1.1 Profimex, Company Number 514567692 (hereinafter: “the Company”) respects the privacy of the surfers who use its Internet website – surfers, visitors and users (collectively referred to hereinafter as “the user” or “the users”). The Company’s website is managed and operated by the Company at the URL profimex.com (hereinafter: “the website”).
1.2 The information presented hereunder is intended to help the user understand the Company’s privacy protection policy. The privacy protection policy as is set out in detail below, will clarify the sources of information collection about the users of the Company’s website, the purposes of the information collected, the nature of the collected information, the use the Company will make of the information, and the manner in which the information is handled and protected.
1.3 The information that the user has provided or will provide to the Company, whether verbally or in writing, is dependent on the user’s consent and free will and does not arise from any legal obligation unless explicitly stated otherwise.
2. Making contact in connection with the collected information
Any question regarding the information collected by the Company and how this is used may be directed to Michal Tzfati by email to firstname.lastname@example.org or by telephone to 09-7774426.
3. The sources whereby the Company collects information about the user
3.1 Information that the user provides to the Company, among other things, while making use of the website, for example: Full name, email address, telephone number and more.
3.2 Information obtained while using the website (through web tracking tools and information storage files – “cookies”).
4. The principles of information collection
4.1 Informed consent
The Company will collect personal information and use it only after receiving informed consent from each user. The consent documents that the users will be requested to confirm will be drafted in language that is as clear and concise as possible in order that free, informed and specific consent may be given to the collection and use actions that the Company wishes to make with the personal information.
The company will document receipt of consents for the collection and use of personal information in a centralized and retrievable manner.
For the avoidance of doubt, consent to be included in the list and to receive notifications will be considered an explicit request to register in the database and will override registration in the “do not contact me” database.
At the time of receiving the consent of users to the collection and use of their personal information, they will be provided with sufficient information regarding the purposes of said collection and the way in which the information will be used, so that they can consider their consent thereto. The aforementioned statement on the ways of using the information will be based on this policy and will include at the very least the following information: (a) the fact that the user has no legal obligation to provide the information; (b) the purpose for which the information is being requested and the manner in which it will be used; (c) the third parties to whom the information will be provided and for what purposes; (d) the countries to which the information will be transferred; and (e) the user’s right to review, correct and delete the personal information stored about him, and the means of communication available to him for these needs.
4.3 Purpose limitation
The Company will use personal information collected and kept by it solely for the purposes for which it was provided by the users and in accordance with the information use policy applicable to information of this type. To the extent that the Company is required to make uses other than those to which the users have agreed, the Company will contact the users to obtain their consent.
4.4 Privacy by Design
When planning and implementing a new business or technological process that involves the collection or use of personal information, the Company will, among its other considerations, take into account the need to build integral privacy into that process. For example, the Company will consider collecting from the start only those types of information required for purpose of that business process or collecting the information from the start in a way that does not enable identification of the users.
For this purpose, any person in the Company responsible for implementing a new business or technological process that involves the collection or use of personal information will consult with the privacy protection officer before its implementation.
4.5 Confidentiality of the information
The Company is obliged to keep confidential any personal information it collects. For this purpose, each employee of the Company who is to be given access to personal information kept by the Company will be bound by a duty of confidentiality with regard to the use of the personal information and will sign an appropriate confidentiality agreement. The employee’s duty of confidentiality can be realized on the basis of the general confidentiality agreement he signed as part of his employment contract or on the basis of a designated confidentiality agreement, all in accordance with the Company’s guidelines.
4.6 Information Security
The Company is obliged to keep the personal information kept by it in a secure manner in accordance with privacy protection laws and the information security principles embedded in the Company. The Company will apply its information security policy and the information security procedures established thereby to the personal information it retains. The privacy protection officer will cooperate with the information security manager to ensure that the Company’s information security measures are also adequately applied to the personal information retained by the Company.
