Privacy Policy

Anodot Ltd. and its affiliates (“Anodot“, “we“, “our” or “us“) develops and operates an innovative SaaS platform (the “Platform“), used by organizations and businesses across the world (each, a “Customer“) for real time analytics and automated business incidents in their systems, websites or assets.

We also operate the website, its subdomains, pages and related features (the ” Site“, and together with the Platform – the ” Services“).

This Privacy Policy describes the personal data we typically receive or collect from or about you (“you”) whenever you visit our Site (a ” Visitor“), act as our service provider (“Service Provider” as further defined in Section 5 ) or business partner (“Business Partner”), or use the Services on behalf of our Customer (a ” User“), as well as the personal data we may receive from third parties, regarding our Users or potential customers (a “Prospect“).

It also describes how we collect personal data, for which purposes we may use such data, where we store it, for how long we retain it, with whom we may share it, our use of tracking technologies, our communications and security practices, your choices and rights (whether you are a Visitor, a Prospect, Service Provider, Business Partner or a User, ” you“) regarding such data, our role as a data controller, and how to contact us if you have any concerns regarding this Policy or your privacy.

Please read this Privacy Policy and make sure that you fully understand and accept it. If you object to our practices, please discontinue and avoid using our Services.

You are not legally required to provide us with any personal data, and may do so (or avoid doing so) at your own free will. If you do not wish to provide us with your personal data, or to have it processed by us or any of our Service Providers in accordance with this Policy, please avoid any interaction with us or any use of our Services.

1. Data Collection

Anodot collects data regarding its Visitors, Prospects and Users. Such data is typically collected and generated through your interaction with our Services, through automatic means, directly from you or from certain third-parties.

Specifically, we collect the following categories of data (which, to the extent it relates to an identified or identifiable individual, will be deemed as ” Personal Data“):

Data automatically collected or generated through our Services : when someone visits, interacts with or uses our Services, including any e-mail or text messages sent to them via our Services, we collect or generate certain technical data about them. We collect or generate such data either independently or with the help of our Service Providers (as detailed in Section 5 below), including through the use of “cookies” and other tracking technologies (as further detailed in Section 6 below). Such data mainly consists of technical or usage data, such as IP address, data regarding a device, operating system and browser, and user activity on our Services.

Datareceived from you: you may provide us with your Personal Data voluntarily, such as your name, company and position, contact details (such as business e-mail, phone and address), account login details (such as usernames and hashed passwords), as well as any other data  you choose to provide when you including when you use our Services, create a User account or contact us. Similarly, you may provide us with your Personal Data when you attend our events or webinars, when we exchange business cards, when you contact us via social media (such as LinkedIn, Twitter or Facebook ), or when we communicate by phone or video conference tools (which, with your consent, may be recorded and further analyzed for better note-taking, training and our internal business purposes). You may also provide us additional details concerning your organization (our Customer), such as billing details, business needs and preferences. To the extent that such data concerns a non-human entity, we do not regard it as “Personal Data” and this Policy shall not apply to it.

Data received from third-parties: we may receive your Personal Data (e.g., contact details) from other sources. For example, if you participate in an event or webinar that we sponsor or participate in, we may receive your Personal Data from the event organizers. We may also receive your contact and professional details (e.g., your name, company, position, contact details and professional experience, preferences and interests) from our Business Partners, Customers or Service Providers, and through the use of tools and channels commonly used for connecting between companies and individuals in order to explore potential business and employment opportunities, such as LinkedIn and data enrichment services.

Non-personal (anonymous) data: such data does not and may not relate or refer to any specific individual, and we therefore do not regard it as “Personal Data” and may use it without restriction, for example to aggregate data for industry benchmarks or comparative performance metrics, that we might publish from time to time.

Customerend-users data : Anodot’s Customers are strictly prohibited from providing us (or processing through our Services) any Personal Data concerning the end-users of their systems, websites or assets. If you are an end-user of our Customer and have any concerns regarding your privacy, please contact the Customer whose services you use for details about their privacy policy and practices.

2. Data Uses

We use your Personal Data as necessary for the performance of our Services; to comply with our legal and contractual obligations; and to support our legitimate interests in maintaining and improving our Services and offerings, e.g. in understanding how our Services are used and how our campaigns are performing, and gaining insights which help us dedicate our resources and efforts more efficiently;   in marketing, advertising and selling our Services; providing customer service and technical support;, and protecting and securing our Customers, Users, Prospects and Visitors, ourselves and our Services. In addition, we also use your consent for example before we place cookies on your browser (as further detailed in Section 6 ) or if we want to send you marketing materials (as further detailed in Section 7 ).

