XSIGHT LABS LTD.

WEBSITE PRIVACY AND COOKIE POLICY

December 16, 2020

This website is operated by Xsight Labs Ltd.

This Privacy Policy explains our privacy practices for processing Personal Data on our Website.

We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can review our full Privacy Policy below to understand how we collect and use your Personal Data. In it, we explain in the types of Personal Data we collect, how we collect it, what is legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what are your rights in relation to the Personal Data we collect.

Within the Privacy Policy you will find some specific examples of why and how we use your Personal Data.

Read this policy and make sure you fully understand our practices in relation to your Personal Data, before you access or use the Website. If you have read this Privacy Policy, and remain opposed to our practices, you must immediately leave this Website, and avoid or discontinue all use of the Website.  If you have further questions or concerns regarding this policy please contact us at: information@xsightlabs.com.

(All capitalized terms shall have the meanings as defined in the full Privacy Policy below).

FULL PRIVACY POLICY

Xsight Labs Ltd. (“Xsight”, “we”, “our” or “us”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”) to inform the Visitors of our Website (or “you”) of our policies and procedures regarding the collection, use and disclosure of information we receive when you use the Website.

(All capitalized terms shall have the meanings as defined in the Definitions section below).

1. Definitions:

 “GDPR” shall mean the General Data Protection Regulation (EU) 2016/679 as amended, replaced or superseded from time to time.

“Applicable Laws” shall mean the GDPR; European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to Xsight; and any other applicable privacy or other law to the extent applicable to Xsight.

“Personal Data” shall also have the meaning ascribed to it in the GDPR or the meaning of similar terms in other applicable laws. To put it simply, Personal Data means individually identifiable information, namely, information that identifies an individual or may with reasonable efforts cause the identification of an individual.

“Non-Personal Data” means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.

The term “Processing” shall have the meanings ascribed to it in the GDPR.

“Subprocessor” shall mean any entity appointed by us or by one of our subprocessors, to Process Personal Data on our behalf or on behalf of that subprocessor; excluding any employee of Xsight or of Xsight’ subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.

“Visitor” or “you” means visitors of our Website.

“Website” means our public website available at https://xsightlabs.com/ providing information regarding our products.

This Policy was originally written in English. If you are reading a translation and it conflicts with the English language version, please note that the English language version prevails.

2. When Does This Privacy Policy Apply

This Privacy Policy applies to Personal Data about you that we collect, use or otherwise process regarding your relationship with us as a Visitor of our Website.

This Privacy Policy does not apply to our products or Personal Data we collect through other means, which may have separate privacy policies that do not incorporate this Policy.

3. The Types Of Personal Data That We Collect
   • Personal Data That You Provide To Us
     • Information provided through the “Contact Us” form: While browsing our Website, if you wish us to contact you and provide more information regarding our products, you are required to provide us the following Personal Data: full name, email and phone number (“Contact Details”). You may choose to provide us additional Personal Data through the “free text” section in our contact form. Please do not provide further Personal Data than is required for us to contact you. Please do not provide a personal e-mail address.

• • The Personal Data That We Collect Or Generate
    • If you browse our Website, we may collect your Personal Data. This includes (by way of a non-exhaustive list) Personal Data provided through the use of “cookies”.
    • (For more information on our cookies and other means of tracking, please see Section ‎5 “Cookies” below). 

4. The Types Of Non Personal Data That We Collect

In addition to the categories of Personal Data described above, we will also collect and process further information that does not identify a specific individual in the following ways:

• • Information that your browser or device sends (“Log Data”). This may include, but is not limited to, non-identifying information regarding the type of your device (desktop/mobile), operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, etc.
  • We may use automated devices and applications to evaluate usage of our Website, which may be provided by third parties. We use these tools to help us improve our Website, performance and user experience. Such third parties may combine the information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies.
  • For more information, please see Section ‎9 “Sharing Information With Others” below.

5. Cookies

A cookie is a small data file stored on your browser or device. When you access or use our Website, Xsight uses “cookies” to keep track of the settings users have selected and actions they have taken on our Website. Cookies store certain information on the browser or hard drive of your computer and/or your mobile device (“Local Storage”) and allow us to improve Your user experience and other capabilities on our Website, monitor and analyze the performance of the Website, assist in operation and effectiveness of the Website, and ensure our Website is secure and safe to use.

