We, at Pryvaxy Ltd. (the “Company”, “we”, “us”, or “our”) are committed to protecting your personal information and your right to privacy. Through our advanced technology solutions, we enable venues to analyze visitor behavior in a secure manner, using privacy-by-design principles to prevent unlawful behaviors.
As a matter of policy, we employ different levels of data collection based on device connectivity status to ensure minimal or no collection of personal data from our customer’s venue visitors. For devices not connected to our customers’ networks, we process only limited technical data, as elaborated below. For devices that connect to our customers’ networks, we may process additional data directly and exclusively collected by our customers in accordance with their policies and applicable privacy laws.
This privacy policy (the “Privacy Policy”) describes how we collect or process information from and about our customers' venue visitors, how we use it, and what rights are there in relation to it.
By using or subscribing to our Services, browsing our website, you agree to this Privacy Policy in addition to any other agreements we might have with you. In the event that such agreements contain terms that conflict with this Privacy Policy, the terms of those agreements will prevail. This Privacy Policy does not govern the practices of entities that our Company does not own or control, including the venues where our Services are deployed, or entities that do not own or control our company or people that our Company does not employ or manage.
This Privacy Policy applies to all information collected through our (a) application or cloud based services, and/or (b) any related services and any other platform by which we may choose to provide our services (we refer to them collectively in this Privacy Policy as the “Services”).
Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal information with us.
PRIVACY BY DESIGN
We have implemented 'privacy by design' principles as a fundamental approach to protecting personal information through our Services. This means privacy safeguards are proactively built into our technology architecture and business practices from the ground up. Our commitment to privacy by design is demonstrated through the following measures:
Default Privacy Protection: We adhere to strict data minimization principles, collecting and processing only the personal data that is essential to provide our services. Our systems are configured with privacy-protective default settings that minimize data collection to only what is necessary for our Services to function.
Proactive Data Minimization: We collect and retain personal information only where there is a lawful basis and purpose and we regularly review and delete unnecessary data.
End-to-End Security: We employ industry-standard encryption and security protocols throughout the data lifecycle - from collection through processing, storage and eventual deletion.
Transparency: We maintain clear documentation of our data practices.
Regular Assessments: We conduct periodic privacy impact assessments to identify and address potential privacy risks in our systems and processes.
These privacy-protective measures are continuously reviewed and enhanced to ensure we maintain the highest standards of data protection across our Services.
WHAT INFORMATION DO WE COLLECT?
Personal information customers and/or prospects disclose to us
We collect personal information that our customers or prospects voluntarily provide to us when registering to the Services, when contacting us through the Services, expressing an interest in obtaining information about us or our products and services, when we correspond with you as a customer or prospective customer or otherwise contacting us.
The personal information we collect from customers and prospects can include the following:
Your full name, phone number, email address and physical address.
All personal information that you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
Personal information we may collect or process about venue visitors
Data collected with respect to devices near our customers networks may include:
MAC address and Signal strength from Wi-Fi capable devices that come within the proximity of those networks.
Information about other Wi-Fi networks in the proximity of our customers networks.
Device operating system (OS) details via MAC address analysis.
Device ESSID settings (network name).
Signal strength (to network devices of our customers networks, such as access points) can help us estimate the location of those devices in the venue of our customers. The MAC address assists us to determine the device type. None of the data above can be used to determine further information about the device owner.
For devices connected to our customer's network, we will not directly collect any personal data from such devices. We may be provided with and process the following additional categories of information about venue visitors connected to our customer's network, through our Services based on our customers' policies and applicable privacy laws, while adhering to data minimization principles and collecting only what is necessary to provide our services:
Device Data that may include device name, device OS, device type and manufacturer information.
Network Activity Data that may include Data Transfer Metrics (such as Data rates, volumes (bytes transmitted/received, and protocol usage) and Network Protocols (such as Encryption methods, VLAN/ESSID configurations, and protocol types).
All collected data is anonymized using industry standard cryptographic techniques (including pseudonymization and hashing) before being saved to our databases.
All data listed above is collected and/or processed solely for the purposes of venue security, threat detection, and operational optimization, collecting only the minimum personal data necessary to provide these services. We also regularly assess and document our legitimate interest justifications to ensure that all data processing activities remain necessary, proportionate, and in compliance with applicable data protection and retention laws.
HOW DO WE USE YOUR INFORMATION?
We process personal information directly collected via our Services for the lawful bases and business purposes specifically described below. These lawful bases are, depending on the specific case, as listed below: our legitimate interests (the “Legitimate Interests”), in order to enter into or perform a contract with you (“Contractual”), with your consent (“Consent”), and/or for compliance with our legal obligations (“Legal Reasons”). We indicate the specific processing grounds we rely on next to each purpose listed below.
We process the data we collect or receive from our customers, prospect and website visitors:
To facilitate account creation and login process with your Consent.
