Effective from July 1, 2020
2. What Personal Information do we collect
2.1. User Information
To provide you the Services, we must collect Personal Information relating to an identified or identifiable natural person (“Personal Information”). We collect Personal Information you provide us, from your use of the Services, and from other sources. Here are the types of Personal Information we collect about you:
Information you provide us. When you use any of our Services and/or when you contact us directly by any communication channel (e.g. emails), you may provide us Personal Information, such as name, email address, phone number, payment Personal Information (for Users with Paid Services), Personal Information you include in your communications with us, and Personal Information contained in scanned identification documents (such as an ID card, driver’s license, passport, or official company registration documents).
Information we collect when you use the Services. When you visit, download, and/or use any of our Services, we may collect aggregated usage Personal Information, such as Users’ browsing and ‘click-stream’ activity on the Services, session heatmaps and scrolls, non-identifying Personal Information regarding the User’s device, operating system, internet browser, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, etc
Information we collect from other sources. We may receive Personal Information about you from third-party sources, such as i) security providers , fraud detection and prevention providers for example to help us screen out Users associated with fraud, ii) social media platforms, when you log-in or sign-up using your social media account, we may receive Personal Information from that service (e.g., your username, basic profile Personal Information) and in some cases, we may collect Personal Information from lead enhancement companies which help us to improve our service offering; iii) advertising and marketing partners in order to monitor, manage and measure our ad campaigns.
2.2. Users of Users Information
We may also collect Personal Information pertaining to visitors and users of our User’s websites or services (“Users-of-Users”), solely for and on our Users’ behalf (as further described in Section 6 below).
2.3. SITUASYS Jobs Applicant Information
We also collect information that is provided to us by SITUASYS jobs candidates (“Applicants”), when they apply to any of the open positions published at https://www.situasys.com/jobs, by e-mail or otherwise (as further described in Section 7 below).
3. Why do we collect such information?
We use your Personal Information for the following purposes:
To provide and operate the Services;
To further develop, customize, expand, and improve our Services, based on Users’ common or personal preferences, experiences and difficulties;
To provide our Users with ongoing customer assistance and technical support;
To be able to contact our Users with general or personalized service-related notices and promotional messages (as further detailed in Section 8 below);
To help us to update, expand and analyze our records to identify new customers;
To facilitate, sponsor, and offer certain contests, events, and promotions, determine participants’ eligibility, monitor performance, contact winners, and grant prizes and benefits;
To create aggregated statistical data and other aggregated and/or inferred Personal Information, which we or our business partners may use to provide and improve our respective services;
To provide you with professional assistance, only upon your request;
To enhance our data security and fraud prevention capabilities; and
To comply with any applicable laws and regulations.
We use your Personal Information for the purposes set out in Section 3 where:
Our use of your Personal Information is necessary to perform a contract or to take steps to enter into a contract with you (e.g. to provide you with our Services, to provide you with our customer assistance and technical support);
Our use of your Personal Information is necessary to comply with a relevant legal or regulatory obligation that we have; or
Our use of your Personal Information is necessary to support legitimate interests and business purposes (for example, to maintain and improve our Services), provided it is conducted in a way that is proportionate and that respects your privacy rights.
4. How we share your Personal Information
We may share your Personal Information with service providers and others (or otherwise allow them access to it) in the following manners and instances:
4.1. Third Party Service Providers: SITUASYS has partnered with a number of selected service providers, whose services and solutions complement, facilitate and enhance our own. These include hosting and server co-location services, communications and content delivery networks (CDNs), data and cyber security services, billing and payment processing services, domain name registrars, fraud detection and prevention services, web analytics, e-mail distribution and monitoring services, session recording and remote access services, performance measurement, data optimization and marketing services, content providers, and our legal and financial advisors (collectively, “Third Party Service Provider(s)”).
SITUASYS may share the following categories of Personal Information with Third Party Service Providers for a business purpose:
identifiers, including name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, or other similar identifiers.
commercial Personal Information, for example Personal Information regarding products or services purchased, obtained, or considered
SITUASYS is accountable for Personal Information it receives under the Privacy Shield and subsequently transfers to a third party as described in the Privacy Shield Principles. In particular, SITUASYS remains responsible and liable under the Privacy Shield Principles if Third Party Service Providers process Personal Information on its behalf in a manner inconsistent with the Principles, unless SITUASYS proves that it is not responsible for the event giving rise to the damage.
4.2. Law Enforcement, Legal Requests and Duties: SITUASYS may disclose or otherwise allow access to your Personal Information pursuant to a legal request, such as a subpoena, legal proceedings, search warrant or court order, or in compliance with applicable laws, if we have a good faith belief that the law requires us to do so, with or without notice to you.
4.3. Protecting Rights and Safety: SITUASYS may share your Personal Information if we believe in good faith that this will help protect the rights, property or personal safety of SITUASYS, any of our Users, any Users-of-Users, or any member of the general public, with or without notice to you.
