Privacy Policy

Altshuler Shaham Trusts Ltd. Privacy and Cookie Policy Last Revised: January 07, 2018 Altshuler Shaham Trusts Ltd. (“AST”, “We”, “Us”, “Our”) is providing this full Privacy and Cookie Policy (“Privacy and Cookie Policy” or “Policy”) that details how Personal Data is used and processed by AST in the operation of Our Website and provision of Our Services.

1. Definitions
2. Who we are
3. What are the categories of Data Subjects whose Personal Data we Process?
4. Note for Users who are using the Portal
5. Which categories of information do we collect?
6. What are the purposes of the collection and processing of information?
7. Legal Basis for Processing [EU Data Subjects]
8. Sharing Information with Third Parties
9. Your Rights
10. Location of Your Personal Data and Data Transfers
11. Minors
12. Cookies and Analytics Tools
13. Information Security
14. Data Retention
15. Changes to the Privacy and Cookie Policy
16. Applicable Law and Dispute Resolution
17. Have any Questions?

1. Definitions

1.1. "Applicable Laws"
shall mean EU Privacy Laws to the extent applicable to AST, Israeli Data Protection Legislation, and any other applicable privacy law to which AST is subject.
1.2. "EEA"
shall mean the European Economic Area.
1.3. "EU Privacy Laws"
shall mean the GDPR and or European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, to the extent applicable to AST.
1.4. "GDPR"
shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and as amended, replaced or superseded from time to time.
1.5. “Israeli Data Protection Legislation”
shall mean the Israeli Privacy Protection Law 5741 - 1981 (“PPL”), the regulations promulgated pursuant thereto and the applicable guidelines issued by the Israeli Privacy Protection Authority, and as amended, replaced or superseded from time to time.
1.6. “Altshuler Shaham Group” or “AS Group”
shall mean AST, Altshuler Shaham Ltd., Altshuler Shaham Benefits Ltd., Altshuler Shaham Investment House Ltd., and any other entity controlling, controlled by or under the common control with any of the foregoing entities or their controlling shareholders; the term "control", for the purpose of this definition, shall mean direct or indirect possession of the power to direct or cause the direction of the management or policies of any entity, whether through the ability to exercise voting power, by contract or otherwise.
1.7. “Data Subject”
shall have the meaning ascribed to it in the GDPR, and shall include the term “Person” used in the PPL and any category of individuals defined herein that AST processes their Personal Data, such as Visitors or Users or Customer Representatives (as defined below).
1.8. “Controller”
shall have the meaning ascribed to it in the GDPR and shall include the term “Database Owner” under the PPL.
1.9. “Processor”
shall have the meaning ascribed to it in the GDPR and shall include the term “Database Holder” under the PPL.
1.10. “Subprocessor”
shall mean any entity appointed by Us or by one of Our Subprocessors, to Process Personal Data on Our behalf or on behalf of that Subprocessor; excluding any employee of AST or of AST’s Subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.
1.11. “Customer”
shall mean an individual, company, enterprise, business or other entity that has an agreement with AST for the provision of Services.
1.12. “Services”
shall mean financial services, including, but not limited to: share and equity based benefit schemes, paying agent services, escrow agent services, tax withholding agent services or lockup and restructuring services.
1.13. “Visitor”
shall mean a Data Subject that is browsing Our Website, whether that Data Subject is a User (as defined below) or not.
1.14. “User(s)”
shall mean Data Subjects who are either i) participating in a share and equity based benefit scheme offered to them by a Customer they are a member of, work at, are employed by, or are otherwise affiliated with, or; ii) any individual receiving Services from AST directly or through a Customer. (For easy reference, a Customer is any entity which has an agreement with AST for the administration of a share and equity based scheme, see Section ‎1.11.)
1.15. “Customer Representatives”
shall mean Data Subjects, who are affiliated with, work at, are employed by, or are a member of a Customer (to which AST provides Services), whose details are provided to AST in connection with the provision of the Services or who may be authorized to use the Portal, if applicable.
1.16. “Personal Data”
shall have the meaning ascribed to it in the GDPR and shall also include the terms “Information” and “Sensitive Information” as defined under the PPL. To put it simply, this information may identify an individual or is of a private and/or sensitive nature, such as Your name, address or bank account.
1.17. “Personal Data Breach”
shall mean a breach of security or other incident leading to the accidental or unlawful destruction, loss, alteration, the unauthorised disclosure or use of, or access to, or harm to the integrity of, Personal Data transmitted, stored or otherwise Processed, as defined in the GDPR and shall also include all types of Information Security Events detailed in Israeli Data Protection Legislation.
1.18. “Portal”
shall mean Our online Portal available at https://benefits.altshul.co.il// through which we administer some of Our services.
1.19. “Website”
shall mean the section dedicated to AST at AS Group’s website, available at https://www.as-invest.co.il/ and any other part of the AS Group’s website.
1.20. “European Commission” and “Processing"
shall have the meanings ascribed to them in the GDPR.
1.21. “Database Owner”, “Database Holder”, “Database”, “Database Manager”, “Information Security Event”
shall have the meanings ascribed to them in the Israeli Data Protection Legislation.

