Data Protection Policy

1 Policy Statement

1.1 Pet Watch, owned and maintained by MAM Technologies Portal Limited (hereinafter referred to as “Pet Watch”, “MAM” “Company” or “We” or “Us” or “Our”) and/or its subsidiaries and affiliates, are committed to safeguarding the privacy of the Personal Data that We gather.

1.2 The Pet Watch Internal Data Protection Policy (herewith referred to as the “Policy”) applies to Personal Data and to the collection, processing and/or management of that Personal Data in any form whether oral, electronic, or written.

1.3 This Data Protection Policy gives effect to Pet Watch’s commitment to protect any Personal Data, including that of its Users.

1.4 This Data Protection Policy and any other documents referred to in it set out the lawful bases on which We will process Personal Data that We collect from any Data Subjects, or that is provided to Us by Data Subjects or other sources.

1.5 This Data Protection Policy may be amended at any time subject to the discretion of Pet Watch.

2 Compliance and Administration

2.1 Our Users have rights with regard to the way in which their Personal Data is collected, stored, and processed. We acknowledge that treating this Data fairly and lawfully ensures its confidentiality within Pet Watch and underpins our successful operations.

2.2 All Pet Watch employees and contractors must comply with this Data Protection Policy when Processing Personal Data on Pet Watch’s behalf. Any breach of this Policy may result in disciplinary action.

2.3 The Personal Data, that we hold in relation to our Users and other Third Parties is subject to certain legal safeguards specified in applicable data protection laws and regulations, including the Data Protection Law, DIFC Law No. 5 of 2020 (“DIFC DP Law 2020” and collectively, the “Applicable Laws”).

2.4 Pet Watch has taken the following steps to ensure compliance with the Applicable Law:

2.4.1 appointed a Data Protection Officer, who must act independently, reporting to the management, and who is responsible for:

(a) ensuring compliance with the DP Law 2020 and all Applicable Laws and with this Policy;

(b) ensuring the DP Notification in the DIFC Client Portal is updated on an annual basis;

(c) providing training for staff about Data protection;

(d) conducting Data protection impact assessments and risk analysis;

(e) supporting Pet Watch in keeping and updating a register of Processing activities; and

2.4.2 ensuring compliance with any other requirements necessary to comply with the Applicable Laws. Any questions about the operation of this Data Protection Policy or any concerns that the Policy has not been followed should be referred in the first instance to the DPO who can be reached at info@petwatchapp.com

3 Definitions

3.1 “Applicable Laws” means laws, regulations, orders, directives, and guidelines within the legal jurisdiction of the Dubai International Financial Centre (DIFC) including the Data Protection Law No. 5 of 2020 by the Dubai International Financial Centre (DIFC).

3.2 “Account” means the personalized section of the Pet Watch Platform created upon User registration, containing personal, contact, and pet-related information.

3.3 “Consent” means clear affirmative action by the Data Subject, indicating agreement to the Processing of their Personal Data.

3.4 “Controller(s)” means entities or individuals who determine the Processing purposes and methods of Personal Data. Pet Watch, in compliance with the Applicable Law, acts as the Controller, setting practices and policies for Data usage.

3.5 “Data” means information processed either i) electronically through automated equipment based on specific instructions ii) on paper intended for electronic Processing. This includes but is not limited to, User profiles, pet details, and transaction records on the Pet Watch Platform.

3.6 “Data Breach” means a security incident leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored, or otherwise processed

3.7 “Data Protection Impact Assessment (DPIA)” will be a comprehensive assessment process employed by Pet Watch to evaluate and manage the potential risks and impacts associated with the Processing of Personal Data particularly involving Special Categories of Personal Data or High-Risk Processing Activities.

3.8 “Data Erasure” means the process of safely and permanently removing stored Personal Data upon the request of the Data Subject or after it’s no longer necessary for its original purpose.

3.9 “Data Protection Officer” an individual appointed by Pet Watch responsible for overseeing Data protection strategy and its implementation to ensure compliance with the Applicable Law which in this case is:

Name: Ms. Monja Madan

Email Address: info@petwatchapp.com

Contact Number: +971 55 233 7073

3.10 “Data Subjects” means all living individuals whose Personal Data is held by Pet Watch. This includes Pet Owners, Pet Sitters, and any other Users of the Pet Watch platform. All Data Subjects possess legal rights concerning their Personal Data.

