Privacy Policy
Your privacy matters to us. This policy explains how we handle your information when you use our financial records services.
At Srontave Xispello, we take your privacy seriously. This document outlines how we collect, use, store, and protect your personal information in accordance with Israeli privacy laws, including the Protection of Privacy Law, 5741-1981, and related regulations.
We understand that financial information is sensitive. That's why we've built our practices around transparency and security. When you work with us, you deserve to know exactly what happens with your data.
Privacy Officer Contact:
Yarden Tabak
Louis Marshall St 25, Tel Aviv-Yafo, Israel
+972524483919
Information We Collect
The type of information we collect depends on how you interact with our services. We only gather what's necessary to provide financial record management and educational services effectively.
| Category | Information Type | Collection Method | Purpose |
|---|---|---|---|
| Personal Identifiers | Name, email address, phone number, mailing address | Forms, account registration, direct communication | Service delivery, communication, account management |
| Financial Information | Transaction records, account balances, payment methods | Uploaded documents, client-provided data | Financial record analysis, reporting, educational purposes |
| Business Details | Company name, business ID, tax information | Client intake forms, verification documents | Regulatory compliance, service customization |
| Technical Data | IP address, browser type, device information, usage patterns | Automated collection via website analytics | Website improvement, security monitoring |
| Communication Records | Email correspondence, chat logs, support tickets | Email systems, contact forms, support channels | Service quality, record keeping, support provision |
When Information Collection Occurs
- Initial Consultation: When you reach out for information about our services, we collect basic contact details to respond appropriately.
- Account Setup: Creating an account requires verification information and contact preferences.
- Service Usage: As you use our platform, we collect data about your interactions to improve functionality.
- Document Uploads: Financial documents you share contain sensitive information we process according to your instructions.
- Educational Enrollment: Learning programs require additional information for course administration and certification.
How We Use Your Information
We process your information for specific, legitimate purposes. Here's what we do with the data we collect.
Service Delivery
Providing financial record management, analysis, and reporting services as requested by clients.
Communication
Sending service updates, responding to inquiries, and providing customer support when needed.
Platform Improvement
Analyzing usage patterns to enhance our website functionality and user experience.
Security Measures
Monitoring for suspicious activity, preventing fraud, and maintaining system integrity.
Legal Compliance
Meeting Israeli regulatory requirements and maintaining necessary business records.
Educational Services
Administering learning programs, tracking progress, and issuing certifications where applicable.
Marketing Communications: We may send you information about new services or educational opportunities. You can opt out of marketing emails at any time using the unsubscribe link in each message. Service-related communications cannot be opted out of while you remain a client.
Data Sharing and Third Parties
We don't sell your information. Period. But we do work with trusted partners who help us deliver our services. Here's who might access your data and why.
Service Providers We Work With
- Cloud Storage Providers: Secure hosting services that store encrypted client data with strict access controls.
- Email Services: Communication platforms that enable us to send messages and notifications to clients.
- Payment Processors: Financial institutions handling transaction processing for service payments.
- Analytics Tools: Website analytics services that help us understand how visitors use our platform.
- Security Vendors: Cybersecurity services providing threat detection and system monitoring.
All third-party providers sign confidentiality agreements and are required to maintain data protection standards equivalent to our own. They can only use your information for the specific purposes we authorize.
Situations Requiring Disclosure
We may disclose information when legally required or when necessary to protect our rights. This includes responding to court orders, law enforcement requests, or defending against legal claims. We'll notify you of such disclosures when legally permitted.
Your Privacy Rights Under Israeli Law
Israeli privacy legislation grants you specific rights regarding your personal information. You control your data, and we're here to help you exercise these rights.
- Access Rights: You can request copies of the personal information we hold about you, including details about how we collected it and who we've shared it with.
- Correction Rights: If information we hold is inaccurate or incomplete, you can request corrections. We'll update our records promptly.
- Deletion Rights: You can request deletion of your personal information, subject to legal retention requirements and legitimate business needs.
- Objection Rights: You can object to certain processing activities, particularly for marketing purposes or automated decision-making.
- Data Portability: Where technically feasible, you can request your data in a commonly used, machine-readable format.
- Restriction Rights: You can request that we limit how we process your information while we resolve any disputes about accuracy or processing purposes.
How to Exercise Your Rights
Submit a Request
Contact our Privacy Officer via email or phone with details about your request. Include your full name and the email address associated with your account.
Identity Verification
We'll verify your identity to protect against unauthorized access. This typically involves confirming details from your account or providing identification.
Request Processing
We'll process your request within 30 days. Complex requests may take longer, but we'll keep you informed about our progress.
Response Delivery
You'll receive a response detailing the action we've taken or explaining any limitations that apply to your request.
Important Note: Some rights are not absolute. We may need to retain certain information for legal compliance, contract fulfillment, or legitimate business purposes. We'll explain any limitations when responding to your request.
