- who access and use our website (respectively “Website” and “Visitors”);
- users who have installed and are interacting with our mobile application (including its web interface) as part of using our product, the Reflect orb device (respectively “App”, “users” and “Product” – all together “Services”);
Each of the Visitors and Users, shall also be referred to herein as “you”.
WHO WE ARE
Reflect Innovation ltd
DATA CONTROLLER FOR GDPR PURPOSES
Under the European General Data Protection Regulation (”GDPR”), we are the Data Controller of our direct Customers’ Personal Data, the visitors of the Website and certain types of User’s Personal Data.
COLLECTION OF NON-PERSONAL DATA
We may collect aggregated, non-personal and non-identifiable information which may be made available or gathered via your use of our website or App (“Non-Personal Data“). We are not aware of the identity of the individual from which the Non-Personal Data is collected.
Also, we may sometimes process and anonymize or aggregate personal data and identifiable information in a manner that shall create a new set of data that will be Non-Personal Data. Such a new data set can no longer be associated with any identified person.
Non-Personal Data may be used by us without limitation and for any purpose, including for commercial, research, or statistical purposes, without further notice to you.
COLLECTION OF PERSONAL DATA
During your use of the Website or the App and the Product, we will collect individually identifiable information, namely information that identifies an individual or may with reasonable effort be used to identify an individual (“Personal Data” or “Personal Information” as defined under applicable law). This may include online identifiers, name, emails, etc., subject to applicable law.
If we combine Personal Data with Non-Personal Data, we will treat the combined data as Personal Data.
PROCESSING OF PERSONAL DATA – PURPOSES AND LAWFUL BASIS
We have included in the table below information about which data is processed, how we process and use your data and the lawful basis for which we do so subject to the GDPR.
|Type of Data||Purpose of Processing||Lawful Basis|
|As part of becoming a User and Using the Product and the App:|
|If you are or wish to buy the Product, become a user of the Services, you will be required to provide us with certain information such as:Identification and contact data: Full name, Email address, Username and password, etc.Account data: Name, Email, Age, Gender (including non-binary, etc.).Transaction and Reservation data: your address and method of payment detailes;Gender data.GSR and ECG signals are collected through the Product.Usage data – date and time of use, for how long, number of sessions, etc.Geo-location authorization for the use of BLE.|
Other data related to your health status and the reasons led you to use our Services.
|We will use this data to designate your App account and allow you to use the Product and the App supporting its operation.We will use your transaction and Reservation data to allow you to order the product and ship it to you. Your credit card data shall be always kept confidential undethe relevant regulation.Also, your email address will be used to send you needed information related to our App (e.g., notify you regarding any updates to our App, etc.) and promotional and marketing emails.Also, we will use this data to adjust the Product, Services and App for your needs and optimize your benefit from its use.|
As explained, we will obtain geo-location authorization for using your BLE connectivity for connecting the Product and the App.
We also may use this data for upgrading and developing our Services.
|Our lawful basis under the GDPR for collecting most of this information is initialy the performance of a contract (i.e., providing you the Services as per your request). You credit card data and shipment information are also being collected for completing your order and fulfilling the Contract between us.When we will use your contact info for contacting you with marketing offers, we will do so as part of our legitimate interests.When we use your data for upgrading and improving the Services, we will do that under our legitimate interest, after minimizing our use of your identification data and keeping it confidential and secured.|
|When and if you will contact us with any inquiry or request|
|If you voluntarily contact us in any manner, whether for support, to submit a request or for other inquiries, whether by sending us an email or through other means of communications, e.g., any online form available on the Website, you may be asked to provide us with your contact information such as your full name, email address and country.||We will use this data and our contact history solely to respond to your inquiries and provide you with the support or information you have requested. We will retain our correspondence with you for as long as needed, subject to applicable law.||The lawful basis for processing your information will be the contract between you and us, meaning we will use the data for addressing your requests and inquiries.After completing any such request, we will retain your information as part of our business records under our legitimate interest.Some of our Services’ data might be processed under our legal obligation, such as safety requirements.|
|Online identifiers and other Technical Data|
|When you access our website or interact with our App, we may collect certain online identifiers, including your IP address, Advertising ID, and IDFA.We may also collect technical Non-Personal Data transmitted from your device (e.g., actions in the Website or App, your browser type, language used, type of operating system, type of device, etc.) and approximate geographical location (country).*** please see the following paragraph regarding Cookie usage||We use this data for our legitimate interests of (i) operating, providing, maintaining, protecting, managing, customizing, and improving the Website and how we offer it; (ii) enhancing your experience; (iii) auditing and tracking usage statistics and traffic flow; (iv) protecting the security of the Website, as well as our and third parties’ rights (subject to applicable law requirements); and (v) advertising purposes||Such processing is part of our legitimate interests as a commercial business.If we use third-party cookies on the Website or collect online identifiers, we will obtain your consent if required under applicable law.|
