1.1. This privacy policy (“PP“) explains how Wing Security Ltd. (the “Company“) collects, stores, uses, and shares, etc. Personal Data of user (“User“) in connection with the Company’s website at https://wing.security (the “Site“) and the Platform. For the purpose of this PP “Personal Data” shall mean personal data or personal information, pursuant to the Applicable Data Protection Law (as defined below), or any other applicable data protection laws.
1.2. The PP is an integral part of the Company’s terms of services, which govern the use of the Platform (“TOS“), together with the PP, and the website terms of use at https://wing.security (“TOU“), the “Terms“).
1.3. This PP is in effect as of the date set forth below.
1.4. User is not under any legal obligation to submit Personal Data to Company. However, in case User chooses not to submit Personal Data to Company, User may not be able to become a User and/or use the Site and/or the (entire) Platform.
1.5. By attempting to use or access, or by using or accessing the Site and/or the Platform, User agrees to be bound by the Terms. If User does not agree with the Terms User must not use or access the Site and the Platform.
1.6. The Company may amend this PP from time to time. If Company makes any changes to this PP that materially affect Company’s practices with regard to the Personal Data Company previously collected from User, Company will endeavor to provide User with notice in advance of such change by highlighting the change on the Site and/or the Platform. Company will seek User’s prior consent to any material changes, if and where this is required by Applicable Data Protection Laws.
1.7 For the purposes of this PP “Applicable Data Protection Laws“ means (i) the General Data Protection Regulation (2016/679), including any subordinate or implementing legislation (“GDPR”); (ii) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq. including any subordinate or implementing legislation (“CCPA”); and/or (ii) Protection of Privacy Law 5741-1981 (Israel); and any rules or regulations that amend and/or replace any of the aforementioned Applicable Data Protection Laws. The Company is acting as a processor/service provider, and User is acting as the controller/business, as applicable.
1.8 This PP does not apply to any content processed and/or stored by User when using the Platform.
1.9 All capitalized terms used but not defined herein shall have the meaning ascribed to them in the TOS or the TOU.
2.1. Information provided by User.
Company collects any data User provides Company with via the Site and/or the Platform, including but not limited to:
2.1.1. User’s contact details (e.g. name, surname email address, phone number);
2.1.2. User’s IP address;
2.1.3. User’s LinkedIn profile URL;
2.1.4. Curriculum Vitae;
2.1.5. User password and other authentication and security credential information;
2.1.6. Any communication between User and the Company, e.g. emails, phone conversations, chat sessions or any information provided through the site.
2.2. Information collected automatically.
Company automatically collects data when User visits, interacts with, or uses the Site and/or the Platform, including but not limited to:
2.2.1. identifiers and information contained in cookies;
2.2.2. User’s settings preferences, backup information;
2.2.3. Uniform Resource Locators (URL) clickstream to, through, and from the Site and/or the Platform;
2.2.4. content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
2.2.5. network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider;
2.2.6. computer and device information, such as browser type and version, operating system, or time zone setting; the location of device.
2.3. Information collected by Third parties.
2.3.1. This PP does not apply to any content created, used, processed and/or stored by User when using the Site and/or the Platform. Also, the PP does not apply to any products, services, websites, links or any other content that are offered by third parties. User is advised to check the applicable third party policies. Company has no control over such third parties’ privacy practices, or the technology used by such third parties. Each User is advised to thoroughly review such third parties’ privacy policies before making any use of such third party’s products and services.
2.3.2. Without derogating from the generality of the above, when clicking on certain social media links provided on the Site (e.g. Twitter, Facebook, LinkedIn, Instagram) User will be transferred to Company’s sites on such social media (“Social Media Sites“). It shall hereby be clarified that such Social Media Sites are governed by the terms of use and privacy policy of the respective social media and not by the Company.
3.1. To facilitate and customize the User’s experience of the Site and/or the Platform and to track User’s use of the Site and/or the Platform Company may utilize cookies and other industry standard technologies. A cookie is a small text file that is stored on a User’s computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but User may be able to modify its browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Site and/or the Platform may not work properly.
