Privacy Policy

C&M Israel Online Services 24/7

(Edition of May 15, 2009, with amendments in 2015, 2019, 2022, 2024, extended edition 2025)

1. General Provisions

1.1. This Privacy Policy regulates the collection, storage, processing, transfer, and protection of user information on the C&M Israel Online Services 24/7 website (hereinafter — the “Website,” “Services”), in accordance with the following regulatory acts:

– Israeli Privacy Protection Law, 5741–1981 (חוק הגנת הפרטיות);

– Information Security Regulations, 5777–2017;

– EU Regulation No. 2016/679 (GDPR);

– Standard Contractual Clauses (SCC) of the European Commission;

– W3C recommendations on data protection and internet security.

1.2. Use of the Website constitutes the user’s full and informed consent to this Policy. In case of disagreement, the user must refrain from using the Services.

1.3. The Operator is required to register databases with the Israeli Privacy Protection Authority if the legally established threshold is exceeded (for example, more than 10,000 personal data records).

2. Consent and Legal Grounds

2.1. The User provides voluntary, specific, informed, and unambiguous consent to the processing of personal and technical data when using the Website and online services.

2.2. Data processing is carried out on legal grounds, including:

– fulfillment of a contract between the user and the operator;

– compliance with legal obligations under Israeli law and international regulations;

– protection of the operator’s legitimate interests, provided such interests do not infringe upon the fundamental rights of the user;

– consent of the data subject.

2.3. For specific categories of data (such as biometric data, payment details, geolocation, health information when providing specialized services), separate written or electronic consent is required in accordance with GDPR and Israeli law.

3. Processed Data

3.1. Personal data:

– first and last name, phone number, e-mail, residential or delivery address (if provided);

– information submitted in requests, feedback forms, and correspondence with the operator;

– payment details (in case of payment through integrated payment gateways);

– identifiers of accounts in third-party services (subject to separate consent).

3.2. Technical data:

– IP address, browser type, operating system, device model;

– referral source, on-site behavior, click history, and interactions;

– cookies, session identifiers, authorization tokens;

– location data (if geolocation settings are enabled).

3.3. Special categories of data:

– information requiring special protection (such as health, disability, or preference data) is collected only with the user’s explicit consent and used solely for the provision of specialized services.

4. Purposes of Data Processing

4.1. Data is processed exclusively for the following purposes:

– identification and communication with the user;

– processing requests, providing services, and fulfilling contractual obligations;

– fulfilling the operator’s legal obligations (such as storing accounting records);

– analytics, statistics, and optimization of the user experience (UX);

– ensuring security, preventing fraud, cyberattacks, and violations;

– development and improvement of the Website’s functionality and services;

– providing personalized offers and marketing materials (only with the user’s separate consent);

– fulfilling international obligations on data transfer when using third-party services (Google Analytics, payment systems, API integrations).

4.2. The processing of anonymized data is permitted for statistical, research, and testing purposes, with no identification of specific users.

5. Cookies and Similar Technologies

5.1. To improve convenience and quality of service, the Website uses cookies and similar technologies (web beacons, pixels, browser local storage).

5.2. Cookies are used for:

– saving user preferences;

– analyzing behavior and visit statistics;

– operating web analytics tools (Google Analytics, Yandex.Metrica if required);

– enabling advertising and partner systems (Google Ads, third-party DSPs);

– integration with external services (payment gateways, CRM, SaaS platforms).

5.3. The User has the right to disable cookies in their browser settings; however, this may limit the functionality of the Website.

6. Data Storage and Protection

6.1. All user data is stored:

– on the operator’s secure servers;

– on servers of third-party hosting and cloud solution providers, which may be located outside Israel (e.g., in the EU or the USA), provided compliance with international standards under GDPR and SCC.

6.2. When transferring data abroad, the operator ensures:

– application of Standard Contractual Clauses (SCC);

– data encryption (SSL/TLS);

– restricted access for authorized personnel only;

– auditing and monitoring for compliance with Israeli and EU regulations.

6.3. Protection measures include:

– use of firewalls and antivirus software;

– regular backups;

– multi-factor authentication for access to administrative systems;

– logging of operations involving personal data.

6.4. In the event of a data breach or unauthorized access, the operator undertakes to notify the competent Israeli authorities and, where required, the affected user, within the timeframes set by law.

7. User Rights

7.1. The User has the right to:

– access their personal data;

– correct inaccurate or outdated information;

– request data deletion (“right to be forgotten”);

– restrict data processing;

– request data portability in a structured format (CSV, JSON, etc.);

– withdraw consent at any time;

– object to data processing for marketing purposes.

