Last updates: January 1, 2023
- Preliminary Notes
Content – Our Site and Services do not contain inappropriate content. Nevertheless, we use appropriate technical and organizational measures to ensure the protection and retention of data subjects.
- Applicable Privacy Laws means any applicable privacy or other law to the extent applicable to our operation, including the Israeli Privacy Law – 1981 and any regulations enacted thereunder including the Privacy Protection Regulations (Transfer of Data to Databases Abroad), 5761-2001 and Privacy Protection Regulations (Data Security), 5777-2017 and any applicable guidelines, standards and/or instructions published by the Israeli privacy authority in effect from time to time relating to data security and data privacy; and the California Privacy Right Act of 2020, Cal. Civ. Code §§ 1798.100 et. Seq, (CPRA) to the extent applicable; the General Data Protection Regulation (EU) 2016/679 (GDPR); European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to our Company’s operation and our Services.
- Minor refers to a data subject underage (under 16 years or less depending on the legal jurisdiction applicable), which processing his/her personal data is only lawful if parent or guardian consent has been obtained.
- Data Controller refers to the person, organization, public authority, agency, or other body who, either alone or with others, determines the purposes for which and the manner in which any Personal Data is to be processed, and defines the controls required for such processing.
- Data Processor refers to any person or organization (other than an employee of the Data Controller) who undertakes the processing of Personal Data on behalf of the Data Controller.
- Data Subject refers to an individual who is the subject of Personal Data.
- Data Subject Consent refers to the Data Subject’s approval or agreement for an activity to take place, having considered the benefits and risks of the activity. For consent to be valid, the data subject needs to be informed, have the capacity and knowledge to decide, and to have given their consent voluntarily.
- Non-Personal Data means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.
- Processing refers to any operation which is performed upon or applied to personal data, whether undertaken manually or by automated means, including its acquisition, organization, storage, retrieval, consultation, amendment, availability, disclosure, erasure, or destruction.
- Subprocessor shall mean any entity appointed by us or by one of our sub-processors, to Process Personal Data on our behalf or on behalf of that sub-processor, excluding any employee of Fortify or of our sub-processor or of any such appointed person but including any contractor or affiliate of the foregoing.
- The terms “Controller“, “Processor“, “Sub-Processor”, “Data Subject“, “Personal Data“, “Processing” (and/or “Process“), “Personal Data Breach”, the “Union”, “Member State” and “Special Categories of Personal Data” shall have the meanings given in the EU Data Protection Law. The terms “Business”, “Business Purpose”, “Consumer” and “Service Provider” or “Contractor” shall have the same meaning as in the CPRA. To the extent that CPRA applies, the term “Controller” shall also mean “Business”, and “Processor” shall also mean “Service Provider”.
This Policy was originally written in English. If you are reading a translation and it conflicts with the English language version, please note that the English language version prevails.
- Data Controller and Data Processor
Under the Applicable Privacy Laws, Fortify is the Data Controller of our Uses Personal Data collected through our Website. Concerning our Platform services we provide to our clients, we are the Data Processor
Our office is: Kdoshei Bagdad 36 St., entrance 3, level 3, Haifa, Israel.
- The Types of Personal Data That We Collect
We collect personal information about you in several different ways. In this section, we will explain the various ways in which we collect personal information about you and how this information will be used.
This Policy refers to information of the first nature and can be collected in one of the following ways:
A. Data you provide us directly:
Submitting information to us is optional in certain cases and required in others, depending on the Service you choose to use or access and whether you are a Customer or a User. This category includes one or more of the following data categories:
I. Contact details. We may process your contact details (such as name or email address) if you submitted those to us when opening an account with us, when reaching out to our support services, or receive gated content, as further described below.
Purpose: We use this information, based on your consent and our legitimate interest, for the purpose for which it was provided, respectively, including, responding to your inquiry and providing you with the support or information you have requested.
Retention: We retain such information for as long as needed to provide you with the inquiry requested or as required under applicable law. We may use third-party services to help us provide this service. Hence your data will be shared with them only for processing, tracking, and addressing your request.
II. Subscription to our mailing list: If you voluntarily subscribe to our email communications, you will be asked to provide us with your email address. You can unsubscribe at any time using the unsubscribe option within the body of the email sent to you or rather by contacting to us at firstname.lastname@example.org
Purpose: We will use your email address to send you information related to the Platform, keep you up to date regarding new Services, as well as provide you with tips related to our Services and promotional and marketing emails, all subject to your consent.
Retention: We apply data retention rules to abide by data minimization principles. We will retain your information for as long as you did not explicitly ask us to delete it or if we learn that it was unlawfully collected, and provided that no exemption is applied according to applicable law. We may retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law and helpful for the service to function properly.
