Effective date: June 9th, 2021
- What personal data we collect, How and How is it Being Processed
- How we share your personal data
- Data transfers and global processing
- Data Subject Rights
- Cookies and Similar Technologies
- Security of Processing
- Data Retention
- Changes to This Privacy Notice
- What Personal Data We Collect, How, and How is it Being Processed
1.1. The following describes what personal data we collect through the Website, and for what purposes it may be processed:
1.1.1. When you subscribe to get updates we process your email address. We use this personal data for the following purposes: to contact you occasionally with marketing communications regarding our Tours; to send newsletters and event invitations subject to applicable laws (for example, where required, subject to your consent. Our legal basis under GDPR for doing so is Consent (Article 6(1)(a)); and the associated categories of data for CCPA purposes are: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers and Professional or employment-related information.
1.1.2. When you create an account and when you update your account details (payment method and password) we process your first and last name, display name of your choice, email address, and a password of your choice. We use this personal data for the following purposes: to create an account for you, to allow you to view your orders, and edit your password and account details; to process your purchase; to record your consent to our terms and conditions of engagement; to contact you occasionally with marketing communications regarding our Tours, to send newsletters and event invitations subject to applicable laws (for example, where required, subject to your consent. Our legal basis under GDPR for doing so is to fulfill our contract with you (Article 6(1)(b); and Consent (Article 6(1)(a)); and the associated categories of data for CCPA purposes are: Identifiers such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name or other similar identifiers; Professional or employment-related information.
1.1.3. Data that you provide passively (by using the Website, by navigating the screens, clicking on buttons etc.) (This data is collected using third party services by means of placing cookies, pixels or web beacons. For more information, please look at the Cookies section) – we process your computer’s Internet Protocol address (IP address), browser type, browser version, the pages of our Website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. We use this personal data for the following purposes: To improve, modify and update services and content offered on the Website; to monitor and ensure the orderly and proper operation and development of the Website and associated services; to improve and customize the user experience and the content that is presented on the Website; and to support our marketing efforts and to provide you with customized content. Our legal basis under GDPR for doing so is Our legitimate business interest (Article 6)1)(f)); and the associated categories of data for CCPA purposes are: Internet or other electronic network activity information, including, but not limited to, Browsing history, search history, and information regarding a consumer’s interaction with an internet Website, application, or advertisement.
1.2. You are not obliged under any applicable law to provide us any of the above information and you may be able to opt not to disclose your personal data to Company. However, not providing Company with certain data may mean that we cannot provide you with certain functionalities or process any requests.
1.3. In addition to the above uses of your personal data, we will also process your personal data for the following purposes:
1.4. We use all the above personal data to operate, maintain, and provide to you the Website features and functionality and to provide you with the services as requested by you.
1.5. To prevent, detect and fight fraud or other illegal or unauthorized activities.
1.7. We will not use your personal data for any personal profiling and automated decision making regarding you based on such profiling.
1.8. We limit access by our employees to your information only to those who were specifically authorized by the Company to access your information, as part of their job.
1.9. We use anonymized, aggregate data, in order to gain insight on how you and other users use the Website and try and improve it, as well as to plan our marketing and advertisements.
- How we Share Your Personal Data
1.1. No Sale to Third Parties. We do not, and will not, sell any of your personal data to any third party for advertising, marketing or any other purpose.
1.2. Service Providers: we employ other companies and people to perform tasks on our behalf and need to share your information with them in order to provide the services to us. The categories of third party recipients of the personal data from us are as follows: Cloud hosting services, analytics tools providers, and payment gateway services. Our service providers do not have any right to use your personal information collected from our Website beyond what is necessary for the purpose of facilitating our provision of the Website.
1.3. Compliance with the Law: We may disclose your information if we believe it’s necessary in order to comply with the law, such as to comply with a subpoena, regulation or legal request, respond to a government request, to address fraud or security issues, to protect the safety of any person, to enforce our agreements with you; to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing or to protect our own rights or property. This includes sharing such information with our legal counsels. If you are located in the EU, we may only do so based on legal requirements specified above of EU authorities.
1.4. Business Transfers: If we are in a bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be transferred as part of that transaction to a successor in interest and to the applicable legal authorities as well as legal counsels and other professional counsels involved such as accountants, and other officers of the government or of the applicable judiciary instance.
1.5. Anonymized Information: We may provide third parties with aggregated but anonymized information and analytics about our customers however, before we do so, we will make sure that it does not identify you.
