Ginger Bit privacy policy
This privacy policy (the “Privacy Policy”) describes how Ginger Bit Technologies Ltd. (the “Company”) treats personal information that it collects or receives from you (the “Users”) through the Ginger Bit website (www.gingerbit.co.il, and any other website operated by the Company), the Ginger Bit application, and the Ginger Bit management platform operated by the Company (alongside any other services provided by the Company, the “Services”; it is clarified that for the purpose of this Privacy Policy, reference to the Services shall mean also the Company websites).
For the purposes of European Economic Area data protection law, and specifically EU’s General Data Protection Regulation (“GDPR”) (the "Data Protection Law"), the Company will usually be a data controller in relation to the Personal Data of our individual customers and prospective customers, our employees and our candidates, our site visitors and contacts at our corporate customers. The Company will usually be a data processor in relation to the Personal Data processed on behalf of our corporate account holders, who will be controllers.
1. No Legal Obligation to Provide Information
For avoidance of doubt, a User is not legally obligated to use any Services provided by the Company, or to disclose any information whatsoever to the Company. However, if a User chooses to use any of the Services provided by the Company, including without limitation use of the Company’s website, application and/or management platform, provision of certain information is a pre-requisite for such use/receipt of the Services.
2. Types of Information Collected
The Company may collect both Personally Identifying Information and Non-Identifiable Information (together “Information”). For the purposes of this Privacy Policy, "Personally Identifying Information" or “Personal Data” shall mean information which is identifiable to you, including without limitation, name, e-mail, phone number, gender, identification numbers, employer name, home and business addresses, profession, telephone numbers, billing information, credit card information, dates of birth, transaction history, bank account and routing numbers, marital and family status, employment background education, occupational licences; information regarding personal preferences, habits, and free time activities, medical information, company details, user ID, password, code and IP (internet Protocol) address, mobile operating system, language preferences; expenses and related data; passport and other ID details, including scans; visa; trip locations and dates, flights, hotels, claims, trip documentations, and medical service preferences; and other personal information provided by the User or User’s employer. "Non-Identifiable Information" shall mean information collected regarding the use of the Services or other interactions with the Company which does not enable identification of an individual User.
3. How Information is Used and on which Legal basis is it processed
In general, the Company will use Information in order to provide and improve its Services, to customize and optimize User experience, and for its other business requirements. We will and meet our contractual, ethical and legal obligations, including for example:
a. To provide the Services;
b. To develop, deliver, and improve the Services;
c. To customize and personalize the Services for each User and to enhance the User experience;
d. To send important notices, such as communications about the Services, and changes to terms, conditions, and policies;
e. To compile statistical information and insights related to performance or use of the Services, and use such statistical information and insights (including without limitation for research purposes or public use in aggregated non identifying form).
f. To evaluate a User’s request for any Services or Third Party Services (as defined below) offered through the Services.
g. To file claims with respect to insurance policies and/or with respect to delayed flights through the Services (to the extent a User has purchased such policies);
h. To produce or compile reports for Users through the Services;
i. For marketing purposes, including without limitation, to send Users information and to alert Users to new developments, promotions, specials, products or services or other activities, announcements, promotions, and newsletters, and to personalize same; and to administer same.
j. To improve, content, and advertising by the Company (including without limitation to identify usage trends and to determine the effectiveness of Company’s promotional campaigns)
k. To contact Users, without limitation with respect to promotional and sales offers;
l. To identify or locate a User using the Services in order to facilitate the other purposes specified in this section;
m. To monitor and analyse information regarding User browsing and viewing preferences and to diagnose problems of the Services;
n. To administer and process payments;
o. For fraud prevention, internal operations, legal compliance, and other public and security related purposes; and
p. To enforce the Subscription Terms and any supplemental terms and/or policies of the Company.
