Yoom.Com – PRIVACY POLICY

Last Updated: May 15, 2024

Yoom.Com – PRIVACY POLICY

This Privacy Policy (“Privacy Policy”), is an integral part of our Terms of Use (“Terms”) and governs the collection, processing, usage, and transfer of Personal Data by Yoom.Com Ltd. (“Yoom”, “we”, “us” or “our”) while you (“you” or “user”) access, use or interact with our website available at: https://yoom.com/ (“site”) or use any of our other services (collectively, “Services”).

Any capitalized terms not defined herein shall have the meaning ascribed to them in the Terms.

This Privacy Policy provides you with details regarding our privacy practices, and further explains how you can exercise your rights related to your Personal Data, in accordance with the laws and regulations applicable to you (which may include for example the EU General Data Protection Regulation (“GDPR”), the UK General Data Protection Regulation (”UK GDPR”), the California Consumer Privacy Act of 2018 (“CCPA”) and other applicable US State Privacy Laws as detailed below). Any term not defined herein shall have the meaning ascribed to such term under the Terms or where applicable under the relevant privacy regulation.

Additional Notice to California Residents: In the event you are a California resident – please review our CCPA Notice to learn more about our privacy practices with respect to the CCPA.

Additional Notice to Specific US States Residents: In the event you are a resident of certain US States, some jurisdiction specific privacy laws may apply to you, as further elaborate under Section 12 below. Please review this section to learn more about our privacy practices and your rights under the privacy and data protection legislation which applies in these specific states.

If you have any questions or requests regarding the processing of your Personal Data or would otherwise like to contact us in connection with this Privacy Policy, please email us at: privacy@yoom.com.

(1)    POLICY MODIFICATIONS.

We reserve the right to amend this Privacy Policy from time to time, at our sole discretion. The most recent version of the Privacy Policy will always be posted on the website. The updated date of the Privacy Policy will be reflected in the “Last Modified” heading. We will provide notice if these changes are material and, where applicable law requires, we will obtain your consent. Any amendments to the Privacy Policy will become effective within 30 days of the display of the modified Policy. We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

We recommend you review this Privacy Policy periodically to ensure that you understand our most updated privacy practices.

(2)    DATA CONTROLLER & DATA PROTECTION OFFICER.

Yoom.com Ltd. incorporated under the laws of Israel is the controller of your Personal Data.

You may contact us and our privacy team as follows:

Yoom.com Ltd.

Shoham Street 2

Ramat Gan 5251003

(3)    THE DATA WE COLLECT & OUR LAWFUL BASIS FOR PROCESSING YOUR PERSONAL DATA

Depending on your interaction with us, we collect two types of data:

“Non-Personal Data”:    

Meaning, information which does not identify a specific natural person and cannot reasonably be used for such identification. We collect Non-Personal Data regarding the use of the Services, such as the scope, frequency, latency, pages accessed and viewed, time and date you have accessed the Services, interactions with content and materials displayed through our Services, language preference, and other technical information regarding the device used to access the Services, for example, type of device, type of browser, operating system, etc.

Non-Personal Data is used mainly for click stream analysis in order to maintain and develop our Services, including among others, in order to measure and understand the level of engagement with the Services, general business analytics for ensuring the technical functioning of our network, to help prevent fraudulent use of the Services and for developing new Services and features.

Personal Data”:

Meaning information that identifies or can be reasonably used to identify an individual, for example, your name, phone number, email address, pictures, unique online identifiers etc.

For the avoidance of doubt, any Non-Personal Data connected or linked to any Personal Data shall be deemed as Personal Data if such connection or linkage exists.

We do not knowingly collect or process any Personal Data constituting or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (used for the identification of an individual), data concerning a person’s health, or data concerning a person’s sex life or sexual orientation (“Special Categories of Personal Data” or “Sensitive Data”).

The table below details the processing of Personal Data, the purpose, lawful basis, and processing operations:

DATA SETS

PURPOSE AND OPERATIONS

LAWFUL BASIS

”Contact Information”, If you voluntarily contact us to ask a question, schedule a meeting, or for any other inquiries (including through the form available on our site), you may be required to provide us with certain contact information such as your full name, email address, phone number, company’s name, country, and any additional information you choose to provide us.

