Ginger Bit privacy policy

Ginger Application Privacy Policy

​

1. This Privacy Policy (the “Privacy Policy”) describes how Ginger Insurance Agency Ltd., Pvt. Co. 515865574 (the “Company”) handles the personal data it collects or receives from you (the “User”) through the Company’s websites (www.gingerbit.co.il and any other website the Company operates), the Ginger App, and/or the Ginger Bit management platform operated by the Company (with any other service provided by the Company, the “Services”), in accordance with applicable legal obligations, including Israel’s Privacy Protection Law and its pursuant regulations and the GDPR regulations; for the purposes of this policy, it is clarified that the term “Services” includes any of the Company’s websites. This Privacy Policy governs your use of the Services, along with the relevant Services’ Terms of Use.

2. No Obligation to Provide Data

   1. For the avoidance of doubt, the User has no legal obligation to use the Services the Company provides or provide any data to the Company.

   2. However, providing certain data is a prerequisite for all users to use and access such Services if they choose to use any of the Services the Company provides, including, without limitation, the Company’s website, app, and/or management platform.

3. Under the European Economic Area’s General Data Protection Regulation 2016/679 (the “GDPR”), the Company is generally considered the data controller for personal data on individuals who are our customers or prospective customers, employees or job applicants, our website visitors, and the liaisons who represent our business customers. The Company is generally considered a data processor for the personal data it processes on behalf of account users held by our business customers (who are considered the data owners), except for data provided for personal service to customers, including in the context of their work for a business customer. With respect to Israeli law, it is agreed that in addition to transferring data to providers, whenever the Company acts as an intermediary, the Company shall retain the data it receives, whether directly or with the User’s permission, as the database owner.

4. Types of Data Collected

   1. The Company may collect both personally identifiable data and non-identifiable data (collectively, “Data”). For the purposes of this Privacy Policy, “personally identifiable data” or “personal data”–Data that enables an individual’s identification, including, without limitation: their name, email, phone number, gender, identification numbers, home and work addresses, occupation, phone numbers, billing details, credit card information, dates of birth, bank account numbers, marital status, education, professional licenses, information on their personal preferences, habits and leisure activities, medical information, company details, username, password, code, IP address, mobile device operating system, language preferences, expenses and related information, passport numbers and other identification numbers, including scans, visas, travel details and dates, flights, hotels, claims, travel documents and medical treatment preferences; and other similar personal data provided to us by the User or the User’s employer. “Non-identifiable data”–collected Data on the use of the Services or other interactions with the Company that does not enable individual identification.

5. How Data is Used and the Legal Basis for Processing

Generally, the Company uses Data to provide and improve its Services, personalize and optimize user experience, and for other business purposes. Specifically, the Company shall use the Data it collects to meet its contractual, legal, and ethical obligations, including, for example:

1. Providing the Services;

2. Developing, distributing, and improving the Services;

3. Personalizing the Services and enhancing user experience;

4. Sending important notices and alerts, such as notices and alerts of the Services and changes to the terms and the Company’s policy;

5. Generating statistical information and insights in connection with performing or using the Services, and using such statistical information and insights (including for research purposes or for public use, aggregated and anonymized);

6. Processing user requests regarding Services or third-party services;

7. Marketing and selling travel insurance policies;

8. Filing claims related to insurance policies and/or delayed flights using the Services (if the User bought such policies);

9. Generating or preparing user and/or employer reports on all the Data the Company retains;

10. For marketing purposes, including sending advertisements under Section 30a of the Communications Law (Telecommunications and Broadcasting), 1982 (the “Spam Law”), including sending users information and alerting users of new developments and publications, special offers, products, or other activities, announcements, and information leaflets to manage these items and customize them to each user.

11. To improve the Company’s content, Services, and advertising content (inter alia, to identify usage trends and assess the effectiveness of the Company’s advertising campaigns).

12. To contact users and/or their employers and/or other users who performed actions on behalf of the User, including in relation to promotional offers and publications;

13. To identify or locate users;

14. Geolocating users in order to serve them in accordance with the Data obtained from the devices used, whether stationary or mobile;

15. To monitor and analyze information on the users’ browsing and viewing preferences and to diagnose problems with the Services;

16. To manage and process payments and for the Company’s accounting needs;

17. To prevent fraud and ensure compliance with the law, as well as in legal proceedings, whether or not the Company is a party thereto;

18. To enforce the Company’s Terms of Use and all its other terms and/or policies.

1. When the Company acts as a data processor, as described above, we do so based on the legal basis established by the personal data controller’s. In our capacity as personal data controllers, we rely on the following legal bases:

   1.  To perform a contract or contractual obligation: We process personal data to fulfill our contractual obligations and provide our Services, as described in Sections 5.1 to 5.4, 5.6 to 5.8, 5.12 to 5.15, and 5.17, pursuant to GDPR Article 6(1)(b).

   2.  Our legitimate interest in marketing our Services: As described in Sections 5.5, 5.9 to 5.11, as well as 5.16, and 5.17, as applicable, pursuant to GDPR Article 6(1)(f).

