the Law Firm – PRIVACY POLICY

1. 1. Applicability.

• This privacy policy (“PP”) explains how Derri-Riffer and Co. Law Firm,  Attorneys At Law and its affiliates (the ” Law Firm”) treat the information of users (“User”) in connection with The Law Firm website available at [https://www.drlawfirm.co.il/] (the “Site”). For the purpose of this PP “Personal Data” shall mean personal data or personal information pursuant to the Applicable Data Protection Law (as defined below).

1. 1. The PP is an integral part of The Law Firm terms of use which are available at [https://www.drlawfirm.co.il/%d7%aa%d7%a0%d7%90%d7%99-%d7%a9%d7%99%d7%9e%d7%95%d7%a9-%d7%9c%d7%90%d7%aa%d7%a8/ ] (“TOU”), together with the PP, and the terms of use, the “Terms”).
   2. This PP is in effect as of the date set forth below.
   3. Users are not under any legal obligation to submit Personal Data to the Law Firm. However, in case User chooses not to submit Personal Data to the Law Firm, User might not be able to use the Site, or certain parts thereof. 
   4. By attempting to use or access, or by using or accessing the Site, User agrees to be bound by the Terms. If User does not agree with the Terms, User must not use or access the Site. 
   5. The Law Firm may from time to time modify this PP, therefore the User should check back periodically. If User does not agree with the PP, as amended, User must stop using the Site. Any changed PP will be effective from the date it is posted on the Law Firm Site. If the Law Firm makes any changes to this PP that materially affect the Law Firm’s practices with regard to the Personal Data the Law Firm previously collected from User of The Law Firm will endeavor to provide User with notice in advance of such change via email. The Law Firm will seek User’s prior consent to any material changes, if and where this is required by Applicable Data Protection Laws. User is advised that if User does not terminate all use of the Site, User will be deemed to have accepted the PP, as amended.
   6. Any capitalized terms which are not defined herein shall have the meaning assigned to them in the Law Firm TOU.
   7. For the purposes of this PP “Applicable Data Protection Laws“ means (i) the General Data Protection Regulation (2016/679), including any subordinate or implementing legislation (“GDPR”); (ii) the California Consumer Privacy Act of 2018, Cal. Civ. Code 1798.100 et seq., including any subordinate or implementing legislation (“CCPA”), and/or (ii) Protection of Privacy Law 5741-1981 (Israel); and any rules or regulations that amend and/or replace any of the aforementioned Applicable Data Protection Laws.
2. Personal Data collected by the Law Firm.
   1. Information provided by User. 

The Law Firm collects any data User provides the Law Firm with, including but not limited to the following Personal Data:

1. contact details (e.g. name, surname, email address); 
2. Any communication between User and the Law Firm, e.g. emails, phone conversations, chat sessions (except as indicated differently by User on the Site). 
3. User hereby represents and warrants that in providing the Law Firm with the above Personal Data(i) User fully complies with any applicable laws (including without limitation that User obtained and will continue to obtain the consents required by any applicable law); (ii) User will conspicuously display, maintain, and make accessible any privacy policy that complies with any applicable law.

•      Data collected automatically.

The Law Firm automatically collects data when User visits, interacts with, or uses the Site, including but not limited to:

1. Identifiers and information contained in cookies; 
2. User’s settings preferences, backup information; 
3. Content User viewed or searched for, page response times, and page interaction information (such as scrolling, clicks, and mouse-overs);
4. Network and connection information, such as the Internet protocol (IP) address and information about User’s Internet service provider; 
5. Device information, such as browser type and version, operating system, or time zone setting; location of the device.

