You deserve to be aware of how your personal data is used. Moreover, data protection laws give you certain rights over your personal data, no matter when or where it is being processed. This Privacy Notice is meant to give you information about what personal data we collect about you, how we use it, why we use it, and how you control the data processing.
The Basics: Who We Are, Our Role, and Definitions
Who We Are
Twik Technologies Ltd. offers a technology that uses adaptive, multivariate testing to allow you to deliver customized content to your users and to analyze data about your users and additional tools services through our website. Our offices are located at Shoken 13, Tel Aviv Israel, and our registration number is 515778611.
If you have questions about our company or your privacy, or want to exercise your rights, or you just want to say hello, you can contact us at firstname.lastname@example.org.
If you have specific requests you can also contact us, by way of our representative in the United Kingdom (UK), at: Surezki Limited, address: Block 10, flat 3 Los Pinos, 29678 Benahavís, Málaga, Spain.
Our Data Protection Officer (“DPO“) is Mr. Yossi Gadol, contact details available at Rothschild Blvd 3, Tel Aviv-Yafo, Israel, +972546791902, and email@example.com.
Our Role: Controller and Processor
Certain data protection laws, including the laws in the EU, differentiate between a party that determines why and how personal data is processed (called a “controller”) and a party that processes personal data solely on the controller’s behalf and according to the controller’s instructions (called a “processor”). Twik Technologies Ltd. is the controller in respect of the processing described in this Privacy Notice. That said, in respect of certain personal data, we serve as a processor. Please see the section below on Personal Data We Collect as a Processor for more information. Additional entities who may be serving as separate, independent controllers are listed below.
Definitions and Recommendations
When we refer to “services“, we mean our technology that uses adaptive, multivariate testing to allow you to deliver customized content to your users and to analyze data about your users, along with additional tools.
When we refer to “personal data“, we mean information that is defined as personal data under law. This includes information that identifies you directly or indirectly, including unique identifiers like IP addresses or cookie IDs.
When we refer to “you“, we mean visitors to our website any user of our site, as applicable.
This Privacy Notice is meant to be read together with our Terms of Service, which you can find at https://www.twik.io/terms/. In general, we recommend that you routinely review this privacy notice and your preferences on our site.
A Note on Legal Bases
Certain jurisdictions only allow the processing of personal data where a legal basis has been established. Under the EU’s General Data Protection Regulation (“GDPR”), the possible legal bases include: your consent, the processing is necessary to perform a contract with you, the processing is necessary to fulfill our legal obligations, or a company has a legitimate business interest to process your personal data. Where we are a controller, we only collect and process data where we have established a legal basis. Below you can find more details about specific legal bases.
Personal Data We Collect as a Processor
We process certain personal data about our customers’ end users or visitors to their sites as part of the services we provide to our customers. In that case, we serve as a processor and the customer serves as a controller. We process that data on behalf of the relevant customer and according to its instructions.
If you are an end user of one of our customers, we may process personal data about you that includes your browser type, geo-location, language, network speed, operating system, whether you are a new or returning visitor, Social networks connection, URL from which you are referred, whether you have an ad blocker, pages viewed per session, average session duration and frequency. This information is collected through the web browser. The fingerprint technology we use assigns a unique identifier generated using the abovementioned data collected from individual devices. A customer may also instruct us to connect the information we collect with other personal data it may have about you and/or with additional personal data collected by us about you, including personal data that may be collected through a different one of the customer’s sites or domains. We may share this data with the relevant customer.
If you like to opt-out of the use of fingerprints, you can do so at the following link: www.twik.io/privacy/opt-out. To learn more about our processing activities in this capacity or to exercise your privacy rights regarding them, please contact the applicable customer directly
Personal Data We Collect as a Controller, How We Use It, and Why
Below is a description of the types of personal data we collect, how we use it, and the reason why we consider each use lawful. You have no legal obligation to provide us with personal data, but if you don’t provide us with certain information, we may not be able to provide you with the associated services.
When you visit our site, we may collect the following types of data about you.
Contact Form Information – When you send us a message through the contact form on our site, we collect any data you provide, such as your name, company, email, site email, industry, and the content of your message. When you sign up for our newsletters, we collect your name and email address.
How We Use this Data: To respond to your message and to provide you with informational newsletters about our products and services.
Legal Basis: We process this personal data based on the performance of a contract with you. Processing your Personal Data to share our newsletters with you is based on our legitimate interest to promote our products and services.
