(Formerly PASS IT FORWARD (CY) LIMITED)
Last update September 17, 2022
The company SARGD.LTD* ("the Company" or " We") operates the website www.passitforward.com which serves as a gateway to the system: Pass if Forward - Torch - a platform for contribution to the community, through volunteering, donations, or other activities - an online meeting place between donors and donee (the " Site" and "System").
*Personal information - information about an identified or identifiable person.
As for the information you provide to the Company: (1) it is clarified that you are not legally obligated to provide personal information, however without providing personal information We may not be able to provide you with access to the System, service in connection with it, or respond to your inquiries to us; (2) You must provide full and accurate information. It is forbidden to provide incorrect information or to impersonate someone else and you must not provide excess information that is not required or was not requested, including personal identifying information about others without their consent or legal permission.
- Communication and exchange of information between donors and done is conducted directly between them and at their own responsibility. The Company will not transfer information between donors and done unless requested to do so.
- Donee undertake to protect privacy in personal information provided to them and especially personal information about donor’s employees. Unless expressly agreed otherwise, information about donor employees will be held by done for a period not exceeding 24 months and will not be used for any other purpose than receiving the donation.
*REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)
** European law regarding the protection of privacy in information distinguishes between the entity (or natural person) who determines the purpose and means for processing personal information (‘Controller’) and the entity (or natural person) who processes information on behalf of the controller (‘Processor’).
The company processes personal information in the two aforementioned roles:
As a personal information processors for organizations that use the System (for example, opening and closing accounts of employees of the organization, in accordance with the organization's guidelines) - in these cases, the organization you work for or on whose behalf you use the System is the controller, while the Company acts as the data processors, and it will act and assist the controller in exercising your rights in accordance with the controllers instructions.
As a processor of personal data for the company's needs, which include the following purposes: System operation, data security and cyber protection, fraud prevention, System improvement (using aggregated information or anonymous information), service provision, communicating with users (including collecting payments in cases where the use of the System involves payment ) - In these cases, the Company acts as a controller and the exercise of your rights will be conducted in accordance with and subject to the EU regulation regarding the protection of privacy in personal information.
1 Personal Data Collection
1.1 Browsing the Site – browsing the Site does not involve provision of personal information, and save data technically collected by the website servers about users such as IP address, website usage data, etc., the company does not collect personal information and does not track browsing on the Site in an identifiable manner.
1.2 Inquiries to the company – inquiries to the Company involve providing personal information such as name and surname, e-mail, and additional information depending on the nature of the inquiry (e.g a position in the organization that uses the System, or the fact that an individual wishes to register as a user of the System).
1.3 User registration - registration to the system may involve providing personal information depending on the nature of the registration. For example: a person who wishes to register as an individual donor (donor) will be asked to provide a name and surname and an email address. A person that acts on behalf of an association seeking to register as a user of the system, as a done, will be asked to provide a name and surname, an email address, additional contact information, and its position in the association. A person that acts on behalf of an organization who wishes to register as a user of the system, as donor, will be asked to provide a first and last name, email address and position in the organization.
1.4 Opening user accounts – ‘Admin User’* – opening an Admin User account on behalf of an organization requires the provision of first and last name, email address, additional means of contact (such as phone and workplace address), and the position of the user in the organization.
*an 'administrator' user on behalf of an organization
1.5 Opening users accounts - a user on behalf of an organization wishing to open a user account on behalf of the organization will be asked to provide first and last name, email address, position and department in the organization.
1.6 Data collected when using the System –
1.6.1 Access to the System, use of the System, publication of content and performing activities through the System (such as sending messages to other users) are stored in the System.
1.6.2 Admin User - has access to usages of users associated with his organization in the system.
1.6.3 Users' use of the system in a ‘public mode’ enables other users on behalf of the organization who have corresponding viewing permission (as determined by the Admin User of the organization to which they belong) to know when a user is in the System and to observe their actions. Using the system in a ‘non-public’ mode enables other users to view only active external actions performed by the user, such as: publishing content, receiving messages sent by him, etc.