   3.  To comply with our legal obligations, as described in Section 5.16 and pursuant to GDPR Article 6(1)(c).

2. Data Collection Methods

   1. The Company collects Data through the User’s use of the Services or their interactions with the Company or any entity that enters Data about the User (such as their employer), whether or not the User is connected to the Internet, including when users sign up for the Services, create an account, by monitoring the parameters of the User’s use of the Services, when users communicate with the Company, or when users submit requests or purchase third-party services through the Services, and when any such party performs such actions. For the avoidance of doubt, the User is responsible for ensuring that any party that enters such Data and performs such actions is authorized to do so.

   2. We also collect personal data using standard technologies, such as cookies, pixels, and similar technologies that store certain Data on your computer or other device that enables access to Data, and in some cases, such technologies allow us to associate computers or other devices with specific users, enable automatic feature activation, and make your experience of the Services much more convenient and effortless. We use different types of cookies: some of the cookies are essential to operate our websites and in accordance with our Terms of Use; these include, for example, cookies that allow you to log into secure areas of our Services. We also use analytics and performance monitoring cookies that allow us to identify and count visitors and observe how users navigate our site when they use it. Lastly, we use functional cookies that identify you in return visits.  This allows us to customize the content to your preferences, such as by selecting your language or region.

   3. Cookies are retained for varying periods. Session cookies are used to track your online activities during a single browsing session. Such cookies typically expire when the browser closes, but may be stored on your device for some time. Persistent cookies remain active after you close the browser, and are used to remember your log-in credentials and password. Third-party cookies are installed by third parties to collect certain data for behavioral and demographic research purposes. Third-party cookies on our website include, for example, Google Analytics.  Likewise, pixels enable third-party service integration (e.g., Facebook) on our website. Third-party cookies will be retained according to such third parties’ terms, and you can control these cookies in your browser settings.

   4. The basis for using cookies and similar technologies is that they are necessary to perform the agreement with you or because using them is based on our legitimate interests in improving, personalizing, and optimizing our Services, provided that the foregoing does not infringe on your rights.

   5. Most browsers allow you to delete cookies from your hard drive, block cookies, or receive an alert before cookies are saved. However, blocking or deleting cookies may limit your online experience on our websites.

   6. How to disable cookies: The effect of disabling cookies depends on which cookies you disable, but in general, if cookies are disabled or deleted, the site and certain Services provided through it may malfunction, not recognize your device, not remember your preferences, and so on.  However, enabling or disabling cookies is subject to your choice and control. If you wish to disable cookies on our website, you must change your browser settings to reject cookies. How you do this depends on your browser. More details on disabling cookies are available in the dedicated section of your browser settings. More details on disabling cookies can be found below:

Internet Explorer: https://windows.microsoft.com/en-GB/internet-explorer/delete-manage-cookies
Google Chrome: https://support.google.com/chrome/answer/95647?hl=en

• https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences

• https://help.apple.com/safari/mac/8.0/#/sfri11471

  1. From time to time, our websites may display links to external websites. We are not responsible for these websites’ operation, privacy policies, or content.

1. Data Retention and Deletion

   1. The User may request that the Company delete certain Data obtained from the User in writing through the address below, subject to the privacy laws governing Privacy Policy (however, Data deletion may limit or prevent the User’s continued use of the Services). Unless such a request to delete user Data is filed, the Company may retain the Data throughout that user’s use of the Services and for seven (7) years after the use, any insurance coverage purchased through the Company, or service provided through the Company (as applicable), are terminated, though it is not obligated to retain Data for any period.

2. Third-Party Data Sharing

   1. The User acknowledges and accepts that the Company provides certain third-party services through the Services, and uses third-party service providers to provide its Services, including storage services to store Data on external servers controlled by such third-party service providers.

   2. The Company may disclose Data to third parties as follows: (a) to third-party service providers, to provide, improve, support, or maintain the Services, or otherwise establish a basis for any of the Company’s permitted uses (such as providing Data to storage service providers as part of the Services); (b) to third-party service providers chosen by the User to use or purchase through the Services; (c) to an entity into which the Company merges or that acquires relevant Company assets (for any permitted use under this Privacy Policy), and provided that such an entity is bound by the requirements of this Privacy Policy with respect to the use of such Data;  Third parties that may receive Data in accordance with this Privacy Policy include cloud service providers (such as Microsoft Azure); database providers (such as MongoDB); insurance policy providers (such as Migdal Insurance Ltd., Pvt. Co. 520004896, https://www.migdal.co.il); business lounge pass providers (such as Collinson Service Solutions Limited–https://www.collinsongroup.com; registered company number 02474708 (England and Wales), whose address is Cutlers Exchange, 123 Houndsditch London, EC3A 7BU, England); a claims-filing platform for delayed or canceled flights (AirHelp Limited, www.airhelp.com, CB No. 1926223, BR No. 61625023-000, whose address is 9B Amtel Building, 148 Des Voeux Road Central, Central, Hong Kong); software and app development and support service providers (such as Sela Software Labs Ltd.); as well as overseas travel insurance claim handling and support services (such as G.K.I.M.A. Ltd., Pvt. Co. 513139923, 14 Moshe Dayan St., Petah Tikva 4951814, http://www.imaisrael.co.il).