3.11 “High-Risk Processing Activity” means certain types of Data Processing and activities that carry a higher risk to the individual’s privacy rights and freedoms. For Pet Watch, this includes but is not limited to, live location tracking of Pet Sitters and pets, Processing of sensitive pet medical data, and any other Processing activities that may result in significant risks to the privacy or security of Personal Data. Such processing typically requires a thorough assessment and potentially additional safeguards to ensure the protection of Data Subjects’ rights.

3.12 “Pet Sitter” means an individual registered on the Pet Watch Platform who offers services related to pet care, including but not limited to pet sitting, walking, or grooming.

3.13 “Pet Owner” means an individual registered on the Pet Watch Platform who seeks services for their pets and may provide specific pet-related data for Service provisioning.

3.14 “Processors” means any entity or individual, including Pet Watch employees, who process Personal Data on behalf of Pet Watch and based on its directives. This might encompass Third-Party service providers or partners who manage Data for Pet Watch.

3.15 “Privacy Policy” means the privacy policy issued by Pet Watch for its Users to protect any confidential information and other information/Data processed and used by Pet Watch for the Services provided to the Users;

3.16 “Personal Data” means data related to a living individual identifiable from that specific Data or in conjunction with other information in Pet Watch’s possession. This can be factual (e.g., name, pet details, address) or opinion-based (e.g., reviews, feedback).

3.17 “Platform” means the mobile application or any other digital interface provided by Pet Watch where Users interact, share Data, or avail Services.

3.18 “Processing” means any operation or set of operations performed on Personal Data, encompassing collection, recording, organization, storage, alteration, retrieval, use, disclosure, dissemination, alignment, combination, blocking, Data Erasure, or destruction. This also includes the sharing of Personal Data with Third Parties, as mentioned in the Privacy Policy.

3.19 “Special Categories of Personal Data” means information revealing or concerning (directly or indirectly) racial or ethnic origin, communal origin, political affiliations or opinions, religious or philosophical beliefs, criminal record, trade-union membership and health or sex life and may include specific pet health details or behavioral traits. Special Category Data can only be processed under strict conditions, including a condition requiring the express permission of the person concerned.

3.20 “Services” means all pet-care-related services provided by Pet Watch through the Platform;

3.21 “Service Time” means the specific duration during which a Pet Sitter provides Services to a Pet Owner, and during which certain data, like location, might be shared between the two parties

3.22 “Third Party Sites” means websites or platforms other than Pet Watch, which might be linked or integrated with the Pet Watch platform, and have their own privacy policies.

3.23 “Third Parties” means entities or individuals other than Pet Watch and the User, who might receive Personal Data for specific purposes as outlined in the Privacy Policy.

3.24 “Users” means any individual or entity that interacts with the Pet Watch platform. This includes, but is not limited to, Pet Owners, Pet Sitters, and any other person(s) accessing any part of the Platform. Users provide, receive, or access Data and Services on the Platform and are subject to the terms of the Privacy Policy, Terms & Conditions, and any other Pet Watch policies.

4 Data collection and protection principles

4.1 Pet watch may in the ordinary course of business collect and process information about anyone who:

• uses Our Platform, or other Pet Watch digital interfaces;
• contacts Us for information about using our Services or for information about other products and services offered by Pet Watch;
• interacts and communicates with Us in a business capacity, including Pet Owners, Pet Sitters and other Users of our Platform;
• provides or handles information relating to suppliers, Third-Party platforms, and other partners associated with Pet Watch;
• participates in Our surveys, reviews, or promotions;
• engages with Pet Watch through social media channels;
• creates an Account on Our Platform, providing personal, contact, and pet-related information;
• acts as a Data Subject, providing Personal Data that is processed by Pet Watch in its role as a Controller;
• acts as a Processor, Processing Personal Data on behalf of Pet Watch;
• acts as a Pet Sitter, offering pet-care-related services on our Platform;
• acts as a Pet Owner, seeking pet-care-related services on our Platform;
• engages in High-Risk Processing Activities, such as live location tracking or sharing sensitive pet medical data;
• provides Special Categories of Personal Data, revealing sensitive personal details or opinions;
• engages with Third Party Sites or Third Parties linked or integrated with the Pet Watch platform.

