Privacy Policy, Information Collection and Transmission

This Privacy Policy is intended to clarify how the Company collects, uses, stores, and protects your personal information, in accordance with the provisions of the Protection of Privacy Law, 5741-1981 (hereinafter: "the Protection of Privacy Law") including Amendment 13 to the Law (which comes into effect on August 14, 2025), the Protection of Privacy Regulations (Data Security), 5777-2017 (hereinafter: "the Protection of Privacy Regulations"), and the Communications Law (Bezeq and Broadcasting), 5742-1982 (hereinafter: "the Communications Law").

By using the website operated by Chen and Itay Gindi Israel Ltd., Co. No. 514831486 and Gindi Group, Chen and Itay Gindi Ltd., Co. No. 513086710 of 5 HaHoshlim St., Herzliya (hereinafter jointly: "the Company"), you confirm that you have read and understood this Privacy Policy.

The Privacy Policy constitutes an integral part of the website's Terms of Use and applies to all personal information provided to the website operator through any channel, including telephone inquiries, online forms, email, social networks, and in-person meetings.

Definitions:

Personal Information: Any data about an identified or identifiable person, directly or indirectly (name, address, email, IP address).

Special Category Data: Medical, financial, biometric, genetic information, precise location data, political opinions, sexual orientation, criminal record.

Processing of Information: Any operation performed on personal information, including collection, storage, use, transfer, distribution, erasure, or destruction.

Database Controller: The person who, alone or jointly with another, determines the purposes and means of processing information in the database, whether a public or private entity. For this purpose, the Company is the database controller, and it is responsible for its processing and use in accordance with the provisions of the law and its regulations.

1. Privacy Policy. The Company undertakes not to make any misuse of the information without the user's consent, unless required by law, to prevent misuse, or to protect its rights. The Company will allow access to the information only to those of its employees who need the information for the purpose of providing the service. When collecting the information, we will detail to the user the purposes of use, whether providing the information is mandatory or optional, the details of the database owner, and the duration of the information's storage.
2. Database. The Company manages its databases in accordance with the requirements of the Protection of Privacy Law and the regulations enacted thereunder. It is clarified that if the database includes information on more than 100,000 data subjects or special category data, the Company will provide appropriate notice to the Privacy Protection Authority in accordance with section 8A(b) of the Protection of Privacy Law.
3. Prohibition of Processing Illegally Collected Information: The Company strictly prohibits any action on personal information collected illegally and is committed to verifying the legality of information collection from any source.
4. Purposes of Information Collection and Processing. The information will be stored only for the period necessary for the purposes for which it was collected. At the end of the period, or if the information is no longer necessary, reasonable steps will be taken to erase it or anonymize it so that the data subject cannot be identified by reasonable means.
5. It is clarified that the provision of personal information by the user in the context of using the website, including through contact forms, telephone inquiries, email, or any other means, is not required by law, unless explicitly stated otherwise. However, failure to provide certain details may prevent the Company from being able to contact the user, respond to their inquiry, or provide them with the requested services.
6. When collecting the information, the Company will inform the user, as required by law, about the purposes of using the information, the identity of the database controller, the types of entities to whom the information may be disclosed, the existence of the rights of access, rectification, and erasure, as well as the consequences of not consenting to provide the information.
7. The information the Company collects through the website:

7.1. Technical information about your computer, including, inter alia: IP address, geographical location, browser type and version, and your computer's operating system.

7.2. Browsing and usage data on the website, including, inter alia: the source of the referral, length of visit, pages viewed, and browsing paths on the website.

8. The information is collected and processed for the following purposes:

8.1. Providing the services offered on the website, including contacting the Company.

8.2. Statistical analysis and segmentation of browsing habits (with anonymous or minimized information as much as possible).

8.3. Sending messages, including essential service messages.

8.4. Protecting the Company's rights, preventing fraud and illegal activity, and enforcing the Terms of Use.

8.5. Compliance with legal and regulatory requirements, including requirements of law enforcement authorities.

8.6. For any other purpose detailed in this Privacy Policy or in the Terms of Use.

8.7. When collecting the information, the Company will indicate to the user whether providing the information is mandatory or optional, and what the consequence of not consenting to provide the information is.

9. Consent to Receive Advertising Materials. At the time of providing the user's details, including registration on the website and/or providing an email address and/or placing an order, the user may consent to the website operator and/or related parties sending them, by any means of communication and at its discretion, service messages and/or advertising materials related to its activity and/or the website's activity, including offers to purchase a property or service and/or promotional mailings of any kind and/or system messages and/or service messages and/or other messages to customers. The mailing will be carried out in accordance with section 30A of the Communications Law, and only after receiving explicit consent (opt-in) from the user.
10. Removal from the Mailing List according to the Communications Law. The user may contact the website operator at any time and request their removal from the website operator's mailing list in accordance with the instructions below:

10.1. Removal from the email mailing list – The user may, at any time, request to be removed from the website operator's email mailing list. The user can remove themselves by clicking on the unsubscribe link at the bottom of any advertising message sent by email from the website operator or by sending a removal request to the address Office@gindi-group.com. After receiving a removal request, the website operator will not send advertising messages to the email address from which the removal request was sent. It is emphasized that if the user holds more than one email address, a separate removal request must be sent for each email address.