2. Who We are

In this Policy, references to AST, or to “We” or “Us” or “Our” are to Altshuler Shaham Trusts Ltd., which is a registered company in the State of Israel (No. 513901330) at 19 Habarzel Street, Tel Aviv 6971026, Israel.
We can be contacted about this Policy at: Benefits@altshul.co.il

3. What are the categories of Data Subjects whose Personal Data we may Process?

AST Processes the Personal Data of the following types of Data Subjects:
Visitors (to the Website)
Users (of the Platform)
Customer Representatives
(See definitions of the terms “Visitor”, User and Customer Representative” in Sections 1.13, 1.14, 1.141.15 above.)

4. Note for Users and Customer Representatives who are using the Portal:

4.1.
As part of the provision of its Services, AST has set up a Portal through which Users can set up a personal account and see their financial and other information related to the Services (the “User Account”). The Portal also allows Customer Representatives to register to the Portal, set up a “Customer Account”, and use it to view and monitor the Services and the financial and other information related to Users.
4.2.
AST is authorized by Customers to Process Personal Data of User who are contractually related to them (employees, contractors or other affiliates of the Customer) and Customer Representatives on the Portal. The information We collect and Process about Users and Customer Representatives is strictly related to the Services that We provide to Our Customers.
4.3.
All Personal Data that AST shall collect from a User and/or Customer Representative and Process for the purpose of providing our Services , is owned and controlled by Our relevant Customer.
4.4.
Users and Customer Representatives should note that AST is acting as a “Processor” of the Personal Data on behalf of Our respective Customers and will process the Personal Data in accordance with our contractual agreements with it, its lawful instructions and/or as permitted by Applicable Law.
4.5.
Users and Customer Representatives should review the privacy policies of Our Customer in order to better understand its practices and procedures as the Controller of the Personal Data, as applicable.