 

 

We will use such Contact Information to provide you with the support you requested or to respond to your inquiry.

Note, the correspondence with you may be processed and stored by us to improve our customer service and interactions. Further, we may retain such correspondence in case we find it reasonable to believe that such correspondence is required to protect our legitimate interests, e.g., in case of any future disputes or legal claims, or to provide you with future assistance (when applicable).

We process such Contact Information subject to our legitimate interest in order to respond to your inquiry.

When we process the correspondence with you for the purposes of improving our customer support, we will process it as part of our contractual obligations with you.  

”Survey Data”, If you participate in our survey, you will be required to provide certain information such as age, phone number, mail address, name, and your feedback.

We will use this Survey Data in order to improve and enhance our Services

We process this Survey Data based on your consent provided when you participate in the survey.

”Email Marketing”, we may send you emails for marketing services, offerings, updates, and for providing invoices.

To provide you with such email marketing, we will process your email address.

We may use such Email Marketing data provided by you for direct marketing, meaning we will send you email promotions and updates specifically regarding the Services you are interested in.

We process such Email Marketing data subject to our legitimate interest in order to contact you with updates and offers relating to our Services that we believe might interest you. Where required under applicable law, including under other laws such as spam laws, we will obtain your consent.

You may opt-out at any time by contacting us at privacy@yoom.com or by other means we will make available (e.g., “unsubscribe” link within the applicable email). 

Note, even if you “unsubscribe” – you will still receive operational messages, such as updates regarding your use of our Services, invoices, etc.   

   

1.       Usage Data and “Online Identifiers”:

When you access our Site or use any of our Services, we may collect certain online identifiers such as IP address, Device ID, cookie ID and other similar identifiers. We may further collect information related to your use and interaction with our Site such as directing campaign and URLs, pages viewed, access time and date, duration, clickstream, WiFi network, DNS name, screen resolution, device type and model, etc. 

We process such Online Identifiers for the purpose of:

(1)    Providing you with our Services, including the Site, and improving and further developing our Services and products;

(2)    Security and fraud prevention purposes (i.e., to prevent or to be able to address any errors or technical issues in our Services);

(3)    For analytics, marketing, and measurements for tracking and providing you with personalized ads.

Where we process such Online Identifiers for operational, functional, and security purposes, we process your data based on our legitimate interest.

Where we use the Online Identifiers for marketing, personalized ads, and tracking it will be based on your consent.

   
   
   

Recruitment Data, in the event you apply for a job via our site, we will collect your contact details such as full name, email address, phone number, CVs and any additional information you choose to provide us.

To process your job application and for recruitment purposes.

We use Comeet Technologies Inc. as our HR service provider, and thus job application information will also be subject such service provider’s privacy policy, available HERE.

We will process such Recruitment Data subject to our legitimate interests to consider your application and respond.

If we move forward with you in the recruitment process, at an advanced stage of the negotiations we will process your data as part of our contractual relationship with you.

If we will choose to retain your data for any future optional positions that may apply to you, we will ask for your explicit consent.

   

 

We use various technologies to collect and store the information listed above, including cookies, pixel tags, local storage, databases, and server logs. We use different technologies to process your information listed above, for the purposes listed above.  Therefore, the actual processing operation per each purpose of use and lawful basis detailed in the table above may differ. Such processing operation usually includes a set of operations, made by automated means, such as collection, storage, use, disclosure by transmission, erasure, or destruction. Transfer of Personal Data to third-party countries as further detailed in the International Data Transfer section is based on the same lawful basis as stipulated in the table above.

In addition, we may use certain Personal Data to prevent potentially prohibited or illegal activities, fraud, misappropriation, infringements, identity thefts and any other misuse of the Services and to enforce our policies and agreements, as well as to protect the security or integrity of our databases and the Services, and to take precautions against legal liability. Such processing is always based on our legitimate interests.

 

(4)    HOW WE COLLECT YOUR INFORMATION?