1. Personal Data Collected By Third Parties. 
   1. This PP does not apply to any products, services, websites, links or any other content that are offered by third parties on the Site. Users are advised to check the applicable third party agreements, and/or other third party policies. The Law Firm does not have any control over such third parties’ privacy practices, or the technology used by such third parties in order to collect any personal data. Each User is advised to thoroughly review such third parties’ privacy policies before making any use of such third party’s products and services.
   2. Without derogating from the generality of the above, when clicking on certain social media links provided on the Site (e.g. Twitter, Facebook, LinkedIn, Instagram) User will be transferred to the Law Firm’s sites on such social media (“Social Media Sites”). It shall hereby be clarified that such Social Media Sites are governed by the terms of use and privacy policy of the respective social media and not by the Law Firm.
2. Cookies.
   1. To facilitate and customize the User’s experience of the Site and to track User’s use of the Site, the Law Firm may utilize cookies and other industry standard technologies . A cookie is a small text file that is stored on a User’s computer for record-keeping purposes which contains information about that User. Most browsers automatically accept cookies, but users may be able to modify their browser settings to decline cookies. Please note that if User declines or deletes these cookies, some parts of the Site may not work properly. 
   2. By clicking on a link to a third-party website or service on the Site, a third party may also transmit cookies to User. This PP does not cover the use of cookies by any third parties, and the Law Firm is not responsible for such third parties’ privacy policies and practices
   3. Without derogating from the foregoing, please note that the Law Firm may use analytic tools such as Google Analytics. Please click on www.google.com/policies/privacy/partners/ in order to find out how Google Analytics collects and processes data.
3. The Law Firm’s Use of Personal Data.
   1. The Law Firm processes User’s Personal Data to operate, provide, and improve the Site, including but not limited to: 
      1. contacting User by the Law Firm and communicating with User with respect to the Site, e.g. by phone, email; responding inquiries from User; 
      2. informing User about updates or offers; 
      3. personalizing the Site, i.e. identifying User’s interests and recommending offers that might be of interest to User; 
      4. marketing and promoting the Site;
      5. providing assistance and support; 
      6. fulfilling User requests; meeting contractual or legal obligations; 
      7. protecting Users security, e.g. preventing and detecting fraud;
      8. internal purposes, e.g. troubleshooting, data analysis, testing and statistical purposes. 
   2. Except as provided herein, the Law Firm does not use any Personal Data other than as necessary to provide the Site, without obtaining User’s prior consent. 
   3. The Law Firm may ask for User’s consent to use User’s Personal Data for a specific purpose which will be provided to User.
   4. In case User’s Personal Data contains third party personal data, User represents and warrants that it has obtained any consent required under the PP to the Law Firm’s privacy practices set forth in the PP from such third party.
   5. The Law Firm may ask for User’s consent to use User’s Personal Data for any use not specified herein.
   6. The Law Firm uses anonymous, statistical or aggregated information, which may be based on Personal Data provided by User, for legitimate business purposes including for testing, development, control and operation of the Site. 
4. Sharing Data.
   1. The Law Firm may be required to retain or disclose Personal Data, without notification, in order to: 
      1. comply with applicable laws or regulations;
      2. comply with a court order, subpoena or other legal process;
      3. respond to a lawful request by a government authority, law enforcement agency or similar government body (whether situated in User’s jurisdiction or elsewhere); 
      4. engage with third-party service providers and/or subcontractors which provide services for the Law Firm’s business operations, a list of which can be received upon request;
      5. disclose to third parties aggregated or de-identified information about Users for marketing, advertising, research, or other purposes; 
      6. The Law Firm believes release is appropriate to comply with the law, enforce or apply the Law Firm’s terms and other agreements, or protect the rights, property, or security of the Law Firm, Users, or others. This includes exchanging information with other companies and organizations for fraud prevention and detection and credit risk reduction.
      7. To verify the information obtained by the Law Firm;
      8. If the Law Firm believes that User’s conduct on or in connection with the Site is inappropriate and inconsistent with generally accepted norms of behavior;
      9. In the event that the Law Firm, or any of its businesses, are sold or disposed of, whether by merger, sale of assets or otherwise, data may be one of the assets sold or merged in connection with such transaction. Personal Data may also be disclosed in connection with a commercial transaction where the Law Firm or any of its businesses are seeking financing, investment, and support or funding. 
   2. When the Law Firm shares data with third parties, as specified above, the Law Firm makes reasonable efforts to require such recipients to agree to only use such Personal Data the Law Firm shares with them in accordance  in accordance with this PP and the Law Firm’s contractual specifications and for no other purpose than those determined by the Law Firm in line with this PP. However, it is clarified that the Law Firm is not liable for such third parties’ use of the Personal Data.
5. Direct Marketing and Advertising.
   1. The Law Firm may provide Users with direct marketing, as such term is defined in the Israeli Privacy Protection Law, 1981.
   2. The Law Firm may also send Users advertisements, as such term is defined in the Israeli Media Law (Bezeq and Broadcasting), 1982.
   3. User can opt out of receiving these direct marketing and/or advertisements from the Law Firm at any time by unsubscribing using the unsubscribe link within each communication, or emailing the Law Firm at:info@drlawfirm.co.il  to have User’s contact information removed from the Law Firm’s email list. 
6. Security. 

the Law Firm has taken appropriate technical and organizational measures to protect information the Law Firm collects from loss, misuse, unauthorized access, disclosure, alteration, destruction, and any other form of unauthorized processing. Users  should be aware, however, that no data security measures can guarantee 100% security.