5. Which categories of information do we collect ?

We may collect from Data Subjects, two types of information:
5.1. Non-personal Data
This means non-identifiable and anonymous data. To put it simply, We have no idea what is the identity of a Data Subject from which we have collected the Non-personal Data. Non-personal Data, which is being collected, consists of technical information and behavioral information that does not pertain to a specific individual. For example, technical information may include the name, type and version of the Data Subject’s device and its operating system, the type of browser, screen resolution, device browser and keyboard language, Wi-Fi connectivity, etc. Behavioral information may include the Data Subject’s click-stream, and additional information of a similar nature. We may collect Non-Personal Data on Our Website, by using cookies and analytics tools. For more information, see Section 12 below.
5.2. Personal Data.
a) Personal Data which is provided voluntarily:
Activating a User’s / Customer’s Account and registration to the Portal:if you are a User or a Customer Representative, and you wish to activate a User’s / Customer’s Account on the Portal during your Account's activation process, you will be required to provide Us with certain Personal Data (which may include your full name, identification/passport number, address, and employee number, email address and password. Please make sure that your password is changed immediately after the first activation of your Account. Your login data and password must be kept confidential at all times. Please do not let anyone else access your Account or do anything else that may jeopardize the security of your account.User’s and Customer Representatives’ Communications with AST:Users and Customer Representatives may provide Us Personal Data such as their name, phone number, employer and account information as part of any communication with AST through phone, fax, email or any other means of communication, including by contacting Our customer services. We may record or otherwise save such communications for quality assurance purposes and in order to improve Our services.Contact Form:information you provide Us when filling the Contact Form available on Our Portal or the Website. The Contact Form may require you to provide the following details: full name, e-mail address, phone number, and any other information you choose to provide in the free text box.
b) Personal Data collected through technology:
Technical and behavioral information:to the extent that the technical and behavioral information detailed above under “Non-personal Data” may be linked to or associated with a specific individual then such information will no longer qualify as Non-Personal Data and will be considered as Personal Data as long as such connection, linkage or association exists.On our Portal, We issue a JWT Token in order to identify Users and We also collect, track and retain a log of access attempts according to the Internet Protocol (IP) addresses of Users, (though such IP address is not linked to a User) for purposes of security and fraud prevention.In AS Group’s Website, We use cookies and third party’s analytics tools which allow us to collect aggregated statistical data about Users, which may contain Personal Data. For more information about the Personal Data collected through cookies and analytics tools, please see Section 12 below.
c) Personal Data collected from a Customer:
If you are a User, please note:We may process Personal Data about Users provided to us by the User, the User’s employer or Our Customer in relation to a share and equity based benefit scheme or other Services. The categories of Personal Data about the Users will normally include, amongst others, their name, identification/passport number, copies of identification documents, (including information which may be included therein such as date and place of birth, citizenship, family members, marital status), contact details, the number of shares/options allocated to each User, data about the transfer of payments to the User in the event of dividends and sales of shares and options to/by the User in relation to other Services. We may also Process your bank account number, tax information and other financial details. The Personal Data We collect may vary depending upon the Service to Our Customer or to you and may include additional information such as copies of agreements to which you are a party, share certificates, payments you are about to receive or amounts of your investment, etc.Please note that in this context, Our Customer may provide Us with additional information, which might be Processed by Us but not presented to Users through the Portal. In addition, please note that the scope, categories and types of information provided to Us by Our Customer are determined exclusively by Our Customer and are subject to Our Customer's policies and the User’s agreements with their employer - Our Customer, who is the Controller of such data.
d) Personal Data collected from AS Group’s Databases:
We collect Personal Data from AS Group’s registered Databases for the purposes mentioned in Section 7 “Legal Basis for Processing” below; under the title “Note to Israeli Data Subjects” in accordance with the permitted purposes of the AS Group’s registered Databases and with Israeli Data Protection Law.

6. What are the purposes of the collection and processing of information?

6.1. Non-personal Data is processed for the following purposes:
a) Enhance the User’s experience on the Portal and/or Website;b) Create statistical information and learn about the preferences of Users and general trends of usage of the Portal and/or Website (e.g. understand which features are more engaging than others); andc) Keep the Portal and/or Website safe and secured and for prevention of fraud.
6.2. Personal Data is Processed for the following purposes:
Please note that AST will only Process Personal Data for the purposes for which it was collected, such as to:a) Register and administer Your Portal Account;b) Carry out Our obligations arising from any agreement entered into between AST and Our Customer and providing the Services. Please note that such obligation may include, depending on the specific Services, full disclosure of any Personal Data collected from you and/or processed to Our Customer;c) Enable the operation of the Portal and/or Website;d) Personalize your experience on the Portal and/or Website;e) Ensure that content on the Portal and/or Website is presented in an optimal way for you and for your device (e.g. tablet, mobile phone);f) Send you by email, SMS, phone, through web-browser notification or through the post: i) updates, notices, announcements in relation to your Account and information related to the Portal and/or Website or the agreement entered into between AST and you or Our Customer; and ii) information with respect to changes made to Our Portal's or Website terms of use and privacy policy; iii) transmission of marketing information. The emails and messages under i) and ii) are considered part of the Services and you may not opt-out of them. The emails and messages under iii) will be subject to your prior consent, if required in your jurisdiction and in any event you can always opt out by choosing not to receive future promotional, advertising, or other marketing-related emails from Us by selecting an unsubscribe link at the bottom of each email that We send;g) Conduct internal operations, including troubleshooting, data analysis, testing, research and statistical purposes;h) Keep the Portal or Website safe and secured and for prevention of fraud and crime;i) Comply with Our legal obligations and in particular, to comply with Israeli and EU Anti-Money Laundering (“AML”) legislation and in order to perform Know-Your Customer (KYC) procedures deriving from such AML legislation; to comply with international and Israeli tax legislation, such as Foreign Account Tax Compliance Act (FATCA) and other Applicable Laws.j) Protect Our rights and legitimate interests, including in order to improve the Portal and/or Website.k) Offer other services of the AS Group companies.