   3.  In addition, we will share your personal data if some or all of our companies and/or assets are acquired by a third party, including through a merger, stock acquisition, asset acquisition, or any other transaction whereby personal data forms part of the transferred assets.

   4.  The Company reserves the right to disclose all collected Data as required by law and whenever the Company believes such a disclosure is necessary to protect its rights, the integrity of its Services, systems, and technology, and/or in connection with legal action related to the Services.

   5. For the avoidance of doubt, the Company may transfer and disclose non-personal data to third parties at its discretion.

3. Data Protection

   1. The Company is committed to user data protection and implements reasonable commercial measures to ensure data protection. However, no electronic transmission or storage method is completely secure, and the Company cannot guarantee absolute data protection.

4. User Personal Data Storage Site

   1. We may store personal data in a database owned and controlled by the database manager.  The personal data we collect is stored on Microsoft Azure and MongoDB. In the future, we may store personal data on servers owned by Ginger Bit Ltd. or through third-party data processors using cloud services (in Israel, the European Union, or elsewhere), including cloud providers that use servers in the United States (see the following section on international Data transfers).

5. International Data Transfers

   1. Personal data may be transferred outside the country in which it is collected. For example, subject to certain mechanisms, personal data may be transferred to, stored, and used in destinations outside the European Economic Area (EEA), which may not be subject to equivalent data protection laws. The Company transfers personal data to Israel, which the European Commission recognizes as providing adequate protection for EU residents’ personal data; we also transfer personal data to the United States, and when this is not done incidentally, we do so based on the Standard Contractual Clauses, or to countries that the European Commission deems as providing adequate personal data protection.

   2. We may transfer your personal data outside the EU to:

      1. Store or back up the personal data;

      2. Allow us to provide you with the Services and fulfill our contract with you;

      3. Meet any legal, audit, or compliance obligations that require us to perform the transfer;

      4. Enable our organization to operate based on our legitimate interests, after having determined that your rights are not infringed;

      5. Offer our Services across multiple jurisdictions; 

      6. Operate our Company efficiently and optimally.

6. Data Updates by the User

   1. The users and/or their employers are responsible for making sure their Data is current. Users may update their Data by modifying their account details or contacting the Company, as specified below. The Company will make reasonable efforts to process any changes a user initiates. However, the User acknowledges that Data deletion may limit access to or use of the Services, or otherwise impair them.

7. User Rights

   1. The users have rights under the Privacy Protection Law and GDPR (where applicable), including, in certain circumstances, rights to access their personal data, correct it, object to processing thereof, and delete it. It is clarified that when we receive personal data from the User or their employer, these rights shall be exercised by the User or employer, respectively.  For the avoidance of doubt, it is clarified that the users’ rights cannot be exercised in a manner inconsistent with the rights of Company employees, our property rights, and third-party rights. Hence, access to, deletion of, or correction of references, reviews, internal notes and evaluations, and documents and notes containing proprietary or certain types of intellectual property are prohibited. In addition, the users’ rights may not be exercised if they pertain to unstructured personal data (e.g., emails) or if other exemptions apply. If processing is based on consent, users have the right to withdraw their consent.

   2. If a registered user desires to exercise these rights and modify, delete, or retrieve their personal data, for whatever reason, they may do so by accessing their personal account or by the employer accessing their business account to make the necessary changes. If this option is unavailable, please contact the Company (privacy@gingerbit.co.il). Please note that the Company may be required to complete a user identification procedure for users who exercise their rights. The Company may retain details of such exercised rights to ensure fulfillment of audit and compliance requirements. Please note, furthermore, that personal data may be deleted or retained in an aggregated form that does not enable its association with identifying details or personal data, subject to commercial and technical capabilities. The Company may continue to use such Data.

   3.  EU residents have the right to lodge complaints with the supervisory authorities.

   4. When the Company acts as a personal data processor, rights may be exercised by contacting the personal data’s owner, typically–the User’s employer.

8. Databases

   1. The Data the Company retains is stored in databases authorized by the Database Registrar (databases #700064444 and #700063215). 

9. Contact Us

   1. Contact the Company’s Data Protection Officer via email at: privacy@gingerbit.co.il.

10. Governing Law and Jurisdiction

Israeli law governs all matters relating to the interpretation, validity, and construction of the terms of this Privacy Policy, without giving effect to the choice of law principles. The courts in Tel Aviv, Israel, shall have exclusive subject matter and territorial jurisdiction over any claim relating to the terms of this Privacy Policy.

1. Amendments

   1. The Company may amend the terms of this Privacy Policy by publishing new terms, which shall apply to all users immediately upon uploading to the Company’s website.

2. Last updated: [26.02.2025]