- Data Transfers and Global Processing
2.1. The Website may be operated in countries other than your own location, and your personal data may be accessed and/or processed from and/or transferred to countries other than your own location. We may do this where data is accessed/processed:
2.1.1. by Company and its affiliates for operational, administrative, compliance purposes or customer support teams in our various locations;
2.1.2. By our service providers, for the purposes we specified under the section “Service Providers”.
2.2. The safeguards we deploy for performing such transfers across boundaries:
2.2.1. Adequacy. If you are located outside of Israel, and choose to provide information to us, please note that we transfer the data, including personal data, to Company headquarters located Israel and process it there. Any transfers to Israel may be made on the basis of an adequacy decision made by the European Commission.
2.2.2. Model Clauses. With some of our processors, we use standard contractual clauses approved by the European Commission that are binding standards of processing of personal data committed to contractually by third parties processing information for us and on our behalf.
2.2.3. Consent. In the absence of an adequacy decision or Model Clauses, and in the absence of any other right to transfer your data, your consent shall serve as the basis for such transfer. By accessing and using the Website, you agree and understand that your information may be transferred from the EEA or other countries in which you may be using or accessing the Website, to other jurisdictions outside your own location (including outside the EEA). The transfer will be to such third parties as described under Section 2 (How we share your personal data).
2.3. Company will take steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.
2.4. Currently we process data in Israel, although some of our service providers, such as Google, operate in the US.
- Data Subject Rights
3.1. It is your responsibility to ensure that all personal data submitted to Company is correct. Company would like to make sure you are fully aware of all of your data protection rights. Depending on your location and on the laws that are applicable to you, you may be entitled to some or all of the following rights:
3.2. The right to access – You have the right to request Company for copies of your personal data, which includes the right to obtain confirmation as to whether or not personal data concerning you are being processed and, where that is the case, access to the personal data and the purposes of the processing; categories of personal data concerned; recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; the appropriate safeguards relating to the transfer of your personal data outside the EEA,. We may charge you a small fee for this service under certain conditions.
3.3. The right to rectification – You have the right to request that Company correct any information you believe is inaccurate. You also have the right to request Company to complete the information you believe is incomplete.
3.4. The right to erasure – You have the right to request that Company erase your personal data, under certain conditions.
3.5. The right to restrict processing – You have the right to request that Company restrict the processing of your personal data, when: (a) you contest the accuracy of your personal data, for a period allowing Company to verify the accuracy of said data; (b) if you believe personal data has been unlawfully processed and you wish to restrict processing rather than delete it; (c) Company no longer needs the personal data but you require to keep it in order to establish, exercise or defend a legal claim; or (d) you have exercised your right to object the processing (below) for a period allowing Company to consider whether your legitimate grounds override those of Company.
3.6. The right to object to processing – You have the right to object to the processing of your personal data at any time – this means you have the right to stop or prevent Company from processing your personal data (it could be in relation to part or all of your personal data, and for part or all of the processing purposes). When relating to processing for marketing purposes, you have an absolute right to object; while for other purposes, the existence of the right depends on what lawful basis the processing relies on.
3.7. The right to data portability – You have the right to request that Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
3.8. If allowed by applicable laws, you have the right to withdraw your consent at any time when Company processes your personal data based on your consent on any of these rights. However, withdrawal does not affect the legitimacy and effectiveness of how we process your personal data based on your consent before the withdrawal is made; nor does it affect any data processing based on another lawful bases other than your consent.
3.9. You may exercise these rights to the extent these rights apply to you by emailing Company to: email@example.com or use any of the contact information listed below. We will undertake to respond to your request within the applicable time frame prescribed by applicable law. Although we will make reasonable efforts to accommodate your requests, in some circumstances we may deem your request unfounded or not eligible under applicable law. In such instances we reserve the right to refuse your request. We shall require, as pre-requisite to fulfilling any request, to verify your identity which we may do by asking you to provide certain information or identification to ensure that all data subjects’ privacy is protected.
3.10. If you think that the way we process your personal information does not comply with applicable data protection laws, you are of course invited to contact us and we will consider your request, but in any event you may contact the relevant competent data protection authority. You can obtain the contact information for all of the EEA data protection authorities at https://edpb.europa.eu/about-edpb/board/members_en.
- Cookies & Similar Technologies
4.1. A cookie is a small text file that is stored in your web browser that allows Company or a third party (such as third-party service providers) to recognize you. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires, or you delete your cookies.
