by the Commission: “standard contractual clauses” (sometimes as “model clauses”).

The clauses contain contractual obligations on the data exporter and the data importer, and rights for the individuals whose personal data is transferred. Individuals can directly enforce those rights against the data importer and the data exporter.

Children’s Privacy

Our Service does not address anyone under the age of 13 (“Children”).

We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Appointment booking on your own terms

Reesrv for Businesses

Have your own business? Click here to find out more