WEBSITE CONFIDENTIALITY POLICY
Annex № 2 to
User Agreement
The Personal Data Confidentiality Policy (hereinafter referred to as the Confidentiality Policy) applies to all information posted on the website in the Internet at: https://ghrs-group.com (hereinafter referred to as the Site), which can be obtained by the Personal Account Administrator (PA Administrator) and אנרי אהרונוב / GHRS Group about any User while using the Site, its services, programs and products.
The use of the Site services implies the User’s unconditional consent to the Policy and the terms for processing his personal information specified therein; in case of disagreement with the terms, any User should refrain from using the services
1. GENERAL PROVISIONS
1.1. 1.1. The Policy implies the User’s personal information as:
1.1.1. Personal information that any User provides about himself/herself when registering (completing the registration form) or while using the Services, including the User’s personal data, including:
- last name, first name, patronymic (if any);
- the number of the main document proving the User’s identity, the issue date of the specified document and the issuing authority (only if his representative acts on behalf of the User);
- gender, age;
- date and place of birth;
- phone number (cell);
- email address;
- bank card details;
- if the representative acts on behalf of the User, then the last name, first name, patronymic (if any) of the representative, the details of the power of attorney or other document confirming the authority of this representative, the number of the main identity document of the User’s representative, the issue date of the specified document and the issuing authority (upon receipt of consent from the representative - the subject of his personal data by ticking the box in a special field next to the link to the text of the Representative’s Consent opposite the phrase: “The Representative has read the Consent to personal data processing”).
The information required for the provision of the Services is marked in a special way in the registration form. Other information is provided by the User at his discretion.
1.1.2. Data that is automatically transmitted to the Site services while being used with the software installed on the User’s device, including the IP address, cookie files, information about the User’s browser (or another program that accesses the services), technical characteristics of the equipment and software used by the User, date and time of access to the services, addresses of the requested pages and other similar information.
1.1.3. Other User information, which is processed under the User Agreement.
1.1.4. The Confidentiality policy applies only to the Site: https://ghrs-group.com/. Site https://ghrs-group.com/ does not control and is not liable for third-party sites to which any User can come by the links available in Site https://ghrs-group.com/.
2. AIMS OF PROCESSING OF USER PERSONAL INFORMATION
2.1. The Site (hereinafter referred to as the Site or the Site Administrator) collects and stores only the personal information that is necessary for the provision of services or the execution of User agreements and contracts, except the cases when the law provides obligatory storage of personal information for a period specified by the law.
2.2. The Site processes the User’s personal information for the following purposes:
2.2.1. Identification of the User who has completed the registration form for the PA generation in order to access the Site materials and services.
2.2.2. Providing the User with access to personalized Site resources.
2.2.3. Establishing feedback with the User, including sending notifications, requests, information regarding the use of the PA and the Site, providing services for access to the Site materials and services, processing requests and applications from the User.
2.2.4. Determination of the User’s location to ensure security, prevent fraud.
2.2.5. Confirmation of the reliability and completeness of personal data provided by the User.
2.2.6. Account generation to access the Site materials and services if the User has agreed to generate an account.
2.2.7. Provision of the User with efficient customer and technical support if there are problems related to the Site use.
2.2.8. Improvement of the quality of the PA work, convenience of the use, development of new services.
2.2.9. Provision of the User with personalized services.
2.2.10. Implementation of advertising activities with the User’s consent.
3. TERMS OF PROCESSING USER PERSONAL INFORMATION AND ITS TRANSFER TO THIRD PARTIES
3.1. The Site Administrator keeps personal information of Users in accordance with the internal regulations of certain services.
3.2. With regard to the User’s personal information, its confidentiality is maintained, except in cases when the User voluntarily provides information about himself for general access to an unlimited number of persons.
3.3. The site has the right to transfer the User’s personal information to third parties in the following cases:
3.3.1. The user has agreed to such actions.
3.3.2. The transfer is necessary for the User to use a certain service or to fulfill a certain agreement or contract with the User.
3.3.4. The transfer is provided by the Israeli or other applicable legislation as part of the procedure established by law.
3.3.5. In the event of the Site sale, all obligations to comply with the terms of the Policy in relation to the personal information received are transferred to the acquirer.