We collect the above data from you, in the following ways:

  • When you voluntarily choose to provide us with information, g., when you contact us.
  • Automatically, when you use our Services, for example, Cookies on the site. 
  • Provided to us by third parties, for example as part of our digital marketing efforts.

 

(5)    COOKIES AND SIMILAR ONLINE TRACKING TECHNOLOGIES

When you access or use the Site we use “cookies” or similar tracking technologies, which store certain information on your device (i.e., locally stored). The use of cookies is a standard industry-wide practice. A “cookie” is a small piece of information that a website assigns and stores on your computer while you are viewing a website. Cookies are used by us for various purposes, including allowing you to navigate between pages efficiently, as well as for statistical purposes, analytic purposes and advertising. You can find more information about our use of cookies here: www.allaboutcookies.org.

You can always review the list of Cookies on our Site and control your cookies preferences by the designated cookies tool available on our Site.  

Also note that, most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. You may set your browser to block all cookies, including cookies associated with our Site and Services, or to indicate when a cookie is being used by us, by adjusting the privacy and security settings of your web browser. Please refer to the support page of your browser to learn more about how you can adjust your privacy and security settings. Please note that once you choose to opt out or disable cookies, some features of the Services may not operate properly, and your online experience may be limited. In addition, even if you do opt-out, you may still receive some content and advertising, however, it will not be targeted content or advertising.

Where we use third-party advertising cookies, such third-party may independently collect, through the use of such tracking technologies, some or all types of Personal Data detailed above, as well as additional data sets, including to combine such information with other information they have independently collected relating to your online activities across their network of websites, for the purpose of enhanced targeting functionality and delivering personalized ads, as well as providing aggregated analytics related to the performance of our advertising campaign you interacted with. These third parties collect and use this information under their own privacy policies and are responsible for their practices.

(6)    DATA SHARING – CATEGORIES OF RECIPIENTS WE SHARE PERSONAL DATA WITH 

We share your Personal Data with third parties, including our affiliated companies and subsidiaries, as well as service providers that help us provide our Services. You can find in the table below information about the categories of such third-party recipients.

Category of Recipient

Data That Will Be Shared

Purpose of Sharing

Service Providers

All types of Personal Data

We share Personal Data with our trusted agents (such as legal counsels) and service providers (including, but not limited to, our Cloud Service Provider, Analytics Service Provider, CRM provider, etc.) so that they can perform the requested services on our behalf. Thus, we share your data with third party entities, for the purpose of storing such information on our behalf, or for other processing needs. These entities are prohibited from using your Personal Data for any purposes other than providing us with requested services

Any acquirer of our business

All types of Personal Data

We may share Personal Data, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale). In the event of the above, our affiliated companies or acquiring company will assume the rights and obligations as described in this Policy.

Affiliated companies

All types of Personal Data

We may operate through various subsidiaries and affiliated companies with whom we share data.

Legal and law enforcement

Subject to law enforcement authority request.

We may disclose certain data to law enforcement, governmental agencies, or authorized third parties, in response to a verified request relating to terror acts, criminal investigations or alleged illegal activity or any other activity that may expose us, you, or any other user to legal liability, and solely to the extent necessary to comply with such purpose.

For avoidance of doubt, we may transfer and disclose or otherwise use Non-Personal Information or information which is linked to anonymous random identifiers or information that is aggregated in a non-identifiable way, at its own discretion.

(7)    RETENTION AND SECURITY OF DATA

In general, we retain the Personal Data we collect for as long as it remains necessary for the purposes set forth above, all under the applicable regulation, or until you express your preference to opt-out, where applicable.

The criteria used by us to determine our retention periods are as follows:

  • We retain Personal Data for the periods needed in order to achieve the purpose for which Personal Data was collected. For example, data provided as part of a “Contact Us” form will be retained until we will address your inquiry, and further, as part of or internal keeping.
  • We retain Personal Data for the periods needed in order to comply with our obligations under applicable laws.
  • If you have a dispute with us, we may retain certain types of Personal Data as necessary and applicable to your claims, including any legal proceedings between us, until such dispute was resolved, and following, if we find it necessary, in accordance with applicable statutory limitation periods. In addition, in the event you request to exercise your rights, we will maintain the applicable correspondence for as long as needed to demonstrate compliance.

