Privacy Policy

Last modified: September 2023

Introduction

Supree Zanim Ltd. and its affiliates and subsidiaries globally (referred to interchangeably herein as “Supree”, “we”, “our” or “us”) may collect certain information based upon and as a result of your use of Supree’s website http://www.supree.co, its subdomains and its related features and in connection with our products and/or services (“Website”, and collectively with our products and/or services – the “Services”).

Supree is dedicated to protecting your privacy rights and making our practices regarding your personal data more transparent and fair. This Privacy Policy (“Policy”) was designed to help you understand the information we collect, store, use and share, and it applies whenever you visit our Website, use or interact with our Services, or otherwise access or use any of our Services.

Specifically, our Policy addresses the following –

  1. What types of data we collect?
  2. Tracking Technologies
  3. Why we process your Personal Data, and under what legal bases?
  4. With whom we share your data?
  5. Your rights
  6. Transfer of data outside the EU
  7. California residents
  8. Linked Websites
  9. How we protect your data?
  10. Retention
  11. Updates to this Policy
  12. Controlling Version
  13. Miscellaneous
  14. Contact Us

We encourage you to read this Policy and make sure that you fully understand and agree to it. If you do not agree to this Policy, please discontinue and avoid using our Services.

You are not legally required to provide us with any Personal Data (as defined below), but without it we will not be able to provide you with the full range or with the best experience of using our Services.

This Policy is integrated into and forms part of the Supree Terms of Service.

  1. What types of data we collect?

We collect two types of data from you: Personal Data (“Personal Data“) and non-Personal Data. Personal Data means any information which may potentially allow your identification with reasonable means (for example, email address or name). Non-Personal Data, by contrast, can be defined as any information that does not relate to an identified or identifiable natural person. This may include, for example, your aggregated usage information and technical information transmitted by your device (e.g. the device you use, the type of browser and operating system your device uses, language preference, access time, etc.). This section sets out how and when we collect those types of data from you.

  • Account Information. When you sign up to our Services, we collect your full name, email address, company’s name and company’s address.
  • Usage Information. When you use our Services, we collect technical information about your interaction with our Services. Such information may include IP address, unique identifiers (e.g. MAC address) as well as other information which relates to your activity in the Services.
  • Communication Information. When you send us an email or contact us via the support in our P Website, we collect the Personal Data you provide us. This may include your name, email address and any other information you choose to provide.
  1. Tracking Technologies

When you visit or access our Services, we use cookies, pixels, beacons, local storage and similar technologies (“Tracking Technologies“). These allow us to automatically collect information about you, your device, and your online behavior, in order to enhance your navigation in our Services, improve our Service’s performance, and perform analytics.

  1. Why we process your Personal Data, and under what legal bases?

This section explains for what purposes we use your Personal Data and outlines the legal bases that underlies our usage.

 

Purpose Legal Basis
Provision of our Services; support. We use your Personal Data, such as your name, and email address, for consumer services purposes. This includes, for example, responding to your inquiries. The legal bases for processing this data are the performance of our contractual towards you; your consent (for example, when you provide Personal Data); compliance with our legal obligations; and our legitimate interests. Our legitimate interests in this case are providing you with access to Deliverables and analyzations of your data while enforcing our policies and protecting from misuse of our Services.
Transactions. We collect from our third-party payment processors certain non-financial Personal Data related to the purchase, such as your name, billing address, e-mail address and the items purchased, in order to fulfil your transactions and for our accounting purposes. The legal bases for processing this data are the performance of our contractual obligations; and compliance with legal obligations to which we are subject.
Improve our Services. We collect and analyse information about you and your usage of our Services to improve the usability and effectiveness of our Services. The legal bases for processing this data are our legitimate interests, in this case – providing and improving our Services.
Marketing. We may use certain contact information, such as your email address, to deliver marketing communications (e.g. new features, events and promotions). The legal basis for processing this data are your consent (when required).
Compliance with applicable laws. We may be required to collect, retain, or share your Personal Data, under applicable laws.

