DATA POSSESSOR (PROCESSOR) STATEMENT

In this Statement, we, COMMUNi Ltd. (the “possessor”, “we” or “our”), describe how we process Customer Information in our capacity as “Data Possessor” (Processor) on behalf of our Customers.

Terms used in this Statement shall be ascribed the meaning of such terms in our Privacy Policy, unless explicitly stated otherwise in this Statement.

In this Statement, “Customer Information” means identifiable information regarding users that relate to the Customer (including, its employees), which was processed in connection with the use of the Platform.

For the avoidance of doubt, information that was collected in connection with the use of the Website is not Customer Information

1. Processing of Customer Information

The possessor will process Customer Information only for the purpose of providing the Service.

In order to provide the Service, the possessor will carry out the activities of retention and processing of the Customer Information.
We will refrain from any use of the Customer Information for any purpose not necessary and required to provide the Service to the Customer.
We will ensure that access to any Customer Information will be granted only to a person that has been authorised for such purpose.
The possessor will delete and destroy all Customer Information as soon as it becomes aware that it no longer requires the Customer Information for the provision of the Service, save for retaining any copies of Customer Information in order to protect and maintain its rights and/or as may be required by applicable law.

2. Confidentiality Undertaking

The possessor, including its employees and any other person on its behalf, will process Customer Information in confidentiality, not disclose Customer Information nor transfer it to any third party, save, to the extent required to provide the Service. We will ensure that any entity granted access to the Customer Information sign an undertaking to keep strictly confidential and protect the privacy and data security of the Customer Information.

3. Reporting and Supervision

The Customer and/or any other person on its behalf will be entitled to perform a reasonable audit, subject to COMMUNi's supervision on a date to be agreed upon between the parties, with respect to the provision of the Service in order to ensure the fulfilment of all of the obligations of the possessor herein regarding data protection.
The possessor will notify the Customer in writing within a reasonable period of time, upon becoming aware of any of the following events regarding Customer Information: severe security incident and/or leakage of Customer Information and/or severe use that deviates from the authorised use.
The possessor will update the Customer regarding every approach, letter or response that may be received by the possessor regarding a request to inspect Customer Information or to amend Customer Information.

4. Miscellaneous

In the event that the relationship between the parties is terminated for any reason, the possessor will deliver to the Customer all Customer Information in its possession or under its control and will destroy, burn and delete any copy of Customer Information in its possession or under its control, save for retaining any copies of Customer Information in order to protect and maintain its rights and/or as may be required by applicable law.
If the possessor will desire to contract with third parties, and in so doing require that such third parties be granted access to Customer Information, then the possessor will include within the ambit of the agreement to be entered with any third party, substantially all of the obligations detailed herein.

5. Data Security

We will take reasonable security measures and actions for the purpose of securing the Customer Information. We will secure the Customer Information in accordance with the risks involved and using appropriate means, including, inter alia, implement the measures, procedures and data security requirements as set forth below:
Physical Security
The possessor will implement reasonable measures for physically protecting the systems through which Customer Information is processed and the infrastructure of such system (hereinafter, collectively – the “System”), against surrounding risks, penetrations and vulnerability.
Logical Security
The possessor will implement appropriate security measures for the prevention of intentional or inadvertent penetration to the System and/or to the lines of communication between the owner and possessor.
Separation of Databases
The possessor will separate the systems used by it for the purpose of performing the agreement (which contain Customer Information) from other systems used by the possessor in the ordinary and regular course of business.
Decommission Policy
The possessor will implement a decommission policy in respect of the magnetic and optic media, including hard disks, portable or detachable storage means, back up means etc., that contain Customer Information.
Procedures
The possessor will implement procedures for database management, and the classification and provision of access authorisations to Customer Information, as well as provisions for the collection, marking, verification, processing and distribution of Customer Information and any other procedure required by applicable law.
Management of Authorisations
The possessor will manage the access authorisations to the Customer Information (including restrictions), including that access to Customer Information will only be granted to employees and/or any person on behalf of the possessor who has a real need for access to Customer Information for the provision of the Service, and that each such employee and/or person will receive the minimal access required to perform his job.

6. Operation, Control, Recovery and Rehabilitation

The possessor will ensure that the System is operated while assuring data security and the preservation of the completeness of the Customer Information. In addition, the possessor will implement control arrangements to detect any impairment to the completeness of the Customer Information and to correct deficiencies.