PRIVACY NOTICE

Effective: April 15, 2024

Introduction Dejavoo Systems, LLC (collectively “Dejavoo”, “we”, “us” or “our”), is committed to safeguarding the privacy and security of your personal data.  The Dejavoo website provides information about our products and news. When you visit our website, we may obtain data from and about you and your devices.  Please note, we may provide separate privacy notices that apply to specific to the products or services (“Products”) we offer.  We have crafted our Privacy Notice (“Notice”) to provide you with a transparent view of our privacy practices and principles, presented in a user-friendly format for easy navigation, reading, and understanding.  This Notice includes:

• Who this Privacy Notice Applies To
• Personal Data We Collect, and How We Collect It, and How We Use It
• How We Share Your Personal Data
• Cookies And Other Tracking Technologies
• Retention and Disposal of Personal Data
• How We Keep Your Personal Data Safe
• Children’s Privacy
• Your Rights and Choices
• Exercising Your Rights
• Additional Information for Individuals in the European Union (“EU”) and United Kingdom (“UK”)
• Additional Information for Consumers in the United States
• California Residents
• How to exercise your rights (California)
• Colorado, Connecticut, and Virginia Residents
• How to exercise your rights (Colorado, Connecticut, Virginia)
• Utah Residents
• How to exercise your rights (Utah)
• Additional Information for Canadian Residents
• How to exercise your rights (Canada)
• Nexus Portal Policy
• Changes to this Privacy Notice
• Contact Us

Who this Privacy Notice Applies To

• Dejavoo website visitors
• Event attendees
• General

This Privacy Notice (“Notice”) applies to personal data we collect that identifies, relates to, describes, can be associated with, or could reasonably identify you as an individual. Throughout this Notice, we refer to the “processing” of personal data, which means how we collect, use, and/or share your personal data or personal information when you: 

• Interact or use our Website (www.dejavoo.io), including when you download materials from our resources page, request a demo or ask us to contact you.
• Register and/or attend our events or conferences (“Event” or collectively “Events”). 

This Notice does not apply to: 

• Our Products (software and hardware), where a separate privacy notice governs.
•  Employees or contractors; current employees and contractors may refer to the internal employee privacy notice for more information about our employee personal data collection and handling practices.

Personal Data We Collect, and How We Collect It, and How We Use It

The personal data we collect from you depends on how you interact with us and the choices you make. We use your personal data for our legitimate interests, which are ways that you would reasonably expect us to use your data for our business purposes. We limit our use of your personal data to the purposes described in this Notice. We may collect information from or about you in a variety of ways including: 

• Directly from you, when you provide information to us or interact with our website; and 
• Automatically from you when you use or interact with our website.

Data we collect and how we use it The following table lists the categories and example of personal data we collect based on your interaction with us, and how we use it. 

Type of Interaction	Categories of data we collect	How we use your data
Dejavoo website visitors	Identifiers, including contact information, such as name, email address, phone number; online identifier, when you complete a contact or sign up for demo form.  Identify data, such as your name; email address; telephone number; account login details, e.g., username. Professional related information, such as business email, telephone number and title.  Internet or network data, such as browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements. Internet and network data, such as cookies, pixel tags, analytics, browser and device data, operating system type, system settings, clickstream data, session replays, search history, and information regarding interactions with our website or advertisements, including access logs. Geolocation data, like Internet Protocol address, device location data. User Content – includes unstructured/free-form data that may include any category of personal data, e.g., e.g., data that you give us in free text fields such as testimonials. Profiles and inferences drawn from other personal data creation of detailed profiles about individuals based on their personal data, behaviors, preferences, and other characteristics.	To respond to user requests submitted through the online forms.  To request feedback about your use of our website or your interest in our products.  Share alerts and updates about upcoming events and our Products. To send you marketing and promotional communications, if this is in accordance with your marketing preferences. You can opt out of our marketing emails at any time. For more information, see “Your Rights and Choices“. Deliver targeted advertising to you tailored to your interests, location, and more. Post testimonials on our website, marketing materials and communications, including via social media. Inform you about changes to this Privacy Notice
Event attendees	Visual, images, photographs in connection with our business activities, conferences, or marketing events.	Publish photographs on the company’s internal and external website, marketing materials and communications, including via social media.
General	We collect different personal data from you depending on how you interact with us, as listed out in the categories above.	Identify usage trends. We may process information about how you use our website to better understand how it the website is used so we can improve it. Tailor the content we display to you regarding our Products and communications. Determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you. Record and review how users interact with our website to improve website functionality. Monitor the website performance. We may process your information to run metrics such as total number of visitors, traffic, and usage patterns. Improve, support, secure, and manage our website. Develop and improve our Products, including understanding our customer base and the effectiveness of our marketing, events, promotional campaigns, and publications. Cooperate with governmental or regulatory authorities relating to any regulatory or compliance requirements, reporting, or as otherwise required by law.

