CAPPITECH REGULATION LTD.
PRIVACY NOTICE
We at Cappitech Regulation Ltd. (“Cappitech”, “us”, “we”, or “our”) recognize and respect the importance of maintaining the privacy of our customers and their end users. This Privacy
Notice describes the types of information Cappitech collects from you when you visit our website www.cappitech.com (“Website”) and/or use the CapptivateTM Service (“Services”).
This Privacy Notice also explains how Cappitech may process, transfer, store and disclose the information collected, as well as your ability to control certain uses of the collected
information. “You” means any adult user of the Website and/or Services, whether you are using the Website or Services on behalf of an entity, individual or yourself.
If you are an individual located in the European Union (“EU Individual”), some additional terms and rights may apply to you, as detailed herein. Cappitech Regulation Ltd. is the data
controller in respect of certain processing activities outlined in this Privacy Notice. Our registered office is 2 Hamenofim St., PO Box 12919, Herzliya 4672553, Israel, and our
registration number is 515328953. When we process information in the context of providing Services to our customers (“Customers”), including with regard to each Customer’s end
users, the applicable Customer serves as a controller with respect to such Customer’s end user Personal Data (as defined below).
“Personal Data” means any information that refers, is related to, or is associated with an identified or identifiable individual or as otherwise may be defined by applicable law. This
Privacy Notice details which Personal Data is collected by us in connection with provision of the Services.
Privacy Notice Key Points
The key points listed below are presented in further detail throughout this Privacy Notice. You can click on the headers in this section in order to find out more information about any
topic. These key points do not substitute the full Privacy Notice.
Personal Data We Collect, Uses and Legal Basis
Sharing the Personal Data We Collect
International Transfer
Your Rights – How to Access and Limit Our Use of Certain Personal Data
Third-Party Applications and Services
Use of Cookies and Similar Technologies.
Security
Data Retention
Communications
Children
Changes to this Notice
Comments and Questions
Personal Data We Collect, Uses and Legal Basis
Depending on your usage, we collect different types of data and we and any of our third-party sub-contractors and service providers use the data we collect for different purposes,
as specified below. It is your voluntary decision whether to provide us with certain Personal Data, but if you refuse to provide such Personal Data we may not be able to provide you
with the Services or part thereof.
Visitors to the Website.
When you visit the Website, we collect the following types of Personal Data from you:
- Contact Information: When you request information from us, or contact us for any other reason, including to book a demo, we will collect any data you
provide, such as your full name, email address, and phone number and the content of your inquiry.How we use this data: To respond to your request or inquiry and to provide you with news, updates, and marketing emails, if you have chosen to receive
such communications.Legal Basis: We process this Personal Data based on performance of a contract when we respond to your inquiry and based on your consent, when
we provide you with newsletters and marketing emails. - Automatically Collected Data: When you visit the Website, we automatically
collect information about your computer or mobile device, including nonPersonal Data such as your operating system, and Personal Data such as IP
address, browser type, domain name, access times, and referring website
addresses. For more information about the cookies and similar technologies
we use and how to adjust your preferences, please see our Cookie Notice.
How we use this data: (1) to review usage and operations, including in an
aggregated non-specific analytical manner, develop new products or
services and improve current content, products, and Services; (2) to prevent
fraud, protect the security of our Website and Services, and address any
problems with the Website and/or Services; (3) to provide you with targeted
offers, and advertising related to our products and Services, based on your
usage history on the Website, on other third-party websites you may visit
and/or use.
Legal Basis: We process this Personal Data based on our legitimate interests
to develop and improve our products and Services, review usage, perform
analytics, prevent fraud, for our recordkeeping and protection of our legal
rights and to market our own products and services. Additional information
regarding direct marketing is provided below.
> Customer Personnel. When you use our Services on behalf of a Customer, we collect
the following types of Personal Data from you:
o Materials You Upload – Any materials including information and/or
documents you may upload through the Services will be processed by us.
How we use this data: To provide you with the Services.
Legal Basis: We process this Personal Data for the purpose of performance
of a contract with you.