4.4. Social Media Features and Framed Pages: Our Services include certain Social Media features, widgets, and single sign on features, such as the “Facebook Connect,” “Google Sign-in,” “Facebook Like”, or “Share this” button or other interactive mini-programs (“Social Media Features”). These Social Media Features may collect certain Personal Information such as your IP address or which page you are visiting on our Website and may set a cookie to enable them to function properly. Social Media Features are either hosted by a third party or hosted directly on our Services. Your interactions with these third parties’ Social Media Features are governed by their policies and not ours.
In addition, our Services may enable you to share your Personal Information with third parties directly, such as via page framing techniques to serve content to or from Third-Party Service Providers or other parties, while preserving the look and feel of our Website and Services (“Frames”). Please be aware that if you choose to interact or share any Personal Information via such Frames, you are in fact providing it to these third parties and not to us, and such interactions and sharing are governed by those third parties’ policies and not ours.
4.6. In connection with a change in corporate control: In addition, should SITUASYS or any of its affiliates undergo any change in control, including by means of merger, acquisition or purchase of substantially all of its assets, your Personal Information may be shared with the parties involved in such event.
4.7. Upon Your Further Direction: SITUASYS may also share your Personal Information with third parties for other purposes upon your further direction or with your explicit approval.
5. Where do we store your Personal Information?
5.1. Users’ and Users-of-Users’ Personal Information may be stored in data centers located in Israel, the United States of America, Ireland, South Korea and Taiwan. We may use other jurisdictions as necessary for the proper delivery of our Services and/or as may be required by law (as further explained below).
SITUASYS is based in Israel, which is considered by the European Commission to be offering an adequate level of protection for the Personal Information of EU Member State residents.
SITUASYS affiliates and Third-Party Service Providers that store or process your Personal Information on SITUASYS’ behalf are contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.
5.2. Transfer of EU Personal data : If you are located in Europe, when we will transfer your Personal Information to the United States or anywhere outside Europe, we will make sure that (i) there is a level of protection deemed adequate by the European Commission or (ii) that the relevant Model Standard Contractual Clauses are in place.
6. Clients-of-Clients’ Personal Information
SITUASYS may collect, store and process certain Personal Information of Clients-of-Clients (“Clients-of-Clients Information”), solely on our Clients’ behalf and at their direction. For such purposes, SITUASYS serves and shall be considered as a “Processor” and not as the “Controller” (as both such capitalized terms are defined in the European Union General Data Protection Regulation (“GDPR”)) of such Clients-of-Clients Information.
The Clients shall be considered as the “Controllers” of such Clients-of-Clients Information, and are responsible for complying with all laws and regulations that may apply to the collection and control of such Clients-of-Clients Information, including all privacy and data protection laws of all relevant jurisdictions.
Clients are responsible for the security, integrity and authorized usage of Personal Information about Clients-of-Clients, and for obtaining consents, permissions and providing any required data subject rights and fair processing notices required for the collection and usage of such Personal Information.
For more information on how Clients-of-Clients Personal Information may be handled by SITUASYS (which may be relevant for any specific notice Clients provide to and/or consent Clients obtain from their Clients-of-Clients), please see Sections 4, 12 and 13.
If you are a visitor, user, client or customer of any of our Clients, please read the following: SITUASYS has no direct relationship with Clients-of-Clients whose Personal Information it processes. If you are a visitor, user, client or customer of any of our Clients, and would like to make any requests or queries regarding your Personal Information, please contact such Client(s) directly. For example, if you wish to request to access, correct, amend, or delete inaccurate Personal Information processed by SITUASYS on behalf of its Clients, please direct your query to the relevant Client (who is the “Controller” of such data). If SITUASYS is requested by our Clients to remove any Clients-of-Clients’ Personal Information, we will respond to such requests in a timely manner upon verification and in accordance with applicable law (for example, thirty (30) days under the GDPR). Unless otherwise instructed by our Client, we will retain their Clients-of-Clients’ Personal Information for the period set forth in Section 12 below.
Please note that we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, however, most browsers allow you to control cookies, including whether or not to accept them and how to remove them. You may set most browsers to notify you if you receive a cookie, or you may choose to block cookies with your browser.
8. Sharing personal information with third parties
SITUASYS may share your Personal Information with third parties (or otherwise allow them access to it) only in the following manners and instances:
8.1. Promotional Messages
We may use your Personal Information to send you promotional content and messages by e-mail, text messages, notifications within our platform, marketing calls and similar forms of communication from SITUASYS or our partners (acting on SITUASYS’ behalf) through such means.
If you do not wish to receive such promotional messages or calls, you may notify SITUASYS at any time or follow the “unsubscribe” or STOP instructions contained in the promotional communications you receive.
8.2. Service and Billing Messages
SITUASYS may also contact you with important information regarding our Services, or your use thereof. For example, we may send you a notice (through any of the means available to us) if a certain Service is temporarily suspended for maintenance; reply to your support ticket or e-mail; send you reminders or warnings regarding upcoming or late payments for your current or upcoming subscriptions; forward abuse complaints from Clients-of-Clients; or notify you of material changes in our Services.
