Last Updated April 29, 2021
This Website is operated by the Israel Experience – Educational Tourism Services Ltd (“Israel Experience“, “IE“, “we”, “us“, “our“, etc.).
The Israel Experience respects the privacy of its users, visitors, delegates, employees and staff, candidates, representatives (“you” etc.), and is committed to protect the Personal Data that its Users share with it. We are transparent about our practices regarding personal data which we may collect and use.
Please read the following carefully to understand our practices regarding your personal data and how we will treat it.
For the purposes of European Economic Area data protection law (the “Data Protection Law“), including the Regulation EU 2016/679 – the General Data Protection Regulation (“GDPR“), the IE will generally be regarded as a data controller (the “Controller“).
1. WHICH INFORMATION DO WE COLLECT? AND WHAT IS THE LAWFUL BASIS FOR COLLECTION?
Summary: we collect various categories of personal data in order to meet our contractual obligations, and also to meet various legitimate interests, such as fraud prevention and marketing.
There are several categories of information and data we collect from our Customers. This includes data you provide to enable us to communicate with you, sell you our products, and provide services including on our websites.
Categories of information and data we may collect from our Users.
Data we collect about you prior to, and from, your use of the Services
We collect and process non-identifiable and anonymous information, and also collect several categories of personal data (“Personal Data“), including sensitive personal data (known in the EU as Special Categories of Personal Data) through your use of the Services. This may include your, and your spouse and any of your dependents’, name (first and last), nickname, birthdate, gender, nationality, job title, phone number(s), department you work in, national security, passport or I.D number, address, country, city, postcode, email and other contact details, family status, your bank account, credit card and other such payment and billing details, credentials regarding the right to work in your jurisdiction, employment history, vocational and academic skills and qualifications, interests and preferences, preferences concerning Aliya and Israel, information regarding your health including any physical or mental health conditions and allergies.
IE may also collect the email addresses of people who communicate with IE via email or via messenger services or other social media platforms or create accounts and login credentials. By your registering on IE’s web sites and event pages, IE may collect your name, phone number and email you provided. IE may use this information to offer IE’s services and support to you.
IE may collect Personal Data about an individual’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership (or non-membership), physical or mental health or condition, criminal offences, or related proceedings or any other data considered as sensitive under applicable law (“Sensitive Personal Data“).
You do not have any legal obligation to provide any information to IE. However, we require certain information in order to provide the Services. If you choose not to provide us with certain information, we may not be able to provide you with the Services.
We will never sell your Personal Data to third parties. (for more information please see the Section titled: “Sharing Data gathered by the IE with third parties”).
2. HOW DO WE COLLECT PERSONAL DATA ON USERS OF THE SERVICES?
Summary: we collect personal data when you or your organization send it to us, or when a vendor sends it to us so; we collect personal data through our websites and services.
There are two main methods we use:
We collect Personal Data through your use of our Website. In other words, when you are using the website or application, we are aware of it and may gather, collect, and record the information relating to such usage, either independently or through the help of third-party services as detailed below. This may include technical information and behavioral information such as the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the website, the period of time the User visited the website, methods used to browse away from a page, and any phone number used to call our customer service number. We likewise may place cookies on your browsing devices (see section ‘Cookies’ below).
We collect Personal Data required to provide the Services when you register with us. In addition, we collect your Personal Data, when you provide us such information by engaging with us. This may also include recording incoming calls.
3. WHAT ARE THE PURPOSES OF PERSONAL DATA WE COLLECT?
Summary: we process personal data to meet our obligations, protect our rights, and manage our business
We will use Personal Data only to provide and improve the Services and meet our contractual, ethical, and legal obligations, including for example:
Processing which is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract (GDPR Article 6(1)(b)) such as:
- carrying out our obligations arising from any contracts entered into between you and IE and/or any contracts entered into between a Customer and IE and to provide you with the information, products and Services that you request from IE;
- administering your file with IE;
- sharing relevant information with vendors and partners (such as hotels, guest houses, travel companies, catering services – regarding allergies etc.);
- connecting between participants in different programs;
- verifying and carrying out financial transactions in relation to payments you make in connection with the Services.
Processing which is necessary for compliance with a legal obligation to which IE is subject (GDPR Article 6(1)(c)) such as:
- providing information to any official authority or any entity authorized by the State, in cases where IE is under a legal obligation to do so;
- compliance and audit purposes, such as meeting our reporting obligations in our various jurisdictions, and for crime prevention and prosecution in so far as it relates to our staff, members, facilities etc.