Specifically, we use Personal Data for the following purposes:

  1. To facilitate, operate, and provide our Services;
  2. To authenticate the identity of our Users and allow them to access and use our Services;
  3. To provide our Users and Customers with customer care, assistance and technical support services;
  4. To further develop, customize and improve the Services, and to improve your user experience, based on common or personal preferences, experiences and difficulties;
  5. To facilitate and optimize our marketing and advertising campaigns, ad management and sales operations, and to manage and deliver advertisements for our products and services more effectively;
  6. To contact our Visitors, Prospects, Users and Customers with general or personalized service-related messages (such as password-retrieval or billing), or with promotional messages (such as newsletters, special offers, new features etc.), in accordance with Section 7 below, and to facilitate, sponsor and offer certain events and promotions;
  7. To support and enhance our data security measures, including for the purposes of preventing and mitigating the risks of fraud, error or any illegal or prohibited activity;
  8. To identify and repair errors, to conduct audits, and for security purposes ;
  9. To create aggregated statistical data, inferred non-personal data or anonymized or pseudonymized data (rendered non-personal), which we or our Business Partners and Customers may use to provide and improve our respective services and offerings;
  10. To manage contractual relationships with Customers, Service Providers, Business Partners or any other person we interact with during our ordinary course of business;
  11. To manage our social media and online properties (including, responding to user requests); and
  12. To comply with any applicable laws and regulations and/or requests from law enforcement, regulators, courts or supervisory authorities and/or to exercise or defend legal claims .

3. Data Location

We maintain, store and process Personal Data in the United States, the European Union, the UK, countries declared “adequate” by EU authorities, and other locations as reasonably necessary for the proper performance and delivery of our Services, or as may be required by law.

Anodot and its affiliates are each committed to protect Personal Data in accordance with this Privacy Policy, customary industry standards, and such appropriate lawful mechanisms and contractual terms requiring adequate data protection, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

4. Data Retention

Your Personal Data ( as described above ) will be stored until we no longer need the information and proactively delete it in accordance with our data retention policy or you send a valid deletion request. In some circumstances we may store your Personal Data as reasonably necessary in order maintain and expand our relationship and provide you with our Services and offerings; for longer periods of time, for example in order to comply with our legal and contractual obligations, or to protect ourselves from any potential disputes (i.e. as required by laws applicable to log-keeping, records and bookkeeping, and in order to have proof and evidence concerning our relationship, should any legal issues arise following your discontinuance of use), all in accordance with our data retention policy. Regarding retention of cookies, you can read more in our Cookie Policy.

Please note that except as required by applicable law or our specific agreements with you, we will not be obligated to retain your Personal Data for any particular period, and we are free to securely delete it or restrict access to it for any reason andat any time, with or without notice to you. If you have any questions about our data retention policy, please contact us by e-mail at [email protected].

5. Data Sharing

We share your Personal Data as follows:

Service Providers : we engage selected third-party companies and individuals to perform certain services complementary to our own. Such Service Providers include hosting and server co-location services, communications and content deliverynetworks (CDNs), data analytics services (including Google Analytics, as further explained below), marketing agencies and advertising services, data and cyber security services, fraud detection and prevention services, customer engagement services,billing and payment processing services, e-mail and SMS distribution and monitoring services, remote access services, call recording and analysis services, session or activity recording services, performance measurement, data optimization and marketingservices, social and advertising networks, content providers, support and customer relation management systems and our business, legal, financial and compliance advisors (collectively, ” Service Providers“). These Service Providersmay have access to your Personal Data, depending on each of their specific roles and purposes in facilitating and enhancing our Services, and may only use it for such purposes.

Third-Party Websites and Services : our Services include links to third-party websites, and integrations with third-party services. Such websites and third-party services, and any information you process, submit, transmit or otherwiseuse with such websites and third-party services, are governed by such third-party’s terms and privacy practices and policies, and not by this Privacy Policy. We encourage you to carefully read the terms and privacy policies of such website and third-partyservices.