We do not collect sensitive personal information or special categories of data.  Information automatically collected We automatically collect certain information when you visit our website. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you visited our website, and other technical information. This information is necessary to maintain the security and operation of our website, and for our internal analysis and reporting purposes. We also collect information through cookies and similar technologies. For more details refer to our Cookie Notice.

The information we collect includes:

• Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our website and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the website (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).

• Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the website. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.

• Location Data. We collect location data such as information about your device’s location, which can be either precise or imprecise. How much information we collect depends on the type and settings of the device you use to access the website. For example, technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to certain functionalities.

How We Share Your Personal Data

We may share your personal data in the following situations:

• Affiliates. We may share your information with companies that we own or control, or that are under common ownership or control.
• When we use Google Analytics. We may share your information with Google Analytics to track and analyze the use of the Services. The Google Analytics Advertising Features that we may use include Google Display Network Impressions Reporting and Google Analytics Demographics and Interests Reporting. To opt out of being tracked by Google Analytics across the Services, visit: https://tools.google.com/dlpage/gaoptout. You can opt out of Google Analytics Advertising Features through Ads Settings and Ad Settings for mobile apps. Other opt out means include http://optout.networkadvertising.org/ and http://www.networkadvertising.org/mobile-choice. For more information on the privacy practices of Google, please visit the Google Privacy & Terms page.
• Social Media and Public Forums. In certain circumstances, you may have the ability to share comments, testimonials, and other postings in public forums. If you choose to participate in these public forums, your personal information may be available to the general public. If you interact with us on social media platforms, the platform may be able to collect information about you and your interaction with us. If you interact with social media objects on our website (for example, by clicking on a Facebook “like” button), both the platform and your connections on the platform may be able to view that activity. To control this sharing of information, please review the privacy policy of the relevant social media platform.
• Business Transition. If Dejavoo, or any portion of our assets, are acquired by, merged with, transferred to, or invested in by another company, we may share your personal data with that company or other third parties involved in the business transition. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.
• Legal. We may share information where necessary to comply with applicable law, to respond to requests from law enforcement agencies or other government authorities or third parties, as permitted by law, and without your consent when it is necessary to protect our customers, employees, or property, in emergency situations, or to enforce our rights.

Cookies And Other Tracking Technologies

We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Information about how we use such technologies and how you may refuse certain cookies is available in our Cookie Notice.

Retention and Disposal of Personal Data

We retain information as long as necessary to fulfill the purposes for which we collected it, for legitimate business reasons, or as required by law. However, we may need to keep your data for longer than our specified retention periods to comply with legal or other obligations (e.g., such as tax, accounting, or other legal requirements). Personal data is disposed of by using secure means, such as electronic deletion or making it data anonymization. 

How We Keep Your Personal Data Safe

We have implemented appropriate and reasonable technical and organizational security measures, including encryption protocols, access controls, and regular security audits, designed to safeguard the security of any personal data we process. The objective of measures is to prevent accidental loss, unauthorized access, alteration, or disclosure of personal data.  Access to your personal data is limited to authorized personnel, agents, and contractors who have a business need to know, who are governed by confidentiality agreements and will only process your personal data according to our instructions. Furthermore, we have created an incident response plan to rapidly address any data breaches or security incidents. Our commitment to data security and compliance with industry standards ensures that your personal data is handled with the highest level of care and protection.

Children’s Privacy

Our website is not directed to individuals under 13 and we do not knowingly solicit or collect personal information from children. If we are notified or discover that a child under the age of 13 has submitted personal information to us, we will take reasonable steps to delete the information.