1. Retention
2. The Law Firm will retain Users’ Personal Data for a period of time consistent with the original purpose of collection (see Section ‎5, “The Law Firm’s Use of Personal Data”). the Law Firm determine the appropriate retention period for Personal Data on the basis of the amount, nature and sensitivity of Users Personal Data processed, the potential risk of harm from unauthorized use or disclosure of Users Personal Data, and whether the Law Firm can achieve the purposes of the processing through other means, as well as on the basis of Applicable Data Protection Law requirements (such as applicable minimum statutory retention requirements). After the expiration of the applicable retention periods, the Law Firm Will delete Users’ Personal Data. If there is any data that the Law Firm is unable, for technical reasons, to delete entirely from the Law Firm’s systems, the Law Firm will put in place appropriate measures to prevent any further use of such data.
3. Access to Information.
   1. Depending on Applicable Data Protection Law, User  may be entitled to access User’s data held by the Law Firm with respect to such User. User’s right of access can be exercised in accordance with the relevant data protection legislation. Any request for access may be subject to a fee to meet the Law Firm’s costs in providing such User with details of the data the Law Firm holds on User. 
   2. the Law Firm will take reasonable steps to verify User’s identity before granting User access or enabling User to make corrections. 
   3. If at all, the Law Firm will retain Personal Information only for the time period needed for business purposes or as required by applicable law and will securely destroy such information thereafter. 
4. Users in the European Economic Area (EEA) .
   1. Legal Basis for Processing of Personal Data.

the Law Firm will only process User’s Personal if it has one or more of the following legal bases for doing so:

1. Contractual Necessity: processing of Personal Data is necessary to enter into a contract with User, to perform the Law Firm’s contractual obligations to User, to provide the Services, to respond to requests from User, or to provide User with customer support;
2. Legitimate Interest: the Law Firm has a legitimate interest to process User’s Personal Data;
3. Legal Obligation: processing of User’s Personal Data is necessary to comply with relevant law and legal obligations, including to respond to lawful requests and orders; or
4. Consent: processing of User’s Personal Data with User’s consent.

1. User’s Rights regarding Personal Data.
   1. Subject to applicable law, User has certain rights with respect to User’s Personal Data, including the following:
      1. User may ask whether the Law Firm holds personal data about User and request copies of such Personal Data and information about how it is processed;
      2. User may request that inaccurate Personal Data is corrected;
      3. User may request the deletion of certain Personal Data;
      4. User may request the Law Firm to cease or restrict the processing of Personal Data where the processing is inappropriate;
      5. When User consents to processing User’s Personal Data for a specified purpose by the Law Firm, User may withdraw User’s consent at any time, and the Law Firm will stop any further processing of User’s Personal Data for that purpose.
      6. In certain circumstances, the Law Firm may not be able to fully comply with User’s request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, however, in those circumstances, the Law Firm will still respond to notify User of such a decision.  
   2. User can exercise User’s rights of access, rectification, erasure, restriction, objection, and data portability by contacting The Law Firm at eyal@drlawfirm.co.il In some cases, the Law Firm may need User to provide the Law Firm with additional information, which may include Personal Data, if necessary to verify User’s identity and the nature of User’s request.
2. Transfer of User’s Personal Data outside of the EEA. 
   1. Personal Data may be processed outside User’s jurisdiction, and in countries that may not provide for the same level of data protection as User’s jurisdiction. The the Law Firm ensures that the recipient of User’s Personal Data offers an adequate level of protection, for example by entering into the appropriate data processing agreements and, if required, standard contractual clauses for the transfer of data as approved by the European Commission (Art. 46 GDPR).
   2. The Law Firm currently stores User data in the Law Firm’s data centers located in the USA and in Israel. 
   3. Without derogating from the generality of the foregoing, when transferring data from the EEA to Israel, the Law Firm relies on the European Commission’s decision that Israel offers adequate data protection for transfers from the EEA. 

1. Users in California, USA.

To the the CCPA is applicable the following shall apply:

1. The Law Firm will only process Personal Data on User’s behalf. 
2. The the Law Firm will (i) not collect, retain, use, or disclose Personal Data for any purpose other than for the specific purposes set out in the PP, or any other agreement between the Law Firm and User; (ii) not sell Personal Information (as defined under the CCPA); and (iii) put in place appropriate technical and organizational measures to protect personal information against unauthorized or unlawful processing or accidental destruction, loss or damage.

1. International Storage.

Each User is advised to be aware that Personal Data the Law Firm collects may be transferred to, processed and stored outside User’s jurisdiction, and that Applicable Data Protection Laws in the jurisdiction where the information is collected stored and/or processed may differ from User’s jurisdiction. Each User hereby gives User’s consent to this transfer, processing and storage of User’s information outside its jurisdiction. 

1. Personal Data Of Children

The Site is not intended for children. Children under 18 years of age may use the Site only with the involvement of a parent or guardian.

1. Questions Regarding Privacy at the Law Firm?  

If User has any questions about this PP or the Law Firm’s data practices in general, User may contact the Law Firm using the following information:

Email: info@drlawfirm.co.il

Last update: March 10th , 2023.