4.7 Deletion of Information
Upon exhausting or fulfilling the need to preserve personal information, or upon receiving a user’s request to delete the personal information stored about him, the Company will act to delete said personal information from any digital or physical means in its possession within a period of 30 days as of the date of the user’s request to delete that personal information, except insofar as the storage of that information is required for backup needs, documentation for legal purposes, and other essential needs of the Company or according to any law. In each deletion of personal information, the privacy protection officer will confirm that the deletion process has been completed after checking with all the relevant parties in the Company.
5. The information collected by the Company about the user
The information that the Company collects about the user may comprise:
5.1 Identification, contact details: First name and surname, contact details (phone, cell phone, email, company name) and any additional information that the user provides to the Company.
5.2 Non-personal information: As set forth in section 13 of the privacy protection policy.
6. Personal information
By using the Company’s information collection services through the aforementioned website, the user confirms as follows:
6.1 That the personal information that reaches the Company belongs to him.
6.2 That he has legal authority to provide the Company with this information.
6.3 In the event that the information is obtained from a third party, it has been done in accordance with the law.
6.4 That the information received from the user is complete, true and accurate.
6.5 That the information received from the user can be stored in the Company’s databases anywhere in the world.
7. The purposes for which the Company uses the information
The Company collects information about the user for the following purposes:
7.1 for the purpose of contacting the user;
7.2 for the purpose of providing the services provided by the Company or someone on its behalf;
7.3 for the purpose of editing statistical data and transferring processed information, statistical or otherwise, to third parties, provided that said information does not allow personal identification of the user;
7.4 for the purpose of improving the quality of the services provided by the Company;
7.5 for the purpose of sending requests by direct mail, including but not limited to advertisements, information about products, benefits and more. Advertising materials will be sent only if the user has given explicit consent to receiving them;
7.6 for the purpose of contacting a user who sent an inquiry to establish a business relationship with Profimex;
7.7 for the purpose of defending against lawsuits, demands and claims against the Company and anyone on its behalf as well as against third parties;
7.9 in order to comply with the provisions of any law.
8. Transfer of information
8.1 The Company will not transfer and will not provide information to third parties, except as specified in the privacy protection policy.
8.2 The transfer of information to third parties will include only relevant information that does not exceed the purposes for which said information is being transferred (as detailed in Section 7 above) and will be carried out proportionately for a defined, explicit and legitimate purpose.
8.3 The Company may transfer the information or any part thereof to third parties in the event of one or more of the following cases:
- Third parties who provide the Company with diverse services, including external professional consultants, security system and information technology (IT) service providers, information storage service providers, survey and research conducting services, attorneys or other external professional advisers, as well as additional third parties who provide the Company with services in connection with its activities.
- Where the Company has received a judicial order ordering it to hand over the user’s details or information about the user in accordance with said order and in accordance with the provisions of any law.
- In any dispute, claim, demand, suit or any legal proceedings between the user or anyone on his behalf and the Company or anyone on its behalf and between any third parties whatsoever.
- In the event of transfer and/or sale and/or assignment and/or acquisition of the Company and/or its assets and/or any part thereof, for consideration or not, and among other things, in cases in which the ownership of the website and/or its content and/or its customer club will be transferred in whole or in part to third parties, including but not limited to the case of a merger of the Company and/or its activity with third parties, and including without detracting from the generality of the aforesaid, in cases of changes in control, in whole in in part, in the Company.
- If a claim is raised or a suspicion arises at the Company that a user has committed an act and/or omission that may harm the Company, anyone acting on its behalf, any third parties whatsoever, including other users.
- In any circumstance where the Company believes that the provision of information is required to prevent damage to the Company, a user or any third party.
- At the user’s request and/or in any circumstance in which the Company believes that delivery of the information is required to fulfil the user’s wishes and/or his requirements.
- 9. Links and hyperlinks to the website
- 9.1 The website may offer links, hyperlinks or banners to other websites that the Company does not supervise or check their reliability and legality, and everything related to their security and privacy protection policies.