Activity and System Data (Cookies) – When you visit our site, we automatically collect data about your computer or mobile device, including personal data such as your IP address, device ID, browsing history (e.g. the other sites you’ve visited before ours), and your activity on our site (e.g. what pages you visited, for how long, and what links you clicked on). For more information about the cookies we use and how to adjust your preferences, see the Cookies and Similar Technologies section below.
How We Use this Data: We mainly use this data to generate aggregated analytics data about the use of our site so we can maintain and improve the site and develop new products or services. We also use statistical data to prevent fraud and protect the security of our site. Some cookies may be used to provide you with advertising for our products and services, based on your preferences and interests. One of the tools we use to collect and analyze this data is “Google Analytics”. For more information about how Google collects information and how you can control such use, see: www.google.com/policies/privacy/partners/.
Legal Basis: We process this personal data based our legitimate interests to develop and improve our products and services, and to prevent fraud. When we collect your activity data to advertise to you, we do so on the basis of our legitimate interest to market our own products and services. Additional information regarding Our Marketing Activities is provided below.
If you are a user of our site, we collect the following information from and about you.
Registration Data – In order to access our site, you must first create an account. When creating an account, you will be asked to provide your name, email address, and phone number, the company you work for and your job title, and payment details. If you access our site using a third-party login service (such as Shopify, Google or Wix), we also receive personal data about you from that service.
How We Use this Data: We use your registration information to allow you to access to our site, save your preferences, protect the security of our site, prevent fraud, and address any issues that arise. We use your contact details to communicate with you about our site. If you consent, we also use your contact details to send you informational newsletters or marketing materials about our products and services.
Legal Basis: When we process your registration data to provide you with our services, we do so to perform a contract with you, in this case our Terms. When we process your registration data to maintain our site, including to prevent fraud, protect the security of and/or address issues with our site, we do so on the basis of our legitimate interest to maintain our assets. When we use your contact details to send you newsletters or marketing materials, we do so based on your consent.
Payment Data – If you make a purchase through the site, we receive information related to such purchase. Note that credit card or other payment details are collected by a third-party payment processor and not by us.
How We Use this Data: To process your payment and to prevent fraud.
Legal Basis: We process your payment data to perform a contract with you, specifically our Terms. When we process your payment data to prevent fraud, we do so based on our legitimate interest to protect ourselves and our customers.
Activity and System Data (Cookies) – We collect data about your device and your activity, as described more fully above in section 3.1.2, when you use our site.
Our Marketing Activities
As described above, we may use personal data we collect for advertising and marketing purposes. We try to limit the marketing material we send to a reasonable and proportionate level. Below we describe how you can control the marketing material you receive from us.
Email Marketing and Services Communications
Subject to your consent, we use your contact details to send you informational newsletters and other material about our products and services.
You can stop the delivery of all marketing emails by following the “unsubscribe” link in any messages we send you. Alternatively, you can contact us at firstname.lastname@example.org to request to unsubscribe.
If you are a registered user, you can change your preferences within your account to reflect how you would like us to communicate with you.
Note that if you are a registered user, we may need to contact you about administrative or service-related issues as part of the services we provide to you. This is not marketing communication and you will continue to receive these messages even if you opt-out of marketing emails.
We serve online ads based on the activity data we collect using cookies. You can change the way your browser manages cookies by adjusting the settings on your browser as explained below in the How to Adjust Your Preferences
We may also use social media tags, such as the Facebook pixel, which will allow social media platforms to create ad and site usage attributions. This data may be used to serve you with advertising or customized content on the applicable social media platform. We recommend that you routinely review the privacy notices and preference settings that are available to you on social media platforms you use.
Some of our service providers and additional controllers are located in countries other than your own. When we transfer your personal data internationally, we will only do so safely and securely and in accordance with applicable law.
If you are located in the EU, when we share your personal data with third parties based outside of the European Economic Area (“EEA“), we will ensure that they sign on agreements that require them to comply with applicable law, keep your data secure at similar levels to the level described in this Privacy Notice, and make sure that your data protection rights are protected. We will also implement the following safeguards:
When we transfer your personal data to Israel or the UK, we rely on the decision by the European Commission that says that those countries are considered to provide an adequate level of data protection.
Where we transfer your personal data to other countries, we (i) take additional security measures to protect the data and (ii) use specific contracts approved by the European Commission, known as the Standard Contractual Clauses, to give your personal data the same protection it has in the EEA.
