Privacy Policy
Last Updated: June 2023
WE HAVE CREATED THIS PRIVACY POLICY BECAUSE WE HIGHLY VALUE YOUR PERSONAL DATA AND INFORMATION.
PLEASE READ IT AS IT INCLUDES IMPORTANT INFORMATION REGARDING YOUR PERSONAL DATA AND INFORMATION.
1. Privacy Statement
IDEA Information Systems - Agricultural Cooperative Society Ltd is an Israeli company having its principal office at Mishmar HaEmek, Israel (“IDEA” or “We”).
IDEA is a software provider of integrated solutions for the collection management, preservation, and exposure of heritage assets in archives, libraries, and museums at cultural heritage institutions. Based on its integrated state of the art ALM (Archives, Libraries, and Museums) platform (the “Services” or the “Platform”).
IDEA also creates and operates its official website available at: https://www.idea-alm.com/en/ (the “Website”).
THIS PRIVACY POLICY REFERS TO THE SERVICES, PLATFORM AND THE WEBSITE, IDEA’S CUSTOMERS OR POTENTIAL CUSTOMERS, CUSTOMERS’ END-USERS, IDEA’S EMPLOYEES AND SERVICE PROVIDERS, AND THE USERS OF THE PLATFORM AND WEBSITE.
This Privacy Policy sets forth our policy with respect to information that can be associated with or which relates to a person and/or could be used to identify a person, such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, all as defined by the General Data Protection Regulation (GDPR) (EU) 2016/679 (“Personal Data”).

"Non-Personal Data," as used in this Privacy Policy, is therefore any information that does not relate to a person and cannot be used to identify a person. The limitations and requirements in this Privacy Policy on how we gather, use, disclose, transfer, and store/retain Personal Data do not apply to Non-Personal Data as We may use.
2. Data that we use, receive, collect, process, share, or store and how we use it.
2.1. IDEA uses, receives, collects, processes, or stores only that Information which is necessary to provide its services and operate its business.
2.2. We might use, receive, collect, process, or store Personal Data on potential customers, customers, employees, service providers, users of the Platform and Website etc.
2.3. This Information may include Personal data such as:
2.3.1. Information related to Customer or Potential Customers and End User: Full Name, Phone, Organization, Email address, Date of birth, Language, Registration date, financial information (i.e., billing information, credit card information), Audio, electronic, visual , and similar information, such as images and audio or video uploaded by the User.
2.3.2. In addition to the above, more information related to employees and/or candidates: Demographic data (i.e., gender, date of birth, etc.), CVs, ID number, Education, and employment history, etc.
2.3.3. More Information regarding Suppliers: Business email addresses, VAT Numbers, Signature, etc.
2.3.4. We use cookies and similar tracking technologies to track the activity on our Platform and Website and hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are Users' Tokens, beacons, tags, and scripts to collect and track information and to improve and analyze our Website. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Website or App. Examples of cookies we use:
o Session Cookies – for operating our Website or App.
o Preference Cookies – for remembering your preferences and various settings.
o Security Cookies – for security purposes.