3.4. The User’s personal data is processed during the validity period of the User’s Consent to personal data processing, which is Annex №. 1 to the User Agreement, by any legal way, including personal data information systems using or not using automation tools. The User’s personal data is processed in accordance with the legislation of Israel.
3.5. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
3.6. The Site Administration takes the necessary organizational and technical measures to protect the User’s personal information from unauthorized or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
3.7. The Site Administration, together with the User, takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s personal data.
4. OBLIGATIONS OF THE PARTIES
4.1. The User is obliged to:
4.1.1. Provide information about personal data required to use the Site.
4.1.2. Update, supplement the provided information about personal data in case of changes in this information.
4.2. The Site Administration is obliged to:
4.2.1. Use the information received solely for the purposes specified in this Confidentiality Policy.
4.2.2. Ensure that confidential information is kept secret, not disclosed without the prior written permission of the User, and also not to sell, exchange, publish or disclose in other possible ways the transferred personal data of the User, except as provided for in this Confidentiality Policy.
4.2.3. Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure commonly used to protect this kind of information in existing business transactions.
4.2.4. Block personal data related to the corresponding User from the moment of the application or request of the User or his legal representative or the authorized agency for the protection of the rights of subjects of personal data for the period of verification in case of identification of inaccurate personal data or illegal actions.
5. LIABILITY OF THE PARTIES
5.1. The Site Administration, which has not fulfilled its obligations, is liable for losses incurred by the User in connection with the misuse of personal data, in accordance with the legislation of Israel.
5.2. In case of loss or disclosure of confidential information, the Site Administration is not responsible if this confidential information:
5.2.1. Has become publicly known before its loss or disclosure.
5.2.2. Has been was received from a third party before it is obtained by the Site Administration.
5.2.3. Has been disclosed with the consent of the User.
6. DISPUTE RESOLUTION
6.1. Before applying to the court with a claim for disputes arising from the relations between the Site User and the Site Administration, a claim (a written proposal for a voluntary settlement of the dispute) shall be submitted.
6.2. The recipient of the claim within 20 (twenty) calendar days from the date of the claim receipt shall notify the claimant in writing of the results of the claim consideration.
6.3. If an agreement is not reached, the dispute is referred to the court in accordance with the current legislation of Israel.
6.4. The current legislation of Israel applies to the Confidentiality Policy and the relationship between the User and the Site Administration.
7. BLOCKING, CLARIFICATION, TERMINATION OF PROCESSING PERSONAL DATA. PROVISION OF INFORMATION
7.1. The Administrator (Operator) is obliged to block personal data or ensure blocking (if it is processed by another person acting on behalf of the Administrator) if:
- unlawful processing of such data has been found. The data is blocked for the verification period from the moment of application of the subject of personal data (his representative) or at the request of the subject of personal data (his representative) or the authorized state body of Israel;
- inaccurate personal data has been identified. It is blocked for the verification period from the moment of application of the subject of personal data (his representative) or at the request of the subject of personal data (his representative) or the authorized state body of Israel, if such blocking does not violate the rights and legitimate interests of the subject of personal data or third parties.
7.2. If it is confirmed that the personal data is inaccurate, the Administrator (Operator), on the basis of the information provided by the subject of personal data (his representative) or the authorized state body of Israel, or other necessary documents, should clarify the data or provide clarification (if the personal data is processed by another person acting on behalf of the operator) within seven working days from the date of submission of such information and remove the blocking of personal data.
At the same time, the Administrator (Operator) is obliged to notify the subject of personal data (his representative) about the changes made and the measures taken, and take reasonable measures to notify third parties to whom such personal data has been transferred.
7.3. At the request or application of an individual (his representative) who has the right to receive information regarding the personal data processing, the Administrator (Operator) should provide the information (his representative) within 10 working days from the date of application or receipt of the request by the operator. The specified period may be extended if a reasoned notification of the reasons for such an extension is sent, but not more than five working days.
In addition, the Administrator (Operator) should, in accordance with the procedure provided in Article 14 of the Law on Personal Data, inform the subject of personal data (his representative) about the availability of personal data related to him, as well as provide an opportunity to review the data when the subject (his representative) applies or within 10 working days from the date of receipt of the corresponding request. This period may be extended in the case of sending a motivated notification of reasons for such an extension, but not more than five working days.
