This Privacy Notice is meant to give you information about what personal data we collect about you, how we use it, why we use it, and how you control the data processing.
About this Privacy Notice
1. The Basics
1.1. Who We Are. Arnon, Tadmor-Levy is a law firm offering a variety of legal and advisory services in all major areas of law. Our registered offices are located at 31 Hillel Street, Jerusalem, Israel and our registration number is 513311175. For any inquiries or to exercise your rights, you can contact us at firstname.lastname@example.org.
1.2. Our Role: Controller/Processor. Certain laws, including the EU’s General Data Protection Regulation (“GDPR“), differentiate between a party that determines why and how personal data is processed (a “controller”) and a party that processes personal data on the controller’s behalf and per its instructions (a “processor”). We are the controller with respect to the processing described in this Privacy Notice.
1.3. Definitions and Recommendations
1.3.1. When we refer to “services“, we mean services provided in the course of our business as a law firm, including legal consultation and services, and as well as provision of information and updates regarding our firm, our fields of expertise, various legal topics, news, client updates, events, and articles available through our website or otherwise.
1.3.2. The term “personal data” means information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.
1.3.3. When we refer to “you“, we mean clients, visitors to our website, job applicants, or event participants.
1.4. A Note on Legal Bases. Certain jurisdictions only allow processing of personal data where a legal basis has been established. Under the GDPR, the possible legal bases include consent, processing necessary for performance of a contract, processing necessary to fulfill legal obligations, and legitimate interest. We only process data where we have established a legal basis.
2. Personal Data We Collect, How We Use It, and Why
Below are details of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don’t provide us with certain information, we may not be able to provide you with the associated services.
2.1. Clients. When you use our services as a client, we collect personal data as follows:
2.1.1. Services. If you are a client, we collect personal data that you provide to us or which is provided to us on your behalf or which we generate in the course of providing services to you. This includes your name, email address, the company for which you work (if relevant), and your role there. This may also include special categories or sensitive data as well as criminal or financial data, all of which is processed in accordance with applicable law and/or the data subject’s consent, as applicable.
How we use this data: (1) To provide you with services; to manage our relationships with our clients and business partners. Note that we may use third-party AI tools in the course of providing services to you. (2) For conflict, reputational, and financial checks, business, finance, administration, KYC- anti-money laundering regulations. (3) For marketing purposes – to contact you with informational newsletters, legal updates, invitations for events and conferences and other messages about us or our services.
Legal Basis: (1) We process this personal data for the purpose of providing the services to you, including responding to your inquiries and requests, which is considered performance of a contract. (2) When we process your personal data for the purposes of conflict, reputational and financial checks, business, finance, administration, or marketing purposes, such processing is based on our legitimate interests. (3) When we process your personal data for KYC-anti-money laundering regulations such processing is based on our regulatory obligation.
2.1.2. Data Processed in Connection with Clients. In the course of providing services to our clients, we may process information about our clients’ employees, business partners, customers, investors, or parties involved in legal disputes with our clients. Note that we may use third-party AI tools to assist in processing this data. In most cases, we serve as a controller of this data, since we use our professional discretion as to how to process and manage this data and may have other legal obligations requiring us to use the data. There are certain, limited situations where we may serve as a processor of this data, such as where the client gives us specific instructions regarding the processing of the personal data, where we do not need to use our own judgment, and where we have no separate legal obligations governing our processing of the data.
How we use this data: We process this data: (1) to provide the relevant client with our services and (2) to fulfill our statutory obligations.
Legal Basis: We process this personal data based on: (1) our legitimate interests to provide and/or improve our services and for research and development purposes, and (2) to fulfill a legal obligation regarding the retention of client documents and materials.
2.2. Website Visitors. When you visit our site, we collect personal data as follows:
2.2.1. Contact Form. When you send us a message, we collect data you provide, such as your name, email, and the content of your message. When you sign up for newsletters, we collect your name, email address, company, position, and preferences regarding the types of newsletters you’d like to receive.
How We Use this Data: To respond to your message and, if you have requested to receive them, to provide you with newsletters about our products and services and other materials we think may be of interest.
Legal Basis: We process this personal data based on the performance of a contract with you when we respond to your messages. When we process your data to send you newsletters or other materials, we do so based on your consent. You may unsubscribe or withdraw your consent at any time.
2.2.2. Activity Data. When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, browsing history (e.g. the other sites you’ve visited before ours), and your activity on our site (e.g. what pages you visited and what links you clicked on). For more information about the cookies we use, see the Cookies and Similar Technologies section below.