2. Storing Personal Information
2.2 The system is operated from the infrastructure of Amazon Ireland (AWS). Amazon holds certificates of compliance with the international standard for data security as detailed on its website: https://aws.amazon.com/compliance/iso-certified/
2.3 Company takes protective measures (logical, physical and administrative) to prevent loss or disruption of information and unauthorized access or use of information. In general, the employees of the company who have access to personal information or to information Systems where personal information is stored sign confidentiality and periodically undergo training regarding data security and privacy.
2.4 The Company reviews on a periodic basis the personal information held by it and whenever it finds excess information, it makes sure to delete it or make it anonymous.
3. Use of Personal information
3.1 Company uses personal information for the following purposes:
3.1.1 Answering inquiries and handling inquiries regarding the System and its use.
3.1.2 Providing information regarding the System and its use.
3.1.3 Operating the System and providing services to users in connection with the System, including: sending messages to users and assisting users in using the System.
3.1.4 Contact with System’s users (including allocating admin accounts, collecting payments).
3.1.5 Data security and cyber protection, including: prevention, investigation and handling security and cyber incidents.
3.1.6 Prevention of fraud and deception.
3.1.7 Preventing damage to the body or property of users, third parties or the Company.
3.1.8 Improvement of the system (such as: improving the system, adding content and tools, changes, generating insights, etc.) while turning personal information into anonymous or aggregated data in a way that does not allow identification of it or the data subjects.
3.1.9 Compliance with law and regulations
3.1.10 Managing legal proceedings and examining matters, claims and demands that may lead to legal proceedings.
3.2 It is clarified that the Company's use of personal information for Company’s own needs includes only the following purposes: operation of the System, data security and cyber protection, prevention of fraud, improvement and betterment of the System (using aggregate information or anonymous information), provision of service to System users and communication with them.
3.3 Information used by the company for the purposes of data security and cyber protection, or to prevent fraud is kept for a period of up to 24 months (unless an incident has occurred or a real threat that such an incident will occur).
3.4 Information used to operate the system is stored for the period of use of the system by a user and up to 12 months afterwards. After that period, the information will be deleted or converted to aggregated information.
3.5 Information used to improve the system is converted to aggregated or anonymous information and is not used as identifying information.
3.6 Information used to provide services to users (including payments) is kept for the time required by law (usually seven years).
4. Sharing Personal Information with Third Parties
4.1 The Company does not share personal information without consent of data subjects, except in the following cases:
4.1.1 Compliance with the provisions of the law, regulations, legal process, judicial order or an order of competent authority.
4.1.3 Legal proceedings, or pre-trial proceedings.
4.1.4 For security and cyber protection needs, including to identify, prevent or treat cases of fraud, security or technical matters.
4.1.5 As part of a reorganization, sale of shares or investment in the Company and in a period close to entering into any of the aforementioned needs.
4.1.6 As far as the Company believes sharing data may help prevent damage to you or to others.
4.1.7 For parent companies, subsidiaries, related companies, for operational needs, improvement of activity or as part of a merger or reorganization of activity.
5. How Can You View, Update or Delete Personal Information Collected (processed) About You
5.1 Every person is entitled to review, by themselves or through their attorney (authorized in writing) or their guardian, personal information about them held by the company:
5.1.1 Upon your written request, the Company will allow you to review personal information about you held by it, as long as there is no legal reason to reject the request.
5.1.2 The review arrangements will be determined from time to time by the Company, while as much as possible, the review will be possible by sending information electronically or through remote communication.
5.1.3 In any case, if for any reason (you or any other person) wishes to delete or correct personal information, please contact us through the "Contact Us" form on the Site, and we will make reasonable efforts to change or delete any personal information subject to privacy protection laws and as long as there is no legitimate reason for rejecting the request.
5.1.4 Information about users of organizations (such as employees of organizations, etc.) that is held by the Company (such as: user accounts, departmental affiliation, etc.) is managed by the organizations - to review this information, contact the relevant person in the organization. The Company undertakes to assist and provide everything reasonably required, in order to allow the user and the organization to enable review of the information.