Your Rights and Choices

In this section, we describe the rights and choices available to all users. You may have certain rights relating to your Personal data, depending on our reason for processing your personal data and the requirements applicable by law (e.g., your location such as EU, UK, California, Colorado), which may include:

• The right to access your personal data.
• The right to have your personal data rectified, corrected, or updated.
• The right to know what personal data is being collected and for what purpose. 
• The right to have your personal data deleted, including from any third parties where your personal data has been sold, shared, or disclosed. 
• The right to know what personal data is being “sold” or “shared”, for what purpose and the categories of recipients of your personal data.
• The right not to be subject to any automated decision making and profiling. 
• The right to object to the processing of your personal data.
• The right to opt out of the “sale” or “sharing” of your personal data. 
• The right to non-discrimination for exercising a privacy right: We will not discriminate against you for exercising any rights.

We will consider and act upon any request in accordance with applicable data protection laws. If you are in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State data protection authority or UK data protection authority. For jurisdiction-specific information see:

• Additional Information for Individuals in the European Union and United Kingdom
• Additional information for consumers in the United States
  • California Residents
  • Colorado, Connecticut, and Virginia Residents
  • Utah Residents
• Additional Information for Canadian Residents

Withdrawing your consent If we are relying on your consent to process your personal information, which may be express and/or implied consent depending on the applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us by using the contact details provided in the “Contact Us” section below. However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal data conducted in reliance on lawful processing grounds other than consent. Opting out of marketing and promotional communications  You may unsubscribe from our marketing and promotional communications at any time by clicking on the “unsubscribe” link in the emails that we send, or by contacting us using the details provided in the “Contact Us” section below. You will then be removed from the marketing lists. Cookies and similar technologies Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services. For further information, please see our Cookie Notice. Please contact us if you have questions or comments about your privacy rights. Controls For Do-Not-Track Features Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. We do not currently respond to DNT browser signals or any other mechanisms that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Notice.

Exercising Your Rights

To exercise these rights, you may contact us by email at [email protected] or by calling the toll-free at 877-358-6797 Ext.194 If you have a complaint about how we handle your data, we would like to hear from you. For jurisdiction-specific information see:

• Additional Information for Individuals in the European Union and United Kingdom
• Additional information for consumers in the United States
  • California Residents
  • Colorado, Connecticut, and Virginia Residents
  • Utah Residents
• Additional Information for Canadian Residents

Additional Information for Individuals in the European Union (“EU”) and United Kingdom (“UK”)

Legal basis for processing (EU and UK) The General Data Protection Regulation (GDPR) and United Kingdom (“UK”) GDPR require us to explain the valid legal bases (i.e., valid legal reason) we employ to process your personal data, which are outlined below. If you have questions about the legal basis of how we process your personal data Contact Us.

• Consent. We may process your information if you have given us permission (i.e., consent) to use your personal data for a specific purpose. You can withdraw your consent at any time. Learn more about withdrawing your consent in the Your Rights and Choices section.
• Legal Obligations. We may process your information where we believe it is necessary for compliance with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your information as evidence in litigation in which we are involved.

Additional Information for Consumers in the United States

The table below summarizes categories of personal Information collected used and disclosed in the past twelve (12) months. We describe the sources through which we collect your personal data in the Information We Collect section, and describe the purposes for which we collect, use, and disclose this information in the How We Use Your Information.

	Category of Personal Data	Collection		Disclosure
		Collected	In past 12 months	For business purpose	For business purpose in the past 12 months
	Identifiers	YES	NO	YES	NO
	Professional related information	YES	NO	YES	NO
	Internet or network data	YES	NO	YES	NO
	Geolocation data	YES	NO	YES	NO
	Inferences drawn from collected personal information.	YES	NO	YES	NO
	User Content	YES	NO	YES	NO
	Profiles and inferences
	Visual	YES	NO	YES	NO

Personal data used for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be the “selling” of your personal information. We do not sell or share your personal data. 