III. Signing up and registration. LandingDoc Platform requires registration and signing up to a user account. If you choose to do so, you will be asked to submit some information such as your email address, full name, and other Personal Information as the submission form indicates. Your email address will be used as your username together with a password of your choice for authentication and authorization purposes. This information will be used to uniquely connect your account and purchases with you, your device, and your usage and for account authentication and security purposes.
Purpose: We use your account information to assign an account to you, secure your access to your account, and provide you with access to your activity and the ability to manage it directly.
Retention: We retain account information for as long as you are a User of the Product, and so long as the Account Information is required to provide you with the Services or, as required by any applicable law. If billing is involved, we may retain such data for up to seven (7) years from the billing event, as required by applicable tax laws.
IV. Purchasing our Platform license. If you wish to purchase a product license from us, you will be asked to provide your contact information, such as your full name, email address, billing information, and any other purchase-related information, in order to process your purchase, contact you in case of support necessity if an issue arises, and to protect the access to your account and purchased Platform licenses. We also use this information to share purchase confirmations, notifications, support and product notices. Please note that depending on the product your purchase and the payment method you choose, your Payment Information will be collected either by third-party payment processors.
Purposes: We use the information to process your order, to deliver the Service you ordered, to manage your purchase, and to protect the access to your account and purchased Platform licenses.
Retention: We retain this information for as long as your license is valid, and may sometimes retain it for longer periods when applicable laws require.
V. Files Uploading. Using our Platform enable you to upload content and documents such as files, or else (“Your Content“). In the event that the Content includes any Personal Data, this data will be subject to your use and responsibility. We do not retain Your Content beyond locally and are necessary to provide you with the Services, and features. We recommend you do not make any Personal Information public. Upon your choice and request, we may offer you a backup option or cloud storage. In any case, we implemented technical and organizational measures to ensure, from our side, maximum protection for you while you are using our Sites or Services.
Purpose and Retention: such type of data will be processed only to the extent necessary and for the time scope required to provide you with the Services, operate them and secure them.
VI. “Forwarding” Option. To improve the experience of the Platform usage, we allow our Clients to configure the ‘Forwarding’ option. They can add third-party emails. It may provide analysis and monitoring tools to increase the exposure of our Clients’ services. It should be emphasized that this action is on our Clients’ sole responsibility. Our Clients must rely on a data processing legal basis before processing any data from third parties. Fortify has no responsibility or control over this option.
B. Data we collect when you use our Services
This category refers to means we use to improve our Clients’ and Vistors’ experience. and our process performance for our Services.
When you access the Site, or otherwise use the Services, certain information about your actions in connection with the Services, your device, and Site visit may be processed in order to provide the Services, maintain them, understand User’s usage, improving them with further versions and features, supporting them and protecting them.
I. Online identifiers: When you use the Websites or Products, or Services, we may process one or more of the following online identifiers: the IP address that your internet provider assigned to your device and access to the web, geo location, cookies information, browser details or upon landing on our Websites. Such information, like any other digital service, is collected through cookies, pixel tags, and log files and includes online usage data, login data (when applicable), and IP address.
Purposes: We collect information through server log files, but also by deploying tracking technologies within the Websites, such as pixel tags. The use of Online Identifiers serves one or more of the following purposes: (i) As part of our legitimate interest, we use certain online information for analytics and statistical purposes (ii) We also use IP addresses many times as part of our legitimate interest to monitor, detect and prevent fraud or any automated non-human actions across our Websites and Services. The IP address also serves our legitimate interest to learn the country from which you access the Services and make sure we serve the Products and Services in the right language and in compliance with the jurisdiction in which we offer our Products and Services. (iii) In certain cases, and upon your consent, third-party cookies and tags will be used for advertising and marketing purposes of our Products and Services, including by using retargeting. See further explanation under “Third Party Services”.
Retention: We retain online information for as long as necessary to achieve the purpose for which it is processed, to begin with, or, until we make it Non-Personal Information, in which case, we reserve the right to retain the information without any time limitation, based on our discretion and commercial necessities.
II. Device Information: We may collect certain information about the device from which you access the Website, use Products and Services, such as user-agent (that includes the browser type and version, IP address, operating system type and version), device type (mobile/desktop), type and version of your operating system, your MAC address, the language you use on your device.
Purposes: Based on your consent, and in certain cases, our legitimate interest, we may process device information for the purpose of the Platform’s compatibility purposes, to the right device type, the relevant operating system’s version and features.
