Privacy Policy

1. About Us

Privacy Labs (“we”, “us”, “our”, or “Company” and correlating terms) specializes in data protection and privacy compliance for SMBs in North America and Europe, according to the needs of each business. Privacy Labs focuses on helping and mitigating business needs concerning data protection compliance aspects for businesses to keep mandatory requirements up to date, improving the value of their business, amplifying the trustworthiness of their clients, avoiding unnecessary enforcement, and gaining the essential awareness to deal with data breach incidents.

2. About this Privacy Policy

This privacy policy (“Privacy Policy”) is designed to describe our data collection and processing practices and to give you information about how we treat your personal data from our website visitors (“visitors”, “users”, “data Subject” or “you”) access and engage with us, through our website available at: https://www.privacy-lab.io or any subdomain or website that links to this Privacy Policy, (the “Site” or “Website”). This Policy forms part of your agreement with us, when you access our website or otherwise engage with any of the services, features or forms that we may make available to you from time to time through the Site or other hosting websites (each individually, or jointly with the Site, the “Services”).

We have created this Privacy Policy to demonstrate our commitment to our Site user’s right to privacy. Your use of the Site requires submitting Personal Data (as defined below), but only if you voluntarily choose to provide us with such Personal Data. Our Site is available to relevant users, and certain functionalities may require registration and submission of certain Personal Data, as described in this Privacy Policy. We will retain your Personal Data you choose to provide us through your use of the Site and Services in accordance with this Privacy Policy.

This Privacy Policy was designed with the EU General Data Protection Regulation (GDPR) and the e-Privacy directive. However, given the country of your residency, other rules may apply to your Personal Data (see defined below “Applicable Privacy Laws”). If you are a resident of California, we advise you to refer to the CCPA Privacy notice below.

Please read the Privacy Policy carefully to ensure you understand it and agree with its terms before using the Site & Services. You have no legal requirement to provide us your Personal Data. We collect, process and retain your Personal Information only if you choose to access and engage with our Website and in accordance with this privacy policy. You can always avoid providing us certain Personal Data, however, you acknowledge that it may prevent us from providing you certain Services, or use our Site. If you do not agree with any of the terms provided in this Privacy Policy, and the choices we provide do not mitigate your concerns, please do not access or use our Services and avoid accessing and using our Website.

3. Your Consent

By using our Website and our Services and uploading Personal Data to the Website or through our Services, you hereby represent, acknowledge and provide your informed consent to the following: (i) the Personal Data is yours or if it related to a third party you have the legal right to provide us with it, and that it is complete, accurate and true; (ii) the Personal Data you provide will be stored in our database(s) (including our affiliates when applicable), and will be processed by us (including, third parties acting on our behalf as specified further below).

We use appropriate technical and organizational measures to protect your Personal Data while using our Services. If you have any questions concerning your Personal Data including the accuracy of your Data, please contact our data protection personnel at: [email protected]

4. Preliminary Notes

Not for minors – If you are under the age of 18, do not use the Services, unless your parent or legal guardian are doing so on your behalf. If not, you are requested to not use our Services.

Binding Agreement – This Privacy Policy constitutes an integral part of our Terms & Conditions (“T&C”) available at: T&C and unless explicitly mentioned otherwise in another agreement with you, is part of our legal engagement.

Content – Our Site does not contain inappropriate content. Nevertheless, we use appropriate technical and organizational measures to ensure the protection and retention of data subjects.

Changes and updates to this Privacy Policy – We reserve the right to modify or update this Privacy Policy, reflect changes in our Site services, data processing practices, or conform to a regulatory requirement. Such changes will be effective immediately upon the display of the revised Privacy Policy. The last revision date will be reflected in the “Last Updated” heading. If we make material changes to this Privacy Policy, we will do our best to notify you by email or through a notice on our website.

5. Key Definitions

Applicable Privacy Laws means the General Data Protection Regulation (EU) 2016/679 (GDPR); European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to our Company’s operation and our Services; and any other applicable privacy or other law to the extent applicable to our operation, including CPPA means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq, to the extent applicable.