We may at our sole discretion, rectify or erase information from our systems, without prior notice to you, once we deem it is no longer necessary for such purposes.

(8)    DATA SECURITY 

We work hard to protect the Personal Data we process as part of our Services from unauthorized access, alteration, disclosure, or destruction. We have implemented physical, technical, and administrative security measures that comply with applicable laws and industry standards, such as encryption, access restrictions and permissions, etc.

Note that we cannot be held responsible for unauthorized or unintended access beyond our control, and we make no warranty, express, implied, or otherwise, that we will always be able to prevent such access. Therefore, without derogating from our obligations under applicable law, you remain fully responsible for the security of the data processed through the Services.

(9)    INTERNATIONAL DATA TRANSFER

Any information you provide us with may be transferred to and processed in countries other than the country from which you accessed the Site. In the event that we need to transfer your Personal Data out of your jurisdiction, we will take appropriate measures to ensure that your Personal Data receives an adequate level of protection as required under applicable law.

When Personal Data collected within the European Economic Area (“EEA“) is transferred outside of the EEA to a country that has not received an adequacy decision from the European Commission, we take necessary steps to ensure that sufficient safeguards are provided during the transferring of such Personal Data, in accordance with the provision of the Standard Contractual Clauses approved by the European Union. For example, we will obtain contractual commitments and or assurances from the data importer to protect your Personal Data, using contractual protections that EEA and UK regulators have pre-approved to ensure your data is protected (known as standard contract clauses) or rely on adequacy decisions issued by the European Commission, including the EU-US Data Privacy Framework.

(10)                        CHILDREN INFORMATION

Our Services is not directed nor is it intended for use by children and we do not knowingly process a children’s information. We will discard any information that we receive from a user who is considered a “child” immediately upon our discovery that such a user shared information with us. Please contact us at:  privacy@yoom.com, if you have reason to believe that a child has shared any information with us.

(11)                        USER RIGHTS

We acknowledge that different people have different privacy concerns and preferences. Our goal is to be clear about what information we collect, so that you can make meaningful choices about how it is used. We provide you with the ability to exercise certain choices, rights and controls in connection with your information. Depending on your relationship with us your jurisdiction and the applicable data protection laws that apply to you, data protection and privacy laws provide you with some of the following principal rights regarding your Personal Data.

The table below details some of the principal rights that may apply to (subject to your jurisdiction and additional conditions), how you can exercise them and appeal a decision we take in this regard:

Right to Be Informed

You have the right to be provided with information regarding our Personal Data collection and privacy practices. All is detailed under this Privacy Policy. If you have any additional questions, please contact us as instructed below. 

Right to Know, Access Rights

You have the right to confirm whether we collect Personal Data about you and to know which Personal Data we specifically hold about you, and receive a copy of such or access it.

Right to Correction/ Rectification

You have the right to request the updating of Personal Data that is not correct, taking into account the nature of the processing and the purposes.

Right to Be Forgotten, Right to Deletion

You have the right to request the erasure of certain Personal Data if specific conditions are satisfied. This right is not absolute. We may reject your request under certain circumstances, including where we must retain the data in order to comply with legal obligations or defend against legal claims, other legitimate interests such as record keeping with regards to our engagements, completing transactions, providing a good or service that you requested, taking actions reasonably anticipated within the context of our ongoing business relationship with you, fulfilling the terms of a written warranty, detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, or prosecuting those responsible for such activities; debugging products to identify and repair errors that impair existing intended functionality; exercising free speech, ensuring the right of another consumer to exercise their free speech rights, or exercising another right provided for by law; and engaging in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.

You do not need to create an account with us to submit a deletion request.

