SARGD.LTD

(Formerly PASS IT FORWARD (CY) LIMITED)

Torch

Privacy Policy

Last update September 17, 2022

The company SARGD.LTD* ("the Company" or " We") operates the website www.passitforward.com which serves as a gateway to the system: Pass if Forward - Torch - a platform for contribution to the community, through volunteering, donations, or other activities - an online meeting place between donors and donee (the " Site" and "System").

*The address and contact information of the company are published on the website and later in this privacy policy.

The System is intended to support activities for the community. As a general rule, using it (or the Site) does not require and does not involve the provision of large amounts of personal information or the provision of sensitive personal information. In any case, the Company recognizes that protecting the privacy of the Site and the System users is of high importance. The purpose of this privacy policy is to describe and detail the purposes for which the Company collects and processes personal information* from users of the Site and the System, to whom and for what purposes it may disclose or transfer the personal information, as well as your rights in this regard.

*Personal information - information about an identified or identifiable person.

This privacy policy is an integral part of the terms of use of the Site and the System published on the Site (“Terms”).

Please read this privacy policy carefully. It constitutes a binding contract between you and the Company.

Your use of the Site or the System indicates your consent to this privacy policy. To the extent that you do not agree to this privacy policy, you must refrain from using the Site or the System.

Please also reread this policy again time to time because it may be changed. We will make sure to include the date of the last update, in the title of this privacy policy.

Continued use of the Site or the System after updating the privacy policy indicates your consent to the updated version.

We make efforts so that this privacy policy is detailed and clear. Please do not hesitate to contact us with any questions or comments regarding the privacy policy by e-mail at: support@passitforward.com.

The provisions of this privacy policy concerning the use of the System apply to any information processed by the Company whether provided by you through the system, whether through inquiries to the Company or whether it is provided on behalf of an organization in which you are employed or on whose behalf you act.

As for the information you provide to the Company: (1) it is clarified that you are not legally obligated to provide personal information, however without providing personal information We may not be able to provide you with access to the System, service in connection with it, or respond to your inquiries to us; (2) You must provide full and accurate information. It is forbidden to provide incorrect information or to impersonate someone else and you must not provide excess information that is not required or was not requested, including personal identifying information about others without their consent or legal permission.

Important clarifications

  • Communication and exchange of information between donors and done is conducted directly between them and at their own responsibility. The Company will not transfer information between donors and done unless requested to do so.
  • Donee undertake to protect privacy in personal information provided to them and especially personal information about donor’s employees. Unless expressly agreed otherwise, information about donor employees will be held by done for a period not exceeding 24 months and will not be used for any other purpose than receiving the donation.
  • The company is registered in Cyprus. As such, it is subject to European law regarding the protection of privacy in personal data * and therefore you are reserved all the rights granted to you by virtue of the said law**. The Company makes efforts to be fully transparent and to give you full and detailed information about processing of personal information and your related rights, however, to remove any doubt, it is clarified that there are no provisions in this privacy policy that exclude any right granted to you under European law in connection with the protection of privacy in personal information.

*REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation)

** European law regarding the protection of privacy in information distinguishes between the entity (or natural person) who determines the purpose and means for processing personal information (‘Controller’) and the entity (or natural person) who processes information on behalf of the controller (‘Processor’).

The company processes personal information in the two aforementioned roles:

As a personal information processors for organizations that use the System (for example, opening and closing accounts of employees of the organization, in accordance with the organization's guidelines) - in these cases, the organization you work for or on whose behalf you use the System is the controller, while the Company acts as the data processors, and it will act and assist the controller in exercising your rights in accordance with the controllers instructions.

As a processor of personal data for the company's needs, which include the following purposes: System operation, data security and cyber protection, fraud prevention, System improvement (using aggregated information or anonymous information), service provision, communicating with users (including collecting payments in cases where the use of the System involves payment ) - In these cases, the Company acts as a controller and the exercise of your rights will be conducted in accordance with and subject to the EU regulation regarding the protection of privacy in personal information.


1 Personal Data Collection

1.1 Browsing the Site – browsing the Site does not involve provision of personal information, and save data technically collected by the website servers about users such as IP address, website usage data, etc., the company does not collect personal information and does not track browsing on the Site in an identifiable manner.

1.2 Inquiries to the company – inquiries to the Company involve providing personal information such as name and surname, e-mail, and additional information depending on the nature of the inquiry (e.g a position in the organization that uses the System, or the fact that an individual wishes to register as a user of the System).

1.3 User registration - registration to the system may involve providing personal information depending on the nature of the registration. For example: a person who wishes to register as an individual donor (donor) will be asked to provide a name and surname and an email address. A person that acts on behalf of an association seeking to register as a user of the system, as a done, will be asked to provide a name and surname, an email address, additional contact information, and its position in the association. A person that acts on behalf of an organization who wishes to register as a user of the system, as donor, will be asked to provide a first and last name, email address and position in the organization.

1.4 Opening user accounts – ‘Admin User’* – opening an Admin User account on behalf of an organization requires the provision of first and last name, email address, additional means of contact (such as phone and workplace address), and the position of the user in the organization.

*an 'administrator' user on behalf of an organization

1.5 Opening users accounts - a user on behalf of an organization wishing to open a user account on behalf of the organization will be asked to provide first and last name, email address, position and department in the organization.

1.6 Data collected when using the System –

1.6.1 Access to the System, use of the System, publication of content and performing activities through the System (such as sending messages to other users) are stored in the System.