2.3.5. This Personal Data provided to us voluntarily and/or through the data owner’s consent to collect and process it, and/or the processing thereof is necessary to provide the Services, and/or meet contractual obligations entered into by the data owner and IDEA, and/or the processing thereof is necessary for IDEA to comply with its legal obligations, and/or the processing thereof is for the purposes of legitimate interests pursued by IDEA.
2.3.6. We use this Personal Data in a manner that is consistent with this Privacy Policy and applicable laws and regulations. We may use the Personal Data as follows:
2.3.6.1. Processing and Analyzing: In order to provide IDEA’s Services, the Platform, and to operate its business, IDEA may use the Personal Data for processing and analyzing purposes.
2.3.6.2. Specific Purpose: If you provide Personal Data for a specific purpose, IDEA may use the said Personal Data in connection with the purpose for which it was provided. For instance, if you contact IDEA by email, We will use the Personal Data you provide to answer your question or resolve your problem and will respond to the email address used to contact us.
2.3.6.3. Internal Business: We may use your Personal Data for internal business purposes, including, without limitation, to help us improve our Services, Platform and Website content and functionality, to better understand our Customers and Users, to protect against, identify or address wrongdoing, to enforce our contracts and this Privacy Policy, to provide you with Customer service, and to generally manage and operate our business (e.g., pay salaries and make considerations).
2.3.6.4. Marketing: We may use any Personal Data you provide us with to contact you in the future for our marketing and advertising purposes, including, without limitation, to inform you about new services we believe might be of interest to you, and to develop promotional or marketing materials and provide those materials to you.
IF YOU RECEIVE DIRECT MARKETING BY MISTAKE OR WITHOUT YOUR SPECIFIC CONSENT AND/OR YOU WISH TO OPT-OUT, YOU ARE REQUIRED TO CONTACT US AT SUPPORT/DPO/PRIVACY@IDEA .
2.3.6.5. Statistics: We may use any Personal Data you provide us with to generate statistical reports containing aggregated information.
2.3.6.6. Security and Dispute Resolution: We may use Personal Data to protect the security of our Platform, Website, and Services, to detect and prevent cyberattacks, fraud, phishing, identity theft, and data leaks, to verify genuine software licenses, to resolve disputes, and to enforce our agreements.
2.3.6.7. Data Retention, Archives: We retain and archive Personal Data so long as it necessary to operate our business and maintain our Platform, Website and Services, meet contractual obligations, laws, and regulations, defend from legal claims, subject to our retention policies and this Privacy Policy.
2.3.6.8. Transfer/Share/Disclose of Data: We may share your Personal Data with our partner, contractors, and service providers who process Personal Data on behalf of IDEA to perform certain business-related functions. We may provide them with information, including Personal Data, in connection with their performance of such functions. While We do so, We make sure that they are bound to maintain said Personal Data in accordance with this Privacy Policy. When We disclose Personal Data, We enter a contract that describes the purpose and requires the recipient to both keep that Personal Data confidential and not use it for any purpose except performing the contract.
2.3.6.9. Cloud Services: We may need to share Personal Data with our cloud service providers. For example, for assisting in protecting and securing our Platform, Website or Services, the cloud service admin may need access to Personal Data to provide those functions. In such cases, the cloud service provider must abide by our data privacy and security requirements and is not allowed to use Personal Data they receive from us for any other purpose.
2.3.6.10. Development and Customer Service: For example, to provide customer service and support or assist in protecting and securing our systems and services our development and customer service team may require access to Personal Data. In such cases, our personnel must abide by our data privacy and security requirements and policy and are not allowed to use Personal Data for any other purpose.
2.3.6.11. Corporate Sale, Merger, Reorganization, Dissolution or Similar Event: Personal Data may be part of the transferred assets. You acknowledge and agree that any successor to or acquirer of IDEA (or its assets) will continue to have the right to use your Personal Data and other information in accordance with the terms of this Privacy Policy.
2.3.6.12. Law Enforcement: In order to, for example, respond to a subpoena or request from law enforcement, a court or a government agency (including in response to public authorities to meet national security or law enforcement requirements), or in the good faith belief that such action is necessary to (a) comply with a legal obligation, (b) protect or defend our rights, interests or property or that of third parties, (c) prevent or investigate possible wrongdoing in connection with the Services, Platform and Website (d) act in urgent circumstances to protect the personal safety of Users of the App, Website and Services or the public, or (e) protect against legal liability.
2.3.6.13. Other Purposes: If We intend to use any Personal Data in any manner not consistent with this Privacy Policy, you will be informed of such anticipated use prior to or at the time the Personal Data is processed.
IF YOU HAVE A REASONABLE BASIS TO ASSUME OR YOU KNOW THAT ANY OF THE ABOVE MENTIONED IS NOT MET, YOU ARE REQUIRED TO PROMPTLY INFORM US, WITHOUT DELAY, BY SENDING US AN EMAIL TO: SUPPORT/DPO/PRIVACY@IDEA .
2.4. Non-Personal Data: Since Non-Personal Data cannot be used to identify you in person, we may use such data in any way permitted by law.
3. How We Store and Transfer Personal Data.
3.1. In order to provide our Platform, Website and Services, manage and operate our business, we use third parties cloud services such as:
o The Amazon Cloud Services, which comply with the GDPR and is ISO 27001, 27017,27018 certified (for AWS full statement see https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/
o Microsoft Office 365 (for Microsoft privacy policy see https://privacy.microsoft.com/en-us/privacystatement ).
3.2. In order to deliver our services and/or operate our business, information which may include Personal Data, may be processed by our third parties service providers (“Suppliers”). We transfer only the minimum data that is necessary for conducting our services. The data is transferred only to Suppliers approved by us that allow compliance with GDPR.