California Residents

Under the California Consumer Privacy Act (“CCPA”) and other California laws, California residents may have the following rights in addition to those set forth in the Your Rights & Choices section, subject to your submission of an appropriately verified request. To learn about how to submit a see Exercising Your Rights. Your rights with respect to your personal data include: Request to know  – You may request any of the following, for the 12 month period preceding your request: (1) the categories of Personal data we have collected about you, or that we have sold, or disclosed for a commercial purpose; (2) the categories of sources from which your Personal data was collected; (3) the business or commercial purpose for which we collected or sold your Personal data; (4) the categories of third parties to whom we have sold your Personal data, or disclosed it for a business purpose; and (5) the specific pieces of Personal data we have collected about you. Right to request deletion of the data – You have the right to delete certain Personal data that we hold about you, subject to exceptions under applicable law. Right to Correct – You have the right to correct certain Personal data that we hold about you, subject to exceptions under applicable law. Right to Non-Discrimination – You have the right to not receive discriminatory treatment as a result of your exercise of rights conferred by the CCPA. Opt-Out of Sale or Share – If we engage in sales or sharing of data as defined by applicable law, you may direct us to stop selling, sharing or disclosing Personal data to third parties for commercial purposes. Direct Marketing – You may request a list of Personal data we have disclosed about you to third parties for direct marketing purposes during the preceding calendar year. Other privacy rights

• You may object to the processing of your personal data.
• You can designate an authorized agent to make a request under the CCPA on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with the CCPA.
• We will honor your opt-out preferences if you enact the Global Privacy Control (GPC) opt-out signal on your browser.

How to exercise your rights

To submit a request to exercise these rights described above, refer to Exercising Your Rights. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us.  We will only use personal information provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for verification purposes. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and or security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Colorado, Connecticut, and Virginia Residents

This section applies only to Colorado, Connecticut and Virginia residents. Under the Colorado Privacy Act (“CPA”), Connecticut’s Data Privacy Act (“CTDPA”), Virginia’s Consumer Data Protection (“CDPA”) Act, residents of Colorado, Connecticut, and Virginia have the listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to be informed whether we are processing your personal data Right to access your personal data.
• Right to correct inaccuracies in your personal data.
• Right to request deletion of your personal data.
• Right to obtain a copy of the personal data you previously shared with us.
• Right to opt out of the processing of your personal data if it is used for targeted advertising, the sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”).

How to exercise your rights

To submit a request to exercise these rights described above, refer to Exercising Your Rights. If you are using an authorized agent to exercise your rights, we may deny a request if the authorized agent does not submit proof that they have been validly authorized to act on your behalf.  If we decline to act regarding your request and you wish to appeal against our decision, please email us at [email protected]. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. Verification process Upon receiving your request, we will need to verify your identity to determine you are the same person about whom we have the information in our system. These verification efforts require us to ask you to provide information so that we can match it with information you have previously provided us.  We will only use personal data provided in your request to verify your identity or authority to make the request. To the extent possible, we will avoid requesting additional information from you for verification purposes. However, if we cannot verify your identity from the information already maintained by us, we may request that you provide additional information for the purposes of verifying your identity and or security or fraud-prevention purposes. We will delete such additionally provided information as soon as we finish verifying you.

Utah Residents

Under the Utah Consumer Privacy Act (UCPA), you have the rights listed below. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law.

• Right to be informed whether we are processing your personal data Right to access your personal data.
• Right to request deletion of your personal data.
• Right to obtain a copy of the personal data you previously shared with us.
• Right to opt out of the processing of your personal data if it is used for targeted advertising or the sale of personal data.

How to exercise your rights

To submit a request to exercise these rights described above, refer to Exercising Your Rights.

Additional Information for Canadian Residents

As a resident of Canada, you have certain rights regarding your personal information, including the right to access, correct, and request deletion of your personal information.

How to exercise your rights

To submit a request to exercise these rights described above, refer to Exercising Your Rights.

Nexus Portal Policy

The following policies apply to the Nexus Portal and govern portal access, acceptable use, brand usage, and data handling obligations for authorized users.

1. Portal Usage Policy

The Nexus Portal is a proprietary environment designed to streamline operations for Dejavoo and its ecosystem. Access is a privilege granted to authorized users to facilitate business efficiency and data transparency.

1.1 Access Eligibility & Authorization

• Authorized Users: Access is strictly limited to active partners, registered resellers, and internal Dejavoo staff.
• Request Process: Access must be requested through an official manager or account administrator. All users must undergo a verification process before credentials are issued.
• Role-Based Access: Users are granted access based on the “Principle of Least Privilege.” You will only see the data and tools necessary for your specific business function.

1.2 Standards of Appropriate Use

Users are expected to maintain professional conduct while using the portal. This includes:

• Data Stewardship: Treating all customer and transaction data as highly confidential.
• Accuracy: Ensuring all information entered into the portal (orders, merchant info, support tickets) is accurate and up to date.
• Accountability: The account holder is legally and operationally responsible for every action taken under their login credentials.