|Recruitment Data if you apply for any position in our Company|
|Suppose you apply for any position in our Company through the Website or elsewhere. In that case, we may collect information regarding your job status, education, CV, requested salary, and other information to be collected as part of any recruitment process.||We will use such information for the recruitment process for checking your suitability for job opportunities in our Company. Also, we may keep it afterward as part of our business records.||The lawful basis for such processing will be the contract between us – we process your data as per your application to a position within our Company.After the recruitment process, we may keep your information under our legitimate interests as part of our ongoing business records and for future protection from any potential legal suit.|
|Subscribing to our Newsletter list or Product’s waiting list|
|Email, Name, Country||We will use that information for adding you to the Product’s waiting list and providing you with news and information regarding the Product and our Services.||We will do that under your Consent as provided in the Website while subscribing to the newsletter list or waitin list. You can always withdraw your consent by contacting us as detailed hereunder.|
- Essential Cookies – which are necessary for the site to work properly (usually appears under our name/cookie tag);
- Functional Cookies – designated to save your settings on the site – your language preference or other view preferences (also, under our name/cookie tag);
- Session Cookies – used to support the Website’s functionality – such Cookies are stored only temporarily during a browsing session and are deleted from your device when you close the browser.
- Targeting Cookies – these cookies are used to collect information from you to help us improve our products and services and serve you with targeted advertisements that we believe will be relevant to you (e.g., Google’s Cookies).
- Email activity tracking – through desiognated Cookies and tools while we use our email delivery services, e.g. Mailchimp;
- Social networks Cookies – Social Plug-In Cookies (e.g., Facebook, Twitter, LinkedIn Cookies, or pixels, etc.) enable sharing your usage information with your social network’s accounts.
- Analytics Cookies – give us aggregated and statistical information to improve the Website and System and further developing it e.g., Google analytics, Google Firebase Crashlytics, etc.
- Third-party services used by us – for example, an external service supporting our career and recruiting options through the Website (e.g., Comeet or Workday), or an external service which allows us to screen short videos on our Website (e.g., YouTube or Vimeo).
Also note, that Cookies data is usually collected through third-party services, like Google, Facebook, etc. In those cases, your Personal Data might be transferred to those third parties, which might use it, as a “joint controller” of the data, meaning that the data is also “owned” and processed by them under their terms and conditions. Under those terms and conditions and the direct accounts or subscriptions you have with those third parties, your Personal Data might be linked to other data collected by the relevant third party and processed in its systems, for its purposes, and under its management. For example, suppose you have a Facebook account, the Personal Data collected through Facebook’s Cookies in Our Website might be linked to other data Facebook collects and might be used by Facebook per the independent agreements between you and Facebook.
What Are Your Choices Regarding Cookies?
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages might not display properly.
For the Chrome web browser, please visit this page from Google
For the Internet Explorer web browser, please visit this page from Microsoft
For the Firefox web browser, please visit this page from Mozilla
For the Safari web browser, please visit this page from Apple
For any other web browser, please visit your web browser’s official web pages.
Where Can You Find More Information About Cookies?
You can learn more about cookies and the following third-party websites:
- All About Cookies: http://www.allaboutcookies.org/
- Network Advertising Initiative http://www.networkadvertising.org/
SHARING DATA WITH THIRD PARTIES
We donotshare anyPersonal Datacollected from you with third parties or any of our partners except in the following events:
- Legal Requirement:We will share your information in this situation only if we are required to do so to comply with any applicable law, regulation, legal process, or governmental request (e.g., to comply with a court injunction, comply with tax authorities, etc.);
- Policy Enforcement: We will share your information, solely to the extent needed to (i) enforce our policies and agreements; or (ii) to investigate any potential violations thereof, including without limitations, detect, prevent, or take action regarding illegal activities or other wrongdoings, suspected fraud or security issues;
- Company’s Rights: We will share your information to establish or exercise our rights, to prevent harm to our rights, property, or safety, and to defend ourselves against legal claims when necessary, subject to applicable law;
- Third Party Rights: We will share your information, solely to the extent needed to prevent harm to the rights of our users, yourself, or any third party’s rights, property, or safety;
- Business Purpose – we may disclose your personal information to a third party for a business purpose, as detailed above.
- Service Providers – we share your information with third parties that perform services on our behalf (e.g. customer service, tracking, servers, service functionality, marketing, and support, etc.) these third parties may be located in different jurisdictions.
