XSIGHT LABS LTD.

WEBSITE PRIVACY POLICY

September, 2024

This website is operated by Xsight Labs Ltd.

This Privacy Policy explains our privacy practices for processing Personal Data on our Website.

We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can review our full Privacy Policy below to understand how we collect and use your Personal Data. In it, we explain in the types of Personal Data we collect, how we collect it, what is legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what are your rights in relation to the Personal Data we collect.

Within the Privacy Policy you will find some specific examples of why and how we use your Personal Data.

Read this policy and make sure you fully understand our practices in relation to your Personal Data, before you access or use the Website. If you have read this Privacy Policy, and remain opposed to our practices, you must immediately leave this Website, and avoid or discontinue all use of the Website. If you have further questions or concerns regarding this policy please contact us at: information@xsightlabs.com.

(All capitalized terms shall have the meanings as defined in the full Privacy Policy below).

FULL PRIVACY POLICY

Xsight Labs Ltd. (“Xsight”, “we, our” or “us”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”) to inform the Visitors of our Website (or “you”) of our policies and procedures regarding the collection, use and disclosure of information we receive when you use the Website, and how you control the data processing.

(All capitalized terms shall have the meanings as defined in the Definitions section below).

  1. The Basics:

  1. 1.1. Who We Are

    1. 1.1.1. We offer information about us and our cloud infrastructure products and related services through our Website. Our offices are located at Leshem 1, Kiryat Gat, Israel (Headquarters), and as further described in our “Contact Us” page, and our registration number is 515598738.

    2. 1.1.2. If you have questions about our company or your privacy, or want to exercise your rights, you can contact us at information@xsightlabs.com.

  2. 1.2. Our Role: Controller and Processor

    Certain data protection laws, including the laws in the EU, differentiate between a party that determines why and how personal data is processed (called a “controller”) and a party that processes personal data solely on the controller’s behalf and according to the controller’s instructions (called a “processor”). We are the controller in respect of the processing described in this Privacy Policy (as well as our Cookie Policy).

  1. Definitions:

GDPR” shall mean the General Data Protection Regulation (EU) 2016/679 as amended, replaced or superseded from time to time.

Applicable Laws” shall mean the GDPR; European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to Xsight; and any other applicable privacy or other law to the extent applicable to Xsight.

Personal Data” shall also have the meaning ascribed to it in the GDPR or the meaning of similar terms in other applicable laws. To put it simply, Personal Data means individually identifiable information, namely, information that identifies an individual or may with reasonable efforts cause the identification of an individual, including unique identifiers like IP addresses or cookie IDs.

The term “Processing” shall have the meanings ascribed to it in the GDPR.

Subprocessor” shall mean any entity appointed by us or by one of our subprocessors, to Process Personal Data on our behalf or on behalf of that subprocessor; excluding any employee of Xsight or of Xsight’ subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.

Visitor” or “you” means visitors of our Website.

Website” means our public website available at https://xsightlabs.com/ providing information regarding our products.

This Policy was originally written in English. If you are reading a translation and it conflicts with the English language version, please note that the English language version prevails.

This Privacy Policy is meant to be read together with our Terms and Conditions of Sale, which you can find at https://xsightlabs.com/terms-conditions/ and our Cookie Policy, which you can find at https://xsightlabs.com/cookie-policy. In general, we recommend that you routinely review this privacy policy and your preferences on our Website.

A Note on Legal Bases. Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU’s General Data Protection Regulation (“GDPR”), the possible legal bases include (but are not limited): your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.

  1. Personal Data We Collect, How We Use It, and Why

  1. Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don’t provide us with certain information, we may not be able to provide you with the associated services.

  2. 1.1. Website Visitors. When you visit our site, we may collect the following types of data about you.

    1. 1.1.1. Contact Form Information – When you send us a message through the contact form on our site, we collect any data you provide, such as your name, company, email, and the content of your message.

      How We Use this Data: To respond to your message.

      Legal Basis: We process this personal data based on the performance of a contract with you.

    2. 1.1.2. Activity and System Data (Cookies) – When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, browsing history (e.g. the other sites you’ve visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see our Cookies Policy, available at: https://xsightlabs.com/cookie-policy.