Processing which is necessary for the purposes of the legitimate interests pursued by IE or by a third party (GDPR Article 6(1)(f)) of providing and promoting an efficient and wide ranging service to customers, such as:
- notifying you about changes to our Services;
- contacting you for the purpose of providing you with technical assistance and other related information about the Services;
- replying to your queries, troubleshooting problems, detect and protect against error, fraud or other criminal activity;
- contacting you to give you information and inviting you to take part in relevant events, such as events for Jewish communities in Israel and overseas;
- contacting you to give you information and inviting you to take part in other educational programs organized by IE or other affiliates (such as Birthright and Masa programs);
- contacting you to inform you of additional services which may be of interest to you;
- soliciting feedback in connection with your use of the Services;
- informing our graduates about employment opportunities with us.
- for security purposes and to identify and authenticate your access to the Services.
- taking and using photographs of you if you attend our programs or events of any kind and publishing them in our brochures, on our website etc.
Personal Data which you provide us may be combined with Personal Data which an IE Customer provides us, or which may be provided by other sources, all of which will be used for the purposes set out above.
4. SHARING DATA GATHERED by the IE WITH THIRD PARTIES
Summary: we share personal data with our service providers, partners, and group companies, and authorities where required.
We may transfer Personal Data to:
Related organizations, The Jewish Agency and affiliates. This includes: any member of our group, which means our affiliates, in the EU, in Israel, in the US, in Latin America and elsewhere, as well our joint-venture partners who support our processing of personal data under this policy. It also includes affiliates or other partners that help us provide our Services. For example:
- The Jewish Agency
- Jewish communities and affiliate organizations
We transfer personal data to third parties in a variety of circumstances. We endeavor to ensure that these third parties use your information only to the extent necessary to perform their functions, and to have a contract in place with them to govern their processing on our behalf. These third parties may include business partners, funding bodies and fund recipients, suppliers, affiliates, agents and/or sub-contractors for the performance of any contract we enter into with you. They may assist us in providing the Services we offer, processing transactions, fulfilling requests for information, receiving and sending communications, analyzing data, providing IT and other support services or in other tasks, from time to time. These third parties may also include analytics and search engine providers that assist us in the improvement and optimization of our website and our marketing.
We periodically add and remove third party providers. At present our third-party providers to whom we may transfer personal data include also the following:
- Ground service providers and local partners on relevant locations
In addition, we may disclose your Personal Data to third parties: if we are under a duty to disclose or share your personal data in order to comply with any legal or audit or compliance obligation, in the course of any legal or regulatory proceeding or investigation, or in order to enforce or apply the terms of a contract we have with you or for you; or to protect the rights, property, or safety of IE, our staff and users, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction and to prevent cybercrime.
For avoidance of doubt, IE may transfer and disclose non-personal data to third parties at its own discretion.
5. INTERNATIONAL DATA TRANSFERS
- To Israel. IE’s main headquarters are based in Israel. Israel is considered by the European Commission to offer an adequate level of protection for the personal data of EU Member State residents;
- To the United States of America; where we transfer personal data of European persons to the USA, we will do so pursuant to one of the bases described in EU data protection laws, such as standard contractual clauses etc.;
- Within the EU – IE’s regional headquarters in charge of the delivery of Services related under the Jewish Experience brand is are located in Warsaw, Poland.
We may transfer your personal data outside of the EEA, in order to:
- Store or backup the information;
- Enable us to provide you with the Services and fulfill our contract with you;
- Fulfill any legal, audit or compliance obligations which require us to make that transfer;
- Facilitate the operation of our organization, where it is in our legitimate interests and we have concluded these are not overridden by your rights;
- To offer our Services across multiple jurisdictions; and
- To operate our organization, subsidiaries and affiliates in an efficient and optimal manner.
6. DATA RETENTION
Summary: we retain personal data according to our data retention policy, as required to meet our obligations, protect our rights, and manage our business.
IE will retain Personal Data in accordance with our data retention policy, as long as required to provide the services and as necessary to comply with our legal and other obligations, to resolve disputes and to enforce agreements. We will also retain personal data to meet any audit, compliance and business best-practices.
7. WEBSITE DATA COLLECTION AND COOKIES
Different cookies are kept for different periods. Session cookies are used to keep track of your activities online in a given browsing session; these cookies generally expire when the browser is closed but may be retained for a period on your device. Permanent cookies remain in operation even when you have closed the browser; they are used to remember your login details and password. Third-party cookies are installed by third parties with the aim of collecting certain information to research behavior, demographics. Third party cookies on our site include, for example, Google Analytics. Likewise, pixels from Facebook and others enable integration of third-party service providers (e.g. Facebook, Twitter) on our site. Third party cookies will be retained according to the terms of those third parties, and you can control those cookies in your browser settings.
Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience on our website will be limited.
How to disable cookies: The effect of disabling cookies depends on which cookies you disable but, in general, the website and some services delivered through it may not operate properly, may not recognize your device, may not remember your preferences and so on, if cookies are disabled or removed. However, allowing or disabling cookies is your choice and in your control. If you want to disable cookies on our site, you need to change your browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies can be found here: Microsoft Edge, Google Chrome, Firefox, Safari.