Retention: We retain device information for as long as necessary to provide the Service’s functionality, to maintain a record of your license key and usage of the product, to associate license terms and renewals.
III. Online activity: We also collect certain online activity information from Visitors, for example, if you clicked an advertisement of our product, we will get the source URL in which you click the advertisement, or, by using third-party services (such as retargeting), we may offer to you one or more of our Products when you visit other websites. Under this category, we may also document in log files your clicks on actions and buttons across our Website or Services, if provided, as described under the category of “Online Identifiers”.
Purpose: We use this information for the following purposes: (i) Based on your consent for advertising, marketing and retargeting of our Services. (ii) Based on our legitimate interest – to make the Website, Platform and Services responsive and functional, to measure and calculate our payments to advertisers and to monitor and prevent ad fraud concerning our Products and Services.
IV. Platform and Website Activity: we automatically record and process activities related to the Platfom’s usage and functionality in order to be responsive to them or allow you to revert certain actions you took such as your Site and Platform use, including but not limited to performance and frequency of use, or the number of times you visit or use the Site or Platform and the time you spend using it.
C. Data we collect from third parties
This category refers to data we may receive from third parties concerning the Services we provide to you.
I. Data from companies that offer their products or services in relation to our Services or whose products or services may be linked from our service or whose products or services may be linked to their service.
II. Analytical information provided by third-party analysis services engaged in analyzing how users use the Services.
III. Additional information as required from us to comply with legal obligations.
IV. Any data obtained by any of the above means may be associated with other data you have previously provided to us.
V. Third-party advertising companies are sometimes used to help us collect this personal information.
A cookie is a small text file that is placed on the browser of the hard drive of your computer (or similar device) by websites that you visit. Cookies are typically used in order to make websites function, or function more efficiently, as well as to provide information to the operator of the particular website. Cookies make your use of the Site and Services easier to use and improve their functionality. They are used to make the login process easier for our users.
Some features and tools are integrated into our Services’ configuration for our Clients’ choice, such as cookie configuration. Please be aware that cookie collecting is under our Clients’ responsibilities. We do not collect cookies by ourselves.
- How We Use Personal Data (Purposes of Processing)?
- The Legal Basis for Personal Data Use
Fortify only processes personal data on your use of our Site, relying on your consent. Concerning the Platform usage, Fortify will process data as part of our engagement with the Client.
The legal basis for using your Personal Data for providing our Services is based on our obligations as the Data Processor under the appropriate Data Processing Agreement (DPA) with the relevant Data Controller, as applicable.
We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the reason or reasons we collected and need to use your Personal Data.
- Sharing Personal Data with Third Parties
a) We do not sell, rent or lease your Personal Data. We may share your Personal Data with service providers and other third parties, to the extent necessary to fulfil our Services. However, and in order to provide, operate, maintain, serve and improve our Site and Services, so as to be able to offer additional products and features further, we use third-party services. Such Services include payment processors, feedback features, support and ticketing systems, operational tools, analytics, and statistical tools, and so forth. Those services include the following categories:
I. Hosting services and storage: We use third-party host and storage services (including cloud storage) to host our Site, and respective data and retain your Information. Such Processors may be based (and their servers may be located) in EEA or anywhere in the world. We require each such Processor to maintain strict privacy protection and data security policies and ensure their compliance with applicable data protection laws. However, their practices and activities are fully governed by their own privacy policies.
II. Analytics. If you are a User and visiting our Site, we may use analytics services to help us understand how Users interact with our Site and Services.
iii. Support services. We may use, from time to time, support and help desk services to provide better and faster support, whether online or, when you contact customer support.
IV. Authentication and security. In cases where you open an account with us, we may integrate over time certain authentication services.
V. Payment processors. When you choose to purchase one or more of our products, we may use payment processing services carrying strict security standards.
VI. CRM and mailing lists. If you are a Customer or a User, we may use services to manage and secure your Personal Information, or, manage subscriptions and notifications lists.
VII. Technology partners. Some of our products and Services may include third-party technologies, widgets, or features in order to enhance a product’s functionality and expand it to include more features for you.
VIII. Advertising and Retargeting: Some of our third-party services may collect non-identifiable information about your interaction with our Site. Third parties may use such information to serve and display ads when browsing other websites across the web (“Retargeting”). You can opt-out at any time of such type of advertising directly from the Ad when you encounter it.
X. Merger, Sale, or Bankruptcy. In the event that we or one of our affiliated entities is acquired by, or merged with, a third party entity or otherwise sells all or part of our/its assets, we may (and hereby reserve the right to) transfer or assign the Personal Information and other information we have collected or received. In such a case, we will require the acquiring entity to post its data practices and provide you with any of your rights as per the jurisdiction of your residency.