3.2. By clicking on a link to a third-party website or service, a third party may transmit cookies to User. This PP does not cover the use of cookies by any third parties, and the Company is not responsible for such third parties’ privacy policies and practices.
3.3. Without derogating from the foregoing, please note that the Company may use analytic tools such as:
3.3.1. Google Analytics. Please click on www.google.com/policies/privacy/partners/ in order to find out how Google Analytics collects and processes data.
3.3.2. Hotjar. The Company may use Hotjar in order to better understand User’s needs and to optimize the Site and/or Platform and experience. Hotjar is a technology service that helps the Company to better understand Users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what Users do and don’t like, etc.) and this enables the Company to build and maintain the Site and/or Platform with User feedback. Hotjar uses cookies and other technologies to collect data on Company’s Users’ behavior and their devices. This includes a device’s IP address (processed during User session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display the Company Site or Platform. Hotjar stores this information on Company’s behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on Company’s behalf. Please click on https://www.hotjar.com/legal/policies/privacy/ in order to find out more on how Hotjar collects and processes data.
3.3.3. HubSpot Analytics. The Company may use HubSpot Analytics uses cookies and beacons to track how long Users and visitors are on the Site or Platform, what marketing pages they visit, what marketing offers they respond to, and a visitor’s identity which enables the Company to improve and provide the Site and Platform. Please click on https://legal.hubspot.com/privacy-policy in order to find out more on how HubSpot collects and processes data.
4.1. The Company processes User’s Personal Data to operate, provide, and improve the Site and/or the Platform, including but not limited to:
4.1.1. creating and managing User profiles;
4.1.2. providing the security analysis reports, the Site and the Platform;
4.1.3. contacting User by the Company and communicating with User with respect to the Site and/or the Platform, e.g. by phone call, sms, email, chat; responding to inquiries from User;
4.1.4. providing assistance and support;
4.1.5. fulfilling User requests; meeting contractual or legal obligations;
4.1.6. informing User about updates or offers;
4.1.7. marketing and promoting the Site and/or the Platform;
4.1.8. protecting Users security, e.g. preventing and detecting fraud;
4.1.9. internal purposes, e.g. trouble shooting, data analysis, testing and statistical purposes.
4.2. Except as provided herein, the Company does not use any Personal Data other than as necessary to provide the Site and/or the Platform, without obtaining Users’ prior consent.
4.3. The Company may ask for Users’ consent to use Users’ Personal Data for a specific purpose which will be provided to Users.
4.4. In case User’s Personal Data contains third party personal data, User represents and warrants that it has obtained any consent required under the PP to the Company’s privacy practices set forth in the PP from such third party.
5.1. In the following cases Company may disclose, without notification, Personal Data, any communications sent or received by each User, and any other information that Company has collected and/or was provided with:
5.1.1. If required to do so by law according to its understanding of such law (including, but not limited to, in cases of court orders or subpoenas);
5.1.2. To verify the information obtained by Company;
5.1.3. To prevent or investigate suspected fraud, or any activity that Company believes may be illegal or may expose Company to legal liability;
5.1.4. Events involving potential threats to the physical safety of any person or property if Company believes that User’s information in any way relates to that threat;
5.1.5. If Company believes that User’s conduct on or in connection with the Site and/or the Platform is inappropriate and inconsistent with generally accepted norms of behavior;
5.1.6. In addition, Company may be required to disclose Personal Data to relevant national, state and local law enforcement authorities, whom may further disclose the Personal Data.
5.1.7. To engage with third-party service providers and/or sub-contractors which provide services for Company’s business operations;
5.1.8. To disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes;
5.1.9. In the event that Company, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, Personal Data collected hereunder may be one of the assets sold or merged in connection with such transaction. Personal Data collected hereunder may also be disclosed in connection with a commercial transaction where Company or any of its businesses are seeking financing, investment, and support or funding.
5.2. When Company shares User’s Personal Data with third parties as specified above, Company requires such recipients to agree to only use the Personal Data Company shares with them in accordance with this PP and Company’s contractual specifications and for no other purpose than those determined by Company in line with this PP.