Right to Restriction of Processing

You may be entitled to limit the purposes for which we process your Personal Data if one of the following conditions are satisfied: where the accuracy of the Personal Data is contested by you, for a period enabling  us to verify the accuracy of the Personal Data; where the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of its use instead; where we no longer need the Personal Data for the purposes of the processing, but we are required by you to retain it for the establishment, exercise or defense of legal claims; where you objected to processing (as detailed below) pending the verification whether our legitimate grounds override your request.

Right to Data Portability

You have the right to get a copy of your Personal Data in a portable format and, to the extent technically feasible, readily usable format that allows you to transmit the Personal Data to another entity without hindrance. We will select the format in which we provide your copy.

Right to Withdraw Consent or Opt-Out (Object) Under the GDPR, and Specifically in the US the Right to Opt-Out From:

(i) Selling Personal Data;

(ii) Targeted Advertising; and

(iii) Profiling & Automated Decision Making

When the lawful basis for processing your Personal Data is your consent, you may withdraw such consent at any time. For example, you may unsubscribe at any time from our mailing list.

You further have the right to object to the processing of Personal Data, in the event the basis for processing is our legitimate interests. However, we will be permitted to continue the processing if our legitimate interests override your rights, or when processing is necessary to establish, exercise, or defend a legal claim or right.

You have the right to opt-out from direct marketing, if applicable, by unsubscribing through the email received.

We do not profile you in a manner that has a significant effect on you or other individuals, therefore there isn’t an opt-out option.

We do not “sell” or “share” information as most people would commonly understand that term. We do not, and will not, disclose your Personal Data in direct exchange for money or some other form of payment; however, we do share Personal Data for analytic and marketing purposes, including targeted advertising, when we promote our Site or Services. In most cases we obtain Personal Data collected automatically from our Site and your actions therein through our use of cookies, and do not combine it with your actions on other websites, however, our third-party partners might do so, when providing analytic or advertising services to us.

You have the right to opt-out of the “selling” or “sharing” of your Personal Data for “cross-contextual behavioral advertising”, or “targeted advertising”, often referred to as “interest-based advertising” as well. You can exercise these rights by using the cookies setting tool available on our Site.

You are able to install privacy-controls in the browser’s settings to automatically signal the opt-out preference to all websites you visit (such as the “Global Privacy Control”).

In any event, please keep in mind that opt-out tools are limited to the browser or device you use because they work off your browser ID and device ID and, accordingly, you will need to opt-out on each browser and device you use. Your browser may save some information in its cookies and cache to maintain your privacy preferences. Clearing these may remove opt-out preferences, requiring you to opt-out again.

Right To Appeal or Lodge Complaint

If we decline to take action on your request, we will inform you without undue delay as required under applicable laws. The notification will include a justification for declining to take action and instructions on how you may appeal, if applicable.

Under the GDPR you have the right to lodge a complaint with the applicable Data Protection Authority in the EU or the Information Commissioner in the UK. Such a right also exists under other US state laws, as further detailed below.

Non-Discrimination

Denying a good or service, providing a different level or quality of service, or charging different prices. We do not discriminate against our Visitors or Customers, but we reserve the right to deny a good or service, provide a different level or quality of service, or charge different prices, all subject to applicable laws.

If you wish to exercise any or all of the above rights, please fill out the Data Subject Request (“DSR”) form available HERE, and send it to our privacy team at: privacy@yoom.com.

Certain rights can be easily executed independently by you without the need to fill out the DSR Form:

  • You can opt out from receiving our marketing emails by clicking the “unsubscribe” link.
  • you can withdraw consent for processing Personal Data for analytics or marketing purposes, by using the settings on your device, or as detailed in the “Opt-Out Options”section below: 

(12)                        NOTICE TO SPECIFIC US STATES RESIDENTS

General Applicability and Jurisdictions

This section applies to residents of specific US States under applicable specific state laws, including residents of: Connecticut under the Connecticut Data Privacy Act, S.B. 6 (Connecticut 2022); Utah, under the Utah Consumer Privacy Act, Utah Code Ann. § 13-61-101 et seq; Virginia under the Virginia Consumer Data Protection Act, Va. Code Ann. § 59.1-575 et seq. (SB 1392); Colorado under the Colorado Privacy Act (SB 21-190), and starting of July 1, 2024, residents of Texas under the Texas Data Privacy and Security Act (2023); and Oregon under the Consumer Privacy Act (2023), All as amended or superseded from time to time and including any implementing regulations and amendments thereto (“US Privacy Laws”). Any term not defined herein under this section 12 shall the meaning ascribed to such term in the Privacy Policy above or applicable US Privacy Laws.