- Transfer of Data Outside of Your Territory
If you are a resident of the EEA, it is possible that your data will be transferred outside the EEA, to third parties who can assist us in our Services. We may process your Personal Data in any country in which we do business, currently mainly the member states of the EU, Israel (a country declared by the EU Commission as an adequate country) or the US. If we shall transfer the Personal Data of an EU resident outside of Israel or the EU, we shall comply with Applicable Laws in relation to such transfer and according to our commitment under the DPA with the Data Controller.
We are subject to the provisions of the GDPR that protect your Personal Data. We will ensure that certain safeguards are in place to provide a similar degree of security for your Personal Data. Each transfer of data outside the EEA, such as to Israel where our offices are based, will be subjected to the Commission Implementing Decision (EU) 2021/915 given on 4 June 2021 (hereinafter: “SCC” and/or “Standard Contractual Clauses”).
- Data Security
We take the safeguarding of the Personal Data and non-Personal Data very seriously, and use a variety of industry standard systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Website or our Platform will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways and for further enhancing the security of our Website and Platform and protection of our Visitors’ and our users’ privacy.
- Data Retention
We retain different types of information for different periods, depending on the purposes for processing the data. We may retain Personal Data for as long as necessary in order to support our legitimate business purposes and Services, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax issues.
We may store aggregated or anonymized Non-Personal Data without time limit. In any case, as long as you use the Website and Services, we will keep information about you as provide above in this Policy, unless we are legally required to delete it, or to the extent applicable under Applicable Law – if you exercise your rights to delete the information, subject to our legal requirements.
- EEA Residents Notice
Depending on your country of residency, and on the type of your use of our Website (Visitor or a User) certain rights concerning your Personal Data may be available to you.
If you are located in the European Economic Area (“EEA”), you have certain rights with respect to your Personal Data, including:
- the right to be informed
- the right of access
- the right to rectification
- the right to erasure
- the right to restrict processing
- the right to object to processing
- the rights in relation to automated decision making and profiling.
Please contact us at: email@example.com with your detailed request and sufficient information to allow us to verify you and your request, and we will process your verifiable request within the timeframe indicated in the applicable regulation. Please note, that when handling these requests, we may ask for additional information from you. you. We will make good-faith efforts to locate the data that you request to access.
When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid phishing and/or disclosure to you of Personal Data related to others.
We may redact from the data which we will make available to you, any Personal Data related to others, if applicable.
- Note to California’s Residents
We hereby inform Visitors and Users that are California residents (in this section “You”, “Your”), of the following rights (by virtue of the CPRA) with respect to the Processing of your Personal Data:
To learn more about the Personal Data we collect, including the specific Personal Data categories collected, sources of collection, our purposes for collection, and the categories of service providers with whom we share Personal Data, please see the headlines above.
We do not sell Personal Data for business or commercial purposes. We may disclose aggregated information to a third party for a business purpose, including our Affiliated Companies. When we do so, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.
- The CPRA grants California consumers specific rights in connection with the Personal Data collected by businesses, as described below:
- Right to Know: You have the right to know the categories and specific pieces of Personal Data we have collected about you in the previous 12 months.
- Right to Deletion: You have the right to request that we delete any Personal Data we have collected about you.
- Right to Request Information: You have the right to request information about our collection, sale, and disclosure of your Personal Data from the previous 12 months.
- Right to Opt-out of the Sale of Personal Data: You have the right to opt-out of the sale of Personal Data we have collected about you. As of the date of this Policy, we do not sell the Personal Data we have collected about you.
- Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising your CPRA rights. We will not treat you differently for exercising any of the above rights.
Exercising Your Rights
To exercise any of the CPRA rights above, don’t hesitate to contact us by emailing firstname.lastname@example.org. We will fulfill your request within 45 days of receiving your request. Some of these rights may be subject to limitations and qualifications, such as where fulfilling the request would conflict with federal, state, or local law, regulatory inquiries, subpoenas, or our ability to defend against legal claims. We will verify your request using your email address. If you’ve created an account with us, we will also verify your request using the information associated with your account, including billing information.
Note that we cannot respond to your request if we cannot verify your identity and confirm the Personal Data related to you. Making a verifiable consumer request does not require you to create an account with us. If you wish to use an authorized agent to submit a request to opt-out on your behalf, you must provide the authorized agent with written permission signed by you. We may deny a request from an authorized agent if the agent cannot provide to us your signed authorization demonstrating that they have been authorized to act on your behalf.
- Contact Us
For further information about this Policy, please contact us at: email@example.com.
If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.