Information Security and Privacy Protection Policy, Privacy Protection (Data Security) Regulations, 2017
ServiceWise Business Applications Ltd. (hereinafter, “the Company”) is a Gold Cloud Alliance Partner of Salesforce.com. It specializes in consulting for & implementation of Salesforce CRM and Force.com based business applications for organizations of varying sizes and multiple industry verticals.
Given that the Company respects the privacy of its customers and users, it has decided to publish its policy regarding the protection of privacy, and it makes a commitment to implement it.
This document defines the Company’s policy concerning the protection of the privacy of its customers, suppliers, and employees, and it also contains the Company’s commitment to implement this policy. The document shall present the Company’s relationship to the data subjects’ privacy and the way in which the Company makes use of the information they deliver to it, all of this out of social recognition of the importance of protecting privacy and as required by the laws of the State of Israel.
As part of complying with the Company’s commitments toward its customers, the Company and/or its employees may collect and/or process “personal information” (as defined by the Protection of Privacy Law) for the customers. This document constitutes a binding guideline for all Company employees in the context of information security and privacy protection and is not intended to detract from the Company’s information security procedure but only to add to it.
This Policy Document is written in male form for reasons of convenience only and is intended for both women and men.
You are under no legal obligation to deliver information to the Company; however, if you refuse to deliver information to us, we may not be able to provide you with service.
- Types of Information
The Company markets and supplies a range of services that also include information processing services such as Salesforce Multi-Cloud solutions implementations, etc.; the entire range of services will be hereafter called “the Services”). The Services are provided by the Company and/or by third parties. Within this framework, the Company collects, holds, and processes different items of information about its customers. This information may change in accordance with the provided services and products.
- Information Collection:
The Company collects information directly from the customer, the uses, and from third parties. For example:
Information supplied by you – the Company shall collect the information you deliver about yourself and others among other things on the date of joining or purchase of products and services and as part of an interest in said engagement, during use of the services, requests made to customer services, participation in surveys and promotions, and by any other means that the customer chooses to use to provide the Companywith information.
The Company is not responsible in any way whatsoever for the distortion of customer information (all or part of it) delivered on the website and/or for failure to receive a request, to respond to a request, for any delay in responding to a request, and/or for nonreceipt of sufficient information on the website.
By uploading user information onto the website, the customer represents, warrants, and agrees as follows:
The customer information you shall deliver on the website (if and to the extent that you deliver it) is true, correct, and belongs to you.
In accordance with Section 11 of the Protection of Privacy Law, 1981 (hereinafter, “the Protection of Privacy Law”), you are aware that you are under no legal obligation to deliver to the Company the information and/or any other information or item of data on the website, and that the delivery of information and/or any other information or item of data is done in accordance with your own free will. Nevertheless, you are aware that without delivering contact details the Company will not be able to contact you in order to deliver details to you and/or to provide you with a response concerning a request you made of it.
You are aware and hereby provide your informed consent that the information shall be kept on the Company’s information database/s, and that the Company shall be entitled to make use of information delivered by the user on the website for the following purposes detailed below.
Information collected automatically – when you join or use the services, including on the Company’s website and the applications, information about you is collected automatically by the Company’s and third parties’ systems involved in supplying the services.
Information received from third parties – the Company receives information about you from third parties such as credit rating agencies, state authorities, other communications companies, subcontractors and outsourcing providers, surveyors, and marketing consultants, any legal source that allows the delivery of information, legal databases, public information, and any other information that you agreed to transmit to the Company. Subject to your privacy settings, the Company may receive information that you uploaded or was uploaded about you to the Internet or social media, as well as information from operators of social media in which you have an account. We may process the information kept at our databases and cross-check it with information received from third parties.
- Use of the Information:
The information the Company collects is used for a range of purposes. Among others, to supply you and others with services, to individually adapt the services, to analyze, manage, develop, make more efficient, and improve the services, systems, service, and marketing to all or part of the customers, in order to communicate with the customers about different issues (including by direct mail), to process the information according to the needs of the customer, the Company, or of third parties, to comply with any legal requirement, and to protect the Company’s legitimate interests. Among other things, we shall use the information for the following purposes (the separation into subsections is for convenience purposes only):
Current operations, supply of services, marketing, and building dedicated offers, including:
Supplying services, operating them, and adapting them to your needs and characteristics, including the provision of recommendations.
Billing, preparing and issuing invoices, and collecting money for services rendered to you by the Company or by third parties, and also checking credit and financial rating.
Communication with clients, marketing, and advertising, including:
Providing service and executing marketing, sales, and retention activities
Carrying out management, control, and improvement activities for all the Company’s systems
Supervising and monitoring the scope and mode of use of the different services
Processing and analyzing the information, including the use of advanced information analysis tools regarding the use of services by Company customers and others.
