Privacy Policy
Purpose
The purpose of this Privacy Policy (the "Policy") is to establish a comprehensive framework for protecting the privacy of personal information ("Personal Data”) collected, processed, and stored by taskcrew Inc (further "Duvo" “us”, “we”, “our” or the “Company”). You may provide Personal Data through our Website and Platform.
This Policy ensures that Duvo respects individual privacy rights, and maintains the trust of customers, employees, and other data subjects through compliance with applicable privacy laws and regulations, including Regulation (EU) 2016/679 of the European Parliament and of the Council, the General Data Protection Regulation (the "GDPR"), and the California Consumer Privacy Act of 2018 (the "CCPA"), and SOC 2 Type II requirements for confidentiality and privacy.
If you have any questions or complaints, we have appointed a Data Protection Officer (DPO) that you can contact at:
Assenteo Ltd
71-75 Shelton Street, Covent Garden
London, United Kingdom WC2H 9JQ
Email: info@duvo.ai
Scope
This Policy applies to all employees, contractors, consultants, and third-party vendors of Duvo who handle personal information.
This Policy applies only to the processing of Personal Data by us and does not address the privacy practices of other parties from which we are not responsible.
We do not knowingly process or request Personal Data from persons under the age of 18. If you are such a person, please do not use the Platform or send us your data. We delete all the Personal Data about which we learn to have been provided by a person under the age of 18 without the consent of a parent or legal guardian.
Policy Statements
What data do we process?
Personal Data
We may process Personal Data that you have provided to us voluntarily while using the Platform or Website. Personal Data encompasses all personal information collected, processed, stored, or transmitted by Duvo, including but not limited to: customer data, employee data, vendor data, and any other personally identifiable information, regardless of format or storage medium.
Technical Data
We and/or our authorized external service providers may automatically collect technical data when you visit or interact with our Website and Platform for statistical and analytical purposes. The technical data may include, in particular, the URL of the website you visited before using our service, the time and date of user visits, surfing habits, IP address, browser name, type of computer or device accessing our service, time spent on the website and more similar technical information. In certain cases, it would be possible to use the technical data and identify you as an individual, making them Personal Data in accordance with applicable law. However, we never use technical data to identify you as an individual.
Processing Purposes
We process your Personal Data for the purpose of:
performance of the contract concluded with you based on your decision to use the Platform:
This purpose includes the following processing activities:
informing about updates and new functions of our services;
notification of updates to our Terms and Conditions and this Policy;
answering your queries about our services;
resolving any problems and disputes related to the contract between us.
The legal basis for such processing is the performance of the contract in accordance with Article 6(1)(b) GDPR.
Training our algorithmic models:
For this purpose, we process your anonymised Personal Data that you have voluntarily provided to us when using the Platform for model training.
For European residents, the legal basis for such processing is the performance of the contract in accordance with Article 6(1)(b) GDPR. You may opt-out at any time of your anonymised Personal Data being used to train our models.
Improving our services:
For this purpose, we collect anonymised information about how you use the Platform, such as your clicks, the features you use, the time you spend on each screen, and other analytical data.
The legal basis for such processing is the performance of the contract in accordance with Article 6(1)(b) GDPR.
Marketing
We may offer services to you via e-mail if you have agreed to receive newsletters on our Website, thereby giving us your consent to the processing of your e-mail address for marketing purposes.
In this case, we process your e-mail address on a legal basis, which is your consent in accordance with Article 6(1)(a) GDPR (granted when sending your e-mail address to our information panel) or under legitimate interest in accordance with Article 6(1)(f) GDPR (if you are a previous customer who may be interested in further services).
There are several ways you can unsubscribe from newsletters and stop direct marketing communications - click on the "Unsubscribe from newsletter" link in any email we send you. Then we will stop sending you the newsletters. Alternatively, you can revoke your consent by sending an e-mail to info@duvo.ai
Third Parties
Your Personal Data is primarily processed by us. We do not share your Personal Data with any recipients unless one of the following circumstances occurs:
It is necessary in order for us to fulfill our obligations to you
In the event that our subcontractors with whom we work to operate our Platform need access to your Personal Data, we have taken appropriate contractual and organizational measures to ensure that your Personal Data is processed in accordance with all applicable laws and regulations.
We only use third party providers that maintain the same or above levels of data protection and security.