It is important that you are always able to receive such messages. For this reason, you are not able to opt-out of receiving such Service and Billing Messages unless you are no longer a SITUASYS Client (which can be done by deactivating your account).
9. Your rights in relation to your Personal Information
SITUASYS agrees that it is imperative that you have control over your Personal Information. Pursuant to privacy regulations worldwide, SITUASYS is taking steps to enable you to request access to, receive a copy of, update, amend, delete, or limit the use of your Personal Information.
Before fulfilling your request, we may ask you for additional information in order to confirm your identity and for security purposes. We reserve the right to charge a fee where permitted by law (e.g. if your request is unfounded or excessive).
You have the right to file a complaint with your local supervisory authority for data protection (but we still recommend that you contact us first).
If you are a SITUASYS User, and you wish to receive a copy, access and/or request us to make corrections to the Personal Information that you have stored with us (either yours or Clients-of-Clients’), or wish to request a list of what Personal Information (if any) pertaining to you we disclosed to third parties for direct marketing purposes, please e-mail us your request at email@example.com. You can also mail your request to SITUASYS, Natan HeHaham 11, Tel Aviv 6341317, Israel. We will make reasonable efforts to honor your request promptly (unless we require further information from you in order to fulfil your request), subject to legal and other permissible considerations.
10. Additional Information for California residents
If you are a California resident using the Services, the California Consumer Privacy Act (“CCPA”) may provide you the right to request access to and deletion of your Personal Information.
In order to exercise the right to request access to and deletion of your Personal Information, please see the section 9, above. We do not discriminate based on the exercise of any privacy rights that you might have under this Section.
SITUASYS does not sell user Personal Information to third parties for the intents and purposes of the CCPA.
As informed in section 6 above, SITUASYS may collect, store and process certain Personal Information of Clients-of-Clients, solely on our Clients’ behalf and at their direction. For such purposes, SITUASYS serves and shall be considered as a “Service Provider” and not as the “Business” (as both such capitalized terms are defined in the CCPA. SITUASYS does not and will not sell your clients’ (Clients-of-Clients) Personal Information.
11. Questions and Complaints
Our Data Protection Officer will investigate the complaint and determine whether a breach has occurred and what action, if any, to take. We take every privacy complaint seriously and will make all reasonable efforts to resolve your complaint promptly and in accordance with applicable law.
You can file a complaint with your local supervisory authority for data protection at any time, however we recommend that you contact us first so we can try to resolve it.
12. Data Retention
We may continue to retain your Personal Information after you deactivate your Client Account and/or cease to use any particular Services, as reasonably necessary to comply with our legal obligations, to resolve disputes regarding our Clients or their Clients-of-Clients, prevent fraud and abuse, enforce our agreements and/or protect our legitimate interests.
We maintain a data retention policy which we apply to Personal Information in our care.
SITUASYS has implemented security measures designed to protect the Personal Information you share with us, including physical, electronic and procedural measures. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and Third Party Services for further enhancing the security of our Services and protection of our Visitors’ and Clients’ privacy.
Regardless of the measures and efforts taken by SITUASYS, we cannot and do not guarantee the absolute protection and security of your Personal Information, your Clients-of-Clients’ Personal Information or any other information you share with SITUASYS. We encourage you to avoid providing us or anyone with any sensitive Personal Information of which you believe its disclosure could cause you substantial or irreparable harm.
Furthermore, because certain areas on our Services are less secure than others (for example, if you browse to a non-SSL page), and since e-mail and instant messaging are not recognized as secure forms of communications, we request and encourage you not to share any Personal Information on any of these areas or via any of these methods.
14. Third-Party Websites
15. SITUASYS Job Applications
SITUASYS welcomes all qualified Applicants to apply to any of the open positions published at https://www.situasys.com/jobs, by sending us their contact details and CV (“Applicants Information”) via the relevant Position Application Form on our Website, or through any other means provided by us.
We understand that privacy and discreetness are crucial to our Applicants, and are committed to keep Applicants Information private and use it solely for SITUASYS’ internal recruitment purposes (including for identifying Applicants, evaluating their applications, making hiring and employment decisions, and contacting Applicants by phone or in writing).
Please note that SITUASYS may retain Applicants Information submitted to it for no longer than two years after the applied position has been filled or closed. This is done so we can re-consider Applicants for other positions and opportunities at SITUASYS; so we can use their Applicants Information as reference for future applications submitted by them; and if the Applicant is hired, for additional employment and business purposes related to his/her work at SITUASYS.
If you previously submitted your Applicants Information to SITUASYS, and now wish to access it, update it or have it deleted from SITUASYS’ systems, please contact us at firstname.lastname@example.org.
16. Updates and interpretation
Any heading, caption or section title contained herein is provided only for convenience, and in no way defines or explains any section or provision hereof, or legally binds any of us in any way.
17. Contacting us
You may also contact us by mail at Natan HeHaham 11, 6341317 Tel Aviv, Israel.
For the purposes of GDPR (Article 27), you may contact our EU representative Victor Batis at Etolias 39, Gerakas (Athens) 15344, Greece.