Anodot Subsidiaries and Affiliated Companies; Change of Control : we share Personal Data internally within our group, for the purposes described in this Privacy Policy. Transfers within the Anodot group are covered by an internal processingagreement entered into by members of the Anodot group which contractually obliges each member to ensure that personal data receives an adequate and consistent level of protection wherever it is transferred to. In addition, should Anodot or any ofits subsidiaries or affiliates undergo any change in control or ownership, including by means of merger, acquisition or purchase of substantially all or part of Anodot’s assets or will be considered or found eligible for a governmental grant, PersonalData may be shared with the parties involved in such an event. If we believe that such event might materially affect your Personal Data then stored with us, we will notify you of this event and the choices you may have via e-mail or prominent noticeon our Services.

Sharing User Personal Datawith their organization: we share with our Customer the Personal Data of their Users (including data concerning their user account on the Services and communications). In such cases, sharing
such data with our Customer means that other Users from your organization may receive it on its behalf, and will be able to monitor, process and analyze your Personal Data and associated content. Please note that Anodot is not responsible or controls
any further disclosure, use or monitoring by or on behalf of your organization.

Legal Compliance : in exceptional circumstances we may disclose or allow government and law enforcement officials access to certain Personal Data, in response to a subpoena, search warrant or court order (or similar requirement), or incompliance with applicable laws and regulations. Such disclosure or access may occur if we believe in good faith   that: (a) we are legally compelled to do so; (b) disclosure is appropriate in connection with efforts to investigate, prevent,or take action regarding actual or suspected illegal activity, fraud, or other wrongdoing; or (c) such disclosure is required to protect our legitimate business interests, including the security or integrity of our products and Services.

For the avoidance of doubt, Anodot may share your Personal Data in additional manners, pursuant to your explicit approval, or if we are legally obligated to do so, or if we have successfully rendered such data non-personal, non-identifiable and anonymous.We may transfer, share or otherwise use non-personal and non-identifiable data in our sole discretion and without the need for further approval.

Protecting Rights and Safety : we may share Personal Data with others, if we believe in good faith that this will help protect the rights, property or personal safety of Anodot, any of our Customers, Users or any members of the generalpublic.

Data transfer outside of the European Economic Area: We transfer Personal Data which originates from the European Economic Area (EEA) to countries outside of the EEA. In cases where the Personal Data is transferred outside of the EEA, we will do our best
to use appropriate measures to guarantee an adequate protection of the Personal Data including – among the others – agreements based on the standard contractual clauses adopted by the EU Commission or other mechanisms. If you want to receive the list of the current recipients of your personal data, please make your request by contacting us to [email protected] .

6. Cookies, Tracking Technologiesand log files

Anodot and our Service Providers use “cookies”, pixel tags and other technologies for performance, tracking, analytics and personalization purposes. We may share non-identifiable/aggregated extracts of such information with our partners for our legitimatebusiness purposes.

Whilst we do not change our practices in response to a “Do Not Track” signal in the HTTP header from a browser or mobile application, you can manage your cookies preferences, including whether or not to accept them and how to remove them through yourbrowser settings. Please bear in mind that disabling cookies may complicate or even prevent you from using the Services

We use Google Analytics to collect information about the use of our Services. Google Analytics collects information such as how often users visit the Services, which pages they visit when they do so, and which other sites they used prior to coming toour Services. We do not merge the information collected through the use of Google Analytics with personally identifiable information.

Google’s ability to use and share information collected by Google Analytics about your visits to and use of the Services is restricted by the Google Analytics Terms of Service and the Google Privacy Policy .

You may learn more about how Google collects and processes data specifically in connection with Google Analytics here. Further information about your option to opt-out of these analyticsservices is available here.

We also use log files. The information inside the log files includes internet protocol (IP) addresses, type of browser, Internet Service Provider (ISP), date/time stamp, referring/exit pages, clicked pages and any other information your browser may sendto us. We use such information to analyze trends, administer the Site, track users’ movement around the Site, and gather demographic information.

Please note that if you get a new computer, install a new browser, erase or otherwise alter your browser’s cookie file (including upgrading certain browsers), you may also clear the opt-out cookies installed once you opt-out, so an additional opt-outwill be necessary to prevent additional tracking.

For more information, please see our Cookie Policy.

7. Communications

We engage in service and promotional communications, through e-mail, phone, SMS and notifications.

Service Communications : we may contact you with important information regarding our Services. For example, we may send you notifications (through any of the means available to us) of changes or updates to our Services, billing issues,log-in attempts or password reset instructions, alerts and notifications concerning anomalies detected by our Services, etc. You can control your communications and notifications in accordance with the instructions included in the communications sent to you. Please note that you will not be able to opt-out of receiving certain service communications which are integral to your use (like password resets or billing notices).