1.6.2 Admin User - has access to usages of users associated with his organization in the system.

1.6.3 Users' use of the system in a ‘public mode’ enables other users on behalf of the organization who have corresponding viewing permission (as determined by the Admin User of the organization to which they belong) to know when a user is in the System and to observe their actions. Using the system in a ‘non-public’ mode enables other users to view only active external actions performed by the user, such as: publishing content, receiving messages sent by him, etc.


2. Storing Personal Information

2.1 Personal information provided or collected (using the System or inquiries in connection with it), is stored in the system (and in other information systems of the Company) and will be used as detailed in this privacy policy.

2.2 The system is operated from the infrastructure of Amazon Ireland (AWS). Amazon holds certificates of compliance with the international standard for data security as detailed on its website: https://aws.amazon.com/compliance/iso-certified/

2.3 Company takes protective measures (logical, physical and administrative) to prevent loss or disruption of information and unauthorized access or use of information. In general, the employees of the company who have access to personal information or to information Systems where personal information is stored sign confidentiality and periodically undergo training regarding data security and privacy.

2.4 The Company reviews on a periodic basis the personal information held by it and whenever it finds excess information, it makes sure to delete it or make it anonymous.


3. Use of Personal information

3.1 Company uses personal information for the following purposes:

3.1.1 Answering inquiries and handling inquiries regarding the System and its use.

3.1.2 Providing information regarding the System and its use.

3.1.3 Operating the System and providing services to users in connection with the System, including: sending messages to users and assisting users in using the System.

3.1.4 Contact with System’s users (including allocating admin accounts, collecting payments).

3.1.5 Data security and cyber protection, including: prevention, investigation and handling security and cyber incidents.

3.1.6 Prevention of fraud and deception.

3.1.7 Preventing damage to the body or property of users, third parties or the Company.

3.1.8 Improvement of the system (such as: improving the system, adding content and tools, changes, generating insights, etc.) while turning personal information into anonymous or aggregated data in a way that does not allow identification of it or the data subjects.

3.1.9 Compliance with law and regulations

3.1.10 Managing legal proceedings and examining matters, claims and demands that may lead to legal proceedings.

3.2 It is clarified that the Company's use of personal information for Company’s own needs includes only the following purposes: operation of the System, data security and cyber protection, prevention of fraud, improvement and betterment of the System (using aggregate information or anonymous information), provision of service to System users and communication with them.

3.3 Information used by the company for the purposes of data security and cyber protection, or to prevent fraud is kept for a period of up to 24 months (unless an incident has occurred or a real threat that such an incident will occur).

3.4 Information used to operate the system is stored for the period of use of the system by a user and up to 12 months afterwards. After that period, the information will be deleted or converted to aggregated information.

3.5 Information used to improve the system is converted to aggregated or anonymous information and is not used as identifying information.

3.6 Information used to provide services to users (including payments) is kept for the time required by law (usually seven years).


4. Sharing Personal Information with Third Parties

4.1 The Company does not share personal information without consent of data subjects, except in the following cases:

4.1.1 Compliance with the provisions of the law, regulations, legal process, judicial order or an order of competent authority.

4.1.2 To enforce this privacy policy or the Terms.

4.1.3 Legal proceedings, or pre-trial proceedings.

4.1.4 For security and cyber protection needs, including to identify, prevent or treat cases of fraud, security or technical matters.

4.1.5 As part of a reorganization, sale of shares or investment in the Company and in a period close to entering into any of the aforementioned needs.

4.1.6 As far as the Company believes sharing data may help prevent damage to you or to others.

4.1.7 For parent companies, subsidiaries, related companies, for operational needs, improvement of activity or as part of a merger or reorganization of activity.

4.1.8 To Company's suppliers for the purpose of providing services to the Company, subject to the fact that those third parties are obliged to maintain confidentiality and use the information only for the purpose of providing services to the Company. The Company's suppliers include Amazon, which provides infrastructure services (see section 2 above). As there are additional suppliers, the company will notify additional suppliers by updating this privacy policy in an appendix that will include a list of suppliers.


5. How Can You View, Update or Delete Personal Information Collected (processed) About You

5.1 Every person is entitled to review, by themselves or through their attorney (authorized in writing) or their guardian, personal information about them held by the company:

5.1.1 Upon your written request, the Company will allow you to review personal information about you held by it, as long as there is no legal reason to reject the request.

5.1.2 The review arrangements will be determined from time to time by the Company, while as much as possible, the review will be possible by sending information electronically or through remote communication.

5.1.3 In any case, if for any reason (you or any other person) wishes to delete or correct personal information, please contact us through the "Contact Us" form on the Site, and we will make reasonable efforts to change or delete any personal information subject to privacy protection laws and as long as there is no legitimate reason for rejecting the request.

5.1.4 Information about users of organizations (such as employees of organizations, etc.) that is held by the Company (such as: user accounts, departmental affiliation, etc.) is managed by the organizations - to review this information, contact the relevant person in the organization. The Company undertakes to assist and provide everything reasonably required, in order to allow the user and the organization to enable review of the information.


6. Changes to the privacy policy

6.1 The Company reserves the right to change this privacy policy, please visit this page from time to time. We will make sure to update the title of this privacy policy with the date of the last change made to it. Also, in cases of material changes, we will make reasonable efforts to notify the change in other ways.

6.2 As a general rule (with the exceptions of: urgent cases, where the change is for your own benefit or in cases where the changes are for compliance with the law) changes will be made after a 14 day prior notice (in the title of the privacy policy or by notice in other ways in the cases mentioned in section 6.1 above). Continued use of the System after a change enters into force indicates acceptance of them.