• • What types of cookies do we use?
    • Necessary cookies
      • Necessary cookies allow us to offer you the best possible experience when accessing and navigating through our website and using its features. For example, these cookies let us recognize that you have created an account and have logged into that account to access the content.
    • Functionality cookies
      • Functionality cookies let us operate the site in accordance with the choices you make. For example, we will recognize your username and remember how you customized the site during future visits.
    • Analytical cookies
      • These cookies enable us and third-party services to collect aggregated data for statistical purposes on how our visitors use the website. These cookies do not contain personal information such as names and email addresses and are used to help us improve your user experience of the website.
  • How to delete cookies?
    • Most devices and browsers will allow you to erase cookies or block acceptance of cookies, or receive a warning before a cookie is stored. Please note that unless you block the acceptance of cookies, the Website will utilize cookies upon your use of the Website (unless it is required by Applicable Laws to provide a separate consent to use such cookies, and in which case We will use such cookies only after we receive your separate consent to such use and subject to your right to withdraw such consent at any time). For more information please see: https://www.allaboutcookies.org/.
    • If you want to restrict or block the cookies that are set by our website, you can do so through your browser setting. Alternatively, you can visit www.internetcookies.org, which contains comprehensive information on how to do this on a wide variety of browsers and devices. You will find general information about cookies and details on how to delete cookies from your device.
  • Contacting us
    • If you have any questions about this cookie policy or our use of cookies, please contact us at information@xsightlabs.com.

6. How We Use Personal Data (Purposes Of Processing)

Personal Data is used for the following primary purposes (as may be updated from time to time):

• • • to provide and operate the Website;
    • to monitor, study and analyze usage of the Website and its functionality;
    • to provide on-going customer assistance, technical support and maintain the Website;
    • to provide service announcements and notices, promotional messages and market the our products subject to applicable laws;
    • to enforce our Terms of Use, policies and other contractual arrangements and prevent misuse of the Website; and to comply with court orders and warrants and to take any action in any legal dispute and proceeding;
    • to better understand your needs, both on an aggregated or inferred basis; and on an individualized basis, in order to further develop, customize and improve our Website based on Visitors’ preferences, experiences and difficulties;
    • to communicate with you and contact you to obtain feedback from you regarding the Website;
    • to disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Website; and
    • as otherwise authorized by you.
  • We may use the business email address you provided us to contact you when necessary, including in order to send you reminders, offers and to provide you information about our services and products. At any time, you may choose (opt out) whether your Personal Data is to be used for sending such marketing materials which are not an essential part of the usage of the Website. You may exercise your choice by contacting us at:  information@xsightlabs.com.

7. How We Use Non Personal Data (Purposes Of Processing)

We use Non Personal Data to compile anonymous, statistical or aggregated information, for legitimate business purposes including for testing, development, improvement, control and operation of the Website. We may share such information with our third party providers who perform tasks on our behalf in connection with the Website.

• • Google Analytics. We use Google Analytics to collect information on your use of the Website to improve our Website. In order to collect this information, Google Analytics may set cookies on your browser, or read cookies that are already there. Google Analytics may also receive information about you from applications you have downloaded that partner with Google. We do not combine the information collected through the use of Google Analytics with Personal Data. Google’s ability to use and share information collected by Google Analytics about your visits to our Website or to another application which partners with Google is restricted by the Google Analytics Terms of Use and the Google Privacy Policy, available for review at https://policies.google.com/technologies/partner-sites. To prevent your data from being used by Google Analytics, you can download the Google Analytics opt-out browser add-on for Google Analytics which can be found at https://tools.google.com/dlpage/gaoptout.
  • From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our Website.

8. The Legal Basis For Use Of Personal Data

We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your Personal Data. In almost all cases the legal basis will be:

• • To provide the content of the Website to Visitors.
  • To fulfill a legitimate interest that we have as a business.
  • Because you contacted us and by doing so consented to us using the Personal Data for a particular purpose.
  • More information on the basis of processing:  
    • Processing the Personal Data is required for replying to your request for information about our products and services, for example: if you provide your details under “Contact Us” form, in order to inquire about our products, we will contact you and provide you the requested information.
    • Processing the Personal Data is required for fulfilling our or a third party’s legitimate interests, for example:  (1) we collect information about use of our Website in order to identify and prevent its abuse; (2) we may use Personal Data to maintain and improve our Website by identifying Visitor trends and technical issues.
    • You consent to the processing of Personal Data for one or more specific purposes, for example, to the extent that you consent, we will send you Marketing information about our products.
  • It is hereby clarified that the legal bases detailed above are the legal bases for actions to process Personal Data, carried out by us in accordance with the GDPR. If processing of Personal Data is subject to other applicable laws, then the legal basis for processing Personal Data may differ according to those applicable laws.