Notifications and Promotional Communications : we and our authorized partners (e.g. event or webinar co-sponsors) may also notify you about new features, additional offerings, events, webinars, special opportunities or any other information we think you will find valuable. Such notices may be provided through any of the contact means available to us (e.g. SMS, phone, mobile or e-mail), through the Services, or through our marketing campaigns on any other sites or platforms.

If you do not wish to receive such promotional communications, you may notify Anodot at any time by e-mailing us at  [email protected]  or by following the “unsubscribe”, “stop”, “opt out” or “change e-mail preferences” instructions contained in the promotional communications you receive.

8. Data Security

We and our Service Providers implement systems, applications and procedures to secure your Personal Data, and to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information. These include industry-standard physical,procedural and electronic security measures, as well as encryption tools and methods where deemed appropriate. However, although we make efforts to protect your privacy and data, we cannot and do not guarantee the absolute protection and securityof any Personal Data stored with us or with any of our Service Providers.

9. Data Subject Rights

Individuals have rights concerning their Personal Data. If you wish to exercise your privacy rights under the laws which apply to you, for example (to the extent applicable) the EU General Data Protection Regulation (GDPR) or the California Consumer PrivacyAct (CCPA), such as the right to request access to and rectification or erasure of your Personal Data held with Anodot, or to restrict or object to such Personal Data’s processing, or to port such Personal Data – please contact us at [email protected] .

Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we require further information in order to fulfil your request. Please note thatwhen you ask us to exercise any of your rights under this Policy or applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid disclosure to you of personal information relatedto others and to ask you to provide further information to better understand the nature and scope of data that you request to access.   Such additional data will then be retained by us for legal purposes (e.g. so we have proof of the identityof the person submitting the request), in accordance with Section 4 above. We may redact from the data which we will make available to you, any Personal Data relating to others.

In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than initial requested,we will address your request to the maximum extent possible, all in accordance with applicable law.

10.  Data Controller

Certain data protection laws and regulations, such as the GDPR or the CCPA, typically distinguish between two main roles for parties processing Personal Data: the “ data controller” (or under the CCPA, “ business”), whodetermines the purposes and means of processing; and the “ data processor” (or under the CCPA, “ service provider”), who processes the data on behalf of the data controller (or business). Below we explain how theseroles apply to our Services, to the extent that such laws and regulations apply.

Anodot is the “data controller” of its Visitors’, Prospects’, Customers’ and Users’ data . With respect to such data, we assume the responsibilities of data controller (solely to the extent applicable under law), as set forth in thisPrivacy Policy. In such instances, our Service Providers processing such data will assume the role of “data processor”.

11. Additional Information and ContactDetails

 Updates and Amendments : we may update and amend this Notice from time to time by posting an amended version on our Services. The amended version will be effective as of the date it is published. We will provide prior notice if we believe any substantial changes are involved via any of the communication means available to us and/or on the Services. After such notice period, all amendments shall be deemed accepted by you.

External Links : while our Services may contain links to other websites or services, we are not responsible for their privacy practices. We encourage you to pay attention when you leave our Services for the website or application of suchthird-parties, and to read the privacy policies of each and every website and service you visit. This Privacy Policy applies only to our Services.

Our Services are not designated to attract children under the age of 18 : we do not knowingly collect Personal Data from children and do not wish to do so. If we learn that a person under the age of 18is using the Services, we will attemptto prohibit and block such use and will make all efforts to promptly delete any Personal Data stored with us with regard to such child. If you believe that we might have any such data, please contact us by e-mail at [email protected]

Questions, Concerns or Complaints : If you have any comments or questions about this Privacy Policy or if you have any concerns regarding your privacy, please contact us at [email protected].

Representative in the UK / EU : Anodot Limited (our UK subsidiary) has been appointed as Anodot’s representative in the United Kingdom for data protection matters, pursuant to Article 27 of the UK GDPR, and may be contactedon matters related to the processing of Personal Data. Prighter has been appointed as Anodot’s representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR, and may be contacted on matters related to the processing of Personal Data.

To make such an inquiry, please e-mail [email protected] . If you are a GDPR-protected individual, you also have the right to lodge a complaint with the relevant supervisory authority in the EU or in the UK as applicable to you.

Effective Date: March 15, 2021