4.2 Pet Watch may in the regular course of business, collect and process the following information about its Users:

• User Profile Details: This includes name, gender, contact number, email address, and any other personal details provided during registration or profile setup.
• Pet Details: Information related to pets such as name, breed, age, medical history, and any specific care instructions.
• Location Data: Real-time location data for Pet Sitters during Service Times.
• Service Details: Information related to the Services availed, including Service Time, type of Service (e.g., pet sitting, walking, grooming), and any feedback or reviews provided post-service.
• Payment Information: While Pet Watch might not store complete payment details, it may process transaction IDs, payment methods used, and transaction amounts for record-keeping and Service provisioning.
• Interactions on the Platform: This includes messages exchanged between Pet Owners and Pet Sitters, feedback, reviews, and any other form of communication or interaction on the platform.
• Third-Party Integrations: Any data shared or received through Third-Party platforms or services integrated with Pet Watch, such as payment gateways or promotional partners.
• Technical Data: Information captured from devices accessing the Platform, including device type, operating system, IP address, and other relevant technical details.
• User Behavior: Data related to User behavior on the Platform, such as features used, frequency of use, preferences, and any other behavioral data that helps improve the Platform’s User experience.
• Emergency Contacts: In case of emergencies or specific services, Users might provide alternate contact details or emergency contacts.
• Special Categories of Personal Data: Any sensitive Data shared by Users that fall under the special categories, as defined in the Policy.

4.3 Anyone Processing such information, especially in the context of Pet Watch’s operations must adhere to the following principles of Data protection:

4.3.1 Nature of Processing: Personal Data shall be processed lawfully, fairly, and in a transparent manner in relation to the Data Subject.

4.3.2 Consent: Personal Data shall only be processed with the explicit Consent of the Data Subject, especially when it pertains to High-Risk Processing Activities or Special Categories of Personal Data

4.3.3 Processing for limited purposes:

• Personal Data shall only be used for the purpose it was collected for, ensuring that no Data is used for unsolicited purposes, especially without the knowledge or Consent of the Data Subject. Personal Data shall be adequate, relevant and limited to those which are necessary in relation to the purposes for which they are processed.
• Pet Watch may collect and process Personal Data from various sources, including directly from Data Subjects that include Pet Sitters, Pet Owners, and other Third Parties such as Service providers or partners.
• Pet Watch shall process Personal Data solely for the purposes communicated to the Data Subject, in line with the Applicable Law, and as detailed in the Privacy Policy.

4.3.4 Transparency: Data Subjects shall be informed about the nature, purpose, and extent of the Data Processing. This includes clear communication about any High-Risk Processing Activities or sharing with Third Parties.

4.3.5 Timely Processing:

• Pet Watch shall retain Personal Data only for the duration necessary for its intended purpose. All data no longer required, or upon a Data Subject’s request, will be deleted or modified.
• Regular reviews shall be conducted to assess the Processing and storage of Data, ensuring compliance with the Applicable Law and understanding the flow of Data within and outside of Pet Watch.
• Pet Watch commits to retaining Personal Data solely for the time period essential to serve the intended purposes of collection or as mandated by the legitimate interests in accordance with the Applicable Law.
• If the basis for processing changes, Pet Watch shall ensure that the Personal Data is either securely deleted, anonymized, pseudonymized, encrypted, or archived, as appropriate.

4.3.6 Data Minimization and Retention: Only the minimum necessary Data shall be collected and processed, ensuring that no excessive Data is stored or used beyond the Service requirements.

4.3.7 Integrity and Confidentiality: Personal Data shall be protected against any unauthorized access, alteration, or disclosure. This includes ensuring the confidentiality of User interactions, especially between Pet Owners and Pet Sitters

4.3.8 Fair Processing:

• Legal Grounds: For Personal Data to be processed lawfully within the Pet Watch platform, Pet Watch shall adhere to one of the legal bases defined in the Applicable Law. This shall include the Data Subject’s explicit Consent, necessity for the performance of a Service or contract with the Data Subject, compliance with a legal obligation, or for the legitimate interests of Pet Watch or a Third Party. When Processing Special Categories of Personal Data or engaging in High-Risk Processing Activities, stricter conditions shall be met to ensure the utmost protection of the Data Subject’s rights.
• Controller Responsibility: As the Controller, Pet Watch commits to ensuring that all Processing activities align with the Applicable Law. This includes ensuring that all Pet Sitters, Pet Owners, and other users of the Platform are aware of their rights and the measures in place to protect their Personal Data.
• Legitimate Interests: In scenarios where no other legal basis applies, Pet Watch processes Personal Data based on the principle that it’s essential for pursuing Pet Watch’s legitimate interests or those of a Third Party (e.g., service providers or partners). However, these interests will always be weighed against the compelling rights of the Data Subject, especially when sensitive data or High-Risk Processing is involved. Any Processing under this basis will always prioritize the safety, security, and privacy of the Data Subject.