Our websites may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.
8. SECURITY AND STORAGE OF INFORMATION
Summary: we take data security very seriously, invest in security systems, and train our staff. In the event of a breach, we will notify the right people as required by law.
We take great care in implementing, enforcing and maintaining the security of Personal Data. IE implements, enforces and maintains security measures, technologies and policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data. We likewise take steps to monitor compliance of such policies on an ongoing basis. Where we deem it necessary in light of the nature of the data in question and the risks to data subjects, we may encrypt data. Likewise, we take industry standard steps to ensure our websites are safe.
Note however, that no data security measures are perfect or impenetrable, and we cannot guarantee that unauthorized access, leaks, viruses and other data security breaches will never occur.
Within IE, we limit access to personal data to those of our personnel who: (i) require access in order for IE to fulfil its obligations, and (ii) have been appropriately and periodically trained in Personal Data practices, and (iii) are under confidentiality obligations as may be required under applicable law.
IE shall act in accordance with its policies and with applicable law to promptly notify the relevant authorities and data subjects in the event that any personal data processed by IE is lost, stolen, or where there has been any unauthorized access to it, all in accordance with applicable law and on the instructions of qualified authority. IE shall promptly take reasonable remedial measures.
9. DATA SUBJECT RIGHTS
Summary: depending on the law that applies to your personal data, you may have various data subject rights, such as rights to access, erase, and correct personal data, and information rights. We will respect any lawful request to exercise those rights.
Data subjects with respect to whose data Californian law applies, please see section 10 below.
Data subjects with respect to whose data GDPR applies, have rights under GDPR and local laws, including, in different circumstances, rights to: data portability, access data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that where personal data is provided by a customer being the data subject’s employer, such data subject rights will have to be effected through that customer. In addition, data subject rights cannot be exercised in a manner inconsistent with the rights of IE employees and staff, with IE proprietary rights and other IE rights and legal interests, and third party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot generally be accessed or erased, and may not be rectifiable. In addition, these rights may not be exercisable where they relate to data that is not in a structured form, for example emails, or where other exemptions apply. If processing occurs based on consent, data subjects have a right to withdraw their consent.
Cookies and any rights associated with cookies may be exercised through our cookie management tool, or your own device and browser settings.
If, for any reason, a data subject wishes to exercise these rights and modify, delete or retrieve their Personal Data, they may contact IE by email (email@example.com). Note that IE will undertake a process to identify a data subject exercising their rights. IE may keep details of such rights exercised for its own compliance and audit requirements.
Data subjects in the EU have the right to lodge a complaint, with a data protection supervisory. If the supervisory authority fails to deal with a complaint you may have the right to an effective judicial remedy.
10. CALIFORNIA RESIDENTS
Your Rights and Choices
The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
You have the right to request that IE disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you (also called a data portability request).
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that IE delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request (see Exercising Access, Data Portability, and Deletion Rights), we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- We may Protect our legal interests, to defend our rights in a case of potential, threatened, or actual litigation, and to enforce our rights.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 ).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to firstname.lastname@example.org.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:
- Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
- Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.
Making a verifiable consumer request does not require you to create an account with us.
We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
We endeavor to respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.
If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA-permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Other California Privacy Rights
California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Websites that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
Data subjects have rights under GDPR and local laws, including, in different circumstances, rights to access data, move data, rectify data, object to processing, and erase data. It is clarified for the removal of doubt, that data subject rights cannot be exercised in a manner inconsistent with the rights of IE’s employees, with Our proprietary rights, and third-party rights. As such, job references, reviews, internal notes and assessments, documents and notes including proprietary information or forms of intellectual property, cannot be accessed or erased or rectified. If processing occurs based on consent, data subjects may have a right to withdraw their consent.
If, for any reason, a data subject wishes to modify, delete or retrieve their Personal Data, they may do so by contacting IEdpo@israelexperience.org Note that IE may have to undertake a process to identify a data subject exercising their rights, and may keep details of such rights exercised for its own compliance and audit requirements. Please note that Personal Data may be either deleted or retained in an aggregated manner without being linked to any identifiers or Personal Data, depending on technical commercial capability. Such information may continue to be used by IE.
In the event of any concerns about data protection practices at IE, you may contact our Data Protection Officer at firstname.lastname@example.org. EU persons have the right to lodge a complaint with a supervisory authority.
With regard to Personal Data about a minor under 16 years old, the IE will endeavour to process personal data only with the consent of the holder of parental responsibility over the minor. IE will make reasonable efforts to verify that consent is given or authorised by the holder of parental responsibility of the child but cannot generally take responsibility for misrepresentation by persons as to their age.