For more information, see Section ‎11 “Your Rights” below.

9. Sharing Information With Others

We may share your Personal Data with:

• • Service providers and other third parties, if necessary to fulfil the purposes for collecting and Processing the data, such as cloud vendors, hosting providers, subcontractors providing us Processing services, etc.
  • Our affiliates.
  • Companies that assist us in our marketing, advertising and promotional activities; and
  • Analytics and search engine providers that assist us in the improvement and optimisation of our Website and process Personal Data in the context of provision of analytical services to us.
  • A merger, acquisition or any other structural change may require us to transfer your Personal Data to another entity, provided that the receiving entity will comply with this Policy.
  • In response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements or valid court orders.
  • To establish, protect, or exercise our legal rights, as required to enforce our terms of service or other contracts; to defend against legal claims or demands; to detect, investigate, prevent, or take action against illegal activities, fraud, or situations involving potential threats to the rights.
  • To protect the rights, property or safety of Xsights Labs and our affiliates, our employees, customers, suppliers or other persons.

10. Transfer Of Data Outside Your Territory

We may store, process or maintain Personal Data in various sites worldwide, including through cloud based service providers worldwide.

We may process your Personal Data in any country in which we do business, currently mainly the member states of the EU, Israel (a country declared by the EU Commission as an adequate country) or the US. If we shall transfer the Personal Data of an EU resident outside of Israel or the EU we shall comply with Applicable Laws in relation to such transfer.

To the extent that the laws in your jurisdiction require consent for the transfer of Personal Data outside your jurisdiction, by using our Website and providing us your Personal Data, you consent to such transfer.

11. Your Rights

In all of the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. At any time, you may contact us at: information@xsightlabs.com and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the data that you request to access.

When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid phishing and/or disclosure to you of Personal Data related to others.

We may redact from the data which we will make available to you, any Personal Data related to others, if applicable.

Note to our Data Subjects in the EU: We hereby inform Visitors from the EU (in this section “You”, “Your”), of the following rights (by virtue of the GDPR) with respect to the Processing of your Personal Data: ·           Right to rectification: if the Personal Data Processed by us is incorrect, incomplete or not Processed in compliance with Applicable Law or this Privacy Policy, You may have the right to have your Personal Data rectified. ·           Right to erasure: under certain conditions, You may be entitled to require that we delete your Personal Data (e.g. if the continued Processing of a specific data is not justified or if the lawful basis for Processing is consent). ·           Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data controllers (i.e. to ask us to transfer your Personal Data to another entity). ·           Right to object: where that lawful basis for Processing Your Personal Data is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and You may have a right to object to such Processing. ·           Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such processing at any time. You may contact us at information@xsightlabs.com. ·           The right to restrict Processing – under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation. ·           Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of Your jurisdiction. If you are a Data Subject in another jurisdiction – other rights may apply and not all of the rights mentioned above may be applicable to you. To exercise these rights, where applicable, please contact us as detailed in Section ‎17 “Contact Us” of this Policy.

12. Data Security

We take the safeguarding of the Personal and Non Personal Data very seriously, and use a variety of industry standard systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Website will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Website and protection of our Visitors’ privacy.

You should take steps to protect against unauthorized access to your device by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private.

If you receive an e-mail asking you to update your information with respect to the Website, do not reply and please contact us at information@xsightlabs.com.

13. Data Retention

We retain different types of information for different periods, depending on the purposes for processing the data. We may retain Personal Data for as long as necessary in order to support our legitimate business purposes, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax issues.

We may store aggregated Non Personal Data without time limit. In any case, as long as you use the Website, we will keep information about you, unless we are legally required to delete it, or to the extent applicable under Applicable Law – if you exercise your rights to delete the information.

14. Our Policy Toward Children

Our Website is not meant to be used by or for persons under 18, as such, we do not knowingly collect Personal Data from minors younger than 18. Insofar as Personal Data may be collected based on your consent, the data subject must be above the age of 18. If these age requirements are not met, you are required not to use the Website.

15. Do Not Track

We do not support Do Not Track (DNT). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked. You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

16. Changes To This Privacy Policy

We may change the terms of this Privacy Policy from time to time by posting notice on our Website, with a seven (7) day advance notice. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances.

If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.

Your continued use of the Website following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Website.

17. Contact Us

For further information about this Policy, please contact us at information@xsightlabs.com.

If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.

Copyright © 2017-2021, Xsight Labs Ltd. All rights reserved.

Last Updated: December 16, 2020