4.3.9 Accountability: Pet Watch, as the Controller, shall take responsibility for the Data it processes and ensure that all Processing activities are compliant with the Applicable Law.

• Pet Watch ensures that the use or disclosure of Personal Data aligns with the purpose(s) for which it was collected. Except in specific circumstances, including where mandated by law, Personal Data will be used and disclosed in ways that are consistent with these purposes.
• Pet Watch is committed to transparency and shall inform Data Subjects through publicly available privacy notices, such as on the Pet Watch platform, about:

(a) The specific purposes for which their Personal Data shall be processed.

(b) How Pet Watch Processes their Personal Data, including details about Third-Party suppliers or partners who might Process it on Pet Watch’s behalf.

(c) The types of Third Parties, if any, with whom Pet Watch may share or disclose their Personal Data.

(d) Available methods through which Data Subjects can limit the use and disclosure of their Personal Data.

(e) The rights Data Subjects have concerning the use of their Personal Data, in line with the Applicable Law.

(f) The transparency and accountability measures Pet Watch has implemented to ensure the protection of Personal Data.

(g) Pet Watch’s role as a Controller of their Personal Data and the means to contact the Data Protection Officer, for any concerns or inquiries.

• Pet Watch recognizes the importance of assessing the potential risks associated with Processing Personal Data, especially when introducing new Data Processing technologies or engaging in High-Risk Processing activities.
• A Data Protection Impact Assessment (“DPIA”) will be conducted in situations where Data Processing, particularly involving Special Categories of Personal Data or High-Risk Processing Activities, may result in a high risk to the rights and freedoms of Data Subjects. This includes, but is not limited to, systematic and extensive profiling, large scale Processing of Special Categories of Personal Data, and large-scale monitoring of public areas.

4.3.10 User Rights: The rights of Data Subjects, including the right to access, rectify, erase, and object to the Processing of their Personal Data shall be recognized and respected.

4.3.11 Data Breach Notification: In the event of a Data breach, Pet Watch shall promptly notify affected Data Subjects and take appropriate measures to mitigate any potential harm as per its Incident Management Policy.

4.3.12 Continuous Review: Shall regularly review and update Data protection practices to ensure they remain compliant and effective, especially in light of evolving technologies and User needs. High-Risk Processing activities will be reviewed regularly to ensure that all potential risks are identified and mitigated.

4.3.13 Transferring Personal Data: Pet Watch may transfer any Personal Data it holds to and from the jurisdiction in which it is collected. Specifically, when transferring Personal Data out of the DIFC or to the UK, the EU, or a country within the European Economic Area (“EEA“), Pet Watch ensures that one of the following conditions is met:

• The transfer aligns with the appropriate safeguards as outlined in Article 27(2) of the DIFC DP Law 2020.
• The destination country ensures an adequate level of protection for the rights and freedoms of the Data Subjects.
• The Data Subject has provided explicit Consent for the transfer.
• The transfer is necessary due to reasons specified in the Applicable Law, including but not limited to the performance of a contract between Pet Watch and the Data Subject, or to safeguard the vital interests of the Data Subject.
• The transfer is mandated on significant public interest grounds or for the establishment, exercise, or defense of legal claims.
• The transfer has been authorized by the relevant Data protection authority, ensuring that Pet Watch has provided adequate safeguards concerning the protection of the Data Subjects’ privacy, their fundamental rights and freedoms, and the exercise of their right.

4.3.14 Data Security: Pet Watch prioritizes the security of Personal Data, implementing measures to protect against unauthorized or unlawful Processing and accidental loss or damage and that security protocols are in place from the point of data collection to its destruction. Personal Data shall only be shared with a Processor if they adhere to Pet Watch’s security standards or provide equivalent safeguards.

Due to the nature of High-Risk Processing, Pet Watch will implement additional security measures, including advanced encryption, regular audits, and continuous monitoring, to ensure the utmost protection of Personal Data.

4.3.15 Training and Awareness: Pet Watch shall ensure that all employees, contractors, and Third Parties involved in Data Processing are adequately trained and aware of their responsibilities regarding Data protection.