7. Legal Basis for Processing

Note to our Data Subjects in the EU only (“You”):
In order for AST to Process Your Personal Data, such processing must be justified by a "legal basis" for Processing. The basis for the Processing operations related to the provision of Our Services to You or to Our Customer, have been determined exclusively by Our Customer. Please note that the Our Personal Data Processing operations may be justified on the basis that:
the Processing is based on Your consent (i.e. where you provided Us or Our Customer with consent to a specific type of data processing purpose);
the Processing is necessary for the performance of a contract between You and Our Customer (e.g. the execution of an employment contract) or between You and AST (e.g. we provide You with paying agent or withholding agent services);
the Processing is necessary to enable Our Customer to comply with a legal obligation (e.g. disclosure of information to authorities);
the Processing is necessary to enable Us to comply with a legal obligation (e.g. disclosure of information to authorities or tax deduction);
the Processing is in Our Customer's legitimate interests, subject to Your interests and fundamental rights; or
the Processing is in Our legitimate interests, subject to Your interests and fundamental rights.
If You have any question or require any clarifications regarding the basis for Processing of Your Personal Data, please refer to Our Customer or to Us, as applicable.
Note to non-EU Data Subjects:
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE PORTAL AND/OR THE WEBSITE, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL INFORMATION AS SPECIFIED HEREIN.
Note to Israeli Data Subjects:
BY ENTERING, CONNECTING TO, ACCESSING OR USING THE PORTAL AND/OR THE WEBSITE, YOU CONSENT TO THE COLLECTION AND PROCESSING OF YOUR PERSONAL DATA AS SPECIFIED HEREIN, AND THAT THE PERSONAL DATA COLLECTED BY US SHALL BE MAINTAINED IN OUR OR AS GROUP COMPANIES’ DATABASES REGISTERED IN ACCORDANCE WITH ISRAELI DATA PROTECTION LEGISLATION. The purposes for processing your Personal Data are: for the provision of the Services; management, operation and marketing of AS Group’s services; management and improvement of the Services and Our contact with Customers; data cleansing; generating data for statistical, marketing and operational purposes; proposing content and services of the AS Group including direct marketing; receiving services such as IT services on a group level and transfer of your Personal Data to third parties for the foregoing purposes or as required by Applicable Law.