 

  1. With whom we share your data?

We may share your Personal Data as described below:

  • Affiliated companies: we may share Personal Data internally within our family of companies, for the purposes described in this Policy.
  • Service providers: we work with service providers that work on our behalf that may need access to certain personal data in order to provide their services to us. These companies include those we have hired to provide various services, such as cloud storage vendors.
  • Compliance with laws and law enforcement entities: we may disclose any data about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal procedures (including but not limited to subpoenas), to protect our or a third party’s property and rights, to protect the safety of the public or any person, or to prevent or stop any activity we may consider to be, or to pose a risk of being, illegal, unethical, inappropriate or legally actionable. We also may be required to disclose an individual’s Personal Data in response to a lawful request by public authorities, including meeting national security or law enforcement requirements. We will only disclose the minimum amount of Personal Data that is required for compliance with such legal requirements.
  • Auditors and advisers: we may share your data with our external auditors, advisors and professional service providers (e.g. lawyers, accountants, insurers etc.) for the purpose of ensuring our compliance with regulatory requirements and industry standards.
  • Mergers and acquisitions: we may share your data if we enter into a business transaction such as a merger, acquisition, reorganization, bankruptcy, or sale of some or all of our assets. Any party that acquires our assets as part of such a transaction may continue to use your data in accordance with the terms of this Policy. If we believe that such change in control might materially affect your Personal Data then stored with us, we will notify you of this event and the choices you may have via e-mail and/or prominent notice on our Services.
  1. Your rights

This section addresses the specific rights applying to residents of the EU or residents of other jurisdictions that grant the below rights.

You may request to:

  • 1.Receive confirmation as to whether or not Personal Data concerning you is being processed, and access your stored Personal Data, together with supplementary information.
  • 2.Receive a copy of Personal Data you directly volunteer to us in a structured, commonly used and machine-readable format.
  • 3.Request rectification of your Personal Data that is in our control.
  • 4.Request erasure of your Personal Data.
  • 5.Object to the processing of Personal Data by us.
  • 6.Request to restrict processing of your Personal Data by us.

Please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements. Users, including those outside the EU, are welcome to contact us for any questions or requests through our contact details below.

We will make an effort to reply within a reasonable timeframe. Please feel free to reach out to us at any time via the following email address: [email protected]. If you are unsatisfied with our response, you can lodge a complaint with the applicable data protection supervisory authority.

  1. Transfer of data outside the EU

Any information that we collect (including your Personal Data) may be stored and processed in various jurisdictions around the world, for the purposes detailed in this Policy. However, we will only transfer your data to data recipients (i) located in the European Economic Area (the “EEA”), (ii) located in non-EEA countries which have been approved by the European Commission as providing adequate level of data protection, or (iii) who entered into legal agreements or other applicable legal mechanisms ensuring an adequate level of data protection.

  1. California residents

This part of the Policy addresses the specific disclosure requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1798.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (collectively: “CCPA“).

  • Collection of Personal Data

In the preceding twelve (12) months, we have collected the following categories of Personal Data:

Category Personal Data Collected Sources Purpose for Collection
A. Identifiers Full name, email address, IP address, device and operating system information. · Information you provided with us;

· Information we collected automatically from you.

· Providing our Services (for example, facilitating your registration);

· Consumer services (for example, answering your inquiries);

· Maintaining compliance with applicable laws.

B. Customer records Name, email address, company’s name and address. · Information you provided with us;

 

· Providing our Services (for example, facilitating your registration);

· Facilitating payments.

C. Commercial information Transaction information and records. · Information you provided with us;

· Information collected from third parties.

· Providing, improving, and tailoring our Services;

· Marketing and advertising.

D. Geolocation data IP address. · Providing and improving the Services.
E. Electronic network activity. Interaction with the Services. · Tailoring and improving our Services.
  • Sharing Personal Data

We disclose your Personal Data to third parties for a business purposes. When we disclose Personal Data for a business purpose, we enter into a contract that describes the purpose and requires both parties to keep that Personal Data confidential and not use it for any purpose except in the performance of the contract.

In the preceding twelve (12) months, we have disclosed the above-mentioned categories of Personal Data with our affiliates and the services providers described in Section ‎4 above for business purposes.

  • Selling Personal Data

We do not sell (as this term is defined under the CCPA) any Personal Information.

We may share or transfer Personal Data to third parties as assets that are part of a merger, acquisition, bankruptcy or other transaction in which the third party assumes control of all or part of Supree. Such transfer shall not be regarded as a sale of Personal Information under the CCPA.

  • User Rights under the CCPA

The CCPA provides consumers with specific rights regarding their Personal Data. This section describes your CCPA rights and explains how to exercise those rights.