7.2. To exercise their rights, the User may submit a request to: iisraelservices@gmail.com.

7.3. The operator must respond to the request within 30 days of receipt.

7.4. In case of rights violations, the User has the right to file a complaint with:

– the Israeli Privacy Protection Authority (רשות הגנת הפרטיות);

– EU supervisory authorities (if data is processed within EU jurisdiction).

8. Data Retention Periods

8.1. Personal data is stored no longer than necessary for the purposes for which it was collected.

8.2. Retention periods:

– account data — until the account is deleted by the User;

– payment and accounting records — for the period required by Israeli tax law (not less than 7 years);

– analytics data — up to 24 months, after which it may be retained only in anonymized form;

– correspondence and inquiries — up to 3 years after the request is closed.

8.3. Upon expiration of retention periods, the data is subject to deletion or anonymization.

9. Data Sharing with Third Parties

9.1. Personal data may be transferred to third parties only in the following cases:

– compliance with legal requirements or court orders;

– with the user’s consent;

– provision of data to partners and contractors in the course of service delivery (e.g., hosting providers, payment systems, CRM, mailing systems, analytics).

9.2. All partners and contractors are required to:

– comply with the privacy policy and data protection agreement;

– use the information strictly within the scope of provided services;

– ensure a level of data protection not lower than that required by Israeli law and international standards.

9.3. In specific cases, information may be provided to:

– research and consulting organizations (in anonymized form);

– government authorities upon request;

– legal and financial advisors for the protection of the operator’s interests.

10. Marketing and Communications

10.1. The user may receive emails, SMS, or push notifications from the operator regarding:

– order status updates;

– changes to services;

– new services, promotions, and offers (only with separate consent).

10.2. The user has the right to opt out of such communications at any time by clicking the “Unsubscribe” link or by sending a request to: iisraelservices@gmail.com.

10.3. For the personalization of offers and advertising, the following may be used:

– data on user interaction with the Website;

– cookies and device identifiers;

– analytics results (Google Analytics and other integrations).

11. Policy Change Notifications

11.1. This Policy may be amended.

11.2. In the event of significant changes, the operator undertakes to notify users by:

– publishing a notice on the Website;

– sending an informational email (if user contact details are available).

11.3. The updated version of the Policy takes effect upon its publication on the Website, unless otherwise specified in the notice.

12. Contacts and Data Controller

12.1. Data Controller: C&M Israel Online Services 24/7.

12.2. Contact details for questions, requests, and complaints:

📧 Email: iisraelservices@gmail.com

12.3. All requests are handled within the timeframes established by Israeli law and international standards (no later than 30 days).

13. International Data Transfers

13.1. User data may be transferred to and stored on servers located outside of Israel, including in the European Union, the United States of America, and other countries.

13.2. In the case of international data transfers, the operator ensures:

– compliance with GDPR and Standard Contractual Clauses (SCC);

– execution of data protection agreements with foreign partners;

– provision of information to the user regarding the location of data storage upon request.

13.3. All partners involved in cross-border data processing are required to provide a level of protection equivalent to Israeli law and European standards.

14. Sensitive Data

14.1. Sensitive data includes information relating to:

– health and medical records;

– financial status;

– religious and political beliefs;

– ethnic or national origin;

– biometric parameters.

14.2. Processing of sensitive data is permitted only under the following conditions:

– with the explicit consent of the user;

– when necessary for the performance of a contract (e.g., insurance or medical services);

– to comply with legal obligations.

14.3. Such data is subject to enhanced protection measures, including:

– separate encryption and access control;

– storage exclusively on secure servers;

– prohibition of use for marketing purposes.

15. Operator’s Responsibility

15.1. The operator is responsible for complying with Israeli law and international standards when processing data.

15.2. The operator is not responsible for:

– actions of third parties who gained access to the data due to user negligence (e.g., disclosure of passwords);

– external websites and services linked from the operator’s Website;

– technical failures caused by force majeure circumstances.

15.3. In the event of a breach of confidentiality, the operator undertakes to rectify the violation and take measures to minimize its consequences.

16. Final Provisions

16.1. This Policy is an integral part of the Terms of Use of the C&M Israel Online Services 24/7 Website.

16.2. In all matters not regulated by this Policy, the following shall apply:

– the Israeli Privacy Protection Law;

– regulations of the Israeli Privacy Protection Authority;

– international agreements and standards (GDPR, SCC).

16.3. Any disputes arising in connection with data processing shall be resolved by the courts of Israel, unless otherwise provided by international treaties.

16.4. Last updated: September 2025.

© All rights reserved. The copyright and proprietary rights to the text and structure of this Policy belong to C&M Israel Online Services 24/7.

Appendix 1

September 2025

Extended Data Protection Provisions

1. Device Identifiers and Logs

1.1. For diagnostics and troubleshooting, the following may be collected:

– device and application identifiers (e.g., Android ID, iOS IDFA/IDFV, device model, OS version);

– network data (IP address, connection type, carrier);

– event logs, crash reports, system module tags;

– attachments provided by the user (photos, videos, screenshots, audio files).