8. Sharing Information with Third Parties

8.1.
AST respects the privacy of Data Subjects and will not disclose, share, rent, or sell Personal Data to any third party, other than as permitted under this Privacy and Cookie Policy.
8.2.
Please note: If you are a User, all information that AST shall collect from you and process through your use of the Portal may be fully disclosed to Our Customer, if the Customer has initiated the Services. Other Services we provide may also require, depending on the specific Services, full disclosure of any Personal Data collected from you and/or processed to Our Customer or other third parties, such as tax authorities.
8.3.
AST will share your Personal Data with another entity or individual (such as a third party service provider) as permitted by Applicable Laws.
8.4.
We may share Your Personal Data in the following cases:
a) AS Group companies- We may share Personal Data with AS’s Group companies, with the express provision that their use of such Personal Data must comply with this Policy. The main purposes for processing your Personal Data by AS Group companies are: data cleansing; proposing content and services of the AS Group including direct marketing; receiving services such as IT services on a group level.b) Service Providers:We may share Personal Data with vendors, commercial software providers, consultants and data processers who perform Services on Our behalf solely for the purposes of i) enabling the operation of the Portal and/or Website; ii) carrying out Our obligations arising from any agreement entered into between AST and Our Customer for the provision of Services, such as Oppenheimer Broker and/or Meitav Dash Trade for settlement of shares and/or funds. Such Service Providers may include without limitation, companies that provide analysis, messaging services, IT services and services that host the Portal and/or the Website or data. For more information regarding Our Service Providers, please refer to Section 8.5 below.c) In addition, We may share Personal Data in the following cases:(a) to satisfy any Applicable Law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy and Cookie Policy or any other agreement or terms of service between you and AST and to defend against any claims or demands asserted against Us by you or on your behalf; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) when AST is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of the assets of AST (while such acquired company or investor may be located in countries outside of your jurisdiction, provided such acquired company or investor undertakes to comply with the terms of this Policy).d) Sharing information with Authorities:We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.
8.5.
Third Party Service Providers
a) While using the Portal and/or the Website, we may be using third party service providers, who may, as Our or AS Group companies’ Processors or Subprocessors, collect, store and/or process Personal Data on Our behalf, as detailed in this Privacy and Cookie Policy.b) Note that We collect, hold and/or manage Personal Data through AS Group's authorized third party vendors of certain products or services (such as hosting services; including, as applicable, their affiliates and sub-processors) solely and limited to providing Us with such requested services, and not for any other purposes and subject to the third party service provider’s compliance with privacy and data protection requirements, as detailed in Section 8.3 above.c) Such vendors may be located in a country that does not have the same data protection laws as your jurisdiction.d) Please read such third party service providers' terms of use and privacy policies to understand their privacy practices.
8.6.
For avoidance of doubt, AST may transfer and disclose Non-personal Data to third parties at its discretion, including without limitation for statistical, analytical and research purposes and for customization, developing and improvement of our Portal or Website.

9. Your Rights

In this Section “You” refers to any Data Subject
9.1.
In all of the above cases in which We collect, use or store Your Personal Data, You may have certain rights and, in most cases, You can exercise them free of charge. At any time, You have the right to contact Us at Benefits@altshul.co.il and request to know what Personal Data We keep about You. We will make good-faith efforts to locate the Personal Data that You request to access.
9.2.
'If You are a User and/or a Customer Representative, and You wish to access or correct, amend, or delete Your Personal Data, depending on the specific Service provided to You or to Our Customer, You may have to contact Our Customer, who may be the Controller of Your Personal Data. In order to exercise Your rights, as applicable, You may contact also Us by contacting us a the following email: Benefits@altshul.co.il In the event these rights are to be exercised through Our Customer - We shall notify You accordingly.
Note to our Users who are Data Subjects in the EU:
We hereby inform you of the following rights (by virtue of EU Privacy Laws) with respect to the Processing of your Personal Data:
'Right to access: you may have the right to request a review of your Personal Data held by AST.
'Right to rectification: if the Personal Data processed by AST is incorrect, incomplete or not processed in compliance with Applicable Law or this Privacy and Cookie Policy, you may have the right to have your Personal Data rectified.
'Right to erasure: under certain conditions, you may be entitled to require that AST will delete or "block" your Personal Data (e.g. if the continued processing of a specific data is not justified or if the lawful basis for Processing is consent).
'Right to Portability: under certain conditions, you may have the right to transfer the Personal Data that you have provided to us between data controllers (i.e. to transfer your Personal Data from Our Customer to another entity).
'Right to object: where that lawful basis for processing your Personal Data is either "public interest" or "legitimate interests", those lawful bases are not absolute, and you may have a right to object to such processing.
'Right to withdraw consent: If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent to such processing at any time. If you are a User to a share and equity based scheme, please refer to your employer (Our Customer) to withdraw your consent. If you are a User, or if you receive from Us paying agent/withholding agent services, you may contact Us through the following link: Benefits@altshul.co.il
'The right to restrict processing – under certain circumstances, you may have the right to object to the processing of your Personal Data due to your particular situation.
'Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of your jurisdiction.
Note to our Users who are Data Subjects in Israel:
We hereby inform you of the following rights (by virtue of Israeli Data Protection Legislation) with respect to the Processing of your Personal Data:
'Right to access: unless a specific exemption applies under Israeli Data Protection Legislation, you may have the right to request a review of your Personal Data held by AST and obtain a copy thereof.
'Right to rectification or deletion: if the Personal Data processed by AST is incorrect, incomplete, unclear or outdated, you may have the right to have your Personal Data rectified or deleted.
'Right to withdraw consent: If the processing of your Personal Data is based on your consent, you have the right to withdraw your consent to such processing at any time. If you are a User to a share and equity based scheme, please refer to your employer (our Customer) to withdraw your consent. If you are a User, or if you receive from Us paying agent/withholding agent services, you may contact Us through the following email: Benefits@altshul.co.il.
If you are a Data Subject in another jurisdiction - other rights may apply.
To exercise these rights, where applicable, please contact Our Customer or, if applicable, contact us to the email address indicated above.
9.3.
When You ask us to exercise any of Your rights under this Policy and the Applicable Law, we may need to ask You to provide us certain credentials to make sure that You are who You claim you are, to avoid disclosure to You of Personal Data to others and to ask You questions to better understand the nature and scope of data that You request to access.
9.4.
We may redact from the data that we will make available to You, any Personal Data related to others.
9.5.
However, We may retain certain information as deemed required by Us in accordance with Applicable Law, or for legitimate business reasons, for the duration as required under Applicable Law. In addition, We may delete any Personal Data pursuant to our policies, as in effect from time to time.