California residents, please refer to our CCPA Notice.

The specific disclosure hereunder supplements our general Privacy Policy as detailed above and provides additional details to the extent we deem as a “Business” or “Controller” under applicable US Privacy Laws, for example where we process Visitor’s information regarding their use of the Site.

The Personal Information We Process

Section 3 of this Privacy Policy “Data Sets We Collect and For What Purpose”, we describe our collection and processing of Personal Data, the categories of Personal Data that are collecting and processing, and the purposes for which Personal Data is processed, stored or used. We will not collect additional categories of Personal Data or use the Personal Data we collected for a materially different, unrelated, or incompatible purpose without obtaining your consent.

Please note that in addition to the applicability exclusions detailed above, for the purposes of the disclosure hereunder, personal information does not include Publicly available information from government records and deidentified, aggregated or anonymized information that is maintained in a form that is not capable of being associated with or linked to you.

Sharing of your Personal Data with Third Parties

Under section 6 to the above Privacy Policy, “Sharing Information with Third Parties”, you will find details regarding the categories of third parties we share Personal Data with for business purposes.

We do not sell your personal information for profit. However, we do engage in targeted advertising on the Site. Some of those marketing activities, when conducted through the use of third parties, may be considered a “sale” or “Share” under certain US Privacy Laws. In this context, As is common practice among companies that operate online, we permit third party advertising networks, social media companies and other third-party businesses to collect information directly from your browser or device through cookies or similar tracking technology when you visit or interact with the Site, for example, for collection of Usage Data as detailed under section 3 above. These third parties use this personal information to deliver targeted advertising (also known as “cross-context behavioral advertising”) and personalized content to you on our websites, on other sites and services you may use, and across other devices you may use, as well as to provide advertising-related services such as reporting, attribution, analytics, and market research. To learn more about that, please read Section 5 regarding Cookies. Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to limit or opt-out of the sale of personal information or the processing of personal information for purposes of targeted advertising, through the use of the Cookie Toolbar on the Site’s footer or as described above.

We do not knowingly sell or share personal information of individuals less than 16 years of age or use or share such information for targeted advertising purposes.

Exercising Your Privacy Rights

Depending on your state of residency and subject to certain legal limitations and exceptions, you may be able to exercise some or all of the rights details under section 11 above, “Your Rights”.

Authorized Agents – In certain circumstances, and subject to applicable US Privacy Laws, you may permit an authorized agent to submit requests on your behalf. The authorized agent must provide a letter signed by you confirming the agent has permission to submit a request on your behalf or must provide sufficient evidence to show that the authorized agent has been lawfully vested with power of attorney. For security purposes, we may need to verify your identity and confirm directly with you that you have provided the authorized agent with permission to submit the request, and it may take additional time to fulfill agent-submitted requests. We may deny a request in the event we are not able to verify the authorized agent’s authority to act on your behalf. Please note that for privacy and security reasons, we will direct future communications to the individual on whose behalf the request was made.

We will respond to a verifiable request within the timeframes set by applicable US Privacy Laws. We reserve the right to extend the response time by an additional period as permitted by applicable US Privacy Laws. If we determine that the request warrants a fee, we will tell you why we made such a decision and provide you with a cost estimate before completing your request.

Appeal Rights

Depending on your state of residency, you may be able to appeal a decision we have made in connection with your privacy rights request, by contacting us as instructed in our response. Please send your appeal request with a summary of the request and decision you want to appeal to privacy@yoom.com.

Not more than 60 days after receipt of an appeal we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reason for the decisions.

If you are not happy with our response, depending on your jurisdiction, you may have the right to lodge a complaint against us with the relevant State’s Attorney General:

We will update this Privacy Policy at least every 12 months.