CPPA means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. seq.

Personal Data refers to information about a living individual, which means that they can be identified (a) from that data, or (b) from that data and any other information which is, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular person or could in the future, come into the possession of the data controller, and as provided in this Privacy Policy below.

Data Controller refers to the person, organisation, public authority, agency, or other body who, either alone or with others, determines the purposes for which and the manner in which any Personal Data is to be processed, and defines the controls required for such processing.

Data Processor refers to any person or organisation (other than an employee of the Data Controller) who undertakes the processing of Personal Data on behalf of the Data Controller.

Processing refers to any operation which is performed upon or applied to personal data, whether undertaken manually or by automated means, including its acquisition, organisation, storage, retrieval, consultation, amendment, availability, disclosure, erasure, or destruction.

Data Subject refers to an individual who is the subject of Personal Data.

Data Subject Consent refers to the Data Subject’s approval or agreement for an activity to take place, having considered the benefits and risks of the activity. For consent to be valid, the data subject needs to be informed, have the capacity and knowledge to decide, and to have given their consent voluntarily. Specific requirements need to be met in connection with the consent which is given by Children, including validating parental consent and the age of the Child.

Supervisory Authority refers to: (a) the national data protection authority of each EEA country, responsible for enforcing GDPR within their own nation b) any similar regulatory authority responsible for the enforcement of Data Protection Laws and Regulations outside of Europe; or (c) In Israel, the Israeli Privacy Protection Authority and the Israeli Database Registrar. The Supervisory Authority is also the reporting point for data breach notifications, for conducting investigations.

6. Data Controller

Under using our Site, Privacy Labs is your Data Controller. If you have any questions, concerns, complaints, or comments regarding our data practices, please get in touch with us: [email protected].

7. Our Processing Objectives

The objectives of this policy are to ensure that we shall remain compliant with Personal Data international legislation; to ensure that we are correctly undertaking the activities and implementing the controls required by international law; to ensure that Data Subjects’ rights are increasingly protected in light of the nature of the Data; to ensure that any Personal Data transferring is based on the appropriate contractual measures; to ensure that any transfer or sharing of Personal Data with third parties (and in particular third parties outside the EEA) is done following data transfer mechanisms and under the provisions of Chapter V of GDPR.

8. Policy Scope: Personal Data we collect & Purposes of Processing

While using our Website and Services, we will need to collect and process your Personal Data. As you use the browse and interact with our Website and related Services, we collect the following Personal Data directly from you and/or automatically generate it as you use our Website:

(a) Contact details: We may process your contact details (such as name, email address, or phone number) in case you submitted those to us when opening an account with us, when subscribing to our mailing list or when reaching out to our support services, as further described below.

(b) Filling our intake form: If you voluntarily fill out our intake form in order to receive our compliance templates, you will be asked to provide us with some of your business details, including email and address.

Purpose: We will need your details in order to send you a filled privacy policy form. We will not use your details to send you information not related to this purpose, which subject to your consent.

Retention: We will retain your information for as long as you did not explicitly ask us to delete it or if we learn that it was unlawfully collected , and provided that no exemption is applied according to applicable law. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law and helpful for the service to function properly. We apply data retention rules to abide by data minimization principles.

(c) Website and technical information: details of your visits to our Website and information collected through the cookies we use (see blow details on our cookies policy) and other tracking technologies, including, but not limited to, your Internet protocol (IP) address and domain name, traffic data, location data, the type of device used to connect to the Website (PC or mobile) and country which requests information web logs, Information about your visit and usage, through and from our Website – traffic data, location data, weblogs and other communication data and information provided when requesting downloads; Information that you provide to us when using our Services, or that is generated during the use of those services (including the timing, frequency and pattern of service use);and other communication data on to the resources that you access.

(d) Video consultation call: If you voluntarily wish to consult with us. We offer video consultation meetings. For that purpose, we may need several of your details.

