This privacy notice explains how CaaB by GNS Ltd. and its affiliates (“Company“) collect, use, store and share Personal Data (as defined below) in relation to Company’s websites, products, services, and experiences (together, the “Services”).
- This Privacy Notice (“PN“) is in effect as of the date set forth below.
- You (“User“) are not under any legal obligation to submit Personal Data to Company. However, in case User chooses not to submit Personal Data to Company, User may not be able to become a User and/or use certain Services.
- Company may change this PN from time to time, therefore User should check back periodically. Company will post any changes to this PN on its websites (the “Site“). If Company makes any changes to this PN that materially affect Company’s practices with regard to the Personal Data Company previously collected from User, Company will endeavor to provide User with notice in advance of such change by highlighting the change on the Site. Company will seek User’s prior consent to any material changes, if and where this is required by Applicable Data Protection Laws (as defined below).
- For the purposes of (i) the General Data Protection Regulation (2016/679) (“GDPR”), including any subordinate or implementing legislation, (ii) the EU-US Privacy Shield (“Privacy Shield”), and (iii) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. (“CCPA”), as applicable (collectively, the “Applicable Data Protection Laws“), Company is acting as a processor/service provider, and User is acting as the controller/business, as applicable.
- For the purpose of this PN “Personal Data” shall mean personal data or personal information, as applicable in the Applicable Data Protection Law, or any other applicable data protection laws.
2. Personal Data collected by the Company.
2.1. Information provided by User.
Company collects any data User provides Company with, including but not limited to:
- User’s contact details (e.g. name, postal address, email address, phone number);
- User’s payment information (e.g. credit card and bank account information);
- User password and other authentication and security credential information;
- Any communication between User and the Company, e.g. emails, phone conversations, chat sessions.
2.2. Information collected automatically.
Company automatically collects data when User visits, interacts with, or uses the Services, including but not limited to:
- identifiers and information contained in cookies;
- User’s settings preferences, backup information;
- Uniform Resource Locators (URL) clickstream to, through, and from Company’s website and Services;
- content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
- network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider;
- computer and device information, such as browser type and version, operating system, or time zone setting; the location of device;
3. Company’s Use of Personal Data.
- The Company processes User’s Personal Data to operate, provide, and improve the Services, including but not limited to:
- creating and managing User profiles;
- contacting User by the Company and communicating with User with respect to the Services, e.g. by phone, email, chat; responding inquiries from User;
- informing User about updates or offers;
- personalizing the Services, i.e. identifying User’s interests and recommending offers that might be of interest to User;
- marketing and promoting Company’s Services;
- providing assistance and support;
- fulfilling User requests; meeting contractual or legal obligations;
- protecting Users security, e.g. preventing and detecting fraud;
- internal purposes, e.g. trouble shooting, data analysis, testing and statistical purposes.
- The Company may ask for User’s consent to use User’s personal data for a specific purpose which will be provided to User.
- The Company does not use any Personal Data other than as necessary to execute the Services.
- The Company uses tracking mechanisms such as cookies in order to provide the Services.
- The Company uses Google Analytics. Please click on google.com/policies/privacy/partners/ in order to find out how Google Analytics collects and processes data.
- THE COMPANY USES FACEBOOK PIXELS. WITH RESPECT TO THE COMPANY’S USE OF FACEBOOK PIXELS PLEASE NOTE THE FOLLOWING:
- USER CAN OPT-OUT OF THE COLLECTION AND USE OF INFORMATION FOR AD TARGETING.
- A MECHANISM FOR EXERCISING SUCH OPT-OUT CHOICE CAN BE FOUND AT: [email protected]
5. Sharing Personal Data of User for Legal Purposes.
- Company may be required to retain or disclose personal information in order to:
- comply with applicable laws or regulations;
- comply with a court order, subpoena or other legal process;
- respond to a lawful request by a government authority, law enforcement agency or similar government body (whether situated in User’s jurisdiction or elsewhere);
- engage with third-party service providers and/or sub-contractors which provide services for Company’s business operations, a list of which can be received upon request.
- disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes;
- disclose and/or transfer data to another entity if Company is acquired by or merged with another company, if Company sells or transfer a business unit or assets to another company, as part of a bankruptcy proceeding, or as part of any other similar business transfer;
- Company believes release is appropriate to comply with the law, enforce or apply Company’s terms and other agreements, or protect the rights, property, or security of Company, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
6. Sharing User Information with Third Party Software License Provider.
It shall hereby be clarified that the Company will not share any User information regarding products and services with any 3rd party software license provider, unless User agreed to such disclosure of information when purchasing such products and services.
Company has taken appropriate technical and organizational measures to protect the information Company collects about User from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.
8. Users in The European Economic Area (EEA).
8.1. Legal Basis for Processing of Personal Data
The Company will only process User’s Personal Data if it has one or more of the following legal bases for doing so:
- Legitimate Interest: Company has a legitimate interest to process User’s Personal Data;
- Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
- Consent: processing of User’s Personal Data with User’s consent.
8.2. User’s Rights regarding Personal Data.
- Subject to Applicable Data Protection Laws, User has certain rights with respect to User’s Personal Data, including the following:
- User may ask whether Company holds Personal Data about User and request copies of such Personal Data and information about how it is processed;
- User may request that inaccurate Personal Data is corrected;
- User may request the deletion of certain Personal Data;
- User may request the Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
- When User consents to processing User’s Personal Data for a specified purpose by Company, User may withdraw User’s consent at any time, and Company will stop any further processing of User’s data for that purpose.
- In certain circumstances, Company may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User of such a decision.
- User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting the Company at [email protected]. In some cases, Company may need User to provide Company with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
8.3. Transfer of User’s Personal Data outside of the EEA.
- The Company transfers data outside the EEA. As data is stored and processed by Company’s Israeli entity, Company relies on adequacy determinations. Data stored and processed by the Company’ flows between the EEA, the United States and Israel and. To ensure that EEA Data is adequately protected when transferred outside the EEA, the Data Protection Directive 95/46/EC and, as of May 25, 2018, the General Data Protection Regulation mandate that such transfers take place using certain legal mechanisms.
- When transferring EEA data to Israel, Company relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA. When transferring Personal Data from the EEA to the US, we rely on the EU-US Privacy Shield.
- Note: Company currently stores User data in the Company’s data centers located in the EEA and Israel.
9. Users in California, USA.
- Company will at all times comply with all Applicable data protection Laws (including the CCPA) and only process Personal Data on User’s behalf.
10. Personal Data of Children.
The Company’s Services are not intended for children. Children under 18 years of age, may use the Services only with the involvement of a parent or guardian.
11. Questions regarding User’s Personal Data?
If User has any questions about this Privacy Notice or Company data practices generally, please contact us using the following information:
CaaB by GNS Ltd.
Email: [email protected]
Last update: May 27th, 2020.