Data Security Measures
Protecting financial information requires multiple layers of security. We've implemented technical and organizational measures to safeguard your data from unauthorized access, disclosure, or loss.
Technical Protections
- Encryption: All data transmissions use TLS 1.3 encryption. Stored data is encrypted at rest using industry-standard algorithms.
- Access Controls: Role-based access restrictions ensure employees only see information necessary for their job functions.
- Authentication: Multi-factor authentication protects account access, requiring multiple verification steps for sensitive actions.
- Network Security: Firewalls, intrusion detection systems, and regular vulnerability assessments protect our infrastructure.
- Backup Systems: Regular encrypted backups ensure data can be recovered in case of system failure or disaster.
Organizational Safeguards
- Staff Training: All employees receive privacy and security training before accessing client information.
- Confidentiality Agreements: Everyone with access to client data signs binding confidentiality agreements.
- Regular Audits: We conduct quarterly security audits and annual penetration testing to identify vulnerabilities.
- Incident Response: A documented plan ensures rapid response to any security incidents or data breaches.
- Vendor Management: Third-party providers undergo security assessments before accessing any client data.
Data Breach Notification: In the unlikely event of a data breach affecting your personal information, we'll notify you within 72 hours as required by Israeli law. The notification will explain what happened, what information was affected, and what steps we're taking to address the situation.
Data Retention and Deletion
We don't keep your information longer than necessary. But sometimes "necessary" extends beyond active service use due to legal or business requirements.
Retention Periods by Category
| Information Type | Retention Period | Reason for Retention |
|---|---|---|
| Financial Records | 7 years from service completion | Israeli tax law requirements |
| Contract Documents | 7 years from contract end | Legal limitation periods |
| Account Information | Duration of service plus 2 years | Customer service and dispute resolution |
| Marketing Consent | Until withdrawal or 3 years of inactivity | Permission tracking and compliance |
| Website Analytics | 26 months | Trend analysis and improvement planning |
| Support Communications | 3 years from last contact | Service quality and training purposes |
Once retention periods expire, we securely delete information using methods that prevent recovery. This includes overwriting digital files multiple times and physically destroying any paper records.
Early Deletion Requests
You can request deletion before retention periods expire. We'll evaluate each request based on legal obligations and legitimate business needs. If we must retain certain information, we'll explain why and minimize the data we keep.
Cookies and Tracking Technologies
Our website uses cookies and similar technologies to function properly and provide a better experience. Some are essential, while others help us understand how people use the site.
Types of Cookies We Use
- Essential Cookies: Required for basic site functionality like security features and access to member areas. You can't disable these without affecting how the site works.
- Functional Cookies: Remember your preferences and settings to personalize your experience on return visits.
- Analytics Cookies: Help us understand visitor behavior, popular content, and areas needing improvement. We use aggregated data that doesn't identify individuals.
- Performance Cookies: Monitor site performance and load times to ensure smooth operation across different devices and connections.
You can control cookie settings through your browser preferences. Most browsers allow you to refuse cookies or delete existing ones. Be aware that blocking certain cookies may affect site functionality and your user experience.
International Data Considerations
While we primarily operate in Israel, some service providers we use are based in other countries. This means your information might be processed outside Israel's borders.
When data leaves Israel, we ensure adequate protection through contractual safeguards, requiring foreign processors to maintain security standards equivalent to Israeli law. We only work with providers in countries recognized as having adequate data protection frameworks.
Data Transfer Protections: All international data transfers are covered by Standard Contractual Clauses approved by relevant authorities. These contracts impose strict obligations on foreign processors and give you enforceable rights regarding your data.
Children's Privacy
Our services are designed for adults and business entities. We don't knowingly collect information from individuals under 18 years old without parental consent.
If you believe a minor has provided us with personal information, please contact our Privacy Officer immediately. We'll investigate and delete such information promptly if found.
Educational programs may occasionally accept participants aged 16-18 with documented parental consent. In these cases, we apply additional protections and limit data collection to what's strictly necessary for course administration.
Changes to This Policy
Privacy practices evolve with technology and legal requirements. We review this policy regularly and update it when necessary to reflect changes in our operations or legal obligations.
When we make significant changes, we'll notify you by email or through a prominent notice on our website at least 30 days before the changes take effect. Continuing to use our services after changes become effective means you accept the updated terms.
Minor updates that don't materially affect your rights may be made without notice. We recommend reviewing this policy periodically to stay informed about how we protect your information.
Automated Decision-Making
We don't use automated systems to make decisions that significantly affect you without human oversight. Any algorithms or automated processes we employ serve advisory purposes only, with final decisions made by qualified professionals.
If we ever implement automated decision-making that could impact your services or rights, we'll notify you in advance and explain how the system works. You'll have the right to request human review of any automated decisions.