1.2. This data is processed solely for the purposes of diagnostics, support, and improving service quality.

2. Push Notifications and Communications

2.1. Unique notification tokens (e.g., Firebase Cloud Messaging, APNs) are processed to deliver push notifications.

2.2. Users may opt out of push notifications via device settings or the service interface.

2.3. System notifications related to contract execution (e.g., order confirmations) may be sent without separate consent.

3. Third-Party SDKs and Services

3.1. Third-party SDKs and providers are used for service operation.

3.2. SDK categories:

– analytics and statistics (e.g., Google Analytics, Firebase, Yandex.Metrica);

– stability monitoring and logging (e.g., Sentry, Crashlytics, LogRocket);

– marketing and personalization (e.g., Google Ads, Facebook Pixel, Mailchimp, HubSpot);

– payment gateways (e.g., PayPal, Stripe, Max/Isracard, Apple Pay, Google Pay);

– infrastructure and hosting (e.g., AWS, Azure, Google Cloud, Hetzner).

3.3. Each SDK/service is governed by a Data Processing Agreement (DPA) including GDPR/SCC, ISO/IEC, and an obligation to use data solely for its functions.

4. Exceptions Without Consent

Processing without separate consent is permitted in cases of:

– contract performance with the user;

– fulfillment of legal obligations;

– protection of vital interests;

– tasks carried out in the public interest;

– legitimate interests of the operator (without prejudice to data subject rights);

– publication of data by the subject in open access;

– ensuring service security and stability.

5. Privacy Management

5.1. Users have access to a Privacy Center/cookie center to:

– enable/disable analytical and marketing cookies;

– withdraw consent for personal data processing;

– manage push notification and email subscription settings.

5.2. Global Privacy Control (GPC) signals and similar mechanisms are supported.

6. Minors

6.1. Services are not intended for individuals under 16 (or the applicable age of consent under local law).

6.2. Children’s data is not intentionally processed.

6.3. If children’s data is identified as collected without proper consent, such data will be deleted.

7. Automated Decisions and Profiling

7.1. Users are informed of personalization and automated data processing.

7.2. No decisions with legal consequences are made solely based on automated processing.

7.3. Users have the right to object and request human intervention.

8. Controller / Processor / Joint Controller

8.1. In services provided to end-users, the operator acts as a data controller.

8.2. When working with corporate clients, the operator may act as a processor under a Data Processing Agreement (DPA).

8.3. In cases of jointly determined purposes and means of processing, a joint controller regime applies, with transparent allocation of responsibilities.

9. Data Protection Officer (DPO/Privacy Officer)

A designated DPO/Privacy Officer is appointed, and their contact details are published in the policy.

For users in the EU/UK, a representative under Article 27 GDPR may be appointed.

10. Breach Notification

10.1. In the event of a security incident, the operator notifies the supervisory authority within 72 hours (GDPR) and affected data subjects without undue delay.

10.2. Notifications include: nature of the breach, categories of affected data, consequences, and measures taken.

11. Data Retention Matrix

Data Category   Retention Period              Further Actions

Accounts and contact details       account duration + 24 months    deletion/pseudonymization

Requests and support tickets       up to 36 months after closure     deletion/anonymization

Error logs and diagnostics            90–180 days       aggregation/deletion

Marketing consents and prefs     until withdrawal + 24 months for audit    deletion

Payment and accounting data     at least 7 years (per tax law)        archiving/deletion

Media attachments (photo/video)            until case closure + 12 months    deletion

Cookies/identifiers          up to 30 days or until user withdrawal     deletion

12. Logging and Access Control

12.1. All actions involving personal data are recorded in audit logs.

12.2. Access is granted on a least privilege basis (PoLP).

12.3. Roles and access rights are reviewed at least once every 12 months.

13. User Applications and Attachments

13.1. Users are responsible for ensuring that uploaded photos/videos/files do not contain third-party data without consent.

13.2. The operator warns of the risk of excessive data transfer and applies minimization and masking in processing.

14. Disclaimer

All information posted on this website, including texts, photos, videos, images, and other content, is provided for informational purposes only. Any resemblance to actual persons, organizations, or events is purely coincidental and unrelated to specific individuals.

Some materials are created by our company, others are provided by partners and clients, and may also be generated using artificial intelligence technologies. All materials are for demonstration and informational purposes only and cannot be regarded as direct instructions, legal or professional advice.

The company bears no responsibility for the interpretation of posted information, nor for any direct or indirect consequences of its use. By using this website, you confirm your understanding that all content is informational and cannot serve as grounds for claims or demands against the company, its employees, partners, or clients.