3.3. Personal data may be transferred, stored, and processed in countries outside the EU or European Economic Area (EEA). Such transfer to third countries may include countries that do not ensure an adequate level of data protection as required by EU privacy laws. We implement information security techniques & technical measures according to the industry's best practices and/or third parties' contractual obligations to maintain their information security level adequate to IDEA level.
3.4. In addition to the security and privacy controls that we have put in place, we also use the EU’s Standard Contractual Clauses (SCC) as a valid transfer mechanism according to the GDPR when we need to transfer Personal Information outside of the EU or adequate level countries (such as Israel).
3.5. We may transfer Personal Data to Israel, where we maintain our headquarter facility. Israel is considered by the EU as having adequate data protection laws.
4. Personal Data Security
4.1. We are strongly committed to protecting your Personal Data and information, and we will take reasonable technical steps, accepted in our industry, to keep your Information secure and protect it against loss, misuse, or modification. However, no network, server, database, or email transmission is ever fully secure or error-free. Therefore, you should take special care in deciding what information you disclose.
If you notice any security risks or violations, we advise you to report them to us at SUPPORT/DPO/PRIVACY@IDEA . so that we may resolve them as soon as possible.
4.2. We recommend that you use, disclose, and share your Personal Data and information with caution and do not give out Personal Data and information unless it is necessary, as we cannot guarantee the security of data over the internet and cannot control the actions of other users of the Services and Platform with whom you choose to share Personal Data and information.
4.3. IDEA implements legal, technical, and organizational information security measures based on the ISO certification mechanisms specified in ISO 27001:2013 – Information Security Management Systems. IDEA is ISO 27001 certified.
5. Individual rights: Accessing, Updating, Correcting, Deleting, Restricting Information Processing and Data portability right.
5.1. You may have the right to request access to some of your Personal Data being stored by us. Once we receive and confirm your request, we will disclose to you, inter alia:
o The categories of personal information we collected about you.
o Our business or commercial purpose for collecting that personal information.
o The categories of third parties with whom we share that personal information.
o The specific pieces of personal information we collected about you (also called a data portability request).
5.2. You can also ask to correct and update any inaccurate Personal Data or ask to delete Personal Data that we process about you. The foregoing is subject to our policies and the applicable laws and regulations. Once we receive and confirm your request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies by the GDPR.
5.3. In order to exercise these rights, you can contact us at SUPPORT/DPO/PRIVACY@IDEA . Only you or another person that you authorize to act on your behalf may make a request related to your Personal Data.
5.4. Non-Discrimination. We will not discriminate against you for exercising any of your GDPR rights. Unless permitted by the GDPR, we will not: Deny your use of our App, Website, and Services and /or provide you with a different level or quality of Services, Platform, or Website.
5.5. We may retain your Personal Data for any period permitted or required under applicable laws. Even if we delete it, your Personal Data may remain stored on backup or archival media for an additional period due to technical issues, legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
5.6. You may have the right to restrict the processing if one of the following applies:
5.6.1. The accuracy of the Personal Data is contested by the data owner.
5.6.2. The processing is unlawful, and the data owner objects to having their Personal Data erased, instead requesting that its use be restricted.
5.6.3. Your service provider no longer needs the Personal Data for the purposes of the original processing, but the data is required by the data owner for establishing, exercising, or defending legal claims.
5.6.4. The data owner has objected to processing pending verification of whether the legitimate grounds of your service provider override those of the data owner.
If you wish to object to processing, you are required to contact us at SUPPORT/DPO/PRIVACY@IDEA .
6. General
6.1. This Privacy Policy does not apply to any Personal Data that you provide to third parties.
6.2. This Privacy Policy applies only to the Platform, Services and Website; it does not apply to third-party websites or services linked to by the Platform, Website and Services or whose services We distribute. Links from the Platform, Website or the distributed third parties’ services do not imply that We endorse or have reviewed said third-party websites or services. We suggest contacting these third parties directly for information regarding their privacy policies.
7. Change in Terms and Conditions
The Services and our business may change from time to time. As a result, at times it may be necessary for us to make changes to this Privacy Policy. We reserve the right, at our sole discretion, to update or modify this Privacy Policy at any time (collectively, “Modifications”). Modifications to this Privacy Policy will be posted on the Platform, Website, or Services with a revised ‘Last Updated’ date at the top of this Privacy Policy.
Please review this Privacy Policy periodically, especially before you provide any Personal Data or information. This Privacy Policy was last updated on the date indicated above. Your continued use of the Services, Platform, and Website following the implementation of any Modifications to this Privacy Policy constitutes acceptance of those Modifications. If you do not accept any Modification to this Privacy Policy, your sole remedy is to cease accessing, browsing and otherwise using the Website, Platform or our Services.
8. Dispute Resolution
8.1. If you have a complaint about IDEA’s privacy practices, you should write to us at SUPPORT/DPO/PRIVACY@IDEA .

Our Contact details:
Email: SUPPORT/DPO/PRIVACY@IDEA .
Phone Number: 04-989-6199.
address: Mishmar HaEmek, 1923600, Israel.

EU Representative: Our representative in the European Union is _________ .
You may contact our representative at:
Address: _______________.
Tel: ______________________.
Email: ____________________.

8.2. We will take reasonable steps to work with you to attempt to resolve your complaint.
9. General Inquiries and complaints
9.1. You may have the right to lodge a complaint with a supervisory authority. However, prior to doing so, you are welcome to contact us by email at SUPPORT/DPO/PRIVACY@IDEA . in order to resolve the issue for the benefit of all parties.
9.2. Our supervisory authority is the Israeli Data Protection authority.