Purpose: We will need your details in order to enable our video consultation call. We will not use your details to send you information not related to this purpose, which subject to your consent.

Retention: We will retain your information for as long as you did not explicitly ask us to delete it or if we learn that it was unlawfully collected and provided that no exemption is applied according to applicable law. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law and helpful for the service to function properly. We apply data retention rules to abide by data minimization principles.

(e) Purchasing our services: If you wish to purchase our services, you will be asked to provide your contact and billing information, in order to process your purchase. Please note that depending on the Service you choose, your Payment Information will be collected by our third-party payment processors.

Purpose: We use the information to process your order, to deliver the Service you ordered, to manage your purchase and the license key as per your selected type of subscription, and to protect the access to your account and purchased Product licenses. We also use this information based on your consent. In case there will be an issue with your order, one of our representatives will use the contact details you submitted in order to reach you by email or phone.

(f) Any other Personal Data that you choose to send to us;

Any Personal Data collected and processed to provide our Services in the Site, including the Chloe Demo, will be made in complete transparency, under lawful means, and only to deliver our services. We will only use and process your Personal Data for the Purposes it was collected for or a reasonably compatible purpose if necessary. For more information on this please email us at [email protected]. In case we need to use your details for an unrelated new purpose we will let you know and explain the legal grounds for processing. We may process your Personal Data without your knowledge or consent where this is required by law, and to the extent required.

Our Privacy Policy is applicable to: All our activities which relate to the Processing Personal Data under our Website and Services of Privacy Labs; All ways in which Personal Data is acquired, received, collected, and processed, stored, amended, disclosed, and erased by us under our Services. This shall include Personal Data Processed by third parties concerning using our Site; All ways to provide you access to our Site; To enable Site hosting; To enable Site delivery; Your data subjects rights under GDPR if you are an EEA or UK residents or under any other applicable privacy law in other locations; Your consumer rights under CCPA if you are California resident; Communication of this Privacy Policy to all our employees, vendors, inside the EEA and outside the EEA; Each communication with a third party, ensuring it will rely on a data protection agreement. If data transferring occurs outside the EAA area, then, in addition, appropriate Standard Contractual Clauses will be applied; Each transferring of data outside the EEA, ensures that it will be subject to data transferring mechanism assessments (TIA).

9. Use of Cookies and Cookies Policy

To collect Personal Information on our Sits’ visitors and users, we use cookies and other tracking technologies to collect statistical data on our Website’s usage and functionality, to improve your user experience, for research, to analyze and compile information received from all our users, for modelling structure or to decide on certain changes in connection with your use of our services and/or Website, for marketing and commercial purposes as well as for data security.

Cookies are small pieces of text sent by your browser to your device. Cookies can be persistent (cookies that remain on your device for a set a minimal period of time or until you delete them) or session (cookies that are deleted as soon as you close your browser). When you use our Website and related Services, we and our third-party providers may place a number of cookies on your device.

10. A Notice for EEA Residents

If you are and EEA resident, certain rights concerning your Personal Data may be available to you. Please contact us at [email protected] with your detailed request and sufficient information to allow us to verify you and your request, and we will process your verifiable request within the timeframe indicated in the applicable regulation. Please note, that when handling these requests, we may ask for additional information from you.

If you are a Visitor of the Websites, some of the following rights would not apply to you, but you may choose to exercise your rights by refusing certain types of cookies, deleting cookies or setting your browser to refuse cookies, to begin with:

Right of access: You may ask us to access any Personal Data held about you.
Right to rectification: You have the right to ask us to correct the information we hold about you.
Right to erasure: You may ask us to delete your information or to stop using it. We can only do this when possible, and as allowed by applicable laws. Sometimes we need your information to complete a transaction based on an action you made, comply with the law or to simply provide you with the Products and the Services.
Right to the restriction of processing: You may ask us to temporarily cease the processing of your Personal Data, or, for a specific purpose or function. Please note that this too, might cause us to not be able to provide you with the Products and Services or part thereof.
Objection to processing: You may request us to stop processing your Personal Data. Similar exceptions as mentioned above will apply to such a case as well.
Right to data portability: You may contact us to request an export of your Personal Data in a reusable format, or to directly transfer such data to another vendor offering related services.
Right to withdraw consent: Where you have given us your consent to use your information for a specific purpose, you may, at any time, decide to withdraw your consent and we will then stop using your information for that purpose, under the exceptions listed above.
Right to lodge a complaint: If You live in a country where the EU GDPR applies (e.g. the EU, EEA or UK), you may lodge a complaint with the authority responsible for protecting Personal Data in your country of residence, if you believe that your rights have not been respected by us. In such a case, you are welcome to reach out to us first so we will be able to help you with such a matter, at: [email protected].

You have the right to lodge a complaint to a data protection authority about our collection and use of your Personal Information. Please contact your local data protection authority via the contact methods available here to learn more. However, if you have any questions about our collection and use of your Personal Information, please first contact us at [email protected].

11. A notice to CCPA/CPRA Residents:

This section applies to California residents and outlines your rights and choices with respect to Privacy Labsprocessing of your Personal Data under the CCPA.

To learn more about the Personal Data we collect, including the specific Personal Data categories collected, sources of collection, our purposes for collection, and the categories of service providers with whom we share Personal Data, please see the headlines above.

We do not sell Personal Data for business or commercial purposes.

Consumer Rights

The CCPA grants California consumers specific rights in connection with the Personal Data collected by businesses, as described below:

Right to know about the personal information Privacy Labs collected, shared, or sold including the categories of personal information, the categories of sources from which the personal information is collected, the business or commercial purpose for collecting, selling, or sharing personal information, the categories of third parties to whom the business discloses personal information, and the specific pieces of personal information the business has collected about the consumer. You may request that we disclose the categories of personal information (personal information is the term for PII under the CCPA/CPRA) we collected, shared, sold, or disclosed in the past 12 months.
Right to request the deletion of personal information: You may request the deletion of personal information at any time. This can be done via your account within the Applications. This right does not include any information we are required by applicable law to retain (for example, transaction data).
Right to correct inaccurate data: You may request Privacy Labs to rectify inaccurate personal information that we maintain about you.
Right to opt-out of the sale of personal information: Privacy Labs is not in the business of selling, renting, or disclosing personal information to third parties for their direct marketing goals. We will only disclose personal information to third party marketers upon your request.
Right to Non-Discrimination: Privacy Labs shall not discriminate against you when you decide to exercise any of the rights above

To exercise any of the CCPA/CPRA rights above, don’t hesitate to contact us by emailing [email protected]. We will fulfill your request within 45 days of receiving your request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state, or local law, regulatory inquiries, subpoenas, or our ability to defend against legal claims. We will verify your request using your email address. If you’ve created an account with us, we will also verify your request using the information associated with your account, including billing information.

Note that we cannot respond to your request if we cannot verify your identity and confirm the Personal Data related to you. Making a verifiable consumer request does not require you to create an account with us. If you wish to use an authorized agent to submit a request to opt-out on your behalf, you must provide the authorized agent with written permission signed by you. We may deny a request from an authorized agent if the agent cannot provide to us your signed authorization demonstrating that they have been authorized to act on your behalf.

12. What Are the Lawful Grounds for Processing Your Data?

Privacy Labs only processes Personal Data relying on your consent (Art 6 (1)(a)) and for the purposes set out in this Privacy Policy. We may also rely (in exceptional circumstances) on legal obligations (Art 6 (1)(c)) or legitimate interest (Art 6 (1)(f)).

For our use of Cookies in our Website and our Cookies Policy, please see below.