Where we process data as a processor, as described above, we do so on the basis of the legal basis secured by the controller. Where we process data as a controller, we do so as follows:
(i) on the legal basis of performance of contract: we process data necessary for performing our contract and providing our services (points (a) through (h), (l) through (p)), as per GDPR Article 6(1)(b);
(ii) on the legal basis of our legitimate interest in marketing our services (points (i), (j) and (k) as well as (o) and (p) as appropriate), as per GDPR Article 6(1)(b);
(iii) on the legal basis of compliance with a legal obligation, as appropriate (point (o)), as per GDPR Article 6(1)(c).
4. How Information is Collected
The Company may collect Information during User online and offline interactions with the Company and any of its Services, such as, without limitation, when a User registers for the Services or creates an account, by monitoring parameters of a User’s use of the Services with the use of certain tools, when a User communicates with the Company through the Services, by email or otherwise, and when a User applies for, or purchases, Third Party Services through the Services.
We also collect information through website cookies, pixels and similar technologies, which store certain information on your computer or browsing device and which will allow us to identify the computer or device and browser and in some cases to identify them with the user, and to enable automatic activation of certain features, and make your website experience more convenient and effortless. We use different types of cookies: some cookies are strictly necessary, they are required for the operation of our sites and under our terms with you; this includes for example, cookies that enable you to log into secure areas of the Services. We also use analytical and performance monitoring cookies, which allow us to recognize and count the number of visitors and to see how visitors move around our website when they are using it. Finally, we use functionality cookies which are used to recognize you when you return to our Services. This enables us to personalize content to your preferences, including for example, your choice of language or region.
Different cookies are kept for different periods. Session cookies keep track of your activities online in a given browsing session, and usually expire when the browser is closed, though they may be retained for a period on your device. Permanent cookies remain in operation even when you have closed the browser, and are used to remember your login details and password. Third-party cookies, such as for Google Analytics, are installed by third parties with the aim of collecting certain information to research behaviour, demographics. Likewise, pixels from third-parties enable integration of third-party service providers (eg Facebook) which may be embedded on our Services. Third party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings.
We use cookies and other technologies on the basis that they are necessary for the performance of a contract with you, or because using them is in our legitimate interests of improving, optimizing and personalizing our services, and these are not overridden by your rights.
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience on our website(s) will be limited.
How to disable cookies: the effect of disabling cookies depends on which cookies you disable but, in general, the website and some services delivered through it may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here:
Internet Explorer: https://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en
Our website may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies and practices or the content of such sites.
5. Retention and Removal of Information
A User may contact the Company in writing through the address specified below in order to remove certain Information attained from such User, subject to applicable law (removal of Information however may impair or prevent User’s continued use of the Services). Unless requested by a User as aforementioned, Company may retain Information for the duration of User’s use of the Service, and for a period of up to seven (7) years thereafter, but is under no obligation however to retain Information for any given period whatsoever.
6. Sharing Information with Third Parties
User acknowledges that Company makes available for purchase through the Services certain services and offerings of third-parties, and also that Company utilizes certain third party services in order to make its own Services available, such as, without limitation, hosting services for storage of Information. Any services and/or infrastructure of third parties shall be referred to herein as “”.
Company may disclose Information to third parties as follows: (a) to applicable Third Party Services providers as required to provide, develop, improve, support or maintain the Services, or to otherwise facilitate any of Company’s uses permitted hereunder (such as providers of hosting services for storage of User Data stored as part of the Services); (b) to providers of Third Party Services elected to be used/purchased through the Services by User so that such Third Party Services may be provided or applied for; (c) to a successor entity of Company by way of merger or acquisition of Company’s applicable assets (for any use permitted hereunder), provided such successor entity will be bound by the requirements of this Privacy Policy with respect to its use of such Information; and (d) to our affiliate company Ginger Insurance Agency Ltd. as necessary for fulfillment of the Services. The third parties which may receive Information include, without limitation, he following: cloud computing providers (eg. Microsoft Azure); database service providers (eg. MongoDB); insurance policy providers (eg. Migdal insurance and Financial Holdings Ltd., Shirbit Insurance Compan); business lounge voucher services (eg. Collinson Service Solutions Limited); delayed flights or cancellation claims services (eg. Airhelp Limited); software and app development and maintenance services (eg. Sela Software Labs Ltd); and medical insurance claims processing and support (eg. G.C.A.M.A Ltd.).
In addition, we will disclose your personal data to third parties if some or all of our companies or assets are acquired by a third party including by way of a merger, share acquisition, asset purchase or any similar transaction, in which case personal data may be one of the transferred assets.
Company reserves the right to disclose any gathered information as required by law and when Company believes that such disclosure is necessary to protect its rights, the integrity of the Services, Company's systems and technology, and/or to comply with a judicial proceeding, court order, or legal process served in connection with the Services.
For avoidance of doubt, the Company may transfer and disclose non-personal data to third parties at its own discretion.
7. Protection of Information
Company is committed to protect the security of its Users’ Information and takes commercially reasonable measures to assure information security. However, no method of internet transmission or electronic storage is 100% secure and Company cannot guarantee the Information’s absolute security.
8. Where We Store Your Data
We store your Personal Data in in reputable cloud storage and processing providers such as Microsoft Azure and MongoDB. We may in the future also keep Personal Data in servers which will be owned or controlled by Company, or processed by third parties on behalf of Company, by reputable computing and cloud-service providers in Israel or in the EU, or elsewhere, including use of cloud-service providers with servers located in the US; see the following section regarding international data transfers.
9. International Transfers
We transfer personal data outside of the EU/EEA, to Israel, a country outside the European Economic Area (EEA) recognized by the EU as having adequate Data protection laws. We also transfer data to the USA or elsewhere, and where the transfer is not occasional, we do so based on EU standard contractual clauses, or an adequacy ruling including Privacy Shield.
We may transfer your Personal Data outside of the EEA, in order to:
-
Store, process or backup the Information;
-
enable us to provide you with the services and fulfil our contract with you;
-
fulfill any legal, audit, ethical or compliance obligations which require us to make that transfer;
-
facilitate the operation of our business, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
-
to serve our Users across multiple jurisdictions; and
-
to operate our company in an efficient and optimal manner.
10. Updating and Reviewing User Information
Users and/or Users’ employers, are responsible for keeping their information current and up-to-date. Users may update their information by modifying their account, or contacting the Company in the manner specified herein. The Company will use reasonable efforts to process any change made by a User. User acknowledges however that deletion of Information may result in failure to provide User with access or use of the Services, or alternately may impair the Services.
11. Licenced Data Bases
The Information retained by the Company is collected and retained in data bases licensed by the Israeli Privacy Protection Authority of the Ministry of Justice (license numbers 700064444 and 700063215).
12. Data Subject Rights
Data subjects with respect to whose data GDPR applies, have rights under GDPR and local laws, including, in different circumstances, rights to data portability, rights to access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where personal data is provided by a User and / employer, such data subject rights will have to be effected through that User and/or employer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of the Company employees and staff, with the Company proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified by data subjects. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects generally have a right to withdraw their consent.
If, for any reason, a data subject wishes to modify, delete or retrieve their Personal Data, they may do so, in the first instance, by accessing their account, or having their employer access their account, to make the necessary modifications. Failing that they may contact the Company (privacy@gingerbit.co.il). Note that the Company will have to undertake a process to identify a data subject exercising their rights. The Company keeps details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information will continue to be used by the Company.
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory authority in the place of their habitual residence. If the supervisory authority fails to deal with a complaint you may have the right to an effective judicial remedy.
Where the Company is a Processor, any data subject rights may be exercised only through the relevant Controller (generally, the User’s employer).
13. Contact
You may contact Company’s Data Protection Officer by E-mail to the following address: privacy@gingerbit.co.il.
14. Amendments
Company may change the terms of this Privacy Policy by posting new terms, with immediate effect.
Last updated: March 24, 2020.