- 9.2 The Company will not bear any liability and is exempt from any responsibility in connection with any damage, loss or expense, of any kind and type, whether direct or indirect and/or circumstantial and/or consequential, that were caused and/or will be caused to a user and/or a third party, in connection with the use of websites and/or said web pages and/or the content published therein. Without detracting from the aforesaid, the user undertakes to comply with the provisions and the conditions of those websites and/or web pages and to obey them.
- 10. Information security and limitation of liability
- 10.1 The Company takes measures to secure the information and operates in accordance with accepted standards. As is known, the storage and transmission of information by electronic means, including via the internet, can never be completely secure. Anytime the users submits information to the Company, in particular via the internet, he does so with full consent and subject to the risks involved in transmitting the information in this manner. In any event, should the user have reason to believe that the transfer of information to the Company is no longer safe (for example, if the user feels that the transfer of the information may have been put at risk), he must inform the Company by means of the communication methods in Section 2 above.
The Company will not bear any liability, and is exempt from any responsibility, in connection with any damage, loss or expense, of any kind and type whatsoever, whether direct or indirect and/or circumstantial and/or consequential, which have been and/or will be caused to users and/or to a third party, in all matters pertaining to receipt of the information, its use, its transfer to third parties and use of the website.
- Information retention period
- Information about other people
If the user provides personal information to the Company regarding other persons, including members of his family and other third parties, the user must do so only after: (a) the user has informed the third parties about the content of this policy; and (b) that the user received legal consent required for the collection, use, disclosure and transfer of any personal information about the third party in accordance with this policy and in accordance with the provisions of the law, as required.
- “Non-Personal” Information
“Non-personal information is any information that does not reveal the personal identity of the user, and which the Company collects with the help of various technological means (website, email messages, etc.).
The cookie files contain varied information such as the pages the user visited on the website, the length of time the user spent on the website, information the user viewed on the website, and more.
A user who does not want cookies to be collected on his personal computer can prevent this by changing the settings in the browser window on his computer. To do so, the user should consult the browser’s help page. Cancelling cookies may cause some services on the website to be unavailable or their quality to be compromised.
13.2 Through the web browser: Certain information is collected by most internet websites, such as the user’s IP address (i.e., the user’s computer address on the internet), screen resolution, type and version of the operating system, web browser type and version, and language preference. The Company can make use of this information for purposes such as calculating the number of users on the website, help in diagnosing server problems, website management, and more.
13.3 Through the use of log files: The Company’s internet servers automatically record certain information that the user’s browser or the user’s mobile device sends each time the user visits the website. These server records may include information such as the internet request, IP address, browser type, browser language, referral/exit pages and URLs, platform type, number of clicks, domain names, landing pages, pages viewed and the order of these pages, the length of time registered on certain pages, the date and time of your request.
- Establishment and registration of databases
With the implementation of a new business or technological process that involves the collection of personal information or its use, a database will be set up in the Company in which the relevant personal information will be stored. The person responsible for the business or technological process in the Company (“business process manager”), in coordination with the privacy protection manager, will determine the identity of the database manager (“the database manager” – the officer in the Company who is responsible for the database). The database manager will be responsible for managing the database and implementing the provisions of this policy in relation to the personal information stored therein.
The database manager is tasked with keeping a record of the database in the database register in accordance with privacy protection laws.
- The right to review, correct and delete the information
15.1 The right to review and access to information
The Company will allow any user whose personal information is kept by the Company to request to review this information. As a general rule, the Company will make it possible to review the information through means that are as similar as possible to the means by which the information was collected. For example, where the information is collected online, the Company will, insofar as possible, allow the user to review the information online. This possibility will be brought to the user’s attention at the time when consent is received for the collection of personal information and use thereof, as well as when the user contacts the Company with an appropriate request.
If a confidentiality order applies to the information, the Company is not obliged to provide information contrary to the confidentiality established by any law, unless the applicant is the person for whose benefit the confidentiality is intended.