- Authorized Disclosures – we may disclose your information to third parties when you consent to a particular disclosure. Please note that once we share your information with another company, that information becomes subject to the other company’s privacy practices.
YOUR DATA SUBJECTS’ RIGHTS UNDER PRIVACY PROTECTION LAWS
Under EU law, EU residents and individuals have certain rights to apply to us to provide information or make amendments to how we process data relating to them. Those rights might include:
- right to access your Personal Data – you can ask us to confirm whether or not we have and use your Personal Data, and if so, you can ask for a copy of your data;
- right to correct your Personal Data – you can ask us to correct any of your Personal Data that is incorrect, after verifying the accuracy of the data first;
- right to erase your Personal Data – you can ask us to erase your Personal Data if you think we no longer need to use it for the purpose we collected it from you. You can also ask for such erasure in any case in which the process of your data was based on your consent, or where we have used it unlawfully, or where we are subject to a legal obligation to erase your Personal Data. any request for such erasure will be subject to our obligations under the law (e.g., our obligation to keep some records for tax or customs purposes);
- right to restrict our use in your Personal Data – you can ask us to restrict our use of your Personal Data in certain circumstances;
- right to object to how we use your Personal Data – you can object to any use of your Personal Data which we have justified by our legitimate interest if you believe your fundamental rights and freedoms to data protection outweigh our legitimate interest in using the information;
- you can always require us to refrain from using your data for direct marketing purposes, or withdraw any Consent you have provided us with, if you wish to do so;
- you can ask us to transfer your information to another organization or provide you with a copy of your Personal Data (Portability Right).
We may not always be able to do what you have asked. Also, not all those rights apply in every jurisdiction. Yet, we encourage you to contact us with any such request, and we will be happy to assist you. To exercise these options, please contact us at firstname.lastname@example.org.
AT ANY TIME, CONTACT US ATHELLO@MEETREFLECT.COMIF YOU WANT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF YOUR PERSONAL INFORMATION. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
You have the right to lodge a complaint at any time before the relevant supervisory authority for data protection issues. However, we will appreciate the chance to deal with your concerns before you approach the authorities, so please feel free to contact us in the first instance.
Unless you instruct us otherwise and subject to applicable laws, we retain the information we collect for as long as needed to provide our services and to comply with our legal obligations, resolve disputes and enforce our agreements if applicable. We may keep some of your Personal Data as a user of our Services for more extended periods for protecting our legal interests or under any safety or other legal requirements. We usually maintain your information as long as you will hold an Account or use the Services. If you want us to delete the data we no longer need our legal obligations and internal records (e.g., transactional data for products you have purchased from us), you can always terminate your Account.
Marketing data and other data collected under your Consent, shall be retained until you will ask us to delete it, or until it will no longer serve the purpose for which it was collected for initially.
Please note that where we act as a Processor on behalf of an account owner, the retention periods are under the sole discretion of the account owner, as the Data Controller.
We use physical, technical, and administrative security measures for the services that we believe comply with applicable laws and industry standards to prevent your information from being accessed without the proper authorization, improperly used or disclosed, unlawfully destructed or accidentally lost.
However, unfortunately, the transmission of information via the internet and online data processing cannot be 100% secure. As such, although we will do our best to protect your Personal Data, we cannot guarantee the security of data transmitted via the Website, App or Product and any transmission of your data shall be done at your own risk.
DATA PROCESSING LOCATION
We may store or process your Personal Data in a variety of countries, including the United States.
Any transfer of data that originates in the European Union (“EU”) to a country outside of the European Economic Area (EEA), shall be made in compliance with the provisions of chapter 5 of the GDPR, e.g.:
- transfer to a country that is recognized as providing an adequate level of legal protection;
- transfer under a proper agreement containing the Standard Contractual Clauses published and authorized by the relevant EU authorities;
- where we can be satisfied that alternative arrangements are in place to protect your privacy rights through the use of any other mechanism under the GDPR.
It is important to note that we are headquartered in Israel, a country that the European Data Protection Board considers offering an adequate level of Personal Data protection regulation.
LINKS TO OTHER SITES
Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy notice of every Website you visit.
Our App, Website and Product are not directed, nor are they intended for use by children (the phrase “child” shall mean an individual that is under age defined by applicable law which concerning the European Economic Area (“EEA“) is under the age of 16 and with respect to the U.S.A, under the age of 13) and we do not knowingly process a child’s information. We will discard any information that we receive from a user who is considered a “child” immediately upon our discovery that such a user shared information. Please contact us if you have reason to believe that a child has shared any information with us.
EFFECTIVE AS OF: NOVEMBER 2021