CIDER – PRIVACY POLICY

  1. Applicability.
    1. This privacy policy ("PP") explains how Cider Security Ltd. and its affiliates (the "Company") treat the information of users ("User") in connection with the Cider website available at https://cidersecurity.io/ (the "Site"). For the purpose of this PP "Personal Data" shall mean personal data or personal information pursuant to the Applicable Data Protection Law (as defined below).
    2. The PP is an integral part of Cider’s terms of use which are available at ("TOU"), together with the PP, and the terms of use, the "Terms").
    3. This PP is in effect as of the date set forth below.
    4. Users are not under any legal obligation to submit Personal Data to Cider. However, in case User chooses not to submit Personal Data to Cider, User might not be able to use the Site, or certain parts thereof.
    5. By attempting to use or access, or by using or accessing the Site, User agrees to be bound by the Terms. If User does not agree with the Terms, User must not use or access the Site.
    6. The Company may from time to time modify this PP, therefore User should check back periodically. If User does not agree with the PP, as amended, User must stop using the Site. Any changed PP will be effective from the date it is posted on Cider's Site. If Cider makes any changes to this PP that materially affect Cider's practices with regard to the Personal Data Cider previously collected from User Cider will endeavor to provide User with notice in advance of such change via email. Cider will seek User's prior consent to any material changes, if and where this is required by Applicable Data Protection Laws. User is advised that if User does not terminate all use of the Site, User will be deemed to have accepted the PP, as amended.
    7. Any capitalized terms which are not defined herein shall have the meaning assigned to them in the Cider TOU.
    8. For the purposes of this PP “Applicable Data Protection Laws“ means (i) the General Data Protection Regulation (2016/679), including any subordinate or implementing legislation (“GDPR”); (ii) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq., including any subordinate or implementing legislation ("CCPA"), and/or (ii) Protection of Privacy Law 5741-1981 (Israel); and any rules or regulations that amend and/or replace any of the aforementioned Applicable Data Protection Laws.
  2. Personal Data collected by the Company.
    1. Information provided by User.
      Cider collects any data User provides Cider with, including but not limited to the following Personal Data:
      1. contact details (e.g. name, surname, email address);
      2. Any communication between User and Cider, e.g. emails, phone conversations, chat sessions (except as indicated differently by User on the Site).
      3. User hereby represents and warrants that in providing the Company with the above Personal Data(i) User fully complies with any applicable laws (including without limitation that User obtained and will continue to obtain the consents required by any applicable law); (ii) User will conspicuously display, maintain, and make accessible any privacy policy that complies with any applicable law.
    2. Data collected automatically.
      Cider automatically collects data when User visits, interacts with, or uses the Site, including but not limited to:
      1. Identifiers and information contained in cookies;
      2. User's settings preferences, backup information;
      3. Content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
      4. Network and connection information, such as the Internet protocol (IP) address and information about User's Internet service provider;
      5. Device information, such as browser type and version, operating system, or time zone setting; location of the device.
  3. Personal Data Collected By Third Parties.
    1. This PP does not apply to any products, services, websites, links or any other content that are offered by third parties on the Site. User is advised to check the applicable third party agreements, and/or other third party policies. Cider does not have any control over such third parties' privacy practices, or the technology used by such third parties in order to collect any personal data. Each User is advised to thoroughly review such third parties' privacy policies before making any use of such third party's products and services.
    2. Without derogating from the generality of the above, when clicking on certain social media links provided on the Site (e.g. Twitter, Facebook, LinkedIn, Instagram) User will be transferred to Cider's sites on such social media ("Social Media Sites"). It shall hereby be clarified that such Social Media Sites are governed by the terms of use and privacy policy of the respective social media and not by Cider.
  4. Cookies.
    1. To facilitate and customize the User's experience of the Site and to track User's use of the Site, Cider may utilize cookies and other industry standard technologies . A cookie is a small text file that is stored on a User's computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but User may be able to modify its browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Site may not work properly.