To send administrative information to you for Legitimate Interests, Legal Reasons and/or possibly Contractual resons. We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
To protect our Services for Legitimate Interests and/or Legal Reasons. We may use your information as part of our efforts to keep our Services safe and secure (for example, for data breach monitoring and prevention).
To enforce our terms, conditions and policies for Legitimate Interests, Legal Reasons and/or Contractual reasons.
To respond to legal requests and prevent harm for Legal Reasons. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
We process customers’ venue visitors personal data we receive from our customers related to customers' venue visitors connected to our customers' networks:
Based on consent our customer's visitors have given to our customers and/or based on our customers' policies and applicable privacy laws (for example, when visitors connect to the our customer's venue WiFi network and accept its terms), only for the purpose of detecting and preventing unlawful behaviors at our customers' venues.
We process personal data we directly collect from customer's venue visitors not connected to our customer's networks:
Based on our and our customers’ Legitimate Interest in ensuring venue security and preventing unlawful or suspicious activities under Article 6(1)(f) of the European General Data Protection Regulations (“GDPR”) and the provisions of the CCPA. When relying on Legitimate Interest as legal basis, we have conducted and documented a legitimate interest assessment which demonstrates that:
The processing serves a real and present legitimate interest in protecting venue security and preventing criminal activities;
The processing of this data is necessary as no less intrusive means are available to effectively detect and prevent security threats in real-time, in compliance with the data minimization principle; and
We have implemented appropriate safeguards to ensure the impact on visitors’ privacy rights remains proportionate, including:
Limited scope of data collection to what is strictly necessary
Implementation of privacy-protective measures like data minimization and encryption
Regular deletion of data that is no longer needed
Clear information provided to visitors about the processing
Ability for visitors to exercise their privacy rights
WILL YOUR INFORMATION BE SHARED WITH ANYONE?
We only share and disclose your information in the following situations:
Processing on Behalf of our Customers: If we are directly collecting your personal information behalf of our customers, we will share this personal information with our applicable customer and it will be subject to their privacy policy.
Compliance with Laws. We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process, such as in response to a court order or a subpoena (including in response to public authorities to meet national security or law enforcement requirements).
Vital Interests and Legal Rights. We may disclose your information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, our customers' policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
Vendors, Consultants and Other Third-Party Service Providers. We may share your data with third party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work, only where such data transfer is legally allowed. Examples may include: data analysis, email delivery, database management services, customer service and marketing efforts. We may integrate with third-party platforms to manage support operations, including services such as knowledge base systems, technical support services, ticketing systems, and customer support chat. These third parties may process personal information strictly on our behalf and under agreements that ensure compliance with applicable privacy and data protection laws. Personal data shared for support purposes is used solely for addressing customer requests and improving service operations. We may allow selected third parties to use certain technologies on the Services, which will enable them to collect data about how our customers or website visitors use the Services over time. This information may be used to, among other things, analyze and track data, determine the use of certain content and better understand online activity. Unless described in this Privacy Policy, we do not share, sell, transfer, rent or trade any of your information with third parties for their promotional purposes.
Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
Affiliates. We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries or other companies that we control or that are under common control with us.
IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?
Our servers may be located in remote cloud environment located outside of your territory of residence. In addition, please be aware that your information may be transferred to, stored, and processed by us in any other country in which our Company or agents or contractors maintain facilities, and by using our Services, you consent to any such transfer of information outside of your country.
The Company is committed to subjecting all personal information received from European Union (EU) member countries, in reliance on the Standard Contractual Clauses Framework’s applicable Principles.
HOW LONG DO WE KEEP YOUR INFORMATION?
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
HOW DO WE KEEP YOUR INFORMATION SAFE?
We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process. However, please also remember that we cannot guarantee that the internet itself is 100% secure. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the services within a secure environment.
DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?
We may use cookies and similar tracking technologies to operate, enhance, and improve our Services. These technologies help us authenticate users, maintain sessions, personalize experiences, and gather insights into Service usage to improve performance. Users can control the use of cookies through their browser settings at any time.
We may use product analytics tools and services provided by third parties to better understand how users interact with our Services. This includes collecting information such as pages visited, features used, session duration, device and network data, and engagement metrics. The data collected is used solely to enhance the functionality, usability, and performance of our Services.
DO WE COLLECT INFORMATION FROM MINORS?
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 or that you are the parent or guardian of such a minor and consent to such minor dependent’s use of the Service. If we learn that personal information from users less than 18 years of age has been collected, we may deactivate the account and take reasonable measures to promptly delete such data from our records.
It shall be clarified that the Company explicitly prohibits any submission of minors related content and/or personal data and such shall only be provided to the Company and/or sent to it only after obtaining the express and informed consent of the minors' parents or legal guardians. By providing us any personal data relating to minors, you hereby represent that you are such minors' parent or legal guardian and explicitly consent to the processing of such personal data.