Brokers. In the context of providing Services to our Customers, our Customers may ask us to
process certain Personal Data of individuals who are brokers associated with transactions.
We process such Personal Data solely on behalf of our Customers and at their request. For
more information, please contact the applicable Customer, who serves as a controller of this
Personal Data.
Additional Uses
Statistical Information
By analyzing all information we receive, including all information concerning users we may
compile statistical information across a variety of platforms and users (“Statistical
Information”). Statistical Information helps us understand trends and customer needs so
that new products and services can be considered and so that existing products and services
can be tailored to customer desires. Statistical Information is anonymous and aggregated
and we will not link Statistical Information to any Personal Data. We may share such
Statistical Information with our partners, without restriction, on commercial terms that we
can determine in our sole discretion.
Analytics
We and/or our service providers or subcontractors, use analytics tools (“Tools”), including
“Google Analytics” to collect information about the use of the Website. Such Tools collect
information such as how often users visit the Website, what pages they visit when they do
so, and what other sites and mobile applications they used prior to visiting the Website. This
may also include your IP address. We use the information we get from the Tools to improve
our Website. Google’s ability to use and share information collected by Google Analytics
about your visits to this site is restricted by the Google Analytics Terms of Service located
at https://www.google.com/analytics/terms/us.html and the Google Privacy Policy located
at https://www.google.com/policies/privacy/.
Direct Marketing
As described above, we may use Personal Data to let you know about our products and
Services that we believe will be of interest to you. We may contact you by email, telephone,
or through other communication channels. In all cases, we will respect your preferences for
how you would like us to manage marketing activity with respect to you. To protect privacy
rights and to ensure you have control over how we manage marketing with you:
We will take steps to limit direct marketing to a reasonable and proportionate level
and only send you communications which we believe may be of interest or
relevance to you.
You can ask us to stop sending email marketing by following the “unsubscribe” link
you will find on all the email marketing messages we send you. Alternatively, you
can contact us at info@www.cappitech.com.
You can change the way your browser manages cookies, which may be used to
deliver online advertising, by following the settings on your browser as explained in
our Cookie Notice. If our marketing activities are based upon your consent, you may
withdraw this consent at any time.
Sharing the Personal Data We Collect
We share your information, including Personal Data, as follows:
Service Providers, and Subcontractors
We disclose information, including Personal Data we collect from and/or about you, to our
trusted service providers and subcontractors, who have agreed to confidentiality restrictions
and who use such information solely on our behalf in order to: (1) help us provide you with
the Website and/or Services; (2) aid in their understanding of how users are using our
Website and/or Services; (3) for the purpose of direct marketing (see above for more
details).
Such service providers and subcontractors provide us with IT and system administration
services, data backup, security, and storage services, data analysis, and help us serve
advertisements and provide other marketing services.
Business Transfers
Your Personal Data may be disclosed as part of, or during negotiations of, any merger, sale
of company assets or acquisition (including in cases of liquidation) in such case, your
Personal Data shall continue being subject to the provisions of this Privacy Notice.
Law Enforcement Related Disclosure
We may share your Personal Data with third parties: (i) if we believe in good faith that
disclosure is appropriate to protect our or a third party’s rights, property or safety (including
the enforcement of this Privacy Notice); (ii) when required by law, regulation subpoena,
court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is
necessary to comply with any legal and/or regulatory obligation.
International Transfer
We use subcontractors and service providers who are located in countries other than your
own and send them information we receive (including Personal Data). We conduct such
international transfers for the purposes described above. We will ensure that these third
parties will be subject to written agreements ensuring the same level of privacy and data
protection as set forth in this Privacy Notice, including appropriate remedies in the event of
the violation of your data protection rights in such third country.
Whenever we transfer your Personal Data to third parties based outside of the European
Economic Area (“EEA”), we ensure a similar degree of protection is afforded to it by ensuring
at least one of the following safeguards is implemented:
We will only transfer your Personal Data to countries that have been deemed to
provide an adequate level of protection for Personal Data by the European
Commission.