5 Disclosure and sharing of Personal Data

5.1 Pet Watch may share Personal Data it holds with any affiliated entities or partners, ensuring confidentiality in all instances.

5.2 Pet Watch may also disclose Personal Data it holds to Third parties:

• In scenarios where Pet Watch is involved in the sale, acquisition, or merger of business assets, Personal Data may be shared with the prospective seller, buyer, or other involved parties.
• If Pet Watch or a significant portion of its assets are acquired by a Third Party, the Personal Data held by Pet Watch may be among the transferred assets.
• If Pet Watch is obligated to disclose or share a Data Subject’s Personal Data due to legal requirements, or to enforce or apply any contract with the Data Subject or other agreements; or to safeguard the rights, property, or safety of Pet Watch, its Users, or others. This might include sharing information with other companies and organizations for purposes like fraud protection.

5.3 Pet Watch may share Personal Data it holds with selected Third Parties for purposes including, but not limited to, enhancing the User experience, facilitating Service provision by Pet Sitters, or to support relevant User engagements on the Platform

6 Dealing with Data Subjects’ rights and requests

6.1 With some limited exceptions, any Data Subjects are entitled to:

(a) Right to Access: Requesting access to any Personal Data that Pet Watch holds about them (known as a subject access request).

(b) Right to Rectification: Requesting that Pet Watch rectify any inaccurate or incomplete Personal Data.

(c) Right to Data Erasure: Requesting that Pet Watch erase any Personal Data held about them, subject to certain exceptions.

(d) Right to Restrict Processing: Requesting that Pet Watch restricts the Processing of their Personal Data.

(e) Right to Data Portability: Requesting a copy of their Personal Data in a structured, commonly used, and machine-readable format.

(f) Right to Object: Objecting to the Processing of their Personal Data for specific purposes.

(g) Right to Consent:

• Giving Consent: Before collecting or Processing any Personal Data, Pet Watch will ensure that clear, informed, and explicit Consent is obtained from the Data Subject. For any High-Risk Processing activities, Pet Watch shall obtain explicit and informed Consent from the Data Subjects. This Consent will detail the specific High-Risk activities and the potential implications for the Data Subject
• Right to be informed about High-Risk Processing Activity: Pet Watch shall ensure that the Data Subjects shall be informed about, have the right to object to, or restrict High-Risk Processing activities concerning their Personal Data. They also have the right to access and rectify any of their Data involved in High-Risk Processing.
• Withdrawal of Consent: Data Subjects have the right to withdraw their Consent at any time. Pet Watch will provide an easy and straightforward method for Data Subjects to withdraw their Consent, and such requests will be processed promptly.
• Transparency in Consent: Pet Watch will ensure that Data Subjects are fully informed about how their Data will be used before obtaining their Consent.
• Transparency in High-Risk Processing Activities: Pet Watch will ensure that all Data Subjects are fully informed about any High-Risk Processing activities and their rights concerning such Processing. In the event of any Data Breaches related to High-Risk Processing, affected Data Subjects will be notified promptly as per the Incident Management Policy that can be accessed via the Platform..
• Right to Lodge a Complaint: Data Subjects shall possess the right to lodge a complaint to the Commissioner of Data Protection regarding the Processing of their Personal Data in case of any escalated issue.

6.2 Data Subjects may make the request by writing to the Commissioner of Data Protection or his/her delegate as per the procedure mentioned in the Data Consent Form.

6.3 Any member of Pet Watch who receives a written or verbal request or complaint from a Data Subject shall immediately engage the procedure set out in Pet Watch’s “Dealing with Data Subjects’ Complaint Procedure”, within 15 (fifteen) days of such requests, and a breach of the Applicable Laws may occur if Pet Watch does not respond accordingly.

7 Questions about this Policy

7.1 If you have any questions about this Policy, or any concerns or complaints with regard to the administration of this Policy, or if you would like to submit a request as described in Section 6 above for access to the Personal Data that We maintain about you, please contact us by any of the following means:

7.1.1 For current Pet Watch Users, including Pet Owners and Pet Sitters, you can reach out through the “Help” or “Support” section within the Pet Watch platform.

7.1.2 For any other inquiries or concerns, please contact our Data Protection Officer:

Name: Ms. Monja Madan

Email Address: info@petwatchapp.com

Contact Number: +971 55 233 7073

7.2 Complaints or further escalation can be directed to the Commissioner of Data Protection at DIFC.