6.1. Company may provide Users with direct marketing, as such term is defined in the Israeli Privacy Protection Law, 1981.
6.2. Company may also send Users advertisements, as such term is defined in the Israeli Media Law (Bezeq and Broadcasting), 1982.
6.3. User can opt out of receiving these direct marketing and/or advertisements from the Company at any time by unsubscribing using the unsubscribe link within each communication, or emailing the Company at [email protected] to have User’s contact information removed from Company’s email list.
Company has taken appropriate technical and organizational measures to protect any User Personal Data from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.
8.1. Depending on Applicable Data Protection Laws, User may be entitled to request access and/or deletion of User’s data held by Company. If applicable in accordance with the relevant Applicable Data Protection Laws, User can send User’s request to the Company at [email protected]. Any request to access may be subject to a fee to meet Company’s costs in providing such User with details of the data.
8.2 Company will take reasonable steps to verify User’s identity before granting User access or making corrections. Also, User’s request for access might be subject to a fee to meet Company’s costs in providing User with details of User’s data held by Company.
9.1. Company will retain Users Personal Data for a period of time consistent with the purpose of collection and in accordance with Applicable Data Protection Law.
9.2. Without derogating from the generality of the foregoing, Company will cease the retention and delete any retained Personal Data of User upon the earlier of (i) any termination or expiration of the Terms between User and Company, or (ii) User’s deletion request, as set forth below.
10.1. Legal Basis for Processing of Personal Data
Company will only process User’s Personal Data if it has one or more of the following legal bases for doing so:
10.1.1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform Company’s contractual obligations to User under the TOU, to provide the Platform and/or the Services, to respond to requests from User, or to provide User with customer support;
10.1.2. Legitimate Interest: Company has a legitimate interest to process User’s Personal Data;
10.1.3. Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
10.1.4. Consent: processing of User’s Personal Data with User’s consent.
10.2. User’s Rights regarding Personal Data
10.2.1. Subject to applicable law, User has certain rights with respect to User’s Personal Data, including the following:
10.2.1.1. User may ask whether Company holds Personal Data about User and request copies of such Personal Data and information about how it is processed;
10.2.1.2. User may request that inaccurate Personal Data is corrected;
10.2.1.3. User may request the deletion of certain Personal Data;
10.2.1.4. User may request Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
10.2.1.5. When User consents to processing User’s Personal Data for a specified purpose by Company, User may withdraw User’s consent at any time, and Company will stop any further processing of User’s data for that purpose.
10.2.2. In certain circumstances, Company may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User of such a decision.
10.2.3. User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting Company at [email protected]. In some cases, Company may need User to provide Company with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
10.3. Transfer of User’s Personal Data outside of the EEA.
10.3.1. Personal Data may be processed outside User’s jurisdiction, and in countries that may not provide for the same level of data protection as User’s jurisdiction. The Company ensures that the recipient of User’s Personal Data offers an adequate level of protection, for example by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
10.3.2. Company currently stores User data in Company’s data centers located in the USA.
10.3.3. Without derogating from the generality of the foregoing, when transferring data from the EEA to Israel, Company relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA.
11.1. Company will at all times comply with all Applicable Data Protection Laws (including the CCPA) to the extent applicable, and only process Personal Data on User’s behalf.
11.2. Company will (i) not collect, retain, use, or disclose Personal Data for any purpose other than for the specific purposes set out in the Company terms of use and the Data Processing Agreement or any other agreement, between Company and User; (ii) not sell Personal Data (as defined under the CCPA); and (iii) put in place appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing or accidental destruction, loss or damage.
Each User is advised to be aware that Personal Data that the Company collects might be transferred to, processed and stored outside of User’s jurisdiction, and that data protection laws in such jurisdiction where the information is collected stored and/or processed may differ from User’s jurisdiction. Each User hereby gives User’s consent to such transfer, processing and storage of User’s Personal Data outside its jurisdiction.
The Site or the Platform are not intended for children. Children under 18 years of age, may use the Site or the Platform only with the involvement of a parent or guardian.
If User has any questions about this PP or Company’s data practices in general, User may contact Company using the following information: [email protected].
Last update: March, 2022.