      How We Use this Data: We may use this data to generate aggregated analytics data about the use of our site so we can maintain and improve the site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our site. One of the tools we use to collect and analyze this data is “Google Analytics”. For more information about how Google collects information and how you can control such use, see: www.google.com/policies/privacy/partners/.

      Legal Basis: We process this personal data based on our legitimate interests to develop and improve our products and services.

  1. Sharing the Personal Data We Collect With Others

We share your personal data as follows:

1. Affiliates. We share your personal data with our affiliated companies, where this is necessary to provide you with our products and services and so that we can manage our business, such as to keep updated records of our users.

2. Service Providers. Below is a list of the types of service providers we use, the service each provides, and the types of data shared with each. All service providers have agreed to confidentiality restrictions and have undertaken to use your personal data solely as we direct.

Type of Service Description Personal Data Shared
Cloud Computing We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs, including your personal data. All personal data that we collect from you is stored on third-party servers.
Customer Relationship Management (CRM) We use an external CRM tool to help us keep track of our customers and information related to them, including their personal data. Your name, company, position, email address, and phone number.
Bookkeeping Services We use the services of a third-party bookkeeping service to manage our financial transactions and records. Your name, age, marital status, position in the company, address, and bank account information.
Analytics Providers We use a service provider to assist us with analytics services. Data collected automatically through our site, including IP addresses and cookie information.

3. Change of Ownership. If we are looking to sell our company, liquidate assets, or merge with another, we may share your personal data with other interested parties as part of negotiations toward that transaction or in connection with the transaction. In such a case, or where we do sell our company, your personal data shall continue to be subject to the provisions of this Privacy Policy.

4. Law Enforcement Related Disclosure. We may share your personal data with government agencies or other relevant parties, such as a law office or independent auditor: (i) if we believe that such disclosure is appropriate to protect our rights, property, or safety (including the enforcement of the Terms and this Privacy Policy) or those of a third party; (ii) if required by law or court order; or (iii) as is necessary to comply with any legal and/or regulatory obligations, such as audit requirements.

  1. Transfer Of Data Outside Your Territory

  • Our affiliates and some of our service providers are located in countries other than your own. When we transfer your personal data internationally, we will do so safely and securely and in accordance with applicable law.

  • 1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area (“EEA“), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Policy, and make sure that your data protection rights are protected. We will also implement the following safeguards:

    1. 1. When we transfer your personal data to Israel, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection.

      2. Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.

      3. Please contact us at information@xsightlabs.com if you would like further information on the specific mechanism used by us when transferring your Personal Data out of the EEA.

  1. Your Rights

In all of the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. At any time, you may contact us at: information@xsightlabs.com and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the data that you request to access.

When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid phishing and/or disclosure to you of Personal Data related to others.

 

We may redact from the data which we will make available to you, any Personal Data related to others, if applicable.

  1. Your Rights – How to Control Our Use of Your Personal Data

Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at information@xsightlabs.com. We may ask for reasonable evidence to verify your identity before we can comply with any request.

    1. 1.2. Right of Access. You may have a right to know what personal data we collect about you. We may charge you with a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to GDPR or Section 13 of the Israeli Privacy Protection Law, 1981.

    2. 1.3. Right to Correct Personal Data. You may request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR or Section 14 of the Israeli Privacy Protection Law, 1981.

    3. 1.4. Deletion of Personal Data (“Right to Be Forgotten”). If you are located in the EU, or in some cases if your personal data is processed in a database together with data subject to the GDPR, you may have the right to request that we delete your personal data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your personal data is subject to GDPR.

    4. 1.5. Right to Restrict Processing. If you are located in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details, if your personal data is subject to GDPR.

    5. 1.6. Right to Data Portability. If you are located in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to GDPR.

    6. 1.7. Right to Object. If you are located in the EU, you may have the right object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to GDPR.

    7. 1.8. Withdrawal of Consent. If we are processing your data based on your consent, you are always free to withdraw your consent, however, this won’t affect processing we have done from before you withdrew your consent.

    8. 1.9. Right to Lodge a Complaint with Your Local Data Protection Authority. If you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.