    2. By clicking on a link to a third-party website or service on the Site, a third party may also transmit cookies to User. This PP does not cover the use of cookies by any third parties, and Cider is not responsible for such third parties' privacy policies and practices
    3. Without derogating from the foregoing, please note that the Company may use analytic tools such as Google Analytics. Please click on www.google.com/policies/privacy/partners/ in order to find out how Google Analytics collects and processes data.
  5. The Company's Use of Personal Data.
    1. The Company processes User's Personal Data to operate, provide, and improve the Site, including but not limited to:
      1. contacting User by Cider and communicating with User with respect to the Site, e.g. by phone, email; responding inquiries from User;
      2. informing User about updates or offers;
      3. personalizing the Site, i.e. identifying User's interests and recommending offers that might be of interest to User;
      4. marketing and promoting the Site;
      5. providing assistance and support;
      6. fulfilling User requests; meeting contractual or legal obligations;
      7. protecting Users security, e.g. preventing and detecting fraud;
      8. internal purposes, e.g. trouble shooting, data analysis, testing and statistical purposes.
    2. Except as provided herein, Cider does not use any Personal Data other than as necessary to provide the Site, without obtaining User's prior consent.
    3. Cider may ask for User's consent to use User's Personal Data for a specific purpose which will be provided to User.
    4. In case User's Personal Data contains third party personal data, User represents and warrants that it has obtained any consent required under the PP to Cider's privacy practices set forth in the PP from such third party.
    5. The Company may ask for User's consent to use User's Personal Data for any use not specified herein.
    6. The Company uses anonymous, statistical or aggregated information, which may be based on Personal Data provided by User, for legitimate business purposes including for testing, development, control and operation of the Site.
  6. Sharing Data.
    1. The Company may be required to retain or disclose Personal Data, without notification, in order to:
      1. comply with applicable laws or regulations;
      2. comply with a court order, subpoena or other legal process;
      3. respond to a lawful request by a government authority, law enforcement agency or similar government body (whether situated in User's jurisdiction or elsewhere);
      4. engage with third-party service providers and/or sub-contractors which provide services for Cider's business operations, a list of which can be received upon request;
      5. disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes;
      6. Cider believes release is appropriate to comply with the law, enforce or apply Cider's terms and other agreements, or protect the rights, property, or security of Cider, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
      7. To verify the information obtained by Company;
      8. If Company believes that User's conduct on or in connection with the Site is inappropriate and inconsistent with generally accepted norms of behavior;
      9. In the event that Company, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, data may be one of the assets sold or merged in connection with such transaction. Personal Data may also be disclosed in connection with a commercial transaction where Company or any of its businesses are seeking financing, investment, and support or funding.
    2. When Company shares data with third parties, as specified above, Company makes reasonable efforts to require such recipients to agree to only use such Personal Data Cider shares with them in accordance  in accordance with this PP and Company's contractual specifications and for no other purpose than those determined by Company in line with this PP. However, it is clarified that Company is not liable for such third parties' use of the Personal Data.
  7. Direct Marketing and Advertisement.
    1. Cider may provide Users with direct marketing, as such term is defined in the Israeli Privacy Protection Law, 1981.
    2. Cider may also send Users advertisements, as such term is defined in the Israeli Media Law (Bezeq and Broadcasting), 1982.
    3. User can opt out of receiving these direct marketing and/or advertisements from Cider at any time by unsubscribing using the unsubscribe link within each communication, or emailing Cider at: hello@cidersecurity.io,  to have User's contact information removed from Cider's email list.
  8. Security
    1. Company has taken appropriate technical and organizational measures to protect information Company collects from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. User should be aware, however, that no data security measures can guarantee 100% security.
