Holidaymate Customer Agreement

Effective Date: February 28, 2024

1. Introduction

Welcome to holidaymate.co, a property management software service owned and operated by KEMET PORTAL CO.L.L.C ("we", "our", or "us"). This company operates under the trade license of KEMET PORTAL CO.L.L.C. This Customer Agreement ("Agreement") governs your use of our service and outlines the terms and conditions of your relationship with us. By using holidaymate.co, you ("you", "your," or "Customer") agree to these terms in full. This Agreement, together with our Privacy Policy and any other agreements or documents incorporated herein by reference, constitutes the entire agreement between you and holidaymate.co.

2. Definitions

For the purposes of this Agreement, the following definitions apply:

• "Service": Refers to the SaaS service provided by holidaymate.co and any associated mobile applications, websites, or services.
• "Software": Refers to the web-based application hosted at holidaymate.co and its related mobile application(s).
• "User": Refers to any individual or entity that accesses the Service, whether directly or indirectly, authorized or unauthorized.
• "Customer Data": Refers to any information, content, or data uploaded, stored, transmitted, or otherwise made available through the Service by the Customer or on their behalf.
• "Subscription Plan": Refers to the pricing structure and features associated with a customer’s account.
• "Third-Party Services": Refers to services, software, applications, or other resources provided by third parties that may be integrated with or accessed through holidaymate.co.

3. Account Registration

To use our Service, you must create an account. By creating an account, you agree to:

• Provide accurate, complete, and updated registration information as required by us.
• Maintain the confidentiality of your account credentials, including your username and password.
• Accept responsibility for all activities that occur under your account.
• Notify us immediately of any unauthorized use of your account or any other breach of security.

If you are registering on behalf of a company or other legal entity, you represent that you have the authority to bind such entity to this Agreement. Failure to comply with these obligations may result in the suspension or termination of your account.

4. Subscription and Fees

4.1. Subscription Plans

We offer several Subscription Plans to cater to various customer needs. Each plan may have different features and pricing. You agree to pay all applicable fees in accordance with the Subscription Plan selected at the time of registration. You can find detailed information about our Subscription Plans on our Pricing Page.

4.2. Billing and Payment Terms

All fees are billed monthly or annually, depending on the Subscription Plan chosen. You authorize us to charge your selected payment method for all charges incurred under your account. If your payment method fails or your account is past due, we may take actions such as disabling your access to the Service, suspending or terminating your account, or pursuing other legal remedies.

4.3. Taxes and Duties

All fees are exclusive of taxes, and you are responsible for paying any applicable taxes, duties, levies, or similar governmental charges imposed by any jurisdiction. If we are required to collect taxes on your behalf, such taxes will be added to your account’s billing and invoiced to you.

4.4. Fee Adjustments

We may modify the fees for the Subscription Plans at any time by providing notice to you. Any changes to fees will be effective at the beginning of your next billing cycle. Your continued use of the Service after such changes indicates your acceptance of the new fees.

5. Customer Data and Privacy

5.1. Ownership of Customer Data

You retain ownership of all Customer Data that you submit to the Service. However, by submitting Customer Data to the Service, you grant us a non-exclusive, worldwide, royalty-free license to use, copy, store, transmit, and display such Customer Data solely to the extent necessary to provide the Service to you.

5.2. Data Security

We are committed to protecting your data and will implement commercially reasonable measures to safeguard the confidentiality, integrity, and availability of Customer Data.

5.3. Privacy

Your use of the Service is subject to our Privacy Policy, which outlines how we collect, use, and protect your personal information. By using the Service, you consent to our collection and use of your information in accordance with our Privacy Policy.

6. User Obligations and Acceptable Use

6.1. Compliance with Laws

You agree to use the Service in compliance with all applicable local, national, and international laws and regulations, including but not limited to data protection laws, intellectual property laws, and privacy laws.

6.2. Prohibited Conduct

In addition to other restrictions set forth in this Agreement, you agree not to:

• Misrepresent your identity or affiliations.
• Access or attempt to access unauthorized areas of the Service.
• Use the Service to transmit any viruses, malware, or harmful content.
• Interfere with or disrupt the Service or the networks or systems connected to the Service.
• Engage in any activity that is fraudulent, illegal, or harmful to us or any third party.

7. Third-Party Services and Integrations

The Service may contain links to or be integrated with Third-Party Services. Your use of Third-Party Services is subject to their respective terms and conditions, and we are not responsible for any third-party content, products, or services. We do not endorse or assume any responsibility for any third-party content or practices.