WHAT ARE YOUR PRIVACY RIGHTS?
In some regions (like the European Economic Area), you have certain rights under applicable data protection laws. These may include the right (i) to request access and obtain a copy of your personal information, (ii) to request rectification or erasure; (iii) to restrict the processing of your personal information; and (iv) if applicable, to data portability. In certain circumstances, you may also have the right to object to the processing of your personal information. To make such a request, please contact us dpo@pryvaxy.com. We will consider and act upon any request in accordance with applicable data protection laws.
If we are relying on your consent to process your personal information, you have the right to withdraw your consent at any time. Please note however that this will not affect the lawfulness of the processing before its withdrawal.
For customers’ venue visitors whose devices are not connected to our customers’ networks, we will only have access to such visitors’ MAC addresses and will have no ability to cross-reference those MAC addresses with other personal data stored by our customers that could specifically identify such visitors. As a result, we will not be able to specifically identify you as holding a particular MAC address unless our customers share such identifying information with us or direct us to delete, rectify or restrict such data.
If you are our customer, upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our terms of use and/or comply with legal requirements.
Opting out of email marketing: You can unsubscribe from our marketing email list at any time by clicking on the unsubscribe link in the emails that we send or by contacting us using the details provided below. You will then be removed from the marketing email list – however, we will still need to send you service-related emails that are necessary for the administration and use of your account. You can also opt-out by:
Noting your preferences at the time you register your account with the Services.
Logging into your account settings and updating your preferences.
Contacting us using the contact information provided below
CALIFORNIA RESIDENTS SPECIFIC PRIVACY RIGHTS
The Company may also be subject to the CCPA/CPRA, the California consumer privacy law, which extends to individual Californian consumers various rights that align to a significant degree with the rights granted to most European residents under the GDPR with respect to their personal data/information. If you are a consumer based in California, the rights you have include:
(i) Right to Disclosure: right to request The Company to disclose to you: (a) the categories of personal information collected by us; (b) the categories of sources from which the personal information is collected; (c) the business or commercial purpose for collecting or selling personal information (please be noted that we don’t sell your personal information); (d) the categories of third parties with whom we share personal information; (e) the specific pieces of personal information we have collected about you, the consumer — in all cases upon a verifiable consumer request (“VCR”).
If we receive a verifiable consumer request (VCR) to access personal information, we will promptly take steps to disclose and deliver, free of charge, the personal information required by law, which may be delivered by mail or electronically. If delivered electronically. We are not required to respond to your VCRs more than twice in a 12-month period. You can make a VCR either by completing our contact form on our Services, or sending such request to The Company’s mailing address set forth at the end of this Privacy Policy.
(ii) Right to Deletion: We are required to disclose to you that you have the right to request that your personal information will be deleted. If a deletion VCR is received by us, we will delete your personal information from our records and direct any of our service providers to which we have provided such information to delete your personal information from their records. Notwithstanding the above, we are not required to comply with your VCR to delete personal information if we need to retain the personal information for the following purposes: (a) to complete the transaction for which personal information was collected, such as providing a product or Service requested you, or which is reasonably anticipated within the scope of our business relationship with you, or to perform a contract with you; (b) to detect security incidents, protect against malicious, deceptive, fraudulent or illegal activity, or prosecute those responsible for activity; (c) to debug to identify and repair errors that impair intended functionality; (d) to exercise our right to free speech or ensure the right of another consumer to exercise free speech or another right provided by law; (e) to comply with the California Electronic Communications Privacy Act; (f) to enable solely internal uses reasonably aligned with consumer expectations based on our business relationship with you; (g) to comply with a legal obligation; or (h) otherwise to use personal information internally in a lawful manner compatible with the context in which you provided the information.
(iii) Non-Discrimination: The CCPA/CPRA require that no subject business shall discriminate against you if you exercise your rights under this law, including by: (a) denying goods or services to you/the consumer; (b) charging different prices or rates for goods or services, whether through discounts, other benefits or imposing penalties; (c) providing a different level of goods or services, or suggesting that you will receive a different price, rate, level or quality of goods or services.
Our obligations to you under the CCPA/CPRA will not prevent our ability to: (i) comply with federal, state or local laws; (ii) comply with civil, criminal or regulatory inquiry, investigation, subpoena or summons; (iii) cooperate with law enforcement agencies; (iv) exercise or defend legal claims; (v) use personal information that is deidentified or in the aggregate; (vi) collect personal information to extent every aspect takes place outside of California; (vii) avoid violation of an evidentiary privilege under California law, or provide personal information to a person covered by such a privilege.
DO WE MAKE UPDATES TO THIS POLICY?
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
HOW CAN YOU CONTACT US ABOUT THIS POLICY?
If you have questions or comments about this policy, email us at dpo@pryvaxy.com.