Where we use certain service providers not located in countries with an adequate
level of protection as determined by the European Commission, we may use specific
contracts approved by the European Commission which give Personal Data the same
protection it has in the EEA.
Where we use service providers based in the US, we may transfer Personal Data to
them if they have been certified by the EU-US Privacy Shield, which requires them to
provide similar protection to Personal Data shared between the EU and the US or
any other arrangement which has been approved by the European Commission or
other body having jurisdiction to approve such arrangement.
Please contact us at info@www.cappitech.com if you would like further information on the
specific mechanism used by us when transferring your Personal Data out of the EEA.
Your Rights – How to Access and Limit Our Use of Certain Personal Data
Subject to certain exemptions, and in some cases dependent upon the processing activity we
are undertaking, you have certain rights in relation to the Personal Data that we hold about
you, as detailed below. We will investigate and attempt to resolve complaints and disputes
and make every reasonable effort to honour your wish to exercise your rights as quickly as
possible and, in any event, within the timescales provided by applicable data protection
laws. We reserve the right to ask for reasonable evidence to verify your identity before we
provide you with any information and/or comply with any of your requests, as detailed
below:
Right of Access. You have a right to know what Personal Data we collect about you
and, in some cases, to have such Personal Data communicated to you. Subject to
applicable law, we may charge you with a fee. Please note that we may not be able
to provide you with all the information you request, and, in such case, we will
endeavor to explain to you why.
Right to Data Portability. If the processing is based on your consent or performance
of a contract with you and processing is being carried out by automated means, you
may be entitled to (request that we) provide you or another party with a copy of the
Personal Data you provided to us in a structured, commonly-used, and machinereadable format.
Right to Correct Personal Data. Subject to the limitations in applicable law, you may
request that we update, complete, correct or delete inaccurate, incomplete, or
outdated Personal Data.
Deletion of Personal Data (“Right to Be Forgotten”). You have a right to request
that we delete your Personal Data if either: (i) it is no longer needed for the purpose
for which it was collected, (ii) our processing was based on your consent and you
have withdrawn your consent, (iii) you have successfully exercised your Right to
Object (see below), (iv) processing was unlawful, or (iv) we are required to erase it
for compliance with a legal obligation. We cannot restore information once it has
been deleted. Please note that to ensure that we do not collect any further Personal
Data, you should and clear our cookies from any device where you have accessed
our Website or Services. We may retain certain Personal Data (including following
your request to delete) for audit and record-keeping purposes, or as otherwise
permitted and/or required under applicable law.
Right to Restrict Processing. You can ask us to limit the processing of your Personal
Data if either: (i) you have contested its accuracy and wish us to limit processing
until this is verified; (ii) the processing is unlawful, but you do not wish us to erase
the Personal Data; (iii) it is no longer needed for the purposes for which it was
collected, but we still need it to establish, exercise, or defend of a legal claim; (iv)
you have exercised your Right to Object (below) and we are in the process of
verifying our legitimate grounds for processing. We may continue to use your
Personal Data after a restriction request under certain circumstances.
Direct Marketing Opt Out. You can change your mind at any time about your
election to receive marketing communications from us and/or having your Personal
Data processed for direct marketing purposes. If you do, please notify us by
contacting us at info@www.cappitech.com. We will process your request as soon as
reasonably possible, however it may take a few days for us to update our records
before any opt out is effective.
Right to Object. You can object to any processing of your Personal Data which has
our legitimate interests as its legal basis, if you believe your fundamental rights and
freedoms outweigh our legitimate interests. If you raise an objection, we have an
opportunity to demonstrate that we have compelling legitimate interests which
override your rights and freedoms.
Withdrawal of Consent. You may withdraw your consent in connection with any
processing of your Personal Data based on a previously granted consent. This will
not affect the lawfulness of any processing prior to such withdrawal.
Right to Lodge a Complaint with Your Local Supervisory Authority. You may have
the right to submit a complaint to the relevant supervisory data protection authority
if you have any concerns about how we are processing your Personal Data, though
we ask that as a courtesy you please attempt to resolve any issues with us first.