1.3 Prohibited Activities

To maintain the integrity and security of the Nexus Portal, the following actions are strictly prohibited:

• Credential Sharing: Sharing usernames or passwords with colleagues or third parties. Each individual must have their own unique login.
• Automated Extraction: Use of bots, scrapers, or scripts to harvest data without explicit written consent from Dejavoo.
• Security Circumvention: Attempting to bypass MFA (Multi-Factor Authentication) or testing the portal for vulnerabilities.
• Misuse of Assets: Using portal data for any purpose outside of authorized Dejavoo business.

1.4 Monitoring & Enforcement

Dejavoo reserves the right to monitor portal activity to ensure compliance with security protocols.

• Suspension: Any suspicious activity or breach of these terms may result in the immediate suspension of access.
• Termination: Repeated or severe violations (such as data theft or credential sharing) will lead to permanent revocation of portal access and potential legal action.

2. Marketing & Brand Usage Policy

Dejavoo is committed to providing high-quality marketing resources that empower our partners to succeed. To maintain a premium and consistent global brand image, all partners must adhere to the following standards when utilizing Dejavoo intellectual property.

2.1 Authorized Use of Brand Assets

• Logo Integrity: Partners may use official Dejavoo logos, product photography, and marketing templates exclusively for the promotion of Dejavoo products and services.
• Asset Sourcing: Only assets downloaded directly from the Nexus Portal Marketing Hub or provided by an official Dejavoo representative are authorized for use.
• Modification Prohibitions: Assets may not be altered, stretched, recolored, or combined with other graphics in a way that obscures the original brand identity.

2.2 Claims, Pricing, and Disclaimers

• Technical Accuracy: All product claims (e.g., processing speeds, hardware specs) must reflect current Dejavoo documentation.
• Pricing Transparency: When displaying pricing, partners must include all necessary legal disclaimers regarding processing fees, contract terms, or hardware lease requirements.
• Non-Endorsement: Marketing materials must not imply that Dejavoo is a partner in a joint venture or that Dejavoo endorses a partner’s third-party products unless explicitly stated in writing.

2.3 Review & Pre-Approval Requirements

To ensure compliance and brand alignment, certain materials require a mandatory review by the Dejavoo Marketing Team:

• Co-Branded Campaigns: Any advertisement where the Dejavoo logo appears alongside a partner or third-party logo.
• Custom Creative: Any asset created from scratch that mentions Dejavoo hardware or proprietary software features.
• Mass Media: Any use of the brand in press releases, television, radio, or high-traffic digital billboards.

2.4 Restrictions & Misuse

• Keyword Bidding: Partners are prohibited from bidding on “Dejavoo” branded keywords in SEM (Search Engine Marketing) without prior written authorization.
• Domain Names: Partners may not register domain names containing the word “Dejavoo” or any confusingly similar variations.
• Unauthorized Messaging: Messaging that guarantees specific financial outcomes or uses “bait-and-switch” pricing tactics is strictly prohibited and may result in the termination of the partnership.

2.5 Requesting Support

For custom collateral requests, brand guideline PDF downloads, or to submit a campaign for review, please contact your Relationship Manager.

3. Privacy & Data Handling Policy

The Nexus Portal displays information related to partners, merchants, orders, and transactions. All users must handle this data in accordance with applicable privacy laws and Dejavoo’s data protection policies.

3.1 Data Sources and Scope

All data displayed in the Nexus Portal is sourced from Dejavoo’s Priority ERP and CRM systems in accordance with your existing contractual agreements with Dejavoo. The portal serves as a front-end interface to view and manage this information but does not independently store or process the underlying data. Information displayed may include:

• Business and merchant account details
• Order history and transaction amounts
• Pricing and contract terms as agreed upon in your contract
• Other business-related information necessary for account management

Important: Payment card data is not displayed or accessible through the Nexus Portal. All payment card information is securely managed within Dejavoo’s CRM system under separate privacy and security protocols outlined in your service agreement.