It is necessary for legal reasons: We may share your Personal Data with recipients outside of the Company if we believe in good faith that specific access to your Personal Data and the corresponding use is proportional and necessary to (i) comply with all applicable laws; (ii) detecting, preventing and resolving fraud and security or technical problems; and/or (iii) protect the interests, property or safety of the Company, our users or the public, in accordance with the law. If possible, we will inform you of such processing.
Cross-Border Data Transfers
We may transfer your Personal Data to countries outside the European Union and the European Economic Area, where we cooperate with external subcontractors. We transfer your Personal Data only to a country that is considered to have an adequate level of Personal Data protection in accordance with the European Commission's decisions, or there are appropriate measures to protect your Personal Data, such as standard contractual clauses and/or binding internal company rules. Regardless of the country in which your Personal Data is processed, the Company will take appropriate technical, legal, and organizational measures to ensure that the level of protection is the same as in the European Union and the European Economic Area. If you want to know more about the international transfer of your Personal Data and the relevant guarantees we have in place, you can contact us at info@duvo.ai.
If we participate in a merger, acquisition, or other reorganization, your data may be transferred as part of this transaction. We will inform you about each such transaction (for example, via a message to the e-mail address associated with your account) and explain your options in this situation.
Data Security
We take all proportional and appropriate security measures to protect us and our customers from unauthorized access or unauthorized alteration, disclosure, or destruction of Personal Data. Measures include, where appropriate, encryption, firewalls, secure devices, and access rights systems.
Privacy compliance activities will be regularly monitored and audited to ensure compliance with this Policy and applicable regulations. This includes annual reviews of processing activities, data subject rights fulfillment, and privacy impact assessments.
Should a data breach occur despite security measures that are likely to adversely affect your privacy, we will notify you as soon as reasonably possible.
Privacy incidents and data breaches are handled according to established procedures:
Immediate containment and assessment of privacy incidents
Notification to supervisory authorities within required timeframes
Communication to affected individuals when required
Documentation of incident response and remedial actions
Post-incident review and process improvement
Data Subject Rights
Duvo will respect and facilitate data subject rights as required by applicable privacy laws:
Right of access to your Personal Data
Right to rectification
Right to erasure
Right to restrict processing
Right to data portability
Right to object
How to exercise your rights - you can exercise your rights listed above free of charge e-mail to info@duvo.ai. Depending on your request, we may require verification of your identity.
Can you file a complaint?
If you believe that our processing of your Personal Data is not in accordance with applicable data protection laws, you may file a complaint with your local authorities.
Compliance
This policy references compliance with GDPR, ISO 27001, and SOC 2 Type II requirements.
Enforcement
The Data Protection Officer (DPO) or CEO is responsible for enforcing this Privacy Policy. All personnel are required to comply with this Policy and related procedures. Violations will be subject to disciplinary action, up to and including termination of employment or contract.
Disciplinary Actions
Failure to comply with this Policy may result in disciplinary action, including but not limited to:
Verbal or written warnings
Mandatory privacy training
Suspension of data access privileges
Termination of employment or contract
Legal action and regulatory fines where appropriate
Incident Response
Any privacy violations or suspected data breaches must be reported immediately to the Data Protection Officer or designated point of contact. All incidents will be investigated and appropriate remedial actions will be taken, including notification to relevant authorities and affected individuals as required by law.
Policy Review and Modification
This Privacy Policy will be reviewed and updated at least annually, or more frequently as needed to address changes in privacy laws, business operations, or data processing activities. The review process will involve input from key stakeholders, including the Data Protection Officer, Legal Team, and executive management.
Review Schedule
Policy reviews will be conducted:
Annually as part of the standard policy review cycle
When significant changes occur in privacy laws or regulations
Following major privacy incidents or data breaches
When significant changes occur in data processing activities
Upon stakeholder request with appropriate justification
Approval Process
Policy updates must be reviewed and approved by the relevant stakeholders, including:
Data Protection Officer
Legal and Compliance teams
Executive leadership (CEO)
Relevant business stakeholders
Communication and Training
Any modifications to this Policy will be communicated to all affected personnel in a timely manner. Privacy training will be provided as necessary to ensure understanding and compliance with updated requirements. Regular privacy awareness programs will be conducted to maintain compliance culture.
This document shall be stored in a secure and accessible location and made available to all employees of Duvo. It is to be referenced in conjunction with other established Duvo policies and procedures.
Policy Owner:
Marek Paris
Date: September 29, 2025