How We Use this Data: We mainly use this data to generate aggregated analytics data about the use of our site so we can maintain and improve the site and services. We also use statistical data to prevent fraud and protect the security of our site. One of the tools we use is “Google Analytics”. For more information about how Google collects information and how you can control such use, see: www.google.com/policies/privacy/partners/.
Legal Basis: We process this personal data based on our legitimate interests to develop and improve our site and services, and to prevent fraud.
2.3. Job Applicants. If you apply for a job with us, we collect the information you provide as part of your application and during the course of the application process. This may include your name, contact details, resume, recommendations, and any other information we may request or that you choose to share with us.
How We Use this Data: We use this data to process your job application, including to contact you for scheduling purposes and to provide you with updates. We also use this data to manage our recruitment campaigns, as well as to analyze their results and improve future campaigns.
Legal Basis: We process your application data based on our legitimate interest to attract and assess candidates for employment.
2.4. Event Participants. From time to time, we hold special events. If you register through our website or otherwise, we may collect the following personal data from you:
2.4.1. Registration Data. When you register for and participate in an event, we collect your name, contact details, and other information we may request.
How we use this data: We use this data for logistical purposes, such as to help us plan the event, and to contact you with reminders and updates and to solicit your feedback in order to improve future events. If you consent, we may also send you information about future events and other updates.
Legal Basis: When we process this personal data in the course of planning running the event, we do so to perform a contract with you. When we process this personal data to improve our events and services, we do so based on our legitimate interest to grow and improve our business and services. When we process this personal data to send you marketing information, we do so based on your consent. You may withdraw your consent at any time by contacting us at email@example.com.
2.4.2. Event Pictures. We may hire photographers to cover events. Participants may be photographed or may appear in the background of event photos.
How we use this data: We may post event pictures on our website or social media channels and may tag individuals in photos. We may also use the photos in other marketing materials.
Legal Basis: When we collect event pictures, we do so on the basis of our legitimate interest to market future events and our services.
2.5. Alumni Program. We like to stay in touch with our alumni in order to share news, invitations to events, and to establish professional networks. If you are a former colleague, you can register to participate in our alumni program on our website by providing your name and email address. You may also choose to provide information about your current position and/or your telephone number.
How we use this data: We may use this data to provide you with updates, invite you to events, and to connect between you and other alumni or our employees.
Legal Basis: When we collect your personal data, we do so based on your consent.
2.6. Visitors to Our Social Media Pages. When you engage with our social media, such as by posting on our Facebook or LinkedIn pages, liking our posts, or answering surveys, we collect the personal data you provide, such as the content of your post, and the information available to us through your profile or account. The social media companies we use may also provide us with aggregate and analytical information about activity relating to us.
How we use this data: We may use this information to engage with you or respond to your posts and comments, to analyze the effectiveness of our social media efforts and to improve how we manage them, and for marketing purposes.
Legal Basis: When we process your personal data to engage with you or respond to your posts, we do so on the basis of our legitimate interest to engage with and serve our audiences effectively. When we process your personal data to improve our social media outlets or for marketing purposes, we do so based on our legitimate interest to market our products and services effectively and to improve our services.
3. Our Marketing Activities
As described above, we may use personal data for marketing purposes. We try to limit the material we send to a reasonable and proportionate level. If you consent, we will use your contact details to send you informational newsletters and other marketing material about our products and services. You may email us at any time at firstname.lastname@example.org to withdraw or request to unsubscribe. You may also unsubscribe by following the “unsubscribe” link in any messages we send you.
4. Sharing the Personal Data We Collect
We share your personal data as follows:
4.1. Service Providers. Below are details of service providers we may use. All service providers have agreed to keep your data confidential and to use it solely as we direct.
|Type of Service
|Personal Data Shared
|We use service providers that offer cloud computing services. They offer us space on their servers for us to store our files and programs.
|All personal data that we collect from you is stored on third party servers.
|Customer Relationship Management (CRM)
|We use a CRM tool to help us keep track of our customers and information related to them, including their personal data.
|Your name, company, position, email address, and phone number.
|We may use AI tools to help us analyze and draft documents as part of our legal services.
|Data relating to customers, their personnel, or other parties engaged in business or legal disputes with them.
|We use a vendor to send out marketing emails on our behalf.
|Your name and email address.
|We use a service provider to assist us with analytics services.
|Data collected automatically through our site, including IP addresses and cookie information.
|Service providers that assure security measures to protect data, e.g. firewalls, antivirus, etc.