A database owner, who holds it with another (the holder) will refer the information petitioner to the holder, specifying his address, and will instruct the holder, in writing, to permit the requester’s review.
Any request to review personal information that requires human intervention by the Company will be forwarded to the privacy protection officer who will discuss the request. The privacy protection officer will reply to the person in the Company who forwarded the request specifying the ways in which the user should be allowed to review the personal information, and this decision will be communicated to the user within 30 days of the date of the request.
15.2 The right to correct and delete information
The Company will allow any user for whom personal information is stored in the Company to request that said information be corrected or deleted. This possibility will be brought to the user’s attention at the time of receipt of consent to the collection and use of private information, as well as when the user contacts the Company with an appropriate request.
Any request to correct or delete personal information will be forwarded to the privacy protection officer who will discuss the request and decide whether to agree to or reject it (in cooperation with the manager of the relevant database). The privacy protection officer will reply to the person in the Company who forwarded the request specifying his decision and the reasons for it, and the decision will be communicated thereafter to the user no later than 30 days from the date the request was received by the Company. In his decision, the person in charge of privacy protection will provide guidance to the appropriate parties in the Company as to whether a copy of the original information should be kept before it is corrected or deleted for the purposes permitted according to the policy document applicable to the type of information for which the request was submitted, and the deletion/correction of the information will be carried out soon after the decision insofar as it was decided.
- Direct mail operations
16.1 In this section, “direct mail” means a personal communication to a person based on his belonging to a population group, determined according to one or more characteristics of people whose names are included in a database (for example, age, purchasing history, location, etc.). “Direct mail services” means direct mail solicitations for third parties.
16.2 Prior to commencement of any marketing or advertising activity through direct mail, the person responsible for this activity will contact the privacy protection officer. The officer will examine whether there is any impediment to starting the activity and whether it meets the conditions of this policy.
16.4 Direct mail activity aimed at providing updates on existing investments, funds that are being transferred and tax reports, is based on the recipient’s signature on the documents to join an investment and does not subject to additional consent.
16.5 Direct mail actions directed at those who are not customers of the Company, direct mail actions that are not directly related to the Company’s normal activity and the services and products it offers to its customers on a regular basis, as well as actions that constitute direct mail services, require the specific consent of the recipients.
16.6 The Company will not provide direct mail services to third parties except with the approval of the privacy protection officer and the Company’s management.
16.7 Use of the database for direct mail purposes is conditional on it being registered with the database registrar and one of its registered purposes is mailing services.
16.8 In every communication through direct mail, the Company will ensure that all the following conditions are met:
- The communication will include the full name of the Company, its contact information and the reference number of the database to which the mailing is being carried out;
- The communication will explicitly state that it is a direct mail communication;
- The communication will include, in a clear and prominent manner, notice that the recipient can notify that he does not wish to be exposed to the Company’s direct mail in the future.
17. Office holders and areas of responsibility
17.3 A database manager will be appointed for each database in the Company. The database managers will be responsible for implementing the provisions of this policy in respect of the databases under their responsibility. The database managers will report to the privacy protection officer any issue that may give rise to the possibility of a violation of privacy or incompatibility between management of the database and this policy.
17.4 The managers of the Company’s business processes will report to the privacy protection officer on any activities that require collection from and/or use of personal information. The business process managers will assist the database managers in applying the provisions of this policy to the activity of collecting and/or using personal information required for the business process for which they are responsible. The business process managers will report any issue that may involve the possibility of a violation of privacy to the privacy protection officer.
- The applicable law and jurisdiction
18.1 The terms and provisions detailed in this privacy protection policy, as well as any change or amendment thereof, as well as use of the website, will be regulated according to the laws of the State of Israel without reference to their applicable choice of law clauses.
Ways of contacting the company:
Phone: 09-7774444; By fax: 09-7774400.
By e-mail: Profimex@profimex.com; Via the contact form on the website.
Updated: March 27, 2023