To exercise these rights, where applicable, please contact us as detailed in Section ‎13 “Contact Us” of this Policy.

  1. Data Security

We take the safeguarding of your data very seriously, and use a variety of industry standard systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Website will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Website and protection of our Visitors’ privacy.

The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:

  1. 1. Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections. We encrypt data in transit using secure SSL/TLS protocols.

  2. 2. Access Control. We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee’s access immediately after his/her termination.

  3. 3. Internal Policies. We maintain and regularly review and update our privacy related and information security policies.

  4. 4. Personnel. We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.

Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.

You should take steps to protect against unauthorized access to your device by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.

If you receive an e-mail asking you to update your information with respect to the Website, do not reply and please contact us at information@xsightlabs.com.

  1. Data Retention

We retain different types of information for different periods, depending on the purposes for processing the data. We retain your personal data as long as necessary to fulfill each of the purposes we described above.

When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business’s retention policy. Generally, we retain information about persons who contacted us for up to 12 months.

In some circumstances, we may store your personal data even after we’re finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.

Please contact us at information@xsightlabs.com if you would like details about the retention periods for each type of personal data we process.

  1. Our Policy Toward Children

Our Website is not meant to be used by or for persons under 18, as such, we do not knowingly collect Personal Data from minors younger than 18. Insofar as Personal Data may be collected based on your consent, the data subject must be above the age of 18. If these age requirements are not met, you are required not to use the Website.

  1. Do Not Track

We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

  1. ADDITIONAL INFORMATION FOR CALIFORNIA USERS

The California Consumer Privacy Act or “CCPA” (California Civil Code Section 1798.100 et seq.) requires us to disclose to California residents who use our Website (“California users”) how we collect, share, and store personal information about California users, as well as the rights they have with respect to that information.

For the purposes of this clause 16, “Personal Information” means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, or as otherwise may be defined by applicable law.

Depending on your usage, we collect different types of information and we and any of our third-party sub-contractors and service providers use the information we collect for different purposes, as specified below. It is your voluntary decision whether to provide us with certain Personal Information, but if you refuse to provide such Personal Information, we may not be able to register you and/or provide you with the Website or part thereof.

Categories of Personal Information We Collect. In the past twelve months, we have collected the following Personal Information from users of our Website who are using the Website. This Personal Information is used for the purposes described herein.

  • Contact Information. If you contact us, we collect certain identifiers directly from you, such as your your name, company, email, and the content of your message.
  • Device/Network Information. When you use the Website, we automatically collect data about your computer or mobile device, including Personal Information such as your IP address, device ID, browsing history (e.g. the other sites you’ve visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on).
  1. How We Share Your Personal Information.
  • Sharing for Business Purposes. In the past 12 months, we have disclosed the following categories of Personal Information for the following business or purpose in the preceding 12 months: we have shared your personal identifiers and internet or other electronic network activity with data analytics providers, operating systems, and other third parties that assist us in providing you with the Website, including providing us with IT and system administration services, data backup, security, and storage services, and providing data analytics services, and to help us serve advertisements and provide other marketing services, as well as with our affiliates as necessary to provide you with services.
  • Additional Sharing Activities.
    • Affiliates. We share information, including your Personal Information, with our affiliated companies, Xsight Labs Inc. where this is necessary to provide you with the Website, and for the purpose of management of our business.
    • Business Transfers: Your Personal Information may be disclosed as part of, or during negotiations of, any merger, sale of company assets or acquisition (including in cases of liquidation). In such a case, your Personal Information shall continue being subject to the provisions of this CA Supplement.
    • Law Enforcement Related Disclosure: We may share your Personal Information with third parties: (i) if we believe in good faith that such disclosure is appropriate to protect our or a third party’s rights, property or safety (including the enforcement of this Privacy Policy and our Terms and Conditions of Sale, which you can find at https://xsightlabs.com/terms-conditions/); (ii) when required by law, regulation subpoena, court order or other law enforcement related issues, agencies and/or authorities; or (iii) as is necessary to comply with any legal and/or regulatory obligation.

