Effective date: 16 November 2020
1. Collection & Use of Data
You directly provide us with personal data when you use our website, or interact with us by, for example, contacting us as detailed below. We may also obtain data from your interaction with the website. For example, we may use technologies like cookies or receive use data from software running on your device. As permitted by law, we may also obtain data from public and commercial third-party sources, for example, purchasing statistics from other companies to support our services.
The following table describes what data is being collected through the Website, in what manner and for what purposes it may be processed:
|Instance in which personal data is collected||Categories of personal data that are processed||Purposes of processing||Legal basis for processing (under GDPR)||Category of personal data collected for CCPA purposes (relevant for California residents only)|
|When you fill out contact forms on the website||First and last name, company name, work email
Any free text that you choose to provide, – please avoid using free text to provide personal data about you or others
||Consent (Article 6(1)(a))||
|When applying for a position with Ermetic through the website||First and last name, phone number, and any file you choose to upload.
Any free text that you choose to provide, – please avoid using free text to provide personal data about you or others.
|To contact you with respect to a potential position in Ermetic. To the extent that you have submitted your CV through the website to process your CV in our information systems. We may also forward your CV to third parties assisting us with candidates’ evaluations.||Consent (Article 6(1)(a))||Identifiers.
Professional or employment-related information.
Education information (per the Family Educational Rights and Privacy Act (20 U.S.C. section 1232g, 34 C.F.R. Part 99)).
|Data that you provide passively (by using the website, by navigating the screens, clicking on buttons etc.) non-personally identifiable information (Non-PII)||Your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.||Improve, modify and update services and content offered on the website.
To monitor and ensure the orderly and proper operation and development of the website and associated services.To analyze and provide statistical information to third parties.To improve and customize your experience and the content that is presented to you on the website.
|Our legitimate business interest (Section 6)1)(f))||
In some cases you may be able to opt not to disclose your personal data to Ermetic. However, not providing Ermetic with certain data may mean that we cannot provide you with certain functionalities or respond to an issue that you have raised.
We will endeavor to isolate your personal data from Non-PII and ensure that the two types of data are used separately. If personal data is combined with Non-PII, it will still be treated as personal data during processing.
In addition to the legal basis for processing indicated above Ermetic might process your personal data on the following legal basis:
- Processing based on the legitimate interests of Ermetic – protecting the security of our businesses, systems, products, services, and customers; internal management; complying with internal policies and processes; and other legitimate interests described in this policy.
- Processing your personal data as necessary to comply with and fulfill legal obligations.
2. Data Protection Rights
It is your responsibility to ensure that all personal data submitted to Ermetic is correct. Ermetic would like to make sure you are fully aware of all of your data protection rights. Depending on your location and on the laws that are applicable to you may be entitled to some or all of the following rights:
The right to access – You have the right to request Ermetic for copies of your personal data, which includes the right to obtain confirmation as to whether or not personal data concerning yourself are being processed and, where that is the case, access to the personal data and the purposes of the processing; categories of personal data concerned; recipients or categories of recipient to whom the personal data have been or will be disclosed; where possible, the envisaged period for which the personal data will be stored; the existence of the right to request rectification or erasure of personal data or restriction of processing of personal data or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the data subject, any available information as to their source; the existence of automated decision-making, including profiling; the appropriate safeguards relating to the transfer of your personal data outside the EEA. We may charge you a small fee for this service under certain conditions.
The right to rectification – You have the right to request that Ermetic corrects any information you believe is inaccurate. You also have the right to request Ermetic to complete the information you believe is incomplete.
The right to erasure – You have the right to request that Ermetic erase your personal data, under certain conditions.
The right to restrict processing – You have the right to request that Ermetic restricts the processing of your personal data, when: (a) you contest the accuracy of your personal data, for a period allowing Ermetic to verify the accuracy of said data; (b) if you believe personal data has been unlawfully processed and you wish to restrict processing rather than delete it; (c) Ermetic no longer needs the personal data but you require to keep it in order to establish, exercise or defend a legal claim; or (d) you have exercised your right to object the processing (below) for a period allowing Ermetic to consider whether your legitimate grounds override those of Ermetic.
The right to object to processing – You have the right to object to the processing of your personal data at any time – this means you have the right to stop or prevent Ermetic from processing your personal data (it could be in relation to part or all of your personal data, and for part or all of the processing purposes). When relating to processing for marketing purposes, you have an absolute right to object; while for other purposes, the existence of the right depends on what lawful basis the processing relies on.
The right to data portability – You have the right to request that Ermetic transfers the data that we have collected to another organization, or directly to you, under certain conditions.
If allowed by applicable laws, you have the right to withdraw your consent at any time when Ermetic processes your personal data based on your consent on any of these rights. However, withdrawal does not affect the legitimacy and effectiveness of how we process your personal data based on your consent before the withdrawal is made; nor does it affect any data processing based on another lawful bases other than your consent.