  9. Retention
    1. Cider will retain Users Personal Data for a period of time consistent with the original purpose of collection (see Section ‎5, “The Company’s Use Personal Data”). Cider determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of Users Personal Data processed, the potential risk of harm from unauthorized use or disclosure of Users Personal Data, and whether Cider can achieve the purposes of the processing through other means, as well as on the basis of Applicable Data Protection Law requirements (such as applicable minimum statutory retention requirements). After the expiration of the applicable retention periods, Cider will delete Users Personal Data. If there is any data that Cider are unable, for technical reasons, to delete entirely from Cider’s systems, Cider will put in place appropriate measures to prevent any further use of such data.
  10. Access to Information.
    1. .Depending on Applicable Data Protection Law, User  may be entitled to access User's data held by Company with respect to such User. User’s right of access can be exercised in accordance with the relevant data protection legislation. Any request for access may be subject to a fee to meet Company's costs in providing such User with details of the data the Company holds on User.
    2. .Company will take reasonable steps to verify User's identity before granting User access or enabling User to make corrections.
    3. .If at all, Company will retain Personal Information only for the time period needed for business purposes or as required by applicable law and will securely destroy such information thereafter.
  11. Users in the European Economic Area (EEA).
    1. Legal Basis for Processing of Personal Data. Company will only process User's Personal if it has one or more of the following legal bases for doing so:
      1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform Company's contractual obligations to User, to provide the Services, to respond to requests from User, or to provide User with customer support;
      2. Legitimate Interest: Company has a legitimate interest to process User's Personal Data;
      3. Legal Obligation: processing of User's Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
      4. Consent: processing of User's Personal Data with User's consent.
    2. User's Rights regarding Personal Data.
      1. Subject to applicable law, User has certain rights with respect to User's Personal Data, including the following:
        1. User may ask whether Company holds personal data about User and request copies of such Personal Data and information about how it is processed;
        2. User may request that inaccurate Personal Data is corrected;
        3. User may request the deletion of certain Personal Data;
        4. User may request Company to cease or restrict the processing of Personal Data where the processing is inappropriate;
        5. When User consents to processing User's Personal Data for a specified purpose by Company, User may withdraw User's consent at any time, and Company will stop any further processing of User's Personal Data for that purpose.
        6. In certain circumstances, Company may not be able to fully comply with User's request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, Company will still respond to notify User of such a decision.
      2. User can exercise User's rights of access, rectification, erasure, restriction, objection, and data portability by contacting Company at hello@cidersecurity.io. In some cases, Company may need User to provide Company with additional information, which may include Personal Data, if necessary to verify User's identity and the nature of User's request.
    3. Transfer of User's Personal Data outside of the EEA.
      1. Personal Data may be processed outside User's jurisdiction, and in countries that may not provide for the same level of data protection as User's jurisdiction. The Company ensures that the recipient of User's Personal Data offers an adequate level of protection, for example by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
      2. Company currently stores User data in Company's data centers located in the USA and in Israel.
      3. Without derogating from the generality of the foregoing, when transferring data from the EEA to Israel, Company relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA.
  12. Users in California, USA.
    To the the CCPA is applicable the following shall apply:
    1. The Company will only process Personal Data on User's behalf.
    2. The Company will (i) not collect, retain, use, or disclose Personal Data for any purpose other than for the specific purposes set out in the PP, or any other agreement between Company and User; (ii) not sell Personal Information (as defined under the CCPA); and (iii) put in place appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing or accidental destruction, loss or damage.
  13. International Storage.
    1. Each User is advised to be aware that Personal Data Cider collects may be transferred to, processed and stored outside User's jurisdiction, and that Applicable Data Protection Laws in the jurisdiction where the information is collected stored and/or processed may differ from User's jurisdiction. Each User hereby gives User's consent to this transfer, processing and storage of User's information outside its jurisdiction.
  14. Personal Data Of Children
    1. The Site is not intended for children. Children under 18 years of age, may use the Site only with the involvement of a parent or guardian.
  15. Questions Regarding Privacy at Cider?
    1. If User has any questions about this PP or Company's data practices in general, User may contact Company using the following information:
      Email: hello@cidersecurity.io

Last update: November 3, 2021.