8. Intellectual Property Rights

8.1. Ownership

All intellectual property rights in the Service and Software, including but not limited to all source code, databases, designs, graphics, user interfaces, and trademarks, are owned by or licensed to holidaymate.co. You acknowledge that these rights are protected by intellectual property laws and other laws.

8.2. License Grant

Subject to your compliance with this Agreement, we grant you a limited, non-exclusive, non-transferable, and revocable license to access and use the Service solely for your internal business purposes. All rights not expressly granted to you under this Agreement are reserved by holidaymate.co.

8.3. Feedback

If you provide us with any feedback or suggestions regarding the Service, you grant us a worldwide, perpetual, irrevocable, royalty-free license to use and incorporate such feedback into our products and services.

9. Confidentiality

Each party agrees to maintain the confidentiality of any proprietary or confidential information disclosed by the other party in connection with this Agreement. This obligation of confidentiality does not apply to information that is publicly available, independently developed, or disclosed pursuant to legal requirements.

10. Warranties and Disclaimers

The Service is provided "as is" and "as available," without any warranties of any kind. We do not warrant that the Service will be uninterrupted, error-free, secure, or free of viruses. We disclaim all warranties, express or implied, including but not limited to implied warranties of merchantability, fitness for a particular purpose, and non-infringement.

11. Limitation of Liability

To the maximum extent permitted by law, holidaymate.co shall not be liable for any indirect, incidental, special, consequential, or punitive damages arising out of or relating to this Agreement or your use of the Service. Our total liability to you for any claims arising from or related to this Agreement shall not exceed the amount paid by you to us during the six months preceding the claim.

12. Indemnification

You agree to indemnify, defend, and hold harmless holidaymate.co, its affiliates, and their respective officers, directors, employees, and agents from and against any claims, liabilities, damages, losses, or expenses, including legal fees, arising out of or in connection with your use of the Service or your breach of this Agreement.

13. Term and Termination

13.1. Term

This Agreement will remain in effect until terminated by either party. Either party may terminate this Agreement at any time for any reason by providing written notice to the other party.

13.2. Termination for Cause

We may terminate or suspend your access to the Service immediately, without notice, for any violation of this Agreement or if we believe that your actions may cause harm or legal liability to us or any third party.

13.3. Effect of Termination

Upon termination of this Agreement, all rights and licenses granted to you will immediately cease, and you must discontinue all use of the Service. Any provisions of this Agreement that by their nature should survive termination will survive, including but not limited to confidentiality, indemnification, and limitation of liability.

14. Changes to this Agreement

We reserve the right to update or modify this Agreement at any time. Any changes will be posted on our website and will be effective immediately upon posting. Your continued use of the Service after such changes indicates your acceptance of the new terms.

15. Governing Law and Jurisdiction

This Agreement shall be governed by and construed in accordance with the laws of Your Jurisdiction. Any disputes arising out of or relating to this Agreement shall be subject to the exclusive jurisdiction of the courts located in Your Jurisdiction. You agree to submit to the personal jurisdiction of such courts.

16. Miscellaneous

• This Agreement constitutes the entire understanding between you and holidaymate.co regarding the Service and supersedes all prior agreements and understandings.
• If any provision of this Agreement is found to be invalid or unenforceable, the remaining provisions will remain in full force and effect.
• The failure to enforce any provision of this Agreement shall not be deemed a waiver of future enforcement of that provision.
• You may not assign this Agreement without our prior written consent. We may assign this Agreement without your consent in connection with a merger, acquisition, or sale of substantially all of our assets.

17. Contact Information

If you have any questions about this Agreement, please contact us at [email protected].

18. Data Security and Privacy Practices

18.1. What Data Do We Store?

Holidaymate only stores metadata about your organization and your organization's properties and users.

We store the following data for the purpose of authentication:

• Usernames and/or email addresses

We store the following data for the purpose of channel management:

• Property Details (Name, Address, Email, Facilities, Images, Room Types, Rate Plans, Availability, Prices, and Restriction Data)
• Booking Metadata (including, if present: Customer name, guest names, customer address, customer card details)

18.2. Defense in Depth

As you'll see from any best-in-class SaaS provider, there is no single layer that protects customer data, but rather a well-architected solution that considers every layer from the physical security measures at the data center, all the way through the access privileges that determine what data an individual user can access. Holidaymate, as a connectivity provider, uses this approach to protect customer data.