3.2 Permitted Use of Data

Portal access is granted solely for legitimate business purposes related to managing your account, reviewing orders, and conducting business with Dejavoo. Users may only access data pertaining to their own organization’s account. Prohibited activities include:

• Sharing portal data with third parties outside your contracted organization
• Using data for purposes unrelated to your business relationship with Dejavoo
• Attempting to access, modify, or view data belonging to other merchants or accounts
• Scraping, automated extraction, or bulk downloading of portal data

3.3 Account Security and Access Control

Credential Protection

• Portal login credentials are unique to each authorized user and must not be shared with anyone outside your organization
• Sharing credentials with unauthorized individuals outside your company may result in immediate account suspension or termination
• Users are responsible for maintaining the confidentiality of their passwords and account access

Session Management

• Users must log out of the portal when stepping away from their workstation or completing their session
• The portal may implement automatic session timeouts for security purposes
• Do not access the portal from public or shared computers where session data may be compromised

3.4 Data Export and Documentation

Users are not permitted to independently export data from the Nexus Portal. If you require data exports, reports, or documentation for your records:

• Contact your designated Dejavoo Sales Representative
• Submit a formal request to [email protected]
• Exports will be provided in accordance with your contractual terms and Dejavoo’s data security protocols

Restrictions on data handling:

• Do not print sensitive portal information and leave it unsecured
• Do not take screenshots containing sensitive merchant or transaction data and store them in insecure locations (personal devices, unencrypted cloud storage, etc.)
• Do not download or copy portal data to personal devices or unauthorized storage

3.5 Data Retention and Deletion

The Nexus Portal displays current and historical order information as maintained in Dejavoo’s Priority ERP system. Data retention periods are governed by:

• Your contractual agreement with Dejavoo
• Applicable legal and regulatory requirements
• Dejavoo’s enterprise data retention policies

Data retention for active and inactive accounts is managed at the enterprise level within Priority ERP and is not controlled through the portal interface.

3.6 Merchant Data Corrections and Updates

If you need to update business information, correct account details, or have questions about the data displayed in your portal:

• Contact your designated Dejavoo Sales Representative directly
• For urgent issues, email [email protected]
• Users cannot directly modify core business data through the portal interface

Requests will be processed in accordance with your service agreement and applicable verification procedures.

3.7 Security Incident Reporting

If you suspect any of the following, you must report it immediately:

• Unauthorized access to your portal account
• Suspicious activity or login attempts
• Data discrepancies or potential data breaches
• Loss or theft of devices with portal access credentials

Report incidents to:

• Email: [email protected]
• Phone: Contact your assigned Sales Representative directly

Prompt reporting enables Dejavoo to investigate and mitigate potential security issues quickly.

3.8 Privacy Compliance and Legal Framework

Dejavoo is committed to compliance with applicable privacy laws and regulations, including but not limited to:

• General Data Protection Regulation (GDPR) where applicable
• California Consumer Privacy Act (CCPA) and similar state privacy laws
• Payment Card Industry Data Security Standard (PCI-DSS) for payment data handled by our CRM
• Other applicable data protection and privacy regulations

The Nexus Portal operates in accordance with Dejavoo’s comprehensive Privacy Policy, available at: Privacy policy – Dejavoo.io Backend data storage, processing, and payment card handling are governed by Priority ERP’s security protocols and Dejavoo’s enterprise information security policies as outlined in your service agreement.

3.9 User Responsibilities Summary

As a Nexus Portal user, you are responsible for:

• Keeping your login credentials secure and confidential
• Using portal data only for authorized business purposes
• Logging out when not actively using the portal
• Reporting security incidents immediately
• Complying with all data handling restrictions outlined in this policy
• Not sharing access with unauthorized individuals outside your organization
• Requesting formal approval for any data exports or documentation needs

Failure to comply with this Privacy & Data Handling Policy may result in suspension or termination of portal access and may constitute a breach of your service agreement with Dejavoo.

3.10 Policy Updates

Dejavoo reserves the right to update this Privacy & Data Handling Policy as needed to reflect changes in:

• Legal or regulatory requirements
• Portal features and functionality
• Security best practices
• Business operations

Users will be notified of material changes to this policy through the portal interface or via email to the account administrator.

Changes to this Privacy Notice

We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. You will not receive email notification of minor changes to the Privacy Notice. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

Contact Us

If you have questions or comments about this notice, you may email us at [email protected] or contact us by mail at: Dejavoo Systems, LLC Data Privacy Officer 1000 Avenida Juan Ponce de Leon  Suite 2-A, San Juan, Puerto Rico 00907