10. Location of Your Personal Data and Data Transfers

10.1.
The information collected from you by AST, as detailed in this Privacy and Cookie Policy, may be transferred to, and stored in, various sites worldwide, which may be located in countries outside of your jurisdiction and in a country that is not considered as offering an adequate level of protection under your local laws. Personal Data may also be processed by AST and its suppliers, service providers or partners' staff operating outside your country.
10.2.
Where the GDPR applies and We transfer Personal Data to another country outside the EEA, AST is committed to protecting your Personal Data and will take appropriate steps to ensure that your Personal Data is transferred in accordance with Applicable Laws, as detailed in this Privacy and Cookie Policy.
Note to Data Subjects in the EU :
If You are located in the EU, you have a right to request further information regarding the data transfer mechanisms used by Us with respect to data transfers to third countries.Where the GDPR applies and We transfer Personal Data to another country outside the EEA, the transfer may include any of the following:
Transferring your Personal Data to countries approved by the European Commission as having adequate data protection laws, such as Israel;
Entering into standard contracts (“model contractual clauses”) that have been approved by the European Commission and which provide an adequate level of data protection, with the recipients of your Personal Data;
Transferring your Personal Data to organizations located in the US that are Privacy Shield Scheme certified, as approved by the European Commission.
Any other mechanism as provided in the GDPR.
Note to Israeli and other non-EU Data Subjects:
BY SUBMITTING YOUR PERSONAL DATA THROUGH THE PORTAL OR IN ANY OTHER MEANS OF COMMUNICATION TO AST, YOU ACKNOWLEDGE, AND EXPLICITLY AGREE, IN A JURISDICTION WHERE SUCH CONSENT IS REQUIRED FOR TRANSFER OF YOUR PERSONAL DATA TO ANOTHER JURISDICTION, TO SUCH TRANSFER, STORING AND/OR PROCESSING OF PERSONAL DATA.

11. Minors

Our Services are intended for Users over the age of sixteen (16). Therefore, AST does not intend and does not knowingly collect Personal Data from or about children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that We can verify that minors under the age of sixteen (16) are not using the Portal or the Website or Our Services. If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy; lacking such consent, we will not supply you or Our Customer with Services.