13. Disclosures of Your Personal Data to Third Parties.

We may share your Personal Information as described below: (a)

(a) Service providers: we share Personal Information with our trusted service providers and sub-contractors including technical, IT, hosting (including cloud base computing services), logistical or administrative services providers and, accountants, consults, insurers, and customer care service providers, as well as other outsourcing services required to provide our services and operate our Website and certain functionalities, for the purposes stated in this privacy policy or upon your request.

(b) Analytics: If you are a User and visiting our websiteswebsSites, we may use analytics services to help us understand how Users interact with our Site and Services.

(c) Payment: When you choose to purchase one or more of our products, we may use payment processing services carrying strict security standards.

(d) Advertisement: Some of our third-party services may collect non-identifiable information about your interaction with the our sitesSite. Such information may be used by such third parties for serving and displaying ads and offers of the Site and/or content and services offered via the Site when you browse other websites across the web (“Retargeting”). You will have the choice to opt-out at any time of such type of advertising, directly from the Ad when you encounter it, from the ad setting of the providing third party services, or by following our opt-out instructions, whichthat are available in our cookie policy.

(e) Video meeting calls: When you choose to scheduled a call, we may use third party services that provide this service.

(f) Official authorities: We may need to disclose Personal Information in response to lawful requests by public authorities or law enforcement officials, law enforcement requirements.

(g) Legal requirements: To the extent required or authorized by law, if we think it is necessary to comply with the law or if we need to do so to protect or defend our legal rights, or the rights of others (including to investigate and protect our users from fraudulent or unlawful use of the Website), we will share your Personal Information with third parties requiring information for legal reasons or third party investigators, authorities, regulators or law enforcement bodies.

14. How we protect your Personal Data?

We have implemented appropriate technical, organizational and security measures designed to protect Personal Data and prevent unauthorized access to data. We use, among other things, encryption mechanisms and other protections to maintain confidentiality, privacy and prevent unauthorized interruption into our data base(s) and Personal Data and review these mechanisms from time to time. However, as the security of information depends in part on the security of the devices or network that you, us or third party use, we cannot guarantee that all communications and Personal Data will be 100% safe at all times, but we will make efforts to ensure the appropriate level of protection.

15. How we retain your data?

We will only retain your Personal Data for as long as necessary to fulfill the purposes we collected it for, including to satisfy any legal, accounting, or reporting requirements, exercise or defend our legal rights. In some circumstances, we may anonymize your Personal Data for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

16. International Transfers

If you are a resident of the EEA, it is possible, occasionally, that your data will be transferred outside the EEA, to third parties who can improve our Services. We are subject to the provisions of the GDPR that protect your Personal Data. We will ensure that certain safeguards are in place to provide a similar degree of security for your Personal Data. Each transfer of data outside the EEA, such as to Israel where our offices are based, will be subjected to the Commission Implementing Decision (EU) 2021/915 given on 4 June 2021 (hereinafter: “SCC” and/or “Standard Contractual Clauses”), such that

When transferring personal information outside the EEA, we will usually:

in accordance with Article 46.2 of the GDPR, include the Standard Contractual Clauses approved by the European Commission for transferring Personal Data outside the EEA into our contracts with third parties; or

in accordance with Article 45 of the GDPR, ensure that the country in which your Personal Information will be handled (such as the State of Israel, where our company is based) has been deemed “adequate” by the European Commission.

In any case, our transfer, storage, and handling of your Personal Data will continue to be governed by this Privacy Policy.

If no safeguards are available, we may request your explicit consent to the specific transfer. You will have the right to withdraw this consent at any time.

17. Does this privacy policy apply to third party links?

During your visit to our Website you may access links to or other websites operated by third parties outside the Company. Please note that this privacy policy only applies to the Personal Data that we (or third parties on our behalf) collect from or about you and we cannot be responsible for personal information collected and stored by third parties. Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third-party websites or third-party terms and conditions or policies.

18. Contact Us

If you are not satisfied with any aspect of how we collect and use your data, you have the right to complain to the relevant supervisory authority for data protection issues. We would be grateful if you would contact us first [email protected]. If you do have a complaint we can try to resolve it for you.