Third-Party Applications and Services
All use of third-party applications or services is at your own risk and subject to such third
party’s terms and privacy policies.
Use of Cookies and Similar Technologies.
We use cookies and similar technologies on the Website for a number of reasons, including
to help personalize your experience and to personalize the ads we serve you. For more
information about our use of cookies, please see our Cookie Notice.
Security
We have implemented and maintain appropriate technical and organization security
measures, policies and procedures designed to reduce the risk of accidental destruction or
loss, or the unauthorized disclosure or access to Personal Data appropriate to the nature of
such data. The measures we take include:
Safeguards – The physical, electronic, and procedural safeguards we employ to protect your
Personal Data include secure servers, firewalls, antivirus, and SSL encryption of data.
Access Control – We dedicate efforts for a proper management of system entries and limit
access only to authorized personnel on a need to know basis of least privilege rules, review
permissions quarterly, and revoke access immediately after employee termination.
Internal Policies – We maintain and regularly review and update our privacy related and
information security policies.
Personnel – We require new employees to sign non-disclosure agreements according to
applicable law and industry customary practice.
Encryption – We encrypt the data in transit using secure sFTP/HTTPS protocols.
Database Backup – Our databases are backed up on a periodic basis for certain data and are
verified regularly. Backups are encrypted and stored within the production environment to
preserve their confidentiality and integrity, are tested regularly to ensure availability, and
are accessible only by authorized personnel.
However, no method of transmission over the Internet or method of electronic storage is
100% secure. Therefore, while we strive to use commercially acceptable means to protect
your Personal Data, we cannot guarantee its absolute security.
As the security of information depends in part on the security of the computer you use to
communicate with us and the security you use to protect user IDs and passwords, please
take appropriate measures to protect this information.
Data Retention
Subject to applicable law and our (regulatory) obligations, we retain Personal Data as
necessary for the purposes set forth above. We may delete information from our systems
without notice to you once we deem it is no longer necessary for these purposes. Retention
by any of our processors may vary in accordance with the processor’s retention policy.
In some circumstances, we may store your Personal Data for longer periods of time, for
instance where we are required to do so in accordance with legal, regulatory, tax, audit,
accounting requirements and so that we have an accurate record of your dealings with us in
the event of any complaints or challenges, or if we reasonably believe there is a prospect of
litigation relating to your Personal Data or dealings. To determine the appropriate retention
period, we consider the amount, nature, and sensitivity of the Personal Data, the potential
risk of harm from unauthorized use or disclosure of your Personal Data, the purposes for
which we process your Personal Data, and whether those purposes can be achieved through
other means, as well as applicable legal requirements.
Please contact us at info@www.cappitech.com if you would like details regarding the retention
periods for different types of your Personal Data.
Communications
We reserve the right to send you service-related communications, including service
announcements and administrative messages, without offering you the opportunity to opt
out of receiving them. Should you not wish to receive such communications, you may cancel
your account.
Children
We do not knowingly collect Personal Data from children under the age of sixteen (16). In
the event that you become aware that an individual under the age of sixteen (16) has
enrolled without parental permission, please advise us immediately.
Changes to this Notice
We may update this Privacy Notice from time to time to keep it up to date with legal
requirements and the way we operate our business, and we will place any updates on this
webpage. Please come back to this page every now and then to make sure you are familiar
with the latest version. If we make material changes to this Privacy Notice, we will seek to
inform you by notice on our Website or by email.
Comments and Questions
We welcome your comments regarding this Privacy Notice. If you believe that we have not
adhered to this Privacy Notice, or if you wish to exercise any of your rights, please contact us
at 2 HaMenofim St., SeaView Building A, PO Box 12919, Herzliya 4672553, Israel or by email
at: info@www.cappitech.com and we will use commercially reasonable efforts to attend to your
comment, as detailed in this Privacy Notice.
***
Cappitech – Privacy Notice
Ver 3.0 (December 2019)
Cappitech Propriety & Confidential