10.2. To be removed from a text message mailing list, a removal request must be sent via text message in accordance with the instructions detailed in the text message sent by the website operator. It is clarified that a removal request via text message does not remove the recipient's email address from the mailing list, and if they do not wish to receive advertising messages via email, they must act in accordance with the instructions detailed in section 10.1.

11. Access to Information under the Protection of Privacy Law, 5741-1981

11.1. The user may request to access their details held by the Company in its database.

11.2. The user may submit a request to rectify the information and/or to have it erased from the database.

11.3. The Company may rectify the information or erase it. It is clarified that in the event of erasure, all records relating to the user will be erased except for the erasure request itself and data about actions performed by the user on the website, including orders.

11.4. Accuracy of Information: The Company operates mechanisms to ensure that the personal information held in its databases is correct, complete, clear, and up-to-date. If inaccurate information is found, the Company will take reasonable measures to rectify or erase it.

11.5. Limitation of Information Retention: The Company will act to erase personal information that is no longer necessary for the purposes for which it was collected or held, unless there is a legal obligation to retain it or actions have been taken to ensure that it will not be possible, by reasonable means, to identify the data subject.

11.6. The Company will respond to these requests within 30 days and will inform the user of the outcome of the request.

12. In addition to the right of access, the user is also entitled to receive:

12.1. The information about them in a machine-readable format (data portability).

12.2. To request a temporary restriction of the processing of the information or to object to its use for direct marketing purposes;

12.3. To file a complaint with the Privacy Protection Authority on the Privacy Protection Authority's website at the address:

https://www.gov.il/he/departments/the_privacy_protection_authority

13. Authorization to Transfer User Details to Third Parties. The Company may share personal information with third parties in the following cases and only for specified purposes:

13.1. It is clarified that the transfer of personal information to external service providers will be carried out solely for the purpose of providing the services, subject to their commitment to maintain the confidentiality of the information and to comply with the provisions of the law, and in accordance with data processing agreements and/or appropriate contractual undertakings, as required by law.

13.2. Without derogating from the foregoing, the Company may also transfer personal information to technological service providers acting on its behalf, including providers of customer relationship management (CRM) systems, providers of electronic mailing services, text messages and/or WhatsApp messages, providers of storage, backup, and computing infrastructure, as well as providers of operational and technology services, and this solely for the purpose of providing the services, operating the website, managing the relationship with users, and complying with the provisions of the law, and subject to the commitment of the said entities to maintain the confidentiality of the information and to process it in accordance with the provisions of the Protection of Privacy Law.

13.3. Legal Requirement: The Company may disclose personal information if required to do so by law, court order, or by a competent authority.

13.4. Protection of Rights: In cases of a legal dispute, fraud, or illegal activity, the Company may disclose information for the purpose of protecting its rights or the rights of third parties.

13.5. Anonymous/Aggregated Information: The Company may use anonymous or aggregated information (which does not personally identify you) for statistical, research, marketing purposes, or to improve the services, and transfer it to third parties without restriction.

13.6. Transfer of Information Outside of Israel: The transfer of personal information outside the borders of the State of Israel, if it occurs, will be done only to countries that provide an adequate level of protection for personal information, or in accordance with binding legal arrangements permitted by law, and subject to the applicable provisions of the Protection of Privacy Regulations and the Protection of Privacy Regulations (Transfer of Data from the European Economic Area), 5783-2023 for this matter.

14. Transfer of Information Without Identifying Details. The Company shall be entitled to use the details you provide for the purpose of analyzing statistical information and providing it to related parties and to any other entity for the purpose of examining the number of visitors to the website, segmenting purchasing habits, generic segmentation, adapting advertisements according to browsing habits, and for any other purpose), inter alia, in order to improve the activity of the website and the services offered therein. In this case, the data will be anonymous and will not refer to you personally or identify you, and any use of the information may be made, and it may be transferred without restriction.
15. Use of Cookies. The Company may use cookies for the operation of the website and to improve the user experience. The user may block or delete cookies through their browser settings. To the extent required by law, the activation of non-essential cookies for the operation of the website will be subject to the user's consent, including through a preference management mechanism, if implemented on the website.
16. Data Collection via Google Analytics. The Company uses Google Analytics, Facebook/Meta Pixel, and pixels from advertising companies to collect anonymous browsing data for the purpose of improving the services offered through the website.
17. Duration of Personal Information Storage: The Company will store your personal information for the period required for the purposes for which it was provided and in accordance with the provisions of the law. The Company will periodically review the personal information it holds, and if it discovers that it is no longer relevant, it will be erased.
18. Information Security: The Company implements the provisions of the Protection of Privacy Regulations (Data Security), 5777-2017, including: preparing a database definitions document, an information security procedure, access controls, employee training, risk surveys, and penetration tests according to the applicable security level. Encryption measures and accepted protection methods are employed to prevent unauthorized access or misuse of personal information.
19. Changes to the Privacy Policy. The Company reserves the right to update this Privacy Policy from time to time, at its sole discretion. In the event of material changes to the policy, the Company will provide notice by posting a prominent notice on the website or through other means of communication. Your continued use of the website after the changes are published will constitute consent to the updated Privacy Policy.
20. Contact: For any question, request, or complaint regarding this Privacy Policy or the handling of your personal information, please contact us in one of the following ways:
    • To: Chen and Itay Gindi Israel Ltd.
    • Email: Office@gindi-group.com
    • Mailing Address: 5 HaHoshlim St., Building B, Herzliya Pituach
    • Telephone: 03-5751850