You may exercise these rights to the extent these rights apply to you by emailing Ermetic to: email@example.com or use any of the contact information listed below. We will undertake to respond to your request within the applicable time frame prescribed by applicable law. Although we will make reasonable efforts to accommodate your requests, in some circumstances we may deem your request unfounded or not eligible under applicable law. In such instances we reserve the right to refuse your request. We shall require, as pre-requisite to fulfilling any request, to verify your identity which we may do by asking you to provide certain information or identification to ensure that all data subjects’ privacy is protected.
If you think that the way we process your personal information does not comply with applicable data protection laws, you can contact the relevant competent data protection authority. You can obtain the information for contacting EU data protection authorities at https://edpb.europa.eu/about-edpb/board/members_en.
3. Cookies & Similar Technologies
A cookie is a small text file that is stored in your web browser that allows Ermetic or a third party (such as third-party service providers) to recognize you. Cookies can either be session cookies or persistent cookies. A session cookie expires automatically when you close your browser. A persistent cookie will remain until it expires, or you delete your cookies.
Cookies that we may use can generally be categorized as follows:
- Necessary Cookies: These cookies are necessary to load the website or to allow users to use website’s certain features.
- Analytics Cookies: These cookies track information about how the website is being used so that we can make improvements and report on our performance.
- Preference Cookies: These first party cookies store your website preferences.
- Marketing Cookies: These are usually third party cookies by advertising platforms or networks in order to: (i) deliver ads and tracks ad performance, and (ii) enable advertising networks to deliver ads that may be relevant based upon your activities.
We may use additional tracking technologies to help understand user activities and preferences. For example, we use web beacons (also known as clear gifs, pixel tags or web bugs) to track user activities and communicate with cookies. You cannot opt out of web beacons used in webpages, but you can limit their use by opting out of the cookies they interact with. You can opt out of web beacons used in emails by setting your email client to render emails in text mode only.
We may set cookies that monitor links to our website that we send to you (if you have consented to receiving emails from us). These cookies are used to track visitors to our website sourced from these emails. To avoid these type of cookies, please follow the explanation below on how to change your browser cookies settings.
In addition, we may use a tracking technology (pixels) in emails to understand how often our emails are opened and clicked on by our customers. If you do not wish this tracking to be effected, please change your email software or service (such as outlook, Gmail etc.) settings to not automatically download images (to the extent it is not already your default) In some instances, depending on your email or browser settings, cookies in an email may be automatically accepted (for example, when you have added an email address to your address book or safe senders list). Please refer to your email browser or device instructions for more information on this.
You can change your browser’s settings to delete cookies that have already been set and to not accept new cookies. To learn more about how to do this, visit the help pages of your browser. Some useful information can also be found here: https://www.allaboutcookies.org/. Please note, however, that if you delete cookies or do not accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
4. Transfer and Disclosure of Data
The website may be operated in countries other than your own location, and your personal data may be accessed and/or processed from and/or transferred to countries other than your own location. We may do this where data is accessed/processed:
- by Ermetic and its affiliates for operational, administrative, compliance purposes or customer support teams in our various locations;
- By our service providers, for the purposes we specified under the section “Service Providers”.
The safeguards we deploy for performing such transfers across boundaries:
- Adequacy. If you are located outside of Israel, and choose to provide information to us, please note that we transfer the data, including personal data, to Ermetic’s headquarters located Israel and process it there. Any transfers to Israel may be made on the basis of an adequacy decision made by the European Commission.
- Model Clauses. With some of our processors, we use standard contractual clauses approved by the European Commission that are binding standards of processing of personal data committed to contractually by third parties processing information for us and on our behalf.
- Consent. In the absence of an adequacy decision or Model Clauses, and in the absence of any other right to transfer your data, your consent shall serve as the basis for such transfer. By accessing and using the website, you agree and understand that your information may be transferred from the EEA or other countries in which you may be using or accessing the website, to other jurisdictions outside your own location (including outside the EEA). The transfer will be to such third parties as described under “Service Providers” section below.
5. Security of Data
Ermetic uses appropriate physical, management, and technical measures to protect your personal data from unauthorized access, disclosure, use, modification, damage, or loss. Ermetic also provide training on security and privacy protection for employees to raise their awareness of personal data protection. However, please note that no security measure is perfect, therefore, you should take special care in deciding what information you disclose.
6. Data Retention
7. Service Providers
Third party companies and individuals may be retained by us to provide to us certain services or products (“Service Providers“), such as to assist us in analyzing how the website is used. These third parties may have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. The Service Providers to which Ermetic provides personal data in connection with the website are: (1) email service providers for email campaigns management; (2) recruiting service providers, in relation to activities on the website related to submission and processing of CV and job applications through the website; (3) marketing automation; (4) analytics tools providers; (5) web page building tools; (6) cloud services; (7) support and maintenance operation tools. Our service providers do not have any right to use your personal data collected from the website beyond what is necessary for the purpose of facilitating their services for us, and are subject to data protection agreements to the extent required under applicable law.
8. Children’s Privacy
This website does not address anyone under the age of 18 (“Children“).
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
10. How to Contact Us
If you have any questions or suggestions, please contact our website https://ermetic.com/ or via our email firstname.lastname@example.org. To exercise any of your rights, or if you have any other questions or complaints about our use of your personal data and its privacy please contact our data protection officer at email@example.com