In case of refusal to provide information on the availability of personal data about the corresponding subject of personal data or personal data to the subject of personal data or his representative when they apply or upon receipt of a request from the subject of personal data or his representative, the Administrator (Operator) is obliged to give a motivated response in writing containing a reference to the provision the Law on Personal Data or other federal law, which is the basis for such a refusal, within a period not exceeding ten working days from the date of the request of the subject of personal data or his representative or from the date of receipt of the request of the subject of personal data or his representative. The specified period may be extended, but not more than five working days if the operator sends a motivated notification to the subject of personal data indicating the reasons for extension of the deadline for the provision of the requested information.
At the request of the authorized state body of Israel, the Administrator (Operator) should provide the necessary information within 10 working days from the date of its receipt. This period may be extended if a motivated notification of the reasons for the extension is sent, but not more than five working days.
The Administrator (Operator) should provide the subject of personal data (his representative) with the opportunity to review personal data related to the subject of personal data free of charge.
7.4. The Administrator (Operator) should stop processing personal data in the following cases:
7.4.1. If it is found that the data is processed unlawfully, within a period of not more than three working days from the date of the identification, stop processing of personal data or ensure its termination by a person acting on behalf of the Administrator.
7.4.2. At the request of the subject of personal data, immediately stop processing his data, if it is carried out to promote goods, works, services on the market through direct contacts with a potential consumer using means of communication, as well as for the purpose of political campaigning.
If it is impossible to ensure the legality of the processing of personal data, within a period of not more than 10 working days from the date of identification of unlawful processing of personal data, destroy such personal data or ensure their destruction by a person acting on behalf of the Administrator).
The Administrator notifies the individual (his representative) of the elimination of violations or the destruction of personal data, as well as the authorized state body of Israel, if an appeal (request) is received from the agency.
7.4.3. If the purposes of processing personal data are achieved, the Administrator (Operator), as a general rule, should stop processing personal data or ensure its termination (if the personal data is processed by another person acting on behalf of the operator) and destroy personal data or ensure their destruction (if the personal data is processed by another person acting on behalf of the operator) within a period not exceeding 30 days from the date of achievement of the purposes of personal data processing.
7.4.4. If the subject of personal data has withdrawn consent to the processing of his personal data, the Administrator (Operator), as a general rule, should stop processing the data or ensure the termination of such processing (if the personal data is processed by another person acting on your behalf). If, at the same time, the storage of personal data is no longer required for the purposes of processing personal data, the Administrator (Operator), as a general rule, should destroy such data or ensure their destruction (if the personal data is processed by another person acting on behalf of the operator) within a period not exceeding 30 days from the date of receipt of the withdrawal.
7.4.5. If the subject of personal data has applied to the Administrator (Operator) with a request to stop processing personal data, the Administrator (Operator) is obliged, within 10 working days from the date of receipt of the request, to stop it or ensure its termination (if the data is processed by another person), except as provided in the Law on Personal Data. The specified period may be extended if a motivated notification of the reasons for such an extension is sent, but not more than five working days.
7.4.6. If the subject of personal data has sent a request to stop processing data allowed for distribution, the Administrator (Operator) stops transferring, distributing, providing such data, access to them. The consent of this subject to the processing of his personal data allowed for distribution is terminated from the moment of receipt of this request.
If it is impossible to destroy personal data within the established period, the Administrator (Operator) should block personal data or ensure their blocking (if the personal data is processed by another person acting on behalf of him) and ensure the destruction of data within a period of not more than six months. A different period may be established by federal laws.
8. ADDITIONAL TERMS AND CONDITIONS
8.1. The Site Administration has the right to make changes to this Confidentiality Policy without the consent of the User.
8.2. The new Confidentiality Policy comes into force from the moment it is posted in the Site information system in the Internet, unless otherwise provided by the new version of the Confidentiality Policy.
If the User does not agree with the changes made, he is obliged to refuse access to the Site, stop using the Site materials and services. The User’s continued use of the PA after posting a new version of the Confidentiality Policy means the User’s acceptance and consent to such changes and/or additions.
8.3. Any suggestions or questions about this Confidentiality Policy should be reported to the Site Administrator in the Personal Account.
8.4. The current Confidentiality Policy is posted on the page at: https://ghrs-group.com/.
8.5. This Confidentiality Policy is an integral part of the User Agreement posted on the page at: https://ghrs-group.com/.