4.2. Change of Ownership. If we are looking to sell our firm, liquidate assets, or merge with another firm, we may share personal data with interested parties as part of negotiations toward a transaction. In such case, or where we conduct such a transaction, your data will continue to be held according to this Privacy Notice.
4.3. Law Enforcement Related Disclosure. We may share your personal data with government agencies or other parties, such as a law offices or auditors: (i) if we believe doing so is appropriate to protect our rights, property or safety (including enforcement of the Terms and this Privacy Notice) or those of a third party; (ii) if required by law or court order; or (iii) to comply with legal or regulatory obligations.
5. International Transfers
Some of our service providers are located in countries other than your own. When we transfer your personal data internationally, we will do so securely and in accordance with applicable law.
5.1. If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area (“EEA“) or Israel, we will ensure that appropriate measures are taken to allow for such transfers, such as the following:
5.1.1. When we transfer your personal data within Israel or to certain other jurisdictions, we rely on the European Commission’s decision that these jurisdictions provide an adequate level of protection.
5.1.2. When we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission (Standard Contractual Clauses) to give your personal data the same protection it has in the EEA.
The security of your data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The measures we take include:
6.1. Technical Measures. The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections.
6.2. Access Control. We limit access to your personal data only to authorized personnel who have a need to know. We review these permissions regularly and revoke access immediately after employee termination. Access is managed using two-factor authentication. We require employees to sign non-disclosure agreements.
6.3. Internal Policies. We maintain and regularly review and update our privacy related and information security policies.
6.4. Database Backup. Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment.
7. Your Rights - How to Control Our Use of Your Personal Data
Depending on which laws apply, you may have certain legal rights over your data. Below is some general information about rights that may apply, but we recommend consulting with a lawyer to understand what applies to you. To exercise your rights, contact us at websiteF@arnontl.com. We may ask for reasonable evidence to verify your identity before we can comply with any request.
7.1. Right of Access. You may have a right to know what personal data we collect about you. If permitted, we may charge a fee to provide you with this information. If we are unable to provide you with the information requested, we will do our best to explain why. See Article 15 of the GDPR for more details.
7.2. Right to Correct. You may request that we update, complete, correct, or delete inaccurate or incomplete personal data. See Article 16 of the GDPR for more details.
7.3. Deletion (“Right to Be Forgotten”). If you are in the EU, you may have the right to request that we delete your personal data. We will be unable to restore information once it has been deleted. Even after a request to delete, we may be allowed to keep certain data for specific purposes. See Article 17 of the GDPR for more details.
7.4. Right to Restrict Processing. If you are in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details.
7.5. Right to Data Portability. If you are in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us. See Article 20 of the GDPR for more details.
7.6. Right to Object. If you are in the EU, you may have the right object to certain processing activities. See Article 21 of the GDPR for more details.
7.7. Withdrawal of Consent. If we process personal data based on your consent, you are free to withdraw your consent. This won’t affect processing done before you withdrew your consent.
7.8. Right to Lodge a Complaint with Data Protection Authority. If you are in the EU, you have the right to submit a complaint to the relevant data protection authority. However, we ask that you please attempt to resolve any issues with us first.
8. Data Retention
8.1. We retain your personal data as long as necessary to fulfill each of the purposes we described above or as otherwise required by law. When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business’s retention policy.
8.2. In some circumstances, we may store your personal data even after we’re finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.
9. Cookies and Similar Technologies
9.1. What are Cookies? A cookie is a small piece of text that is sent to your browser by a website you visit. They acts as a sort of tag, letting the site know that it’s you (really, your device) that’s visiting. There are other technologies that act similarly, like web beacons, and pixel tags, but for simplicity’s sake we’ll refer to them all as “cookies”.
|These cookies allow the site to work correctly and cannot be disabled. They enable your access to the site and access different features.
|These cookies remember your settings, preferences, and other choices you make to help personalize and streamline your experience.
|These cookies help us identify and prevent security risks. They may be used to store your session information.
|These cookies collect analytical data to help us understand how you use our site, for example whether you have clicked on links and how long you spent on each page. This helps us improve our site.
9.3. Third Party Cookies. We place cookies from the following third parties:
- Google Analytics cookies as described in 2.2.
9.4. How to Adjust Your Preferences. Most browsers are initially configured to accept cookies, but you can change the settings so your browser refuses all or certain types of cookies. You can also delete existing cookies at any time. Note that some features of the services may not function properly when cookies are disabled or removed.
10. Third-Party Services
You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party’s terms and privacy practices. We are not responsible for these other services.
We do not knowingly collect personal data from children under age sixteen (16).
12. Changes to the Privacy Notice
We may update this Privacy Notice from time to time and will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.