Please contact us at email@example.com if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
To the extent that the laws in your jurisdiction would permit cross-border transfers of personal data based on your consent to this Privacy Notice, this will be considered your consent to such cross-border transfers.
The security of your personal data is our highest priority. We work hard to make sure that your personal data will be held securely and that it will not be shared or lost accidentally. However, it is impossible to guarantee absolute security. The security of your data also depends on the security of the devices you use and the way in which you protect your user IDs and passwords. The measures we take include:
The electronic safeguards we employ to protect your personal data include secure servers, firewalls, and antivirus protections. We encrypt data in transit using secure TLS protocols.
We limit access to your personal data only to authorized personnel who have a need to know, including account managers, customer support staff, and software developers. We review these permissions regularly and revoke an employee’s access immediately after his/her termination.
We maintain and regularly review and update our privacy related and information security policies.
We require employees to sign non-disclosure agreements according to applicable law and industry customary practice.
Our databases are backed up and verified regularly. Backups are encrypted and stored within the production environment to preserve their confidentiality and integrity.
Your Rights - How to Control Our Use of Your Personal Data
Depending on which laws apply, you have certain legal rights over your data. Below is some general information about rights that may apply to you but we recommend checking the law or consulting with a lawyer to understand what applies in your specific case. To exercise your rights, please contact us at firstname.lastname@example.org. If you want to exercise your rights regarding your personal data held by other controllers you can contact the applicable controller directly. We may ask for reasonable evidence to verify your identity before we can comply with any request.
Right of Access
You may have a right to know what personal data we collect about you. We may charge you with a fee to provide you with this information, if permitted by law. If we are unable to provide you with all the information you request, we will do our best to explain why. See Article 15 of the GDPR for more details, if your personal data is subject to GDPR.
Right to Correct Personal Data
You may have the request that we update, complete, correct or delete inaccurate, incomplete, or outdated Personal Data. See Article 16 of the GDPR for more details, if your personal data is subject to GDPR.
Deletion of Personal Data (“Right to Be Forgotten”)
If you are located in the EU, you may have the right to request that we delete your personal data. Note that we cannot restore information once it has been deleted. Even after you ask us to delete your personal data, we may be allowed to keep certain data for specific purposes under applicable law. See Article 17 of the GDPR for more details, if your personal data is subject to GDPR.
Right to Restrict Processing
If you are located in the EU, you may have the right to ask us to stop processing your personal data. See Article 18 of the GDPR for more details, if your personal data is subject to GDPR.
Right to Data Portability
If you are located in the EU, you may have the right to request that we provide you with a copy of the personal data you provided to us in a structured, commonly-used, and machine-readable format. See Article 20 of the GDPR for more details, if your personal data is subject to GDPR.
Right to Object
If you are located in the EU, you may have the right object to certain processing activities. See Article 21 of the GDPR for more details, if your personal data is subject to GDPR.
Withdrawal of Consent
If we are processing your data based on your consent, you are always free to withdraw your consent, however, this won’t affect processing we have done from before you withdrew your consent.
Right to Lodge a Complaint with Your Local Data Protection Authority
If you are located in the EU, you have the right to submit a complaint to the relevant data protection authority if you have any concerns about how we are processing your personal data, though we ask that as a courtesy you please attempt to resolve any issues with us first.
We retain your personal data as long as necessary to fulfill each of the purposes we described above.
When deciding how long to store personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized access, the purposes for which the personal data was collected, as well as applicable legal requirements. Please note that we may delete information from our systems without notifying you first. Retention by any of our service providers or subcontractors may vary in accordance with each business’s retention policy.
In some circumstances, we may store your personal data even after we’re finished using it if required to do so by law (e.g. to fulfill tax or audit requirements), or to keep accurate records of our interactions in case there is a prospect of litigation relating to your personal data. In such cases, we will maintain the same security measures as described above.
Please contact us at email@example.com if you would like details about the retention periods for each type of personal data we process.
You may have access to third-party services through our services. Please note that all use of third-party services is at your own risk and subject to such third party’s terms and privacy policies. We do not take any responsibility for the performance of other services.
We do not knowingly collect personal data from children under the age of sixteen (16). In the event that you become aware that an individual under the age of sixteen (16) has registered without parental permission, please advise us immediately.
Changes to the Privacy Notice
We may update this Privacy Notice from time to time to keep it up to date with legal requirements and the way we operate our business. We will place any updates on this webpage. Please come back to this page every now and then to make sure you are familiar with the latest version.