4.2. Cookies that we may use can generally be categorized as follows:
4.2.1. Necessary Cookies: These cookies are necessary to load the Website or to allow users to use Website’s certain features.
4.2.2. Analytics Cookies: These cookies track information about how the Website is being used so that we can make improvements and report on our performance.
4.2.3. Preference Cookies: These first party cookies store your Website preferences.
4.2.4. Marketing Cookies: These are usually third party cookies by advertising platforms or networks in order to: (i) deliver ads and tracks ad performance, and (ii) enable advertising networks to deliver ads that may be relevant based upon your activities.
4.3. We may use additional tracking technologies to help understand user activities and preferences. For example, we may use web beacons (also known as clear gifs, pixel tags or web bugs) to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only.
4.4. In addition we may use a tracking technology (pixels) in emails to understand how often our emails are opened and clicked on by our customers. If you do not wish this tracking to be effected, please change your email software or service (such as outlook, Gmail etc.) settings to not automatically download images (to the extent it is not already your default) In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you have added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.
4.5. You can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Some useful information can also be found here: https://www.allaboutcookies.org/ Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
- Security of Processing
5.1. We use appropriate physical, management, and technical measures to protect your data from unauthorized access, disclosure, use, modification, damage, or loss. We also provide training on security and privacy protection for employees to raise their awareness of personal data protection. However, please note that no security measure is perfect, therefore, you should take special care in deciding what information you disclose.
- Data retention
6.1. We will retain your personal data for no longer than is necessary for the purposes stated in this Policy, unless otherwise extending the retention period is required or permitted by law or subject to our retention policies as may be in place from time to time. The data storage period may vary with scenario, product, and service.
6.2. The standards Company uses to determine the retention period are as follows: the time required to retain personal data to fulfill business purposes, including providing products and services; maintaining corresponding transaction and business records; controlling and improving the performance and quality of the Site; handling possible user queries or complaints and locating problems; whether the user agrees to a longer retention period; and whether the laws, contracts, and other equivalencies have special requirements for data retention.
- Changes to This Privacy Notice
7.1. We may update our Privacy Notice from time to time. We will notify you of any changes by posting the new Privacy Notice on this page. We may notify you through different channels, for example, posting a notice on our Website or sending you direct notification.
- Notice for California Residents
8.2. This section is only applicable to California residents for purposes of compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Defined terms used in this section, including but not limited to “Business Purpose”, “Consumers,” “Personal Information” and “Sale” (or “Sell”) are used as such terms are defined by and interpreted pursuant to the CCPA.
8.3. The categories of Personal Information we have collected about Consumers, which we have disclosed for a business purpose, in the preceding 12 months are:
(1) Identifiers, such as name and Social Security number;
(2) Personal information, as defined in the California safeguards law, such as contact information and financial information;
(4) Commercial information, such as transaction and account information;
(6) Internet or network activity information, such as browsing history and interactions with the Website;
8.4. The sources we have collected this Personal Information from are: directly from California residents or their representative.
8.5. In the past 12 months, however, we have not “sold” Personal Information relating to California residents within the meaning of the CCPA.
8.6. If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
(1) the categories of Personal Information that we collected about you and the categories of sources from which we collected such Information;
(2) the business or commercial purpose for collecting Personal Information about you;
(3) the categories of Personal Information about you that we disclosed to third parties for a business purpose and the categories of third parties to whom we disclosed such Personal Information (if applicable); and
(4) the specific pieces of Personal Information we collected about you.
8.7. If you are a California resident, you may also request that we delete Personal Information that we collected from you.
8.8. we may ask to verify your identity by providing us with certain information or identification. In some instances, we may decline to honor your request. For example, we may decline to honor your request if we cannot verify your identity or confirm that the personal information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. In other instances, we may decline to honor your request where an exception applies, such as where the disclosure of personal information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights, such as information relating to our employees and contractors that is used for our employment and vendor management purposes.
8.9. You have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
- California and Delaware “Do Not Track” Disclosures
We do not monitor or respond to Do Not Track browser requests. Hence please ensure to change any settings of your browser and/or our Services, whenever you wish cookies to cease.
10.1. If you have any questions or suggestions, to exercise any of your rights, or if you have any other questions or complaints about our use of your personal data and your privacy please contact us at firstname.lastname@example.org.
10.2. Where your personal data is processed by Company in accordance with this Privacy Notice, 360 ClickVT Ltd. Of 28 Yaakov Hazan, Raanana, Israel, is the controller of the related personal data.