12. Cookies and Analytical Tools

12.1.
When a Visitor accesses or uses the AS Group Website, AS Group uses industry-standard technologies such as “cookies”; which store certain information on the browser or hard drive of your computer and/or your mobile telephone device (“Local Storage”) and which will allow Us to distinguish a Visitor from other Visitors, enable automatic activation of certain features and improve Visitor experience and other capabilities.
12.2.
Types of cookies and analytical tools we may use on the Website:
a) “Session Cookies” which are created per session and do not include any information about a Visitor, other than the Visitor’s session key and are removed as the Visitor’s session ends (usually after 24 hours).b) “Persistent Cookies”: cookies which remain saved to the Visitor’s device’s hard drive and/or mobile telephone device and enable Us to recognize the Visitor’s device in the event of a later visit to Our Website.c) Security Cookies which help us keep our Website safe and secure.d) AS Group’s Website uses Google Analytics. For more information, please see the following link: https://policies.google.com/privacy/google-partners?hl=en.e) AS Group’s Website uses Facebook Pixel, Facebooks analytics tool. For more information, please see the following link: https://www.facebook.com/business/gdpr#faqs.f) We use social sharing widgets and buttons connected to social networks. When you share Our content on these social networks, by using these widgets and buttons, they may place a cookie on your device. Please see the privacy policies of these social networks to learn more about the information collected through these cookies.
12.3.
'How to block and/or erase cookies? It is easy to prohibit the Local Storage and to block cookies. Most devices and browsers will allow a Visitor to erase cookies from its device’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. In order to erase or disable the Local Storage option, a Visitor should follow the specific instructions provided by the technology provider. However, if a Visitor blocks or erases cookies, its experience of the Website may be limited. If you are a Visitor, please note that unless you block the acceptance of cookies, the Website will utilize cookies upon your use of the Website (all unless it is required by Applicable Law to provide a separate consent to use such cookies, and in which case We will use such cookies only after We receive your separate consent to such use and subject to your right to withdraw such consent at any time).
12.4.
Cookies and Analytics tools help AS Group to:
track clicks and online activity to estimate Visitor’s usage patterns, to evaluate the performance of specific webpages and content and to conduct other analytics;
gather information about a Visitor’s approximate geo-location to provide localized content;
store information about a Visitor’s preferences and the device or browser it is using, and thereby customize and personalize the Website;
improve the Website; and
prevent fraud and/or abuse of Our services.

13. Information Security

13.1.
We take appropriate physical, technical and organizational measures to maintain the security and integrity of the Personal Data processed by Us, including in Our Portal, Website and information systems and to prevent damage, theft, unauthorized access to it or use thereof when it is in Our possession or control, through generally accepted industry standard technologies and internal procedures.
13.2.
Please note, however, that although We make efforts to protect your privacy, there are inherent risks in transmission of information over the Internet or other methods of electronic storage and we cannot guarantee that unauthorized access or use or other kinds of abuse and misuse will never occur.
13.3.
AST will comply with Applicable Law in the event of any Personal Data Breach and will inform the relevant Data Subjects of such Breach if required by Applicable Law.

14. Data retention

14.1.
We retain different types of information for different periods, depending on the purposes for processing the information, Our legitimate business purposes as well as pursuant to legal requirements under the Applicable Law. In any event, AST will retain the Personal Data that you or Our Customer, as the case may be, has instructed Us to process for it for as long as needed to provide AST's Services to Our Customer, and in accordance with the contractual terms stipulated between AST and the Customer. At any time, the Customer can instruct Us to delete such Personal Data.
14.2.
In addition, AST will retain Personal Data as necessary to comply with Our legal obligations such as tax obligations, to resolve disputes, and in accordance with AST's agreements with Our Customers, all subject to Applicable Laws.

15. Changes to the Privacy and Cookie Policy

15.1.
AST reserves the right to change this Privacy and Cookie Policy at any time, so please re-visit this page frequently to check for any changes.
15.2.
In case of any change, We will make reasonable efforts to post a clear notice on the Portal and/or Website. Such material changes will take effect seven (7) days after such notice was provided on Our Portal or Website. Otherwise, all other changes to this Privacy and Cookie Policy are effective as of the “Last Revised” date posted on the Policy and your continued use of the Portal, Website or Services on or after the Last Revised date will constitute acceptance of, and agreement to be bound by those changes. In the event that We amend the Policy to comply with any legal requirements, the amendments may take effect immediately, or as required by Applicable Law and without any prior notice.

16. Applicable Law and Dispute Resolution

16.1.
This Policy shall be governed by and construed in accordance with the laws of the State of Israel, excluding its choice of law principals.
16.2.
Disputes arising in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in Tel-Aviv, Israel.

17. Have any Questions?

If You have any questions (or comments) concerning this Privacy and Cookie Policy, please send us an email to the following address: Benefits@altshul.co.il.
We will make good-faith efforts to address your concerns within a reasonable timeframe in accordance with Applicable Laws. If you are not satisfied with the response you receive from Us, you may escalate your concerns to the applicable privacy regulator in your jurisdiction. Upon request, We will provide you with the contact information for that regulator.