For purposes of documentation, training, and control of the nature and quality of the services and in order to prevent fraud and misuse. Implementation of procedures and policies, such as recordings, book audits, information security, billing and collection, business continuity and recovery from disaster, as well as keeping of records and documents.
Lawful use of third party databases, including databases of official authorities that the Company is entitled to use for purposes of verifying and improving the personal information at its disposal
Prevention of fraud, information security, and actions of feigned innocence, including:
Carrying out control and information security activities for different purposes including protecting personal and commercial information, protecting the systems against attacks and abuse, and ensuring the proper operation of the systems
Locating, preventing, and handling cases of theft, fraud, actions not in accordance with Company procedures, misuse, unlawful activities, and activities prohibited under the engagement agreement, including identifying cases and activities that show unusual or different patterns
Executing processing activities to make personal information appear innocent, including anonymization, pseudonymization, and aggradation of information for purposes of analysis, marketing research, and development (for the benefit of the Company and third parties), and control
For purposes of your verification and identification
Legal goals, including:
Complying with legal requirements, including keeping records and carrying out actions that the Company is required by law to execute, including requests of foreign authorities if the Company believes that it should comply with the request
Delivering information to competent authorities (such as government and law enforcing authorities)
Delivering information as per governmental and judicial orders (in all types of proceedings)
Protecting the legitimate interests and the legal rights of the Company and of others, including settlement of accounts, protection against legal actions, and enforcement of agreements
Handling requests to review information and to amend it if needed
Transfer of information to subcontractors, authorities, other communications companies, and other parties:
We may transfer the information about you or part of it to entities in the Company, to related corporations, and to third parties (in Israel and abroad) in order to achieve the goals permitted to us, by law, in accordance with your authorization, or as per this Policy Document. We undertake to take the necessary steps to ensure that a third party that receives information commits itself to protect it as required according to the type of information transferred and the purpose of the transfer.
Mergers transfer of business and assignment of rights:
Law enforcement authorities, legal proceedings, judicial orders, and according to legal authority including:
The Company shall transfer information about you to the State’s authorities, or to any other person or entity when the transfer of information is executed under a lawful obligation or authority or in accordance to the instructions of an competent authority, or by virtue of suitable judicial orders and rulings (including in response to orders from foreign authorities and courts) and within the framework of the transfer of information to credit data companies.
The Company shall transfer information about you to third parties to the end of protecting its legitimate interests and within the framework of legal proceedings and/or clarification of disputes to which the Company is party.
Personal information about others:
In any case in which you allow another person (such as an employee or family member) to make use of services that we supply, you must inform him that you may be exposed to information about him and his uses.
In addition, in such cases, and also in any case in which you provide us with information about other people, you must make sure that the information is delivered with their consent. Likewise, you must inform them in advance, prior to starting the use or delivering the information about them, of the contents of this Policy Document, including the topics of collection and use that will be made of the information about them.
- Information Security and Encryption Measures:
The Company takes security measures suitable to the information at its disposal, and according to all laws for the protection of privacy in information and its confidentiality, and for the prevention of unauthorized penetration of the information. The Company employs administrative, physical, and technical tools that serve as a protection ensemble for the information stored in its systems and periodically tests the system’s resistance. Notwithstanding the above, the risk of penetration of the databases exists. As long as the Company takes reasonable security measures, it shall not be responsible for damages caused as a result of said unauthorized penetration and the transfer of information to a third party resulting from said penetration.
- Use of Advanced Information Processing Systems for the Company’s Purposes and for Third Parties’ Purposes:
- Your Rights, Control Possibilities, and Mention of the Preferences of Use of the Information About You:
The Israeli law grants you certain rights regarding the management of personal information; the Company respects your privacy and allows you to exercise them. To that end, we have established a team that is responsible for handling protection of privacy issues. This team can be contacted by email using the address firstname.lastname@example.org. It is important to us that you know that the rights concerning personal information are generally relative.Any request directed at us shall be examined in accordance with the relevant laws, and we shall inform you about the results of this examination and act accordingly.
- Right to Review and Amend Information –
You are entitled to review the information (as defined by Section 7 of the Protection of Privacy Law) that we hold about you. If the information about you that we hold is not true, correct, or complete, you are entitled to request that we amend it. To that end, please complete the Request to Receive Information Form on our website and follow the instructions detailed therein.
The right to review is subject to the provisions of the Law and the rights of people other than you (for example, if granting the right to review may affect the privacy of a third party, for instance: in a picture from a security camera or a user’s request to review without the authorization of the registered customer). The Company may not fulfill the request to review the information about you (all or part of it) or fulfill it in a limited manner.