The CCPA also requires us to communicate information about rights California users have to request access to their Personal Information, to request deletion of their Personal Information, to request additional details about our information practices, to request to opt out of the “sale” of their Personal Information, if applicable, and to not be discriminated against for exercising such rights.

Your options in regard to the Personal Information we collect about you are described below.

  1. Your Rights:
  1. Right to Know and Access. You have the right to request that we disclose to you any or all of the following in respect of the 12-month period preceding your request:
    • The specific Personal Information we have collected about you.
    • The categories of Personal Information we have collected about you.
    • The categories of sources from which we collected the Personal Information about you.
    • The categories of third parties to whom we disclose Personal Information about you.
    • The categories of Personal Information about you we have sold and the categories of third parties to whom we have sold such Personal Information.
    • The categories of Personal Information about you we have disclosed for a business purpose and the categories of third parties to whom we have disclosed such Personal Information.
    • Our business or commercial purpose(s) for collecting or selling your Personal Information.
  2. Right to Delete. Subject to certain exceptions, you have the right to request that we and any of our service providers delete your Personal Information. Please note that we may retain certain information as required or permitted by applicable law.
  3. Right to Correct. If you find that any of the data we’ve collected about you is inaccurate, you have the right to correct such information.
  4. Right to Opt-Out of the Sale of Personal Information. You have the right to direct us to not sell your Personal Information at any time. You may change your mind and opt back into the sale of your Personal Information at any time by contacting us at the address above. We may deny any request to opt-out of the sale of Personal Information that we deem in our good-faith, reasonable and documented belief is fraudulent.
  5. Right to Non-Discrimination for Exercising your Consumer Privacy Rights. You have the right not to be discriminated against for exercising any of your consumer privacy rights, such as not being denied any goods or services or charged different prices or rates.
  6. Right to Limit our Use of Your Personal Information. To the extent we collect any sensitive Personal Information about you, you have the right to instruct us to limit our use of such Personal Information only to for the purpose of providing you with our services and certain business operation purposes.
  1. How to Exercise your California Privacy Right

Contact Information. To exercise any of the rights detailed above, please submit a verifiable request to us by contacting us at information@xsightlabs.com. You may only request to exercise your right of access twice within a 12-month period.

Submitting a Verifiable Request: In order to exercise your right to know or right to delete, you must submit a request containing sufficient information that allows us to reasonably verify you are the person about whom we collected the applicable Personal Information or an authorized agent of such person, which may include details relating to your account. Any requests made through your password-protected account will be verified through our existing authentication procedures for such account.

Submitting Requests through an Authorized Agent: An authorized agent may exercise requests on your behalf. In order to exercise your right to know or right to delete through an agent, we may ask for reasonable evidence to verify your identity and the agent’s identity, and written authorization permitting the agent to act on your behalf before complying with your request. In order to submit a request to opt-out of the sale of your Personal Information through an agent, we may ask for written authorization permitting the authorized agent to act on your behalf before complying with your request. We reserve the right to deny the request of any agent that does not provide proof that they have been authorized to act on behalf of the applicable consumer in accordance with applicable law.

Retention: We retain your Personal Information as long as necessary to fulfill each of the purposes we described above. When deciding how long to store Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized access, the purposes for which the Personal Information was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business’s retention policy.

Do Not Sell My Info: As described above, we may provide Personal Information for the purpose of connecting you with providers to discuss services that you may be interested in for yourself or for a Resident and to our partners and other third parties. We give you the option to opt out of such sharing at any time by following the “Do Not Sell My Personal Information” link. The link is also available on our Website.

California’s Shine the Light law also permits residents of California to request certain details about how their information is shared with third parties for direct marketing purposes. Under the law, a business must either provide this information or permit California residents to opt in to, or opt out of, this type of sharing. To opt out of having information about you shared with third parties for direct marketing purposes, please email us at information@xsightlabs.com.

  1. Changes To This Privacy Policy

We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances.

If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.

Your continued use of the Website following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Website.

  1. Contact Us

For further information about this Policy, please contact us at information@xsightlabs.com.

If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.

Copyright © 2017-2024, Xsight Labs Ltd. All rights reserved.

Last Updated: September, 2024