18.3. Process & Policy

The first layer of defense is having a well-defined and comprehensive set of security processes and policies to ensure the security of our customers' data and users. Holidaymate employs several process and policy measures that instill security as a key priority at our most core layer… our people.

18.4. Change Control

A formal change control process minimizes the risk associated with system changes. The process enables tracking of changes made to the systems and verifies that risks have been assessed, inter-dependencies are explored, and necessary policies and procedures have been considered and applied before any change is authorized.

18.5. Training

Holidaymate employees authorized to access the Holidaymate platform undergo periodic training to focus employee attention on compliance with corporate security policies. For example, Holidaymate DevOps and Professional Services personnel who may handle sensitive customer data and information will regularly undergo security, auditing, access, and compliance training (e.g., for GDPR).

18.6. Authorized Access

In addition to restricted personnel entering the production area, operational access is limited to only a restricted set of Holidaymate operations employees. Access is controlled via a physically separate network that is isolated from the Holidaymate corporate network that serves its general employee population, ensuring that only personnel authorized to access the data center may do so. All Holidaymate personnel with physical or operational access to production environments are subject to training, and all activities are logged for auditability.

18.7. Physical Security

All Holidaymate data centers are certified to major InfoSec standards, including ISO 27001 and PCI DSS. These data centers also feature N+1 redundant HVAC and UPS. The physical security adheres to the best practices in the industry and includes:

• Keycard protocols, biometric scanning protocols, and around-the-clock interior and exterior surveillance
• Access limited to authorized data center personnel—no one can enter the production area without prior clearance and appropriate escort
• Every data center employee undergoes thorough background security checks

18.8. Infrastructure Security

Between the physical data center layer and the Holidaymate Enterprise Connectivity Platform application layer is the infrastructure that supports our solution. Throughout the infrastructure, security is implemented in a comprehensive and coordinated fashion to enhance the safety and security of customer data.

18.9. Firewalls

All network access to the virtual hosts is protected by a multi-layered firewall operating in a deny-all mode. Internet access is only permitted on explicitly opened ports for only a subset of specified virtual hosts. For an additional layer of security, all database servers reside behind an additional firewall.

18.10. Networking

Holidaymate platform servers are allocated to the respective security groups, characterized by specific security settings (TCP/IP level), supplemented by individual instance-level stateful firewalls. Separate VLANs are used to split production, testing, and development environments as well as to segregate end-user and administrative traffic.

Holidaymate employs a three-tier security model:

18.11. Systems Hardening

Just like any SaaS offering, the Holidaymate Enterprise Connectivity Platform utilizes many well-coordinated technologies to deliver our service, yet there may be many capabilities that are not required. Consistent with industry best practices, Holidaymate DevOps closely inspects the entire solution to identify unnecessary services and remove and/or disable these capabilities to reduce vulnerabilities to security threats.

18.12. No Root Access

All customer access to the Holidaymate Enterprise Connectivity Platform is controlled through user interfaces (UI), APIs, and/or dedicated tools. Use of any of these methods of access requires a username and password with privileges appropriate for the requested access.

Customers do not have root or administrative access to any portion of the Enterprise Insights Platform technology stack, and access is permitted only via the Enterprise Insights Platform application layer (UI or API).

18.13. Shutdown All Unnecessary Ports

As previously mentioned in the Firewalls section, any ports on any server and/or virtual host not required for the operation of the Holidaymate Enterprise Connectivity Platform are disabled, eliminating additional opportunities for external intrusion.

18.14. Security Patches

Holidaymate has rigorous policies and procedures in place to update all components of the Holidaymate Enterprise Connectivity Platform, including operating systems, VM hypervisors, middleware, databases, etc., with their vendors' security patches.

18.15. Data Retention

Customer data is not stored for longer than it is needed. We require data about properties, bookings, and users to deliver accurate data visualizations and remove this data either upon request or after a period [30 days max] after the account is terminated.

Data is also removed if deemed out of date or no longer valid. This can happen from removal of connected services, termination of accounts, or other events originating from connected service providers.

Account data (Username, password, properties, channels & bookings) will be deleted within 30 days of account cancellation or on request.

18.16. Conclusion

Here at Holidaymate, we pride ourselves on the vigilance we employ to protect our customers' data assets, and we continually stress that a mature security organization requires coordinated dedication across technology, policy, procedures, and people. This dedication is underscored by the risk-based approach laid out in this document to demonstrate strength at every layer of security, minimizing any potential vulnerability or weakness.

We want our customers to know their data is sufficiently protected by this approach and welcome the opportunity to discuss these practices and approaches further.