Access to Personal Data

You may request that we disclose to you the categories and specific pieces of Personal Data that we have collected about you, the categories of sources from which your Personal Data is collected, the business or commercial purpose for collecting your Personal Data, the categories of Personal Data that we disclosed for a business purpose, any categories of Personal Data about you that we sold, the categories of third-parties with whom we have shared your Personal Data, and the business or commercial purpose for selling your Personal Data, if applicable.

Deletion Requests

You have the right to submit a verifiable consumer request that we delete Personal Data collected from you and retained

Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers, subcontractors, and consultants to delete) your Personal Data, unless an exception applies.

Right to Opt-Out of the Sale of Personal Data

In the event that we sell your Personal Data, you have the right to submit a request to opt-out of the sale of your Personal Data, via the contact information below. You may change your decision at any time and permit us to sell your Personal Data.

After you opt-out, we may continue to share some Personal Data with our partners (who will function as our service providers in such instance) to help us perform business-related functions such as, but not limited to, providing the Services, ensuring that the Services is working correctly and securely, providing aggregate statistics and analytics and preventing frauds.

Exercising Your Rights

You can exercise your rights by submitting a verifiable consumer request to our email address: [email protected].

Only you or a person authorized to act on your behalf may make a consumer request related to your Personal Data.

The request must:

  • Provide sufficient information to allow us to reasonably verify you are the person about whom we collected Personal Data or an authorized representative.
  • Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it.
  • We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. We cannot respond to your request or provide you with Personal Data if we cannot verify your identity or authority to make the request and confirm the Personal Data relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request. We will only use Personal Data provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

You may only request a copy of your data twice within a 12-month period.

If you have any questions about the Personal Data that we collect about you how we use it, please contact us through the contact information provided below.

Response Timing and Format

Our goal is to respond to a verifiable consumer request within 45 days of its receipt. If we require more time, we will inform you of the reason and extension period in writing within the first 45 days period. We will deliver our written response, by mail or electronically, at your option. Any disclosures we provide will cover only the 12-month period preceding the request. If reasonably possible, we will provide your Personal Data in a format that is readily useable and should allow you to transmit the information without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

In case of rejection, the response we provide will explain the reasons for which we cannot comply with your request.

Please note that these CCPA rights are not absolute and requests are subject to any applicable legal requirements, including legal and ethical reporting or document retention obligations.

Designating Agents

You can designate an authorized agent to make a request under the CCPA on your behalf if:

  • The authorized agent is a natural person or a business entity registered with the Secretary of State of California; and
  • You sign a written declaration that you authorize the authorized agent to act on your behalf.

If you use an authorized agent to submit a request to exercise your right to know or your right to request deletion, please mail a certified copy of your written declaration authorizing the authorized agent to act on your behalf using the contact information below.

If you provide an authorized agent with power of attorney pursuant to Probate Code sections 4000 to 4465, it may not be necessary to perform these steps and we will respond to any request from such authorized agent in accordance with the CCPA.

  1. Linked Websites

This Policy does not apply to any third party websites linked from the Website or that may provide links to the Website. Any use of such third party websites shall be governed by the privacy policies and other policies of such other websites, and Supree accepts no responsibility for the privacy and/or security of any information you may submit to any third party websites.

  1. How we protect your data?

We have implemented administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of your Personal Data. While we seek to protect your information to ensure that it is kept confidential, we cannot guarantee the security of any information. You should be aware that there is always some risk involved in transmitting information over the internet. If you feel that your privacy was treated not in accordance with our Policy, or if any person attempted to abuse the Services or acted in an inappropriate manner, please contact us directly via our contact details available below.

  1. Retention

We will retain your Personal Data for as long as necessary to provide our Services, and as necessary to comply with our legal obligations, resolve disputes, and enforce our policies. Retention periods will be determined to take into account the type of information that is collected and the purpose for which it is collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

  1. Updates to this Policy

We reserve the right to change this Policy at any time. The most current version will always be posted on our Website. You are advised to check for updates regularly. By continuing to access or use our Services after any revisions become effective, you agree to be bound by the updated Policy.

  1. Controlling Version

The Privacy Policy has been drafted in the English language, which is the original and controlling version of this Privacy Policy.

  1. Miscellaneous

This Policy will be governed by and construed in accordance with the laws of Israel. The competent courts in Tel-Aviv shall have exclusive jurisdiction to adjudicate any dispute arising out of this Policy.

  1. Contact Us

If you have